IT experts warn Australians to abandon My Health Record

Font Size:

Some of the strongest objectors lining up to warn consumers about the risks of keeping a My Health Record (MHR) digital account are professionals with extensive IT experience.

Speaking on ABC Radio National, the former head of the Government’s Digital Transformation Office, Paul Shetler, said that if he was an Australian, he probably would opt out of the system designed to hold and share personal medical information.

“Just because 6 million have signed up for it over the past five years (when it was an opt in platform), doesn’t mean they are using it,” said the current partner in Digital Agency Accelerate HQ.

Mr Shetler said he believed fewer than one per cent of Australians were using it and that most medical practitioners also avoided MHR.

“When this was built, if the designers had asked ‘what are people looking for or what are the user needs?’, perhaps people would have been more willing to sign up and use it,” he said.

“Instead, they spent $2 billion developing a piece of software over a decade, without clearly defining what needs it meets, either for the practitioner or the patient, and as a result you now have to make it mandatory.

“It’s a nice idea that the data is available, that it can alert practitioners about allergies or medical conditions, but not in the way it has been presented.

“In the light of a whole series of tech wrecks, it doesn’t really inspire a lot of confidence,” Mr Shetler said, admitting that MHR could potentially become another tech wreck.

“In the UK, they did something similar (to the MHR platform). It failed and was stopped for very similar reasons. It was also introduced as an opt-out system and people were concerned about the privacy of their data. Ultimately the Government stopped it.”

He said the fact the system had no default security settings and that people had to add them manually was problematic and just one of the flaws.

“The rollout has been significantly flawed. There are a lot of similarities to what happened in the UK. This security model is unsuited for what they are doing here and the way people are being signed up seems to be symptomatic of the way this Government handles IT in these big projects,” Mr Shetler said.

“The fact that your data can be accessed for reasons of public revenue, things which have nothing to do with your health … and all of a sudden you find all these weird loopholes for how data can be shared.

“The digital health agency clearly hasn’t seen what’s worked in other countries … they didn’t learn from the history.”

Meanwhile, Dr David Glance, director of University of Western Australia’s Centre for Software Practice, said the opt-out clause did nothing to allay his fears.

“The move to opt out, in addition to being a major privacy risk for the public, ignores the persistent and significant issues with the implementation of My Health Record,” Dr Glance was reported as saying in The West Australian.

“After all this time and with the billions of dollars of investment, the majority of the records are largely empty and the majority of health professionals in Australia continue to refuse to support the system. This program gives the impression that this is a viable system, but it is not and nor will it ever be.”

Commenting in The Canberra Times, IT professional Judy Bamberger says she has opted out of MHR because no digital platform guarantees 100 per cent security.

“MHR integrates multiple systems and provides multiple access points: patients, doctors, pharmacists, specialists, hospitals,” says Ms Bamberger who claims to have experience in government systems, databases and security.

“System security is only as strong as the weakest link. Health records are gold to hackers; they’re key to identity fraud.

“MHR inter-connects with multiple IT systems for identity verification. I’ve seen no guarantee these databases won’t be correlated for other uses.

“The data can be accessed by various government agencies, based on suspicion, to: detect or prevent crime, ensure ‘the protection of the public revenue’, and more. Currently, doctors can demand a warrant before providing health records; not so with MHR,” she said.

Are you going to opt out of My Health Record? If so, what are your concerns? What would give you more confidence that your health records would be stored securely in the cloud?

Join YourLifeChoices today
and get this free eBook!

By joining YourLifeChoices you consent that you have read and agree to our Terms & Conditions and Privacy Policy


Medicare patient details are available to buy on the ‘darknet’

A popular site for illegal products offers Medicare details for $30.

Software stuff-up exposes your medical records to hackers

A medical software flaw has potentially exposed your medical information to hackers.

Centrelink privacy breach

An official from Centrelink has left behind personal details of 23 clients at a railway station.

Written by Olga Galacho


Total Comments: 51
  1. 0

    To me the benefits of My Health Record (MHR) far outweigh the risks.
    Sure, there are some risks with data security/privacy, but then there are also risks with internet banking, online shopping etc.
    If you are in great health, always see the same doctor and never travel beyond your town, the advantages of MHR are not that great, but if you travel frequently throughout Australia like I do, it’s reassuring to know that your up to date health records can be accessed by any medical practitioners to ensure that they are well informed to give you the best treatment or advice.

