25 June 2018

The truth about My Health Record

MyHealthRecord TheHill

From 16 July 2018 for three months, patients and GPs in Australia will be given the opportunity to opt out of the government’s My Health Record system.

Patients and GPs will need full and accurate information about My Health Record and its potential impact on their lives, healthcare and, in the case of GPs, their business practices to decide to opt out, or not. 

At this stage we do not know what information the government will be telling consumers, patients and GPs regarding My Health Record and the opt-out process when the opt-out period commences. 

When that information becomes available, we will need to trust that the government has been open and transparent in informing consumers and health providers about costs, benefits and risks of a system that will contain large amounts of very personal, private and sensitive data about our lives.

What is the government currently telling us?

This is an extract from a government email to people who have expressed a wish to be informed of the opt out dates:

“A My Health Record is a secure online summary of an individual’s key health information. One in five Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.

How accurate are these claims? 

Starting at the beginning:

“A My Health Record is a secure online summary of an individual’s key health information.”

Is this supported by the facts? On the government’s My Health Record website they tell us that:

“The first time you log into your My Health Record there may be little or no information in it. Information will be added after visiting a healthcare provider such as a GP, pharmacist or hospital. You can begin to add your personal health information and notes straight away.”

When the government says “A My Health Record is a secure online summary” it is stretching the truth. What they really mean is: “A My Health Record is a government-owned and run database into which patients and GPs can load summaries of their health and medical data.”

The same page says:

“Health information stored in your record can include information from you, your healthcare providers, and Medicare.”

Note the word “can”. This does not mean will or must, in this context “can” means “might”.

The page in question uses the word “can” multiple times and, in the context of the statement “A My Health Record is a secure online summary”, gives the unfounded impression that the government will be giving you a summary of your health data. 

The reality is that a system has been created that allows you and your health providers to give your health data to the government. 

The government will not be giving you a summary of your health data. The obvious question is why? Sharing your data among health providers is a normal and useful feature of the healthcare system, although it could well be improved. 

Giving it to the federal government does not seem such a good idea.

Does the government make clear who is responsible for managing a patient’s My Health Record? 

The responsibility for inputting much of the key health data is up to a patient and their GP. My Health Record will not fully populate itself or keep itself up to date. Patients will need to see their GP if there have been any significant changes to their health. Currently this advice is not included in the government’s publicity material or on its website.

Does a patient “own” the data in My
Health Record? 

The government says a number of things about the data in My Health Record including: you cannot delete your record, you can only deactivate it; the contents of documents in your record are owned by and can only be changed by the author; the government has multiple legal reasons to access and use data in your health record without consulting or informing you; your GP can upload a shared health summary without your permission or discussing with you the contents. 

So it is difficult to see how a patient “owns” their data.

How many Australians have a My Health Record? 

Is the statement “One in five Australians already have one,” true? 

This statement is also stretching the truth. It is more accurate to say that more than 5.7 million Australians have been registered for a My Health Record. Being registered doesn’t mean they have a My Health Record with useful information in it. 

The statistics the Australian Digital Health Agency (ADHA) publishes for My Health Record tell us that in the six-year life of the system, about 1.77 million Shared Health Summaries (SHS) have been uploaded. When a SHS is updated it replaces the old one, which stays on the system. It could be argued that a six-year old SHS has little use and is not exactly reliable. 

If you assume that a SHS older than about six months is of doubtful value, then the statistics tell us that just over 400,000 summaries have been uploaded this year. 

A more truthful statement would be “approximately 1.6% (i.e. one in 60) of Australians have a current Shared Health Summary”.

Is the system secure? 

From a purely technical perspective, the statement from ADHA “My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login”, apart from the bad grammar, only refers to the technology, not the information in the system. 

As in so many cases, the government is not telling the whole story. The information in the system is what is important, not the technology.

Does an individual have the ability, if they wish, to control who sees the information in My Health Record? 

The government says: “It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with”. This is partially true. An individual can put some restrictions on who can see their my health record (some documents such as the Shared Health Summary cannot be hidden). However, these restrictions apply only to institutions, not to individual health providers.

Furthermore, “choice who sees their My Health Record” is not the same as saying “choice who sees the data in My Health Record.” 

