IT experts warn Australians to abandon My Health Record

Top digital consultant says My Health Record could be the next tech wreck.

IT experts warn Australians to abandon My Health Record

Some of the strongest objectors lining up to warn consumers about the risks of keeping a My Health Record (MHR) digital account are professionals with extensive IT experience.

Speaking on ABC Radio National, the former head of the Government’s Digital Transformation Office, Paul Shetler, said that if he was an Australian, he probably would opt out of the system designed to hold and share personal medical information.

“Just because 6 million have signed up for it over the past five years (when it was an opt in platform), doesn’t mean they are using it,” said the current partner in Digital Agency Accelerate HQ.

Mr Shetler said he believed fewer than one per cent of Australians were using it and that most medical practitioners also avoided MHR.

“When this was built, if the designers had asked ‘what are people looking for or what are the user needs?’, perhaps people would have been more willing to sign up and use it,” he said.

“Instead, they spent $2 billion developing a piece of software over a decade, without clearly defining what needs it meets, either for the practitioner or the patient, and as a result you now have to make it mandatory.

“It’s a nice idea that the data is available, that it can alert practitioners about allergies or medical conditions, but not in the way it has been presented.

“In the light of a whole series of tech wrecks, it doesn’t really inspire a lot of confidence,” Mr Shetler said, admitting that MHR could potentially become another tech wreck.

“In the UK, they did something similar (to the MHR platform). It failed and was stopped for very similar reasons. It was also introduced as an opt-out system and people were concerned about the privacy of their data. Ultimately the Government stopped it.”

He said the fact the system had no default security settings and that people had to add them manually was problematic and just one of the flaws.

“The rollout has been significantly flawed. There are a lot of similarities to what happened in the UK. This security model is unsuited for what they are doing here and the way people are being signed up seems to be symptomatic of the way this Government handles IT in these big projects,” Mr Shetler said.

“The fact that your data can be accessed for reasons of public revenue, things which have nothing to do with your health … and all of a sudden you find all these weird loopholes for how data can be shared.

“The digital health agency clearly hasn’t seen what’s worked in other countries … they didn’t learn from the history.”

Meanwhile, Dr David Glance, director of University of Western Australia’s Centre for Software Practice, said the opt-out clause did nothing to allay his fears.

“The move to opt out, in addition to being a major privacy risk for the public, ignores the persistent and significant issues with the implementation of My Health Record,” Dr Glance was reported as saying in The West Australian.

“After all this time and with the billions of dollars of investment, the majority of the records are largely empty and the majority of health professionals in Australia continue to refuse to support the system. This program gives the impression that this is a viable system, but it is not and nor will it ever be.”

Commenting in The Canberra Times, IT professional Judy Bamberger says she has opted out of MHR because no digital platform guarantees 100 per cent security.

“MHR integrates multiple systems and provides multiple access points: patients, doctors, pharmacists, specialists, hospitals,” says Ms Bamberger who claims to have experience in government systems, databases and security.

“System security is only as strong as the weakest link. Health records are gold to hackers; they're key to identity fraud.

“MHR inter-connects with multiple IT systems for identity verification. I've seen no guarantee these databases won't be correlated for other uses.

“The data can be accessed by various government agencies, based on suspicion, to: detect or prevent crime, ensure ‘the protection of the public revenue’, and more. Currently, doctors can demand a warrant before providing health records; not so with MHR,” she said.

Are you going to opt out of My Health Record? If so, what are your concerns? What would give you more confidence that your health records would be stored securely in the cloud?

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    David
    20th Jul 2018
    10:39am
    To me the benefits of My Health Record (MHR) far outweigh the risks.
    Sure, there are some risks with data security/privacy, but then there are also risks with internet banking, online shopping etc.
    If you are in great health, always see the same doctor and never travel beyond your town, the advantages of MHR are not that great, but if you travel frequently throughout Australia like I do, it's reassuring to know that your up to date health records can be accessed by any medical practitioners to ensure that they are well informed to give you the best treatment or advice.
    GrayComputing
    25th Jul 2018
    2:58pm
    Dear David.
    There are no 100% secure computer systems in this world, period.
    Your medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny your claims
    Most people with your response are being misled by the government and thus sadly are ignorant and living in la-la land in the face of massive cyber attacks worldwide
    Even the NSA got hacked into from outside the USA.
    A secure medical bracelet is a safer method.
    David
    25th Jul 2018
    3:48pm
    GrayComputing, I agree that no computer system can be guaranteed to be 100% safe.
    But if that concerns you enough to opt out, then shouldn't you be equally concerned about the many other computer systems that hold your personal information that you use now?
    If you are that paranoid about data/cyber security, then cancel your credit card, cease internet banking, cease online shopping etc.
    I think that you are living in la-la land to say that internet security concerns you, but do continue to do your banking, shopping and other stuff online.
    A medical bracelet doesn't have the capacity to store, and equally, it wouldn't have the ability to access the comprehensive records that doctors, hospitals and specialists have available.
    BTW, in the unlikely event that my medical records were leaked, I assure you it wouldn't be of any interest to anyone else. If the hacker mistakenly thought it was and said to me "Pay me $X or I'll publish it", I wouldn't even pay them 5 cents.
    Nig
    20th Jul 2018
    11:38am
    I would be a bit wary of accepting this opinion as being that of an expert - he proved himself to be a bit of a wally when at the helm of the DTA, and did not engender a lot of respect from his peers. His comments reflect him having an axe to grind rather than being an expert commentary on whether or not MHR is fit for purpose
    Rosret
    20th Jul 2018
    3:46pm
    Then do some research and make up your own mind. Britain wasted $10 billion pounds on their scheme that is now defunct.
    Richied
    20th Jul 2018
    10:12pm
    £7.6 billion (not 10 billion).

