Health Minister Greg Hunt has ordered digital health boss Tim Kelsey to hose down security fears around vulnerable Australians using My Health Record.
“The advice I have is that there are very, very strong protections, but we’re always working with different groups,” the minister said.
“The head of the Digital Health Agency will meet with … those groups and take their concerns very seriously.”
Mr Hunt made the remarks to journalists in Alice Springs yesterday as he confirmed the MHR opt-out period would be extended by a month from the mid-October deadline.
The Medical Republic confirmed today a state-based women’s legal service has been contacted by the ADHA in response to their concerns that the MHR could be used to trace people fleeing domestic violence.
The government has faced a barrage of calls to delay or suspend the opt-out date to allay privacy and security fears and give people more time to make an informed choice about whether or not to opt out of the electronic health record.
The MHR legislation is to be amended at the next sitting of parliament to ensure patient data cannot be released without a court order and people who opt out at any point can have their records deleted.
Mr Hunt said these steps would bring the system into line with existing practice and ADHA policy. He confirmed the agency had not revised its estimate that 90% of Australians would not opt out.
But Dr Bruce Baer Arnold, assistant professor of law at Canberra University and vice chair of the Australian Privacy Foundation, said the fundamental MHR design meant patient data would remain vulnerable to misuse and snooping.
“In terms of improving the system, I think we would want a greater assurance about security at the central level and greater assurance at the patient-consumer level,” he told TMR.
Dr Arnold said the MHR security controls for patients were too complicated and many people appeared to have little awareness of the implications.
The risks of a breach were magnified by the thousands of access points for clinicians, as well as the possibility of unauthorised support staff or others gaining entry to the system, not necessarily with malicious intent.
“If we look at the history of privacy law in Australia, there will be sharing,” he said.
“One way it could be improved is through a public awareness campaign, but that should have happened months ago.”
He likened the agency’s current efforts to “Band-Aids at midnight”.
Dr Arnold said that, to his knowledge, the ADHA had not consulted with privacy groups on their concerns, despite their expertise digital security.
“I think there is value in a national ehealth system, but this one is a mess,” he added.
Next week, Dr Arnold will be among the panellists at the first in a series of webinars to be held by the Consumers Health Forum.
The forum says the public can tune into the interactive webinars to hear key information about “the benefits and risks of My Health Record in the context of their own lives”.
Other panellists at next Wednesday’s event will include RACGP Vice President Dr Charlotte Hespe, Kim Webber, the ADHA’s General Manager of Strategy, and Karen Carey, Chair of the NHMRC Community and Consumer Advisory Group.
“The webinars are mainly targeted at consumers who wish to have access to balanced information about the benefits and risks in order to make an informed choice, as well as the opportunity to ask questions of relevant experts first hand and in real-time,” forum CEO Leanne Wells said.