My Health record opt-out deadline just a day away

Major legal changes to My Health Record as we close in on opt-out deadline.

health record

The My Health Record (MHR) opt-out deadline – postponed twice in 2018 due to community pressure – is just 24 hours away. But this time around, there is a major difference.

Participants are now able to permanently delete their record if they change their mind and choose to opt out. The rule change, says the Consumers Health Forum, should strengthen public trust in the system.

It was lack of trust and the fear that sensitive data may be hacked or used for purposes other than intended that prompted a major public outcry ahead of the first two opt-out deadlines.

To date, 1.1 million Australians have opted out, with 6.5 million already registered and 17 million poised to be included.

Consumers Health Forum (CHF) chief executive Leanne Wells says: “The Australian Digital Health Agency says that a function has been activated in the My Health Record system that allows a person to permanently delete their record at any time, including any back-ups and that all records previously cancelled will also be permanently deleted from the system.”

She says the CHF accepts that there had been serious concerns about privacy and security issues.

“We believe the changes introduced by the Government should resolve these concerns. The doubts and criticisms about security must be weighed against the long-term benefits of information technology that will bring to healthcare the advances in services and access already taken for granted in other parts of modern life.”

In a further tightening of protocols, insurers and employers have been legally barred from accessing the database, and law enforcement agencies cannot gain access without a warrant or court order. Patients and doctors can also manage and limit the information that is recorded with official guidelines advising that not all information has to be uploaded.

Security concerns are still likely to be the trigger for more Australians opting out, with news yesterday of a major leak of medical records in Singapore. Authorities admitted that confidential medical records of more than 14,000 people with HIV had been released online. Foreigners who have tested positive are not allowed to work in the city.

And while MHR says there have been “no significant breaches of privacy” since it began in 2016, it concedes there have been dozens of minor breaches over the past two years. In 2016-2017, MHR reported 35 data breaches.

The deadline nears as doctors in Australia seek legal advice as to whether they may be held liable for mishaps that occur if patient data has been entered incorrectly.

However, Australian Medical Association (AMA) medical ethics committee chair Chris Moy said doctors would treat the records with “professional scepticism” and expect them to be just as unreliable as hospital discharge notes, “which have a 10 per cent margin of error”.

And reports suggest that it will be at least 12 months before the system is fully operational across Australia, with many hospitals and surgeries requiring major technology upgrades before they can connect to the system.

Fairfax Media reports that one-quarter of hospital beds in Australia are yet to be linked to MHR, and the Victorian health system will not be fully connected until at least 2020.

Steve Hambleton, deputy chair of the MHR expansion committee and a former AMA president told ABC radio yesterday he was confident Australians will see the benefits of the system.

As an example, he says the “summary page” gives health professionals rapid access to medications information – an area of concern with about 230,000 Australians admitted to hospital every year due to “medication misadventure”, according to reports from the Australian Commission on Safety and Quality in Health Care.

Information relating to allergies, current medication, GP and hospital discharge summaries will all be collated in the one place, Mr Hambleton says.

The legislative changes to privacy and security safeguards introduced by the Federal Government late last year include:

  • Cancelled records will be fully deleted from the system and all back-ups. The Australian Digital Health Agency (ADHA) says this feature will be active by 31 January.
  • MHR data can’t be used for insurance or employment purposes.
  • Improved protections for those at risk of domestic violence.
  • Making it clear that the only government agencies that can access the MHR system are the ADHA, the Department of Health and the chief executive of Medicare.
  • Ensuring the system cannot be privatised.
  • Enshrining in legislation the principles and governance structure in the Framework to guide the secondary uses of My Health data.
  • Increasing the penalties incurred for inappropriate or unauthorised use.

Are you reassured by the changes to My Health Record? Are you happy to stay in or will you adopt a wait-and-see approach? Go here to opt out.