    And the UK was designed when the internet was in its infancy (we've got 10 years experience before our system was designed), and before EU (or indeed any meaningful) digital privacy laws were defined. So it allowed selling of individual non-anonymised data to commercial enterprises.
    Rosret
    21st Jul 2018
    12:15pm
    https://www.theguardian.com/society/2013/sep/18/nhs-records-system-10bn

    How is this any safer than 5 years ago?

    Humans if anything have become less careful with their privacy, as you say Flybuys, Facebook, Twitter, Paywave banking etc.

    All I want is everyone to be notified not just the people who happen to be aware of the news and give people the option to have their records deleted on request not just hidden. There should also be a much longer opt out phase (forever). Most people I speak to have no idea that this is happening.
    GrayComputing
    25th Jul 2018
    3:00pm
    Dear Nig.
    There are no 100% secure computer systems in this world, period.
    Your medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny your claims
    Most people with your response are being misled by the government and thus sadly are ignorant and living in la-la land in the face of massive cyber attacks worldwide
    Rosret
    20th Jul 2018
    1:49pm
    There are so many reasons why this is a breach of privacy and security. Anyone in the IT business or just with pure common sense will see how flawed this scheme will be.
    As soon as they allowed the individual to access to the content of their records an entire group of people became at risk.
    You can't opt out once you accidentally, or were deliberately opted in. Your children have no rights whatsoever as the parents will decide! you can delete the records however they will be stored until 30 years after your death!
    Any member of a family who lives in an oppressive or culturally restrictive environment will now not be able to go to the doctor and guarantee the information will be private.
    Anyone who has had their medicare card details stolen "or borrowed" and used will have incorrect data on the database.
    I could go on and on.
    I just wish we could get the word out as so many people just don't know it is happening.

    Wait until the data is grouped into drug users, smokers, those who have STDs ,those who are obese etc. This wasn't created for us - it was created to cut down on hospital staff.

    I would rather they used first hand data not third hand out of date information.

    It is so transparently flawed and they haven't even begun.

    I am searching for the people in power who will take a stand, politically, legally or ethically to get amendments to this scheme before people die.
    Richied
    20th Jul 2018
    9:41pm
    I'm in the IT industry, and have had significant exposure at technical and executive levels to state and federal government systems, with strong focus on security of personal data.

    Most importantly, no government department stores any personal data offshore - can't be said most corporations that we seem to have less concern about giving our personal information.

    Government is highly risk averse - default for any system is absolutely no access without authority. And government isn't in the business of selling data, again unlike corporations.

    The Australian government has analysed the problems other jurisdictions had in implementing this sort of system, and has applied those learnings, making this system highly secure and providing the user with capability to constrain access to data at any time.

    Although I have medical issues I'm not comfortable with people knowing, I'm sufficiently confident as to the security of this system to remain opted in.
    GeorgeM
    20th Jul 2018
    11:35pm
    Rosret, you are quite correct in your comments.
    Richied, not sure what is your motivation, or maybe it is based on your experience only, whereas I agree with the IT professionals in the article above about the data privacy / hacking concerns. BTW, in this age of Cloud Computing, are you saying Canberra does not use servers in USA? I remember in the IBM Census fiasco they mentioned servers were in USA.
    Reasons why Opt-out should have remained the default:
    a. Govt deciding to share people's personal health data to a vast number of health professionals without having obtained specific permission for it is BAD legally, and I hope some Legal firm / QC will challenge this massive breach of privacy for those who never exercised their choice.
    b. Data sharing with research bodies, who are mostly funded by Pharmaceutical firms, is also a bad idea - it is only a matter of time till data will get passed on and sold.
    c. Wonder if they are Outsourcing the technology (whether to IBM who stuffed up the Census, or to one of those Indian firms) - only a matter of time till their quality systems fail and data breaches are reported. Let's now keep a look-out for more scam calls from scammers based on their use of your health data.
    d. Finally, let's just wait till someone hacks into the database - matter of when, not if. Can they actually stop Putin, or the Chinese? Maybe USA should hire these full-of-themselves "experts" from Canberra!
    Rosret
    21st Jul 2018
    9:39am
    Hi Richied, you sound a though you are in defence of the system because you have an active role in its creation.
    If this is the case I have some questions for you - I was hoping someone in "the know" would come forward as I would like some amendments to the client user interface.
    So is that you?
    Rosret
    21st Jul 2018
    9:41am
    PS Richied I am happy to discuss this off the forum feed line.
    Rosret
    21st Jul 2018
    12:06pm
    George since the government outsourced software programming:

    Centrelink - 10% error rate
    Census - no load testing
    NBN - ugh -a still on going nightmare.

    The idea is good, the user interface is flawed.
    GrayComputing
    25th Jul 2018
    3:07pm
    I totally deny Richie's claims of how good cyber security is today.

    There are no 100% secure computer systems in this world, period.