    • 0

      Dear David.
      There are no 100% secure computer systems in this world, period.
      Your medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny your claims
      Most people with your response are being misled by the government and thus sadly are ignorant and living in la-la land in the face of massive cyber attacks worldwide
      Even the NSA got hacked into from outside the USA.
      A secure medical bracelet is a safer method.

    • 0

      GrayComputing, I agree that no computer system can be guaranteed to be 100% safe.
      But if that concerns you enough to opt out, then shouldn’t you be equally concerned about the many other computer systems that hold your personal information that you use now?
      If you are that paranoid about data/cyber security, then cancel your credit card, cease internet banking, cease online shopping etc.
      I think that you are living in la-la land to say that internet security concerns you, but do continue to do your banking, shopping and other stuff online.
      A medical bracelet doesn’t have the capacity to store, and equally, it wouldn’t have the ability to access the comprehensive records that doctors, hospitals and specialists have available.
      BTW, in the unlikely event that my medical records were leaked, I assure you it wouldn’t be of any interest to anyone else. If the hacker mistakenly thought it was and said to me “Pay me $X or I’ll publish it”, I wouldn’t even pay them 5 cents.

  2. 0

    I would be a bit wary of accepting this opinion as being that of an expert – he proved himself to be a bit of a wally when at the helm of the DTA, and did not engender a lot of respect from his peers. His comments reflect him having an axe to grind rather than being an expert commentary on whether or not MHR is fit for purpose

    • 0

      Then do some research and make up your own mind. Britain wasted $10 billion pounds on their scheme that is now defunct.

    • 0

      £7.6 billion (not 10 billion).

      And the UK was designed when the internet was in its infancy (we’ve got 10 years experience before our system was designed), and before EU (or indeed any meaningful) digital privacy laws were defined. So it allowed selling of individual non-anonymised data to commercial enterprises.

    • 0

      How is this any safer than 5 years ago?

      Humans if anything have become less careful with their privacy, as you say Flybuys, Facebook, Twitter, Paywave banking etc.

      All I want is everyone to be notified not just the people who happen to be aware of the news and give people the option to have their records deleted on request not just hidden. There should also be a much longer opt out phase (forever). Most people I speak to have no idea that this is happening.

    • 0

      Dear Nig.
      There are no 100% secure computer systems in this world, period.
      Your medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny your claims
      Most people with your response are being misled by the government and thus sadly are ignorant and living in la-la land in the face of massive cyber attacks worldwide

  3. 0

    There are so many reasons why this is a breach of privacy and security. Anyone in the IT business or just with pure common sense will see how flawed this scheme will be.
    As soon as they allowed the individual to access to the content of their records an entire group of people became at risk.
    You can’t opt out once you accidentally, or were deliberately opted in. Your children have no rights whatsoever as the parents will decide! you can delete the records however they will be stored until 30 years after your death!
    Any member of a family who lives in an oppressive or culturally restrictive environment will now not be able to go to the doctor and guarantee the information will be private.
    Anyone who has had their medicare card details stolen “or borrowed” and used will have incorrect data on the database.
    I could go on and on.
    I just wish we could get the word out as so many people just don’t know it is happening.

    Wait until the data is grouped into drug users, smokers, those who have STDs ,those who are obese etc. This wasn’t created for us – it was created to cut down on hospital staff.

    I would rather they used first hand data not third hand out of date information.

    It is so transparently flawed and they haven’t even begun.

    I am searching for the people in power who will take a stand, politically, legally or ethically to get amendments to this scheme before people die.

    • 0

      I’m in the IT industry, and have had significant exposure at technical and executive levels to state and federal government systems, with strong focus on security of personal data.

      Most importantly, no government department stores any personal data offshore – can’t be said most corporations that we seem to have less concern about giving our personal information.

      Government is highly risk averse – default for any system is absolutely no access without authority. And government isn’t in the business of selling data, again unlike corporations.

      The Australian government has analysed the problems other jurisdictions had in implementing this sort of system, and has applied those learnings, making this system highly secure and providing the user with capability to constrain access to data at any time.

