Paul Shetler at the MHR inquiry
Paul Shetler: My Health Record project remains a big opportunity, if fixed
My Health Record will ‘fail’ unless it revert to an opt-in model and stricter access controls are implemented, the federal government’s former digital czar has told a senate inquiry.
Appearing before the senate inquiry into My Health Record, former Digital Transformation Office CEO Paul Shetler said current access controls for the service are “shocking”, making sensitive medical data vulnerable.
The Labor-led inquiry was launched last month following the controversial launch of the opt-out period in July. It is investigating the My Health Record as a whole, including its legislative framework and privacy and security concerns.
There had been ongoing concerns over the service’s data security, privacy and the potential for law enforcement to access the sensitive medical information without a warrant.
This forced health minister Greg Hunt to introduce amendments to Parliament preventing access to the data without a warrant, and allowing for an individual’s data to be permanently deleted if they choose to cancel their My Health Record.
But Labor said these changes did not go far enough and secured cross-bench support for the inquiry.
The second hearing in Canberra also featuring heavyweight unions, Maurice Blackburn Lawyers and the Department of Health.
Mr Shetler opened his appearance at the inquiry by describing the importance of digital health records.
“I believe that My Health Record represents an excellent opportunity for Australia to think big and do the right thing and take the lead worldwide on data and privacy,” Mr Shetler told the inquiry.
“But to deliver this we need to be bold and we must admit the shortcomings of our current approach in terms of functionality and data security.”
Due to these shortcomings, he said that MHR will go the same way as the UK government’s Care.data project, which was scrapped entirely in 2016 due to similar concerns that have arisen in Australia.
“In its current form I believe that the program will fail. Government should first pause and acknowledge what they are hearing from the public” Mr Shetler said.
A primary concern with the current program is who is able to access the sensitive health data that is stored on MHR, he said.
“Even with the settings they’ve set up so far, people still can have wide-ranging access to data without having to hack it. It’s just not set up in a secure way. The way the phrases are constructed, it’s fairly broad who actually has access to this data,” Mr Shetler said.
“It is the most intimate data about a person as possible. There is a problem there, and it has to be taken seriously. It’s shocking how bad the access control is on it. It’s a very real concern.”
These poor access control means that anyone working in a hospital will have permission to access the sensitive data stored on an individual’s My Health Record, Mr Shetler said.
“Let’s say you’re working in a hospital – permissions are granted at the level of the hospital. You are working in a pharmacy there and have access to the information. Suppose you find out that somebody has been on a particular anti-depressant, and that’s someone you don’t like. They can use this info and get it out very easily because of the way that information has been made available,” he said.
The government should cancel its plans to transform MHR into an opt-out service and instead return to an opt-in offering that actually addresses the needs of the consumers, Mr Shetler said.
“I believe that the shift form opt-in to opt-out was a mistake and would have been unnecessary if the product had met clearly defined needs,” he said.
“Government wasn’t able to get people to adopt it, they couldn’t get that network effect, so they mandated it.
“But if it was something that people wanted, you would never need to mandate the use. People would be clambering for it because it’s free.”
The Australian Council of Trade Unions said in its submission to the inquiry that unions have “deep and abiding concerns about the current MHR legislation and the impact it will have on the rights of workers to keep their medical information private”.
The ACTU said the existing legislation “leaves open unacceptable privacy gaps”. The Electrical Trades Union shared many of these concerns, saying that the opt-out process was “poorly planned, poorly communicated and poorly implemented”.
“It is deeply concerning that such a large social program could be enacted with close to no community and public engagement. Most Australians have little to no understanding about what the My Health Record system is, who administers it, for what purpose and how they, as healthcare recipients, can control and monitor their own records,” the ETU said in its submission.
“The government has completely failed to establish a credible social licence to pursue its current course of action. Resources must be allocated to increase the awareness and competence of the general public in interacting with and controlling their My Health Record as a matter of urgency.”
“What could have been a highly beneficial health initiative has been totally undermined through poor planning and poorer implementation.”
In a joint submission, the Department of Health and Department of Human Services defended the communications strategy, labelling it “extensive”.
“The current strategy, informed by the trials, focuses on delivering a nationally driven but locally supported campaign, where information is developed centrally, but media strategies and advertising run at a local level,” the submission said.
The unions, along with Maurice Blackburn Lawyers, raised especial concerns with the potential for employers and insurance agencies to access the data stored on My Health Record.
“We are concerned that undue pressure may be placed on patients to allow access to their My Health Record for employment and insurance purposes, and that the consent process enabling such access is deficient,” Maurice Blackburn Lawyers said in its submission.
“There are legitimate concerns with current provisions related to access, consent and default settings. These must be tightened so patients know what they are consenting to, who is accessing records, and for what purpose.”
It also said that there needs to be more of a focus on informed and deliberate consent.
“The shift heightens the need for safeguards, and raises questions about whether there might be a corresponding need to change the default settings. If a system has default settings which place the patient’s consent at the centre of decision-making, many concerns related to inappropriate access will be negated,” the submission said.
“Failure to have access determined by informed consent will lead to the data potentially being used for unrelated purposes,” it said.
But the government said the MHR system “does not operate with any assumed or implied consent.
“The system recognises the importance of voluntary consent so where consent is required, express and informed consent is sought. The framework contains some additional access restrictions to reflect the unique nature and sensitivity of information that can be held in a MHR,” The Department of Health submission said.
“These restrictions are further enhanced in the legislation currently before Parliament. Existing privacy and health information laws are leveraged to the extent possible and jurisdictional privacy laws are allowed to operate unless they are inconsistent with this framework.”