In reality, the data in My Health Record is a copy of data that came from, is held in, or has been transferred to, other systems. That is how it has been designed to work. The legislation that supports My Health Record goes to great lengths to specify that the prohibitions and authorisations (i.e. the laws that govern the use of My Health Record data and the controls patients have over that data) do not apply to this data. The “prohibitions and authorisations” only apply to data collected specifically for My Health Record. This is what the legislation has to say:

“If health information included in a healthcare recipient’s My Health Record can also be obtained by means other than by using the My Health Record system, such a prohibition or authorisation does not apply to health information lawfully obtained by those other means, even if the health information was originally obtained by using the My Health Record system.”

If a GP downloads an event or discharge summary from My Health Record into their clinical system, then the “prohibitions and authorisations” of the My Health Record do not apply; once data has left My Health Record, only the restrictions that apply to normal health data apply.

Furthermore, there is absolutely no control via Mmy Health Record over who can see this data nor any form of audit trail. 

As far as My Health Record and the patient are concerned, the data has left the My Health Record boundaries and all trace of it disappears.

This aspect of the system is rarely, if ever, mentioned by the government.

The government has multiple legal reasons to access and use data in your health record

Are patients’ privacy issues addressed? 

Some people want to control who sees their health data because that data is viewed as being private. The government often confuses security with privacy. The reality of the lack of “choice who sees their My Health Record“ applies equally to that of privacy. 

In spite of what the government claims, privacy, as an issue has not been fully addressed. It is far too easy for data to leak out of My Health Record (it is designed such that data can readily be transferred in and out), the threats to patient privacy come not from the system itself but its role in the wider ecosystem in which it operates.

Does the government have any advice for minority community groups or people who may be at risk and who have concerns about the privacy of their data? At the moment, there is no such information available.

What are the costs associated with My Health Record? 

To the patient, financially, nothing, it’s free. However, there is a saying common on the internet these days: “If you are not paying for the product, you are the product.”

It takes time and effort for GPs to support My Health Record, a cost to the patient in a reduction in consultation time.

To the government and the taxpayer, over $1.7 billion has been spent so far with significant on going costs to support the system, fund ePIP and run the ADHA. 

The government has never made public any data on how much has been saved through the use of My Health Record. 

Neither has it released any information on the achievement or otherwise of the benefits it claims for the system.

Can you trust the information the government is making available?

We can get some idea of the trustworthiness of what the government has told us already from their websites:

In the disclaimer (it’s in the footer) on myhealthrecord.gov.au, it includes this statement: “… the Australia Digital Health Agency does not guarantee, and accepts no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this website or on any linked site.

The Australian Digital Health Agency recommends that users exercise their own skill and care with respect to their use of this website and that users carefully evaluate the accuracy, currency, completeness and relevance of the material on the website for their purposes.

The information provided in this website is not legal advice and this website is not a substitute for independent professional advice and users should obtain any appropriate professional advice relevant to their particular circumstances.”

Then there is www.digitalhealth.gov.au, which has a terms of use page (via the footer, again) which includes, under “opinions and recommendations”:

“In relying on or otherwise using any opinions or recommendations, you:

– must make your own independent assessment of the appropriateness of those opinions or recommendations in light of your own particular circumstances;

– must not rely on the Agency in deciding whether or not to follow those opinions or recommendations; 

– should seek your own professional advice or exercise your own judgment in respect of any decision to rely on those opinions or recommendations.”

The message from both these statements seems to be that you shouldn’t rely on anything the government tells you about My Health Record. These are the primary sources of information on My Health Record for patients, health providers and others working on the system itself. 

Where you are supposed to go to for reliable, trusted information?

Are there alternatives? 

The government is presenting My Health Record as the only option for people who are interested in better managing their healthcare and keeping track of the health data.

The government has a range of other solutions that have been available for a number of years, but is somewhat reticent to talk about these in the same context as My Health Record. These include:

  • Medicare Express Plus from the Department of Human Services.  

The website for this tells us that you can “Access your Medicare information and complete a range of services using your mobile device.”  These include:

“View, download, print or email your Medicare claims history statements for the last three years (something you can’t do from My Health Record, which has no print capability at all); View, download, print or email immunisation history statements; Register or change your organ donation decision.”

  • The Head to Health Initiatives from the Department of Health, which ironically has this statement:

“Australia has great mental health services and resources, but it can be tough finding the ones that suit you best. We’ve made your search easier by hand-picking resources from publicly funded providers.”

  • The Medicine Wise app of the National Prescribing Service. 

The National Prescribing Service website tells us that its mission is:

Making Australia more medicinewise, through digital health and data insights, health professional education and reliable health information for consumers.

The Medicine Wise app does far more than just list your medicines, which is all My Health Record does. For example it will “remind you how and when to take your medicines so you can get the most out of them”.