      Although I have medical issues I’m not comfortable with people knowing, I’m sufficiently confident as to the security of this system to remain opted in.

    • 0

      Rosret, you are quite correct in your comments.
      Richied, not sure what is your motivation, or maybe it is based on your experience only, whereas I agree with the IT professionals in the article above about the data privacy / hacking concerns. BTW, in this age of Cloud Computing, are you saying Canberra does not use servers in USA? I remember in the IBM Census fiasco they mentioned servers were in USA.
      Reasons why Opt-out should have remained the default:
      a. Govt deciding to share people’s personal health data to a vast number of health professionals without having obtained specific permission for it is BAD legally, and I hope some Legal firm / QC will challenge this massive breach of privacy for those who never exercised their choice.
      b. Data sharing with research bodies, who are mostly funded by Pharmaceutical firms, is also a bad idea – it is only a matter of time till data will get passed on and sold.
      c. Wonder if they are Outsourcing the technology (whether to IBM who stuffed up the Census, or to one of those Indian firms) – only a matter of time till their quality systems fail and data breaches are reported. Let’s now keep a look-out for more scam calls from scammers based on their use of your health data.
      d. Finally, let’s just wait till someone hacks into the database – matter of when, not if. Can they actually stop Putin, or the Chinese? Maybe USA should hire these full-of-themselves “experts” from Canberra!

    • 0

      Hi Richied, you sound a though you are in defence of the system because you have an active role in its creation.
      If this is the case I have some questions for you – I was hoping someone in “the know” would come forward as I would like some amendments to the client user interface.
      So is that you?

    • 0

      PS Richied I am happy to discuss this off the forum feed line.

    • 0

      George since the government outsourced software programming:

      Centrelink – 10% error rate
      Census – no load testing
      NBN – ugh -a still on going nightmare.

      The idea is good, the user interface is flawed.

    • 0

      I totally deny Richie’s claims of how good cyber security is today.

      There are no 100% secure computer systems in this world, period.

      Sadly for Richie his medical problems will be leaked on day and be on sale in the dark web for OZ insurance companies to use and deny his claims

      Most people with your response are being misled by the government well paid IT proponents and thus sadly the public at large is ignorant and living in la-la land in the face of massive cyber attacks worldwide .

      The Cyber Security Emperor is not wearing any clothes (and has never has worn them).

  4. 0

    I tried to get out after the data breach due to apparent on selling of information.
    First thing is I tried to remove myself from the database through the My HealthRecords. That asked for driver’s license and Medicare Card.
    So I logged on to my myGov account and this flicked me back to the same page.
    Third thing I did was to write to the organisation. NO RESPONSE!

    I have serious concerns about providing ANY sensitive information to ANY organisation which makes claims about this being safe when they have passed information onto a third party who has no right to have it.
    If this gets up then don’t be surprised if any manner of business will be able to find out all your personal information for a fee. This is both dangerous (identity fraud) as well as discriminating against some people in our community.
    Last thing is do we not have privacy laws? So WHO decided these should no longer apply? This government? Please explain!

    • 0

      Just asking us to give out drivers licence, date of birth and medicare number on the computer was alarming enough.
      I wondered if it was a phishing site and I had stupidly been scammed. – But no – just the government who has a total disregard for our private data.

      I phoned in and they didn’t ask for my drivers licence at all and asked why I hadn’t used the online website!

    • 0

      I am yet to phone in so glad they did not try it on then as well. I find it the ultimate affront that you will end up on the database unless you unsubscribe and would have thought that one could not be put on a database unless we agreed. Not too difficult to send you an email request (yes/no) or letter. So why has this NOT been done?

    • 0

      Exactly, MICK. They have been going around trying to sign up people in parks and events and now people know what is really going on they can’t opt out. They can only go to set up an account and then delete your records but they are in for life plus 30 years.
      This is far more significant for the younger generation and in particular children and teenagers who have no say – and then their parents can access their records!
      Just watch as they link databases, reducing Centrelink payments to those who didn’t get immunised, reducing Centrelink payments to those who take drugs.

      The Law enforcers no longer need a warrant to access the database.

      This is Australia! I feel like we just stepped into Nazi Germany.