    To make a comment, please register or login
    30th Jan 2019
    With this they can cross reference data and work out who are cheating on the disabled pensions, by not seeing doctor or not using medication after saying they did, this government has embarked on a mission to gain as much information on everyone, from little questions on application forms be it phone numbers, ethnicity, etc and this comes from all government departments,,, anyone else notice?
    30th Jan 2019
    Even to Opt out they wanted too much information. - Information that had be given online and didn't work anyway!
    It's called privacy creep. Where more and more data is taken and cross linked.
    Information is power.
    30th Jan 2019
    The truth is that Australians should have NEVER been automatically been in. It should be an 'opt in' system and politicians are flexing their dictatorship muscle by putting this on Australians.
    I opted out. So should you unless you are chronically ill.
    Roy R
    30th Jan 2019
    I wonder how the ADHR will delete all data including "backups". Backups are there to replace lost or damaged data and there should be thould totally separate system of backups that are off site and isolated for emergencies like the destruction of the main storage servers AND thye primary backups. If their back up system is totally secure, I don't see how ALL records can be deleted. If they can, I would like to know how.
    30th Jan 2019
    Of course they won't. It just means it will appear to be deleted because you won't be able to see it.
    It's like FB - nothing is deleted. It is just deleted from view.
    I am waiting for the backlash with collateral damage. Still I guess we are all just sheep and look what they do to them these days.
    30th Jan 2019
    My youngest son is an IT security expert, when My Health record first hit the news we had a look at the web site and he gave it the thumbs up stating that it is far more secure than the current system.
    Early in his career he did IT support and many of his customers were in the medical field and he said that most of them had little or no security, one obstetrician used to carry all his patient info on a laptop which was often left in his car so zero security.
    The new system also notifies you (an option on the web site) when anyone including your GP accesses your records so it's impossible for anyone to access your medical records without you knowing, no such provision with the current system.
    If security of your records is worrying anyone the new system beats the old one by a country mile.
    30th Jan 2019
    I wish commentary would stop posting, "It was lack of trust and the fear that sensitive data may be hacked or used for purposes other than intended that prompted a major public outcry ahead of the first two opt-out deadlines."
    My background is in the IT business. It's not about a secure system its about end users and data accuracy.
    Basically RATS - Relevant, Accurate,Timely, Secure. Can this system offer any of those functions? - The answer is no.
    A health record is not like a bank account. A bank account can indicate transactions in, out and current status etc and we know exactly what is in that account at that time. We do not know what happened to the money once it left the bank.
    Apply that to a health record. We may know what has been prescribed, blood type etc etc from that record. However we do not know what medicines the patient actually ended up taking, whether they have incurred another affliction since the last medical visit etc etc.
    There is a REALLY good chance the data is inaccurate and any assumptions made from an electronic database that is not verified from the primary source WILL lead to deaths in the hospital system. Heaven help the aged.
    30th Jan 2019
    Good points Rosret.
    30th Jan 2019
    "MHR data can’t be used for insurance or employment purposes"

    The legislation allows that MHR data can be used if it was available elsewhere even if it was first actually discovered on MHR. This means that if the MHR was just a repository of all your health data from various sources (oh that's right it is), then someone could search MHR (by obtaining your consent) and then take the information without penalty as it could be shown it was available elsewhere. So all an insurance company really needs is your consent (which they would require to cover you) and then data they could use to deny claims even if it was years old is so easy to find and no penalty, this would be similar for an employer who could then access totally irrelevant or sensitive information.
    30th Jan 2019
    They are already forwarding the data on to medical research facilities without our consent. From that assumptions are being made on postcode, ethnicity etc and then freely post it on to the media. Insurance companies don't need your data they just use THE data and make assumptions.
    30th Jan 2019
    This is covered under Division 3 Section 71 and while it is as always legislatively described you can see the issues and the actual removal of protections.

    "71 Prohibitions and authorisations limited to health information collected by using the My Health Record system

    (1) The prohibitions and authorisations under Divisions 1 and 2 in respect of the collection, use and disclosure of health information included in a healthcare recipient’s My Health Record are limited to the collection, use or disclosure of health information obtained by using the My Health Record system.

    (2) If health information included in a healthcare recipient’s My Health Record can also be obtained by means other than by using the My Health Record system, such a prohibition or authorisation does not apply to health information lawfully obtained by those other means, even if the health information was originally obtained by using the My Health Record system.

    Information stored for more than one purpose

    (3) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

    (a) the health information is stored in a repository operated both for the purposes of the My Health Record system and other purposes; and

    (b) the person lawfully obtained the health information directly from the repository for those other purposes.

    Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be stored in a repository operated by a State or Territory for purposes related to the My Health Record system and other purposes. When lawfully obtained directly from the repository for those other purposes, the prohibitions and authorisations in this Part will not apply.

    Information originally obtained by means of My Health Record system

    (4) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

    (a) the health information was originally obtained by a participant in the My Health Record system by means of the My Health Record system in accordance with this Act; and

    (b) after the health information was so obtained, it was stored in such a way that it could be obtained other than by means of the My Health Record system; and

    (c ) the person subsequently obtained the health information by those other means.

    Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be downloaded into the clinical health records of a healthcare provider and later obtained from those records."
    30th Jan 2019
    Computer system currently not working in South Australia. That includes back up which is outdated. Handwritten notes more reliable.
    30th Jan 2019
    Frankly if I was involved in a situation where I was unconscious and needing medical help I would be very grateful if my medical history was available so that the correct treatment could be administered. Count me in.
    30th Jan 2019
    That is the one and only case where it may help. How many people would that apply to? However anyone with a pre existing condition should wear an alert.
    2nd Feb 2019
    I'm with you inextratime, if I'm ever wheeled into Emergency I want my records to be available to the medical staff, the benefits far outweigh any likelihood of data "breaches". and at our age, who gives a rats!
    30th Jan 2019
    I have to admit I know very little about how information is stored on these systems, but I see here comments regarding accuracy of information that might be on your record, and how that information might be used in a detrimental way, so firstly I am assuming that the information on your record is put on initially by your medical professional, isn’t that the same information that used to be hand written on your records and will now be electronically recorded on your records, if that’s the case then I am not sure what the concern is, mistakes can be made in both instances. Regarding health conditions being recorded and things like travel insurance might be affected, I know after I had a heart attack I had to notify my travel insurance provider that I had pre existing conditions, which they assessed and I had to pay a premium to be covered. I am not sure if the things I have mentioned above are the things that others are concerned about, or is there something different I should be concerned about, my thoughts so far is that it could be helpful if you are moving to a different town or state and your medical information is immediately available. I might be missing the point of people’s concern.
    30th Jan 2019
    You're correct Jim, there's no problems with this record. Just a lot of crazy old people who don't trust anyone or anything to do with computers and data storage.

    I've read this perceived issue with insurance, about how the insurance company will charge you more because you have health issue A. But exactly as you say you are meant to disclose everything to them when applying for insurance, if people are not doing this and they have to make a claim they may well fall on their arses if the insurance company finds they had a pre-existing condition.

    I think MHR is a great idea, it will take time to mature as more and more information is added and in he long term a valuable resource for the medical professions.
    30th Jan 2019
    Greg one crazy old person went to the doctor and had a long list of drugs she was supposed to have been prescribed on the doctor's file. Someone else's scripts had been put on her file!
    Another old lady had a set of scripts on file that had been reassessed and modified but not altered on the file. The old scripts caused hallucinations.
    So if your only defence is attack the person and not the ball then I suggest you buckle your seat belt for the fallout.
    I will be very interested in the first malpractice case. Who will be responsible for incorrect data? The GP, the hospital, the Database developers or the patient. I bet it's the later.
    30th Jan 2019
    Rosret, in the examples above how was someone else’s scripts put on the file, was it manual or electronic and could this mistake have happened either way, and the other incident where a person’s scripts had been reassessed but not changed on their file, was this manual or electronic again either way it’s possible the mistake could be made, if the mistake was manual it could be covered up fairly easily by adding the change after the event, if the mistake was electronic it’s not so easy to cover up because if you tried to change the file it would be picked up by the time stamp on the system, so agree that the possibility of a malpractice case would be far more possible under the new system, but I would have thought catching a doctor that was trying to hide his mistake was preferable to someone getting away with his mistake, what was the old saying, doctors bury their mistakes. I agree that there is always concern when things change, but I am not convinced there is any concern with this change, unless there is something I am not seeing, which of course is a possibility.
    30th Jan 2019
    Jim - yes it could have been either a paper or electronic record. However the difference was the doctor asked the patient and in both cases their records were fixed. I am not opposed to electronic records. I am opposed to free access with any medical practitioner whether it has relevance to the current issue or not.
    I want to be assured the doctor will continue to access the primary source EVERY time. The scariest thing is the assumption the records are correct and current and the medical profession will not do the proper pre checks.
    30th Jan 2019
    Yes I agree, I was considering changing doctors just recently, I thought my current doctor was about to retire, and was hoping that all my medical information would get transferred to the new practise, and I was a little concerned that they wouldn’t get an accurate information transfer.
    31st Jan 2019
    For those of you that are retired...what a pack of whiners. Will you get Life insurance - no. Will you get another job - probably not. Are you intending to lie about something related to your health - probably not. If you have anything to fear if some nasty government officials or business got hold of your precious medical data, even your address or phone number, then opt out. Otherwise who cares. If I’m travelling and suddenly am admitted to hospital then I want them to fix me, by having my details to hand.
    If I was 25 I’d opt out!
    31st Jan 2019
    Why to you surmise it’s only pensioners, if you watch tv at all most of the commentators are suggesting people should opt out, most of my friends are quite happy to remain in for the very reasons you have mentioned, the suspicious mind usually belongs to people that have a better understanding of the electronic media than us older folk.

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles