ADHA admits My Health Record information may not be safe

Experts agree that your My Health Record information may not be safe.

ADHA admits My Health Record information may not be safe

Concerns about the safety of sensitive health data stored in the Government’s My Health Record initiative may be well founded.

“It's impossible to make any online database entirely bullet proof,” admitted the head of the Australian Digital Health Agency (ADHA), Tim Kelsey, in a Q&A published on

The Australian Government’s My Health Record initiative has been under scrutiny for some time, with public fears about personal information being exposed or accessed by insurers, commercial organisations and third parties.

As of today and for the next three months, Australians can opt out of having an online summary of their health information shared by doctors and health professionals, otherwise a record will be automatically created.

While the project aims to give health professional access to important patient information, including test results, scans, treatments and prescriptions, concerns about the safety of our most personal data have not yet truly been addressed.

The good news for those on the paranoid side, you can opt out in one of three ways:

  • online: by visiting visit
  • phone: by calling 1800 723 471
  • on paper: by completing a form available in 2385 rural and remote Australia Post outlets, through 146 Aboriginal Community Controlled Health Organisations and in 136 prisons, then mailing to the return address.

Those who opt out can opt in at any time.

But even for those who opt in initially, there is still a way to control the information processed by doctors. In fact, doctors will upload health information unless you ask them not to.

You can control whether any medical documents, a summary of prescribed medications or referral letters are loaded onto the database. Doctors will upload information about prescribed medications, unless you request otherwise, so if you don’t want this included, make sure you speak with your doctor each time you visit.

However, ‘tailoring’ your medical records could come at the expense of your health, as the quality of the overall health summary could be skewed to leave out important information that may one day save your life. 

When you first access the system, you'll be also asked to decide whether you want two years of Medicare Benefits Schedule, Pharmaceutical Benefits Scheme, Australian Immunisation Register, and Australian Organ Donor Register data added to the register.

But if your doctor accesses your record first, this information will automatically be uploaded, although you can delete or restrict access to those documents at a later date.

My Health Record information will be held for 30 years after you die, or 130 years after your birthdate.

While most Australians know having such a record could be good for their health, it’s the security of this information that concerns them most.

Mr Kelsey told the ABC: “Insurers shouldn't be able to access your record – it's reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.”

However, the Department of Health says My Health information can be used for research and public health purposes, in either a de-identified form or in an identified form, if the use is expressly consented to by the consumer, and users can tick a box to opt out of secondary use.

Secondary users are supposed to be of public benefit and cannot be ‘solely’ commercial, but Australian and some overseas organisations, including pharmaceutical companies, will be able to apply for approved secondary purposes.

The ADHA is also discussing ‘re-platforming’ the system, which will require independent third parties to audit the system’s security and undertake penetration testing.

And any information may also be stored on your doctor’s local hard drive, which could also be susceptible to hacking.

According to Mr Kelsey, if you have privacy concerns, you can log onto My Health Record and restrict who sees it:

  • you can set a Record Access Code and give it only to healthcare professionals you want to access your record
  • if you want to restrict certain documents, you can set a Limited Document Access Code
  • these controls may be overridden in an emergency
  • if a document is removed from the My Health Record system, it's beyond the reach of your access controls.

If anyone accesses your information without authorisation, civil and criminal penalties may apply.

You’ll also be able to check your access history to see who has been looking at your records, and you can set up an SMS alert any time someone accesses your record. To do this, call the ADHA on 1800 723 471.

The ADHA is also required by law to give access to your data to police and law enforcement agencies, if there is a reasonable belief that it's necessary for preventing or investigating a crime or protecting public revenue.

You can opt out of My Health Record from 16 July to 15 October. After 15 October, there will be a one-month reconciliation period before new My Health Records are registered.

Are you worried about your health records being made public? Will you opt out?



    To make a comment, please register or login
    16th Jul 2018
    Read about that this morning. So where are the Privacy Laws which protect crooks when they hide? Surely companies which deal in our data have the same laws applying to them? Jail sentences needed as well as fines which will cripple the business which administers the website holding our records. The silence will be deafening......oh yes, the laws do not apply to business?????
    16th Jul 2018
    Indeed - abuse of access to privileged information handed over in good faith must be punished by draconian fines and even imprisonment for serial offenders.

    It's time business stopped behaving as if it is above the laws of the land, and time for government to stop turning a blind eye.

    16th Jul 2018
    Not concerned about the possibility that someone may hack them - anyone who so desperately needs to hack medical records would be an incredible time waster.

    My concern is where governments view OUR personal data collected without any right of refusal from us, as an 'asset' they can sell off or just hand around to their mates.

    I've said it before and I'll say it again - possession of government data is a sacred duty and there are no outlets for using it as anything other than government data for the purposes for which it is collected.

    I had that argument with D^D years ago when personal data was leaked to interest groups who were stirring up trouble for Veterans - and still do - but there is a tsunami rising against them.
    16th Jul 2018
    Oh - I've noticed that on some of the paperwork from my doctors, it is clearly stated that the information will not go on this record - it seems that some doctors take the view that unless actively asked to put it there, they will not.
    16th Jul 2018
    Doctors have been fighting this for the last couple of years on the grounds that the system cannot guarantee the confidentiality and privacy of the patient's details. The system was opt in when first mooted but so few doctors actually 'opted in' that the Government made it opt out as it is now.

    It is now up to the individual to be aware enough to act. I have and the process is easy enough just need a medicare card and say a driver's licence.

    My concerns are around who else has access. Already there have been applications for access from a range of people/organisations even including insurance companies. I have no faith that my data will be secure.

    16th Jul 2018
    Jeez - surely the free competition market will ensure a fair price and that self-regulation will work a charm...

    (word for today - reguilation - doing the same dirty deed over and over under cover of regulation)
    16th Jul 2018
    Come in spinners..... and after all the government should have no constraints on what it puts forward as policy or in terms of anything, and is not beholden to the peasants who are vassals of the state except at the voting booth...... government must be allowed to govern, right and be given a total mandate to do as it chooses ...... and all those commos out there need to be gathered up and sent to the gulags.....
    20th Jul 2018
    Yes but we may need to take court action to get our share of the loot. Civic action to ensure they pay us for our info coming up.
    16th Jul 2018
    Plus the fact that so often Drs prescribe medications that you are no longer on but NEVE seems to take it OFF the records so if you were to go in the hospital then this Medication may be given to you with devastating effects and you may not be in a fit state to tell them.
    16th Jul 2018
    You are quite right Plan B

    If you are not in a fit state to advise people of your current medication it definitely could have devastating effects.

    Further more, somebody elses medications could accidentally be placed on your list.
    20th Jul 2018
    Ooooh, best to tell your doctor not to keep any records of anything he prescribes, or what illnesses you have had in the past. I mean, why do you think his records are accurate or not subject to hacking?

    I vote for survival and don't mind that the hospital I get taken to in an unconscious state can see that I was vaccinated for small pox in 1953 and had my appendix removed in 1973. I certainly want them to know what medications I'm currently on.

    I'm going with Plan A.
    16th Jul 2018
    I see this proposal of little benefit to my wife and myself so we intend to opt out, I am in my mid 70s so what is the point of only loading up the last two years of Medicare and PBS, what about the 70+ years that went before, there were a few significant medical episodes for us both during that time frame. I can understand that young people could find it beneficial, and it could be a good way to curb drug addict 'doctor shopping', but the integrity of the digital data is of concern.
    16th Jul 2018
    I don't think the government is going to be worried about the pensioner + age group as they know that many will see this for what it is. What they are after is the long term product which includes those under thirty who have become so ue to uing electronic platforms that they don't even think about the bigger implications of privacy and security that are bound up in this action.
    16th Jul 2018
    The ghastly computer and web security status quo:
    1. There are no 100% secure computers in this world at a hardware level.
    2. There is no 100% secure Operating System [OS] software anywhere in this whole world
    So there are no 100% secure Computer systems, period!
    No thanks go to Intel, Microsoft, Apple, Cisco and the NSA and all the intelligence & security apparatus in every country including OZ for weakening our computers and servers and thus breaking our security down even further in the guise of protecting us! Hah!
    My contacts in the SAS have confirmed the above.
    16th Jul 2018
    This is all far too complex. It is up to the agency - My Health Records - to ensure the safety of our information. If my data gets into the wrong hands I know who I will be blaming, and hopefully suing
    16th Jul 2018
    What could possibly go wrong ??!! It's ironic that the Govt. is trying to quietly rush through this monstrous data collection system when the news is almost daily telling us of breaches in security resulting in data on-selling, sharing, hacking etc using information initially given by people in good faith. Remember all the who ha over the Australia Card ? People screamed from the rooftops about the threat to the privacy of the individual that might have represented - this health record data collection is like the Australia Card proposal on steroids and it's being introduced by stealth. It is absolutely certain that some information is going to get into the wrong hands. Why do they need to collect every bit of health data on an individual? I'd be quite happy for my current GP to put a summary of my health history and a list of present medications into a central data base accessible only to other medical people but not into some Stasi like data bank overseen by Peter Dutton. I'm opting out.
    20th Jul 2018
    It is odd. The wouldn't build a decent internet grid for Australia but want to build these huge data systems.
    It has to be either for surveillance al la Dutton or because someone is getting paid a huge wad of tax dollars.

    Maybe this makes sense when you see a different doctor every time due to the way the system works
    20th Jul 2018
    Quietly rushing through? I opted in 6 years ago.
    16th Jul 2018
    I have not been to a doctor for over 5 years, so wondering if I even have a health record. Sounds like another big brother thing to me, the more they know about us helps them to control us.
    17th Jul 2018
    Just out of interest folks I tried to opt out on the ADHA website last night but despite having current driver's license and Medicare numbers I kept being told that my identity couldn't be verified online so I phoned the 1800 723 471 number and spoke to an operator who tried several times to opt me out with the valid numbers I gave her but she couldn't verify my identity either. She then said I would have to speak to a "Tier 2" operator but suggested I ring back in the morning as all the "Tier 2" people were snowed under with calls. I rang back this morning and was put on hold to speak to a "Tier 2" person but had to give up after waiting for one hour as I had other things I had to do.
    The whole thing reminds me a bit of the online census stuff up and if this is the best the Govt. can do there's no way I would want to leave sensitive information on my health records with them. It is naivety in the extreme to think that this database is going to operate as smoothly as some would like us to believe without an awful lot of teething problems.
    18th Jul 2018
    What a total disaster - just went to the site, completed all info & when done, last line was "only you won't be able to access your medical history!!??"
    18th Jul 2018
    But pretty well anyone else will !!??
    Ted Wards
    20th Jul 2018
    Quite simple, don't go to the doctors. They get you hooked into the medical system and medicine and tests etc when its a fact that up to 80% of testing is not required and people that are on multiple tablets don't need 50% of them. Its all about profit and getting as much money out of you as they can, this is the next step in the continuation of profiting from illness. Privacy is an absolute illusion. That thing your accessing this information on already has all your information.....
    20th Jul 2018
    I agree Ted, medication killed my brother, just kept giving it to him, he was found dead with a big bag of 'medication'.
    "Let food be thy medicine" and exercise of course. The medical establishment has been ripping off people for years and it is time people woke up. My mum goes for check ups with her doctor and each time is offered another test or medication and she just refuses, is on warfin and that is all, 82 and healthy on a mainly plant based diet. Last one was for bowel testing and but did not see the point as she never ever has problems in that area.
    20th Jul 2018
    Don't you love this line.
    Mr Kelsey told the ABC: “Insurers shouldn't be able to access your record – it's reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.”
    What a joke, the Insurers will simply love this system to our detriment.
    21st Jul 2018
    DArn right they will and this Government seems to not know how to keep anything safe or do anything right -- look at the Census
    20th Jul 2018
    I don't believe you can't make it safe. How do Cayman Island Tax Haven accounts maintain security?
    20th Jul 2018
    A few minutes ago I phoned to opt out of this scheme and was told my original opt out from the previous scheme to put medical records online was still valid and covered the My Health Records scheme as well. That was a nice surprise.
    20th Jul 2018
    There is no need for the government take control of our health records, If there has to be a data records is should be trough the medical services you use such as the GP. Anyway computers do crash as what happened with the South Australian trial online health s which has been scrapped by the state minister for Health. Medical staff had to go refer l to old-fashioned hand-written notes. Doctors already have our records on computer. The government just wants to take control of our lives,
    21st Jul 2018
    Dead right KB just BIG Brother getting BIGGER
    21st Jul 2018
    Opted out, quite easy to do, just need your medicare card and license or passport. Or call if you do not have all you need. I don't see any benefits for me and do worry it will get into the wrong hands, even if they catch anyone will be hard to prosecute and what will they get a fine?
    23rd Jul 2018
    For those who are not happy about the 'opt-out' option and the way this has been handled, here is a petition:
    26th Jul 2018
    Believe Hunt at your peril - “ opt out” is meant to catch those who don’t bother to.
    26th Jul 2018
    One of the most undemocratic and ridiculous things the Government has done, with no advertising or letting people know, even IT people are all saying it is insecure and could be used by insurance companies.

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles

    You May Like