    Sadly for Richie his medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny his claims

    Most people with your response are being misled by the government well paid IT proponents and thus sadly the public at large is ignorant and living in la-la land in the face of massive cyber attacks worldwide .

    The Cyber Security Emperor is not wearing any clothes (and has never has worn them).
    MICK
    20th Jul 2018
    2:22pm
    I tried to get out after the data breach due to apparent on selling of information.
    First thing is I tried to remove myself from the database through the My HealthRecords. That asked for driver's license and Medicare Card.
    So I logged on to my myGov account and this flicked me back to the same page.
    Third thing I did was to write to the organisation. NO RESPONSE!

    I have serious concerns about providing ANY sensitive information to ANY organisation which makes claims about this being safe when they have passed information onto a third party who has no right to have it.
    If this gets up then don't be surprised if any manner of business will be able to find out all your personal information for a fee. This is both dangerous (identity fraud) as well as discriminating against some people in our community.
    Last thing is do we not have privacy laws? So WHO decided these should no longer apply? This government? Please explain!
    Rosret
    20th Jul 2018
    3:38pm
    Just asking us to give out drivers licence, date of birth and medicare number on the computer was alarming enough.
    I wondered if it was a phishing site and I had stupidly been scammed. - But no - just the government who has a total disregard for our private data.

    I phoned in and they didn't ask for my drivers licence at all and asked why I hadn't used the online website!
    MICK
    20th Jul 2018
    4:07pm
    I am yet to phone in so glad they did not try it on then as well. I find it the ultimate affront that you will end up on the database unless you unsubscribe and would have thought that one could not be put on a database unless we agreed. Not too difficult to send you an email request (yes/no) or letter. So why has this NOT been done?
    Rosret
    20th Jul 2018
    8:05pm
    Exactly, MICK. They have been going around trying to sign up people in parks and events and now people know what is really going on they can't opt out. They can only go to myhealthrecord.gov set up an account and then delete your records but they are in for life plus 30 years.
    This is far more significant for the younger generation and in particular children and teenagers who have no say - and then their parents can access their records!
    Just watch as they link databases, reducing Centrelink payments to those who didn't get immunised, reducing Centrelink payments to those who take drugs.

    The Law enforcers no longer need a warrant to access the database.

    This is Australia! I feel like we just stepped into Nazi Germany.
    Richied
    20th Jul 2018
    9:57pm
    To be clear there has never been a security breach on this system. In the last year there were six data breaches - that's six records accessed fraudulently (through fraudulent Medicare claims) or incorrect data loaded into records. That's six out of hundreds of millions of transactions. That's an incredibly low 'failure' rate.

    And those failures are not system failures but mostly wilful actions in the Medicare system (that's been around for most of my life), not the MyHealthRecord system.

    And these are data breaches, not security breaches. Data is secure.
    Eddy
    20th Jul 2018
    3:12pm
    I have my own IT expert, my son is a practising IT professional, university degree and all, being paid an obscene salary by a multi-national IT business. His recommendation is to avoid this system at all costs. He tells me that, from what he has read about this system, its so full of holes, any ethical IT business would not consider offering it to a commercial customer in it's current form. His advice is all I need to confirm my worst fears.
    Rosret
    20th Jul 2018
    3:43pm
    Absolutely.
    A system that opts you in with no privacy agreement or even your knowledge it is happening.
    A system that will not allow you to opt out if you accidentally, or unwillingly opted in.
    A system where anyone under 18 has no say in their future privacy.
    A system that holds data for 30 years after your death!
    A system that holds information and just hides it even when you request it deleted.
    A system where anyone who has opted out has no access to check whether there is actually no information held on them.
    A system where parents have access to their children (teenage) medical records.
    etc etc
    Richied
    20th Jul 2018
    10:00pm
    Being an IT professional makes not an expert in security for a particular system.

    I have extensive IT experience with federal and state government security systems and am very confident this is one of the most secure systems around.
    KSS
    20th Jul 2018
    8:00pm
    Reports out this week from people who tried to 'opt out' included parents of very young children who wanted to opt their child out could not because the system said either they were not the parents or the child did not exist or had been registered to someone else! Another issue was that one woman on checking her records found she had apparently visit GPs in QLD. Since she lived in NSW far from the border and did not know these QLD doctors nor had ever visited a GP in QLD, she could not understand why they were on her record.

    If they can't get the basics right what hope is there? I opted out on Monday as soon as I could and before the system collapsed under the weight of the hoards trying to do the same!
    Rosret
    20th Jul 2018
    8:15pm
    It could be data entry error or medicare theft. All they need is one incorrect blood type entry and the deaths begin.
    It is such a huge issue on both privacy, security and accuracy.

    Is there any department or body that is overseeing our Privacy Laws. Should we be writing to the Governor General? This is so much worse than dual citizenship.
    Richied
    20th Jul 2018
    10:02pm
    It would be a failure of proper healthcare process if there was a death because of an incorrect blood type recorded in this system.

    Proper healthcare process dictates that blood type is confirmed (through a blood test) each and every time there is a need for a blood transfusion. There is no reliance on a record of blood type.
    Richied
    20th Jul 2018
    10:14pm
    Parents can only opt out their children if those children are registered on the parent's Medicare card. There have been no refusals where the child was on the parent's card.
    Rosret
    20th Jul 2018
    10:23pm
    Richied once you have opted in you can't opt out. That means any parent who decides on the behalf of the child to opt in has denied their child their right to medical privacy for their entire life plus 30 years.

    Re blood type - its good to know - someone told me it was because when they are in a hurry in emergency they will give type O which is in short supply. It is reassuring to know full checks will still be the procedure.
    Richied
    20th Jul 2018
    10:34pm
    Yes, in an emergency they give type O because whatever your blood type you won't die from type O (you won't feel great but you'll still be alive).

    I believe there is a mechanism for kids to opt out once they become of-age if their parents opted them in. I'll check and get back to you.
    Richied
    20th Jul 2018
    10:41pm
    Have just checked. Anyone (not just children) can cancel their MyHealthRecord at any time in the future.

    When you cancel, your data is effectively quarantined and cannot be accessed individually by anyone. The data will still be there in an anonymised form (ie. Personal identifying data is removed) so it can still be used for analytical or statistical purposes.
    Rosret
    21st Jul 2018
    11:53am
    Richied when I phoned i was told that once you have opted in you cannot opt out. You can "delete " your records however they are merely hidden and will remain on the database util 30 years past the individual death. That means every time a person goes to the doctor they will have to go to Myhealthrecord and "hide" the information.

    You have indicated you are in security. Its not the system that is insecure it the people using it 900 000 people will have access including Law enforcement without a warrant. This is a quantum shift from the privacy of the doctor/patient relationship that many people desire.

    The children don't have any rights or any privacy. So teenage girls in particular will have the clock turned back to the 1960s where they will be afraid to go to the doctor because their parents will know. After all, updates go straight to the parents phone!

    Children, women in culturally submissive relationships and people with mental illnesses or have any societal morale treatments will be at risk.

    What all Australians now need is individual medicare cards for everyone and not linked by family. Parents should not be able to access children's records.

    Every Australian Medicare holder should be notified by mail and given the opportunity to opt in or out either by mail, phone or the web. Just like a YES /NO Constitutional amendment the for and against should be stated clearly. This is an enormous shift, in power, knowledge, legal ramifications, privacy, security and safety and the public have the right to know the risk and benefit.

    If you are in IT security I know you are aware of the breach of privacy that is transpiring. I know you know that the user is the weakest link.

    While I was told that the software is as safe as bank software then I would argue with you that the bank software is no longer safe. It used to be on a dedicated phone line with all pin numbers and account details in a secure building. Now we throw account numbers and passwords over the NBN to access our banking details as though no one is watching. Good grief.

    If you have anything to do with this then fix it. Please!
    Richied
    20th Jul 2018
    9:33pm
    There's a surprising number of ill-informed or inaccurate comments here.

    1. The government did learn lessons from other jurisdictions.
    2. Security is the paramount building block of this system.
    3. There are many security settings the user can set to restrict or allow access, including ability to exclude your record in any data analysis activity.
    4. Data won't be sold to, nor is it accessible (even with default access) by any company.
    5. You can apply setting that allows a 'custodian' (eg. Your partner) to access your information - useful if you become incapacitated.

    Yes I have. MyHealthRecord - the information in there is useful to me (I can see all my past doctor appointments, and prescriptions). My doctor currently does not load my records into the system, so i can't yet see pathology results etc - that will be useful to let me see trends in results (eg. Is my cholesterol rising over many visits).

    I'd be more worried about the data FlyBuys has on me (stores offshore and sells). Noone needs to know how much chocolate I buy !
    MICK
    21st Jul 2018
    8:39am
    Good luck to you Richied. Like many others we choose not to be on this database. There is not need of it for us.
    KSS
    21st Jul 2018
    11:33am
    So Richied, what lessons have they learned from the hacking of the Singapore health records where even the details of the Prime Minister were stolen? And this happened just this week!
    Rosret
    21st Jul 2018
    12:02pm
    Richied - people can choose to have Flybuys - I choose not to for the very reason you just stated. But at least I would get a discount on chocolate and a whole heap of ads selling me more chocolate.

    I am am willing to bet we will get more phone calls saying, you need this check or that check. I am so over big brother send me medical reminders. - and I am very happy to see ads for chocolate but i am over some lady wanting to poke her pooh with a stick.

    I am however grateful you have come on line with educated and informed knowledge of the system and that is appreciated.

    Any thoughts on borrowed medicare cards, dark web medicare card theft. It is and will continue to happen like any crime. Medical data theft is 5th most common crime.
    Rose
    21st Jul 2018
    11:24am
    Richied - thanks for your posts on this topic. Your informed input is really appreciated.
    KSS
    21st Jul 2018
    8:11pm
    Look what happened to the UK care.data by the same architect of My health:

    https://www.msn.com/en-au/news/australia/%E2%80%98no-one-who-uses-a-public-service-should-be-allowed-to-opt-out%E2%80%99-my-health-record-head/ar-AAAdO4g?ocid=NL_ENAU_A2_20180720_4
    Rosret
    21st Jul 2018
    9:25pm
    This is a report from 2016 on our system. Apparently doctors are given incentives for signing patients up onto the system.
    http://medicalrepublic.com.au/state-play-health-record-trials-faring/4895
    KSS
    22nd Jul 2018
    8:46pm
    That was before it was changed to be opt out Rosret. First it was voluntary on the GP. They refused on security of information grounds. Then the Government offered financial incentives and still the doctors refused - or at least most of them. Now it is opt out and the responsibility of the patient to do so. Doctors no longer get the inducement since it is no longer necessary!
    musicveg
    21st Jul 2018
    10:48pm
    Yes, I opted out, not taking any risks, and I do not like being forced to use something, it should have stayed as an opt in option. I see no benefits to me, I have not seen a doctor for 7 years and then they could not help me, I got well myself.
    Suze
    22nd Jul 2018
    4:53pm
    Totally agree musicveg
    It should be an opt in option.
    CathinHobart
    22nd Jul 2018
    9:13am
    I just tried to opt out of MyHealth online (six days after the system launched and crashed). Initially got a confirmation on screen that opt out was successful. Then another pop up to say that transaction could not be processed with advice to call the hotline. Another rubbish IT system like the census crash. They can’t even get this right.
    Rosret
    22nd Jul 2018
    5:20pm
    I needed to phone also. I was angry at being asked for my drivers licence online. They don't seem to care about our privacy and security at all.
    Reagan
    22nd Jul 2018
    1:02pm
    The Singapore online system has been hacked millions affected including the prime minister.
    Rosret
    22nd Jul 2018
    5:17pm
    Yep - safe as the people using it.
    Old Geezer
    23rd Jul 2018
    2:48pm
    Just deleted everything off my health record so no one can get hold of it.
    KSS
    24th Jul 2018
    6:19am
    Sorry Old Geyser, you have deleted nothing. All you have done is hidden it. All the information is still there and can still be accessed. Any and all privacy settings can and will be overridden if necessary!

    And if there was an account there to 'delete' you need to make absolutely sure that at every interaction with any health professional they understand you do NOT consent to them uploading the even. And that includes even the script you take to the chemist. Otherwise it will all get uploaded. The onus is now on every single person to be able to evaluate every single interaction and decide whether it should be uploaded at all, uploaded but with certain restrictions on who can view it, or uploaded but hidden from all view. Hardle fair since most people would not be health literate enough to make those decisions or even understand what is important or not.
    Rosret
    24th Jul 2018
    8:54am
    I am not sure if anyone reads these after the day they have been posted however I would like to include this file from the government in 2015 before we knew what was going on.

    The cost to the public is now $100 000 per person. If you were given the option of a gift of $100 000 or a government health record which would it be. Remember for a family of 4 that's $400000 or a home fully paid. No one in Australia would be homeless.

    This is the transcript:
    Personal Submission in response to the Electronic Health Records and Healthcare Identifiers:
    Legislation Discussion Paper
    24 June 2015

    ehealth.legislation@health.gov.au
    Introduction
    The Australian Government is proposing changes to the personally controlled electronic health record (PCEHR) system and the Healthcare Identifiers (HI) Service to:
    • increase the number of individuals and healthcare providers participating in the PCEHR system,
    • increase the clinical utility of the PCEHR system to support meaningful use by healthcare providers, and
    • improve the overall operation of the PCEHR system and HI Service, and eHealth more generally.
    The PCEHR is a national system for providing access to individuals’ key health information, intended to:
    • help overcome the fragmentation of health information in Australia;
    • improve the availability and quality of health information;
    • reduce the occurrence of adverse medical events and the duplication of treatment; and
    • improve the coordination and quality of healthcare provided to individuals by different healthcare providers.

    Most Australian's believe that there should be a system of shared electronic health records in Australia. There is an underlying assumption that they could help improve healthcare, but many consumers believe that there are some important issues to be addressed, most notably around their usefulness and around privacy and access control.
    Having an eHealth record can make getting the right treatment faster, safer and easier:
    ? faster - because doctors and nurses and other healthcare providers will not have to spend time searching for past treatment information;
    ? safer - because authorised healthcare providers can view your important healthcare information, including any allergies and vaccinations and the treatment you have received; and
    ? easier - because you will not have to remember the results of tests you have had, or all the medications you have been prescribed.

    If the PCEHR and HI were suitably aligned with the aged care central client record, that would assist in sharing suitable information between aged care and other health settings. This would significantly improve continuity of care for residents and outcomes for clients.
    Having worked in the area of health for over a decade I am committed to seeing ehealth reform work. This does not simply mean the economic benefits of $AUD7Billion savings annually which have been suggested. More importantly there will be better health outcomes and individuals will have more autonomy over their lives and health. The PCEHR Review supports returning to the decentralised architecture for ehealth which has been supported by the National Health and Hospital Reform Commission, which means it supports an ecosystem of different technologies with dedicated purposes which are interconnected.
    Once the eHealth ecosystems are working and Australians are fully educated about the pros and cons of the system we will have meaningful use that provides clinicians, patients and all Australians with benefits.
    ISSUES FOR CONSIDERATION
    To Opt in or to Opt Out
    “EHealth is a complex infrastructure project that requires a fundamental change in consumer and business practice as well as a cultural shift in both professional and consumer behaviour…..In such a project, implementation is key. I want to make sure we bring consumers with us in the eHealth journey by adopting an “opt in” model – allowing them to choose when to sign on. I believe that the benefits of giving the Australian public the choice as to whether they participate will be key to the successful implementation. I think moving to an “opt out” position would be a serious mistake.”
    The Hon Nicola Roxon MP, Minister for Health and Ageing, Address to the Consumer Health Forum, Canberra. 14 September, 2011.
    • The PCEHR Act 2012 (Cth) became law on 26 June 2012
    • The assurance that “… Government is not going to build a massive data repository. We don’t believe it would deliver any additional benefits to clinicians or patients – and it creates unnecessary risks” (Ministers own bold type) appears to have been forgotten. A massive data repository has been built.
    • The Opt In model was adopted and $50 Million AUD was spent on Medicare Locals to assist them with engaging consumers.
    • The Medicare Local Review was released which impacts on the PCEHR implementation.
    • The cost of the PCEHR Project blew out from $467 Million AUD to $1 Billion AUD.
    • The lack of consumer and clinician engagement resulted in the current Health Minister stating in Parliament in 2013 that the cost was equivalent to over $100,000.00 for each person enrolled in the system.
    • Minister Dutton called for a review of the PCEHR in November 2013.
    • The PCEHR Review contained 38 recommendations, including one to convert the opt in system to an opt out system.
    • The Clinical Document Architecture, known as CDA which is used by the PCEHR has been found to be flawed with security risks.
    • The security flaw in the myGov website potentially opened health information held in the PCEHR to malicious attacks.
    • The clinicians and consumers have not been given a business case for using the PCEHR and remain confused.
    • Clinicians having to renew PCEHR security tokens by fax has been criticised as it is not very efficient or modern.
    • It is suggested in the PCEHR Review that the name of the system be changed from the PCEHR to” My Health Record”. This would not normally rate a mention, but the fact that the concept has been given 5 names to date, suggest confusion not only about what it is, but what to call it.
    When a system works well, and people who benefit from using it would know about it and any risks, then opt out is clearly a good option to maximise the benefits for the community.
    We all know that “The most effective way of controlling information about oneself is not to share it in the first place.”
    We also all know that most people are naturally lazy, and the statistics for organ donation demonstrate that clearly. However in health, where sharing of information and co-ordination of that information is critically important for the best outcomes, trust is the foundation. Earning the trust of patients is the difference between empowering individuals with knowledge, and saving or improving lives or not. Sharing clinical information in a privacy compliant way is worth getting right, and informing consumers and respecting their trust are the first steps.
    The benefits of sharing health information, when it is done well, are compelling it is also one of the hardest areas to get right. It involves politics (funding issues between states and commonwealth, enabling individuals and doing as much as necessary), technology (a world of architecture and acronyms), ethics, clinical support and patience. Underlying everything that we do in eHealth is the concept of “….abstain from doing harm” . A system which is accessible by a consumer who is not aware of what kind of information the PCEHR holds, or what it means could result in harm. The sharing of certain sensitive information has resulted in depression, embarrassment and suicide.

    The overseas experience
    Evidence is accumulating from overseas experiences of the benefits that can accrue from Shared Electronic Health Records. But they appear to be predominantly based upon opt-out approaches. An EHR is generated and made available to clinicians, while the onus is put on the individual to opt-out if they so choose.
    In the NHS in England, by March 2011 nearly six million Summary Care Records had been created. Around 30 million people had been sent a letter with an opt out form to complete and return in a pre-paid envelope if they wished to make that choice. By the end of March 2011, only 1.16% had chosen to opt-out.
    Elsewhere in Canada and Denmark, a similar choice has been given to the consumer, in effect to opt-out in a variety of ways. The predominant theme is to create the EHR as a record of a patient's medical information for use by clinicians, and then leave it to the discretion of the consumer to access it if they wish, or opt out.
    Singapore's recently developed EHR functions as a national summary record of each patient's medical information for use by clinicians. It is not personally controlled, and once a patient visits a hospital or doctor for a consultation, the principle of implied consent enables access to the EHR by clinicians. Access by the consumer is not yet planned.
    Some realities and conclusions
    Placing the onus on the consumer to opt in and register for a PCEHR disadvantages and puts at risk those consumers who would most benefit from a PCEHR.
    Under an opt-in model, any number of consumers will not register for a variety of reasons such as: a lack of understanding; cultural and language barriers; mental incapacity; physical disability; too young an age to exercise the right; remote access; negative advice; and many others reasons including apathy and inertia.
    Those who are sick will not want to be confronted by a doctor saying: "We do not have access to your health record. When did you last see a doctor? Are you taking medication?"
    Clearly the lives of patients who have not opted-in, even in cases not at first deemed to be an emergency, will sometimes be put at risk by the exclusion of the PCEHR's medical information. In emergency care a patient's medical information being accessible online is critical, and in a trauma case such information in the first hour has been described as pure gold. A lack of a PCEHR, even in routine treatments and procedures, in a percentage of cases will lead to avoidable incidents.
    Patient information within a PCEHR should be available automatically for every health consumer by approved treating clinicians, just as it is within existing EMR systems. If not, the PCEHR will lack credibility and adoption by both patients and clinicians and be in danger of becoming a white elephant. And of course the opportunity for a consumer to opt-out, should be subject to a rigorous application process, overseen and assessed against specified criteria by an independent quasi judicial body. To opt-out should not be an easy option.
    Once the PCEHR is available, we should adopt an opt-out model, and ensure we 'first do no harm'. The PCEHR has the potential to provide patient medical information any time, anywhere, for any health consumer, and assist the treating clinician(s) at the point of care, wherever that may be.
    Including aged care
    A review of the Healthcare Identifiers recommended that the scope of the use and disclosure of healthcare identifiers make clear that it includes aged care and disability programs.
    To give effect to the HI Review recommendation and consistent with the ALRC recommendation, the definition of “healthcare” in both the HI Act and the PCEHR Act is proposed to be amended to cover “health-related” disability, palliative care or aged care services.
    I am unsure why ‘aged care’ needs to make a specific mention. Ageing is a part of the life continuum and a customer could be ‘any age’. The PCEHR should not discriminate on age, medical condition, geography etc.
    Expanding identifying information
    It is intended that regulations be made that would prescribe the following information as identifying information:
    • a mobile telephone number and email address – this would allow the System Operator to collect and use this information to notify individuals of access to their PCEHR or other matters by email or SMS, rather than by post, in accordance with the individual’s preferences;
    • the status of an individual’s healthcare identifier (IHI) – this would improve the ability of the HI Service Operator to manage an individual’s choice to opt-out;
    • the unique reference number of the individual’s driver licence, passport or Immicard, and the type of credential (driver licence, passport or Immicard) – this would allow the PCEHR System Operator to collect this information, and disclose it to the Document Verification Service, in order to verify the identity of an individual who chooses to opt-out. The System Operator will not store this information once it has been used to verify the individual’s identity.
    This seems logical and rational and I cannot see any issues with these proposed changes.

    Review
    Two years after the proposed changes to the HI Act and PCEHR Act are made, it is proposed that an independent review be conducted to ascertain whether the changes have achieved the desired results and to identify whether there are any other issues that need to be addressed.
    Review is a necessary component of the deployment of any change and would be highly recommended in a change the scale of this.
    Name change
    It is proposed to change the name of the PCEHR to the My Health Record.
    This change makes sense as it is simpler and is consistent with other Government services such as My Aged Care.

    Consumers' Aspirations
    I think it is important to reiterate some of the widely held and agreed consumer views on the pcehr.

    PCEHR Content and Functionality

    The primary aim of the PCEHR must be to improve the healthcare of individual patents that choose to participate in the scheme. Consumers' requirements and expectations vary, so the system must support considerable diversity and be relevant to individuals conditions and needs. There is a particular need to support those consumers with chronic conditions and complex conditions (co-morbidities), where better sharing of information can reap substantial benefits.

    Categories of content that might reasonably be expected to be supported include:-

    • data relevant to emergency treatment
    • important encounters
    • important episodes
    • medication history
    • adverse reactions and allergies
    • history of problems
    • history of interventions
    • history of tests
    • history of test results
    • immunisation history
    • referrals and discharge summaries
    • special alerts (e.g. epileptic, pacemaker, unstable diabetic, haemophiliac)

    Additional functions that should be supported by the PCEHR system infrastructure:-

    • care planning, particularly for chronic conditions
    • appointments schedule / scheduling
    • clinical content tailored to individuals' needs
    • coupling to online knowledgebase
    • special authorisation and access controls for specific conditions

    PCEHR access for healthcare providers
    The PCEHR should aim to improve healthcare. This is best achieved through giving healthcare providers appropriate, controlled, but easy access to the EHR, through integration with their clinical systems. To be effective for clinicians, data quality is essential, and systems should ensure:-

    • accuracy
    • precision
    • timeliness
    • comprehensiveness

    There is also a need to ensure adequate accessibility for rural and remote providers, who may currently only have narrowband connections.

    Facilitation of EHR Access by Healthcare Providers

    For patents that want it, the PCEHR should facilitate controlled and as-needed linkage to EHR data stored in healthcare provider's databases, in order for each relevant healthcare provider to view comprehensive longitudinal, i.e. lifetime, information for that patent. Examples include:-
    Capability of individual healthcare providers to gain access to all relevant information
    • Support for trend processing – e.g. HbA1c levels; Prostate-Specific Antigen markers
    • Controlled and protected access for research
    • Support for location information – where in the world a condition or treatment occurred
    • Special forms of aggregation – e.g. accumulated radiation dose from CT scans

    PCEHR Access for Patients

    Each consumers' own access to their PCEHR needs to reflect the diversity of consumers' wishes and abilities in such areas as willingness and capability to use online facilities, and altitudes to privacy and confidentiality.

    Consumer access to the PCEHR:

    • online, by themselves
    • online, by agents such as carers and healthcare providers
    • of-line, via download, or printing when visiting a healthcare provider
    • full access, where appropriate mediated by a professional with appropriate qualifications

    Consumer updating of the PCEHR:

    • online, by themselves
    • online, by agents such as carers and healthcare providers
    • future support for online upload from home monitoring devices
    • ability to have data amended or to have additional information associated with entries

    Support for Consumers

    The PCEHR must help consumers who want to be active in the management of their own health, particularly those with chronic conditions, in order to fill gaps in their care that currently make healthcare suboptimal for consumers.