Is the My Health Record the best solution to patients’ need to see their healthcare data? 

Australia has decided that a government-owned centralised database containing copies of summary and some test data is the best way forward. 

Very few, if any other countries have adopted this approach.  There are some countries such as the United Kingdom, Sweden and New Zealand where the move is towards providing access to data held local GP/medical centre systems. 

This approach has the additional benefit that other capabilities such as appointments, prescription ordering, et cetera are available through the same access method. 

This is a much more patient-centric approach than the My Health Record system which has been positioned well outside the patient’s normal interaction with their GP.


So far, the government has presented a very much one-sided argument based upon benefits that are somewhat nebulous, relevant to minority groups or only apply in limited circumstances. They do not identify costs to patients and GPs, nor potential risks.

If after reading all this, when 16 July comes round, have a close look at what the government is telling you. If any of the matters raised above matter to you, ask yourself: “Do I trust the government has told me everything of relevance and I now believe I know enough to make an informed decision?”

If you do, you need do nothing, your health data will end up in the government database.

If you don’t trust that the government has been fully open and transparent, take the advice of Positive Life NSW (an HIV support group): “If in doubt, opt out”.

Dr Bernard Robertson-Dunn is not a GP or healthcare professional. He trained as an electronic and automation engineer, has a PhD in modelling the electrical activity in the human small intestine and has had over 40 years modelling, architecting and designing large-scale information systems, mostly in government environments. Dr Robertson-Dunn has been following the progress of, and has contributed to, the debate on the My Health Record for more than 10 years. He has no association or affiliation with any vendor or government organisation. He is chair of the Health Committee of the Australian Privacy Foundation.

COVID-19 live update
Something to say?

Leave a Reply

9 Comments on "The truth about My Health Record"

Please log in in to leave a comment

Sort by:   newest | oldest | most voted
1 year 10 months ago

If the system is so ‘wonderful’ and safe – them make it compulsory (mandatory) that ALL levels of POLITICIANS (Local, State & Federal Government) and government workers to have a Health Record so that the ordinary citizen can see that the leadership is setting the example FIRST. Then allow the citizen to OPT IN if they can see the benefits of the system ? i.e SHOW me you are doing it first before asking me to believe and trust that the system will work !!!

2 years 2 months ago
Our government already offered the health records of Australian citizens to the other four countries in the ‘Five Eyes’. All at a time where it would be illegal for the govt to be in possession of such files, let alone give them to others. Our govt even clarified that they don’t feel these records should be confined to security agencies only. That is, they offered our medical records to foreign powers to use for commercial gain. All of this is documented in meeting minutes exposed by Edward Snowden. Interestingly, Canada replied we will not be offering anything like that…our citizens… Read more »
2 years 3 months ago

Perhaps a valid option is the process undertaken in Iceland where individuals become custodians of their own health records.

The users have a vested interest in keeping their information accurate, they decide how their information is shared and with whom and there is no single database that is a lucrative target for bad actors.

Perhaps this isn’t a perfect solution but it seems to have a lot of upsides for the individual.

Lou Lewis
Lou Lewis
2 years 2 months ago
PaulC Unfortunately, as you say “ such a valid option is the process undertaken in Iceland where individuals become custodians of their own health records” cannot be implemented here because the government is committed to the point of no return to the my health record opt out system and despite all the concerns of doctors regarding privacy and confidentiality , our concerns have basically fallen on deaf ears. The only solution I can see is by telling patients to do what I, as a doctor and a potential patient, will be doing, that is opting out of this flawed system.… Read more »
Lou Lewis
Lou Lewis
2 years 3 months ago
The article “The truth about My Health Record” written by DR BERNARD ROBERTSON-DUNN on 25/6/2018 has many salient points that I have mentioned in numerous replies both on site ( TMR) and ‘the other one.’ I also have expressed grave concerns about what the government’s real agenda is, besides having access to everyones medical records. Furthermore I also have great fears that the doctor/patient confidential relation will be lost. Lastly, the fact that it is an opt-out system has raised red flags that our so-called democracy is in danger of becoming a totalitarian system where the supply of medical services… Read more »
Run for the hills
Run for the hills
2 years 2 months ago

I’ll just grab my tin hat shall I?
It wasn’t a thoughtful article, it was a cherry-picking biased opinion.

Lou Lewis
Lou Lewis
2 years 2 months ago

OK, I’ll bite . Why don’t you give us the non-cherry-picking unbiased opinion?

2 years 3 months ago

A thoughtful article that raises some worrying concerns about My Health Record.