My Health Record – resembles a scene from ABC’s Utopia.
The history of the My Health Record reads like an episode or series of the Australian ABC comedy series Utopia, with ministerial changes, project name changes, budget blow-ups, information shared, policies changed to enable new policy and a basic lack care for the public.
So after a decade long project, approximately $2million spent, we’ve altered basic privacy rules to allow an opt out instead of opt in and we have ignored every cyber security risk framework created (if one was created).Oh, and did we mention that this was done in the UK and the backlash was so great they altered it.
My Health Record is an online summary of your key health information. Every Australian will now get a My Health Record. However, if you decide you don’t want a record, you can opt out online, my or over the phone during a three-month period from 16 July to 15 October 2018. Oh, and if you think you don’t have a record already, think again and check, many Australian’s are only just coming to the realisation that they have been added to the My Health Record database.
The concern about privacy infringements is high, and with Australia’s current track record and that of overseas where government policy around data is stricter, concerns remain around the Australian Government’s ability to protect individuals records and retain their privacy.
Legendary Australian comedian and Working Dog founder Rob Sitch talks about his new ABC observational comedy series Utopia, which focuses on bureaucracy and government: https://www.youtube.com/watch?v=-zQApBVYkq8
Here’s the history* of the My Health Record in a nutshell
Ref: July 2018 It’s a Matter of Trust article, Barweb publication – http://medicalrepublic.com.au/mhr-matter-trust/15661
In 2005, the National Electronic Health Transition Authority (NEHTA) was formed. This entity was tasked with implementing the Deloitte eHealth Strategy which had bi-partisan political support and recommended a “middle market approach.” This meant the government would provide the critical infrastructure, like authentication and identification, and industry led solutions would do the rest in a decentralised approach with federated data models, enabling interoperability in a health ecosystem, much the way our telephones currently operate. The Deloitte Report was supported by the National Health & Hospital Commission, which noted the reform “…should not require government involvement with designing, buying or operating IT systems.”
In 2010 at the Revolutionising Australia’s Healthcare eHealth launch, Minister Roxon, promoted digital health but also alluded to the risks to privacy and security, “I can confirm that the Government is not going to build a massive data repository. We don’t believe it would deliver any additional benefits to clinicians or patients – and it creates unnecessary risks.”
In 2011 the government contracted international consulting firm Accenture to build a massive data repository and not the system proposed in the Deloitte Report. Minister Roxon confirmed that in the interests of privacy, the national health record would be opt in. “I want to make sure we bring consumers with us in the eHealth journey by adopting an “opt in” model…allowing them to choose when to sign on. I believe the benefits of giving the Australian public the choice as to whether they participate will be key to the successful implementation. I think moving to an opt out position would be a serious mistake.” Ref: The Hon Nicola Roxon MP Address to the Consumer Health Forum Canberra 14 September 2011
“Opt-in “requires specific consent which is fully informed and freely given (except where otherwise permitted by law). Opt in is one of the 7 foundational principles of Privacy by Design for the implementation of fair information practices originating from former Information and Privacy Commissioner of Canada, Ann Cavoukian, and supported by the Australian Privacy Commissioner as best practice to balance the benefits of innovation and efficiencies whilst protecting personal choice over data flows. There was never any question that health services would be withheld if people determined not opt in, it was not a binary choice of either opt in and be treated – or go without. Opt out is sometimes criticised for catching the unwary, vulnerable or less engaged elements of society or for being a method of implementing otherwise unpopular or unpalatable policies and practices.
The national record, then called the Personally Controlled Electronic Health Record (PCEHR) was launched and ready for use by mid-2012. * Ref: The PCEHR Act 2012 Cth
The costs exceeded the original budget of $466.7M, and are estimated between $1-2B. Similar cost blow outs and disappointments were experienced internationally. Canada had Health Infoway and the NHS in UK spent £10B on a failed national health record. A pattern of massive international IT projects failing in all areas, including health, is evidenced by the 2015 Standish CHAOS Report which conveniently lists 10 critical factors for success, which were arguably absent at the launch of the PCEHR.
In 2013 the new health Minister Dutton criticised the cost of the PCEHR, claiming it was equivalent to a spend of $100K for each person registered,* a significant gap between the $6 billion dollars of savings promised by previous health Minister Plibersek.
The PCEHR Review, (later named the “Royle Review” after its Chair,)* was called and resulted in 38 recommendations. It recommended the renaming of the PCEHR to the MY Health Record (MyHR) and conversion of it from opt in system to opt out. This had support from the peak health bodies and the Consumer Health Forum, constituents of which are essential for the system to operate. The Royle Review also demonstrated support for decentralised digital health, as recommended by the 2012 National Health and Hospital Reform Commission Report. To date this has not been pursued.
In 2016 NEHTA was disbanded, the Australian Digital Health Agency created, and the 2017 Budget allocated $375M for MyHR opt-out implementation. Opt out trials were conducted in the regions of the Blue Mountains and Far North Queensland with the result being 1.9% opted out. The same trend is evident in New Zealand where less than 0.2% of South Islanders are reported to have opted out of their shared care record view since 2012.
The NHS in the UK scrapped its controversial data system after a review raised serious concerns about the program in 2016.
In the UK patients, health practitioners, IT specialists and privacy lawyers alike condemned inadequate governance, misunderstanding of risk and disregard for patient autonomy. The UK belatedly heeded those criticisms, but Australia has not.
Digital Confidence waning
In October 2017, Accenture the firm hired to build the MyHR platform and architecture, confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon’s S3 storage service, contained hundreds of gigabytes of data for the company’s enterprise cloud offering, which the company claims provides support to the majority
of the Fortune 100. The data could be downloaded without a password by anyone who knew the servers’ web addresses.
In May 2018, Family Planning NSW databases containing information from around 8,000 clients was breached.
In July 2018, an authorised APP third party APP provider, HealthEngine revealed a data breach in which 59,600 pieces of patient feedback “may have been improperly accessed”. This was after HealthEngine was reported to be selling patient information to legal firm Slater and Gordon for profit in June 2018.
In July 2018, an NHS data breach has affected 150,000 patients in England, according to the British government. The NHS is blaming a coding error. Data was shared for clinical audits and research on the patients who had opted out of any data information sharing.
This brings us to July 2018, six (6) years since the launch of the MyHR with inadequate responses around privacy and security, a centralised database, mandatory use for the public unless you opt out, and partnerships with APPs that sell your data for revenue to third parties (not for the good of the public).
It’s a scene straight out of Utopia.
Utopia is a Logie Award-winning Australian television comedy series by Working Dog Productions that premiered on the ABC on 13 August 2014. The series follows the working lives of a team in the fictional Nation Building Authority, a newly created government organisation. The Authority is responsible for overseeing major infrastructure projects, from announcement to unveiling.
The advice of Cryptoloc Technology, if you think the benefits of My Health Record outweigh the risk of your data being in the hands of cyber criminals, then be sure to use all of the protection options within your data settings.