30 July 2018

Opting out of My Health Records? Here’s what you get with the status quo

MyHealthRecord TheHill

Australians have just under three months to decide whether they want a My Health Record, which would allow the various health professionals who look after them to access and share their health information. From October 15, those who haven’t opted in or out will have a record automatically generated.

In emergency situations, access to information from My Health Records about allergies, medicines and health conditions can save lives. Day to day, it will provide benefits such as reminding us when we last had a tetanus shot, or allowing a back-up GP to access the results of a recent blood test so we don’t need another.

Efficiencies generated by My Health Records, including reduced duplication of tests, are projected to save more than A$300 million over three years.

Most arguments for opting out revolve around the security of health data in centralised record systems. But if you’re opting out of My Health Records, you’re opting in to “business as usual”. So it’s important to know what the current system looks like.

As you read this, reams of medical data are being sent between health professionals in the mail, through conversations (on the phone or in person), and in small pockets of secure messaging. This includes emails, text messages and faxes.

In 2016, the Royal Australian College of General Practitioners recommended ceasing the use of fax machines within three years, noting that slow communication between health providers could result in significant medical errors.

Tragically, ten months earlier, Victorian man Mettaloka Halwala died after his cancer test results showing signs of potentially fatal lung toxicity were faxed to the wrong number.

This underlines the limitations of paper records as a method of storing and communicating medical information. There are numerous examples of paper medical files being found in bins and inadequately disposed of, including examples of records being found by complete strangers.

This is in part a function of their enormous physical volume. To give you an idea of the scale, in 2016, the Royal Adelaide Hospital faced the challenge of moving an estimated 400,000 paper records from the previous two years alone to a new site.

Health services and systems have long known the limitations of paper records – which is why you already have several electronic medical records.

When you visit your GP, your consultation data will typically be stored electronically in a GP computer practice system such as Medical Director.

Any prescriptions will be stored on another computer system at your local pharmacy. Data on all dispensing transactions is also sent to higher-level government repositories.

If you are unwell enough to need a visit to hospital, more of your health data will be stored in another separate hospital system. This system may be mainly paper, fully electronic, or somewhere in the middle, which is the situation for most hospitals across most of Australia. Only three Australian hospitals have highly automated medical records.

In hybrid paper-electronic systems, paper documents may be scanned into your electronic record – creating two copies of the same information and thus doubling the opportunity for data breaches.

Many people would assume that these software systems are in some way compatible. They’re not. There isn’t even one software platform for each of these parts of the health-care system; there are multiple platforms available to GPs, pathology labs, hospitals and other practices.

Your My Health Record will contain summaries and subsets of all these types of data that are critical to your health care – if you maintain the general setting – as well as more detailed sources of the electronic data that already exists today in multiple locations.

Australians are understandably concerned about hackers breaching the government’s aggregated data system. But there is comparatively little concern about their local GP clinic, pharmacy, imaging centre or hospital being hacked. Yet these systems have far less financial investment, no overarching governance authority and, at times, limited IT support.

True, each of these systems contains only a piece of your medical history. This means that if any one of them were to be hacked, you wouldn’t have all of your medical information accessed. But any argument about vulnerabilities in My Health Record data security can be more convincingly made for the present system.

It’s important to have all the facts about the status quo of health records, and what might be lost or gained through My Health Record, before deciding whether to opt in our out. If the considerable investment in My Health Record comes to nothing, the opportunity to address the limitations of the current system will have been lost.

This blog was originally published on The Conversation.

Something to say?

Leave a Reply

10 Comments on "Opting out of My Health Records? Here’s what you get with the status quo"

Notify of
avatar

Sort by:   newest | oldest | most voted
Chris
Guest
Chris
2 months 22 days ago
The issue of hacking becomes significant when data is aggregated in large volumes such as MHR. The Singapore health breach is an example of how this happens. Small data sets have less value on the dark web and while not as protected are of less interest. The issues of MHR are that it is opt out not opt in, there is no communication by the government on this it is happening by stealth, who has access to the data and what are the permitted purposes? I see the benefits but i don’t see the risk management plan to protect highly… Read more »
Michael Gliksman
Guest
2 months 23 days ago

In opting-out, as I have done, I am not opting-in to “business as usual” so much as I am trying to send a clear message to our mendacious politicians that my health records should be used *only* for legitimate medical purposes of which I approve, unless a court order says otherwise. While the risk is that our tin-eared politicians will not hear, it is a risk worth taking.

Steve Hambleton
Guest
2 months 23 days ago

ADHA will not release any information unless it’s for legitimate medical purposes without a court order.

Michael Gliksman
Guest
2 months 22 days ago

Hi Steve. Please advise on the definition of: “legitimate medical purposes” in the Act. As far as I am aware there isn’t one and a major concern is that a commercial entity such as a health &/or accident insurer could satisfy the Agency their purpose was ‘legitimate’. As legislation takes precedence over an agency’s operating policy, and that policy can be ignored or changed at any time, any assurances given otherwise, unless contained in legislation, are worthless.

PRAN LAL
Guest
2 months 23 days ago
the biggest problem, as I see it , is the unreliability of the records. At each visit to any health professional, the patient decides whether that contact is recorded to not. Which then leads to the problem of medication interaction s happening at home and the doctor is held responsible for not verifying what the patient is taking. Same is with medical conditions not recorded for the same reason. It can falsely reassure the GP that he has all the information to make a reasonable medical decision. If these records are not there , then it is indeed the GP’s… Read more »
Michael A
Guest
Michael A
2 months 23 days ago

Opting in to business as usual? No you aren’t. You are cautiously and waiting for MyHealthRecord to improve, or a better product to arise, and both are happening. Remember Uber? Look at what Apple, Samsung, Google and Microsoft are doing in the space, let alone the startups.

Christopher Mitchell
Guest
2 months 23 days ago

“As you read this, reams of medical data are being sent between health professionals in the mail, through conversations (on the phone or in person), and in small pockets of secure messaging. This includes emails, text messages and faxes.”

“Tragically, ten months earlier, Victorian man Mettaloka Halwala died after his cancer test results showing signs of potentially fatal lung toxicity were faxed to the wrong number.”

This may be the case however the My Health Record is not intended to replace direct communication and in fact, cannot.

Steve Hambleton
Guest
2 months 23 days ago

Totally agree. Bring on secure messaging. The My Health Record can make it a heck of a lot easier to find information that would benefit the patient that you would not otherwise get though.

Ash
Guest
2 months 22 days ago
We already have Medical Objects. It is a reliable, secure electronic messaging system that most specialists, and many GPs, already use. Giving the example of an erroneously sent fax that led to a patient death is an emotive use of unfortunate rare tragedy. Having an online repository of health information is a goldmine for insurance companies (cf. HealthEngine) and yes, hackers, who know the value of such information, and have the skills/means to obtain it. Community trust in such a project proved to be flawed such as in the UK cannot be assumed. It must be earned. For now, it… Read more »
Chris
Guest
Chris
2 months 22 days ago

So you agree the blig argument is flawed at its core? This does nothing to prevent the issues described.

wpDiscuz