    • Help in the reduction of the incidence of unnecessary tests
    • Save having to repeat basic information at each first encounter with a new provider
    • Assistance to patents in weighing up the pros and cons of treatments being offered or advised, through the provision of links to appropriate information, such as:
    o medication instructions
    o interpretation of results
    o known side-effects of tests and treatments
    • typical outcomes of treatments
    • Provision of links to assist in the assessment of costs, including out-of-pocket costs for diagnostic tests and treatments

    Support for Diverse Categories of Consumers

    The interests of consumers, and their needs from the PCEHR and eHealth more generally, varies considerably depending on the particular category or categories that the individual patent belongs to. Consumer e-Health Alliance (CeHA) 2 15 February 2011

    The highest priority in the PCEHR's design should focus on patents with:

    • chronic conditions
    • complex conditions (comorbidities)
    • high-dependency aged
    • the aged more generally

    Different considerations arise in respect of the following categories:

    • acute conditions
    • remote patents (and in many cases also rural patents)
    • itinerants (which encompasses 'grey nomads', 'travelling salesmen', aboriginals living a traditional lifestyle, 'fruit-pickers', vagrants and 'street kids')
    • families
    • adolescents (i.e. people in transition from childhood to adulthood)
    • those with culturally-sensitive condition’s (which encompasses sexually-transmitted diseases, gynaecological conditions, and mental health; conditions of especial concern within particular ethnic, lingual and religious cultures; conditions of especial concern to particular individuals (whether rationally or otherwise) e.g. diabetes, leprosy, glandular fever, etc.) Consumer e-Health Alliance (CeHA) 3 15 February 2011

    Consumers' Issues
    Trust
    The usefulness of a PCEHR system is critically dependent on the trust placed in the system and system management by its participants, be they consumers, healthcare providers, researchers, funders. Examples of trust include:

    • trust in the accuracy of information
    • trust in the completeness of information
    • trust in the currency of information
    • trust that there are/will be appropriate privacy and security safeguards
    • trust that the system will be used efficiently and effectively
    • trust that the system will continue to evolve and improve
    • trust that perceived deficiencies, inaccuracies, etc. will be addressed
    • trust that information will not be misused
    • trust in the reliability of access – can consumers and providers access when and where they need to?

    Trust is hard to create, but easy to destroy. It is critical that stakeholders' issues be addressed from the outset, and continue to be addressed throughout the life of the PCEHR.

    Information privacy, security, confidentiality

    Strict controls of the PCEHR are required to prevent unauthorised access by government agents, insurance companies, employers, etc. Yet these controls should not inhibit the “legitimate” access to information as determined by agreement between consumers and providers of the information.

    Support the diversity of consumer conditions and consumer accessibility Constraints
    • different conditions require different information to be stored in the PCEHR. A “standard” set of data will disenfranchise those with “non-standard” conditions.
    • Some consumers want to be very active in managing their clinical information, others may not be.
    • There is often a mismatch between clinicians' levels of trust in their patents' abilities to manage information and their patents' actual abilities.
    • Consumers vary considerably in their health literacy. Will the PCEHR cater for this diversity?
    • Some consumers are better able to manage their medical information than their healthcare providers.
    • Some consumers will have and will continue to have considerable difficulty accessing and or controlling access to a PCEHR (e.g no internet connection, poor computer skills, mental impairment).
    • How will child access be handled? Will parents control young children’s' access?
    • How will children's private interests be secure from parents? Of particular concern to teenagers.
    • How can the PCEHR best serve the interests of those not computer literate and those with poor accessibility options. We don't wish to exacerbate the digital divide. This particularly applies to the very ill and the elderly – those for whom a PCEHR should particularly aim to help.

    Mechanisms to make information available for research without compromising patient confidentiality
    Many, but not all consumers, are prepared and willing to provide information for medical research. Two mechanisms that could be managed under the PCEHR authorisation infrastructure are:-

    • consent to use de-identified data
    • establishment of a registry for donated information. Many Australians are prepared to donate organs or tissues for other individuals or for research. A similar, dedicated facility could be established for health information, provided that it supports an acceptable and workable regime of controls on how information is to be shared with research organisations.

    Governance
    Up until now, the track record on governance arrangements for the PCEHR and e-health more broadly has been to closed to the broader community, particularly consumers. Consumers want and expect stakeholders to be engaged in a collaborative process that determines the best governance and management regime for each aspect and phase of e-health developments. Governance partners should include representatives of consumers, government, healthcare providers, and the health IT industry.

    Consumers want any PCEHR development to be part of a well-articulated and well-accepted national e-health framework. Consumers are concerned to ensure that the all e-health initiatives are founded on appropriate standards, present value for money, build on the lessons learned from local and overseas endeavours, are well managed, and are evaluated for their ability to improve the healthcare provided to all Australians.
    Rosret
    24th Jul 2018
    9:24am
    Sorry that should read $100000 per person enrolled.
    KSS
    26th Jul 2018
    6:55am
    The whole system has been designed around one premise: "people are lazy." Counting on this, and using the UK figures of only 1.16% of 30m people opted out when sent a form to do so (because they were lazy, not because they agreed with the system) our own system was changed to take advantage of this 'laziness'.

    Like not changing insurance (or mortgages, or bank accounts or credit cards.....) we pay the lazy-tax. In this case the 'tax' is potential open slather on your most sensitive information.

    I don't care who knows what brand of toilet paper I buy or that I travel the same route on public transport from home to work everyday; I do care who has access to my medical history.
    GrayComputing
    25th Jul 2018
    9:01am
    I agree everybody should opt out
    There are no 100% secure computer systems in this world, period.
    Anybody who says otherwise are liars or just pig ignorant living in la-la land
    Even the NSA got hacked into from outside the USA.
    100's of millions of our credit cards some with our privacy details are for sale of the black web.
    Every Australian government computer has known and future unknown flaws in both the Intel and AMD chips and their Cisco routers. There are no proven secure OS software Operating systems.
    So I am opting out of this totally insecure scheme!