    • 0

      To be clear there has never been a security breach on this system. In the last year there were six data breaches – that’s six records accessed fraudulently (through fraudulent Medicare claims) or incorrect data loaded into records. That’s six out of hundreds of millions of transactions. That’s an incredibly low ‘failure’ rate.

      And those failures are not system failures but mostly wilful actions in the Medicare system (that’s been around for most of my life), not the MyHealthRecord system.

      And these are data breaches, not security breaches. Data is secure.

  5. 0

    I have my own IT expert, my son is a practising IT professional, university degree and all, being paid an obscene salary by a multi-national IT business. His recommendation is to avoid this system at all costs. He tells me that, from what he has read about this system, its so full of holes, any ethical IT business would not consider offering it to a commercial customer in it’s current form. His advice is all I need to confirm my worst fears.

    • 0

      A system that opts you in with no privacy agreement or even your knowledge it is happening.
      A system that will not allow you to opt out if you accidentally, or unwillingly opted in.
      A system where anyone under 18 has no say in their future privacy.
      A system that holds data for 30 years after your death!
      A system that holds information and just hides it even when you request it deleted.
      A system where anyone who has opted out has no access to check whether there is actually no information held on them.
      A system where parents have access to their children (teenage) medical records.
      etc etc

    • 0

      Being an IT professional makes not an expert in security for a particular system.

      I have extensive IT experience with federal and state government security systems and am very confident this is one of the most secure systems around.

  6. 0

    Reports out this week from people who tried to ‘opt out’ included parents of very young children who wanted to opt their child out could not because the system said either they were not the parents or the child did not exist or had been registered to someone else! Another issue was that one woman on checking her records found she had apparently visit GPs in QLD. Since she lived in NSW far from the border and did not know these QLD doctors nor had ever visited a GP in QLD, she could not understand why they were on her record.

    If they can’t get the basics right what hope is there? I opted out on Monday as soon as I could and before the system collapsed under the weight of the hoards trying to do the same!

    • 0

      It could be data entry error or medicare theft. All they need is one incorrect blood type entry and the deaths begin.
      It is such a huge issue on both privacy, security and accuracy.

      Is there any department or body that is overseeing our Privacy Laws. Should we be writing to the Governor General? This is so much worse than dual citizenship.

    • 0

      It would be a failure of proper healthcare process if there was a death because of an incorrect blood type recorded in this system.

      Proper healthcare process dictates that blood type is confirmed (through a blood test) each and every time there is a need for a blood transfusion. There is no reliance on a record of blood type.

    • 0

      Parents can only opt out their children if those children are registered on the parent’s Medicare card. There have been no refusals where the child was on the parent’s card.

    • 0

      Richied once you have opted in you can’t opt out. That means any parent who decides on the behalf of the child to opt in has denied their child their right to medical privacy for their entire life plus 30 years.

      Re blood type – its good to know – someone told me it was because when they are in a hurry in emergency they will give type O which is in short supply. It is reassuring to know full checks will still be the procedure.

    • 0

      Yes, in an emergency they give type O because whatever your blood type you won’t die from type O (you won’t feel great but you’ll still be alive).

      I believe there is a mechanism for kids to opt out once they become of-age if their parents opted them in. I’ll check and get back to you.

    • 0

      Have just checked. Anyone (not just children) can cancel their MyHealthRecord at any time in the future.

      When you cancel, your data is effectively quarantined and cannot be accessed individually by anyone. The data will still be there in an anonymised form (ie. Personal identifying data is removed) so it can still be used for analytical or statistical purposes.

    • 0

      Richied when I phoned i was told that once you have opted in you cannot opt out. You can “delete ” your records however they are merely hidden and will remain on the database util 30 years past the individual death. That means every time a person goes to the doctor they will have to go to Myhealthrecord and “hide” the information.

      You have indicated you are in security. Its not the system that is insecure it the people using it 900 000 people will have access including Law enforcement without a warrant. This is a quantum shift from the privacy of the doctor/patient relationship that many people desire.

      The children don’t have any rights or any privacy. So teenage girls in particular will have the clock turned back to the 1960s where they will be afraid to go to the doctor because their parents will know. After all, updates go straight to the parents phone!

      Children, women in culturally submissive relationships and people with mental illnesses or have any societal morale treatments will be at risk.

      What all Australians now need is individual medicare cards for everyone and not linked by family. Parents should not be able to access children’s records.

      Every Australian Medicare holder should be notified by mail and given the opportunity to opt in or out either by mail, phone or the web. Just like a YES /NO Constitutional amendment the for and against should be stated clearly. This is an enormous shift, in power, knowledge, legal ramifications, privacy, security and safety and the public have the right to know the risk and benefit.

      If you are in IT security I know you are aware of the breach of privacy that is transpiring. I know you know that the user is the weakest link.

      While I was told that the software is as safe as bank software then I would argue with you that the bank software is no longer safe. It used to be on a dedicated phone line with all pin numbers and account details in a secure building. Now we throw account numbers and passwords over the NBN to access our banking details as though no one is watching. Good grief.

      If you have anything to do with this then fix it. Please!

  7. 0

    There’s a surprising number of ill-informed or inaccurate comments here.

    1. The government did learn lessons from other jurisdictions.
    2. Security is the paramount building block of this system.
    3. There are many security settings the user can set to restrict or allow access, including ability to exclude your record in any data analysis activity.
    4. Data won’t be sold to, nor is it accessible (even with default access) by any company.
    5. You can apply setting that allows a ‘custodian’ (eg. Your partner) to access your information – useful if you become incapacitated.

    Yes I have. MyHealthRecord – the information in there is useful to me (I can see all my past doctor appointments, and prescriptions). My doctor currently does not load my records into the system, so i can’t yet see pathology results etc – that will be useful to let me see trends in results (eg. Is my cholesterol rising over many visits).

    I’d be more worried about the data FlyBuys has on me (stores offshore and sells). Noone needs to know how much chocolate I buy !

    • 0

      Good luck to you Richied. Like many others we choose not to be on this database. There is not need of it for us.

    • 0

      So Richied, what lessons have they learned from the hacking of the Singapore health records where even the details of the Prime Minister were stolen? And this happened just this week!

    • 0

      Richied – people can choose to have Flybuys – I choose not to for the very reason you just stated. But at least I would get a discount on chocolate and a whole heap of ads selling me more chocolate.

      I am am willing to bet we will get more phone calls saying, you need this check or that check. I am so over big brother send me medical reminders. – and I am very happy to see ads for chocolate but i am over some lady wanting to poke her pooh with a stick.

      I am however grateful you have come on line with educated and informed knowledge of the system and that is appreciated.

      Any thoughts on borrowed medicare cards, dark web medicare card theft. It is and will continue to happen like any crime. Medical data theft is 5th most common crime.

  8. 0

    Richied – thanks for your posts on this topic. Your informed input is really appreciated.

  9. 0

    Yes, I opted out, not taking any risks, and I do not like being forced to use something, it should have stayed as an opt in option. I see no benefits to me, I have not seen a doctor for 7 years and then they could not help me, I got well myself.

Load More Comments



continue reading

Travel News

Australian government divided on lifting overseas travel ban

The federal government is divided about when international air travel will recommence for Australians, as consumers signal their intent to...


Dietitian reveals the breakfast swaps worth making

If you're looking to live a healthier lifestyle, breakfast is a good place to start. It's the first meal of...

Finance News

COVID driving more older Australians into poverty

Many of us who endured lockdowns in Australia are familiar with the surge in energy bills at home. But for...


Easy ways to make your home feel lighter and brighter

Homes tend to feel pokier the more time you spend in them - and at a time of worldwide claustrophobia,...


Why would people believe 5G causes COVID-19?

A significant number of people are concerned about 5G technology and believe it emits harmful radiation.  That's a rational fear...

Age Pension

Government's 'death tax' talks spark calls for universal basic pension

Federal government talk of scrapping the compulsory super guarantee and implementing a 'death tax' on drawdowns on deceased estates have...

Centrelink – Services Australia

Are legally blind pensioners entitled to more money?

Rob is legally blind and wants to know how this will affect his entitlements. Q. RobHow do I go through...


Mozzies biting? Here's how to choose a repellent - and how to use it

Mozzies biting? Here's how to choose a repellent (and how to use it for the best protection) Shutterstock Cameron Webb,...