MHR opt-out deadline looms
My Health Record
Lizzie O'Shea: "There are many design flaws that have been made known to government and not been remedied."
The deadline to opt-out of the government’s highly controversial My Health Record is looming amid ongoing concerns surrounding the reliability and security of the data stored on the system.
While all Australians that haven’t opted out will be set to get a My Health Record from Thursday, former government tech lead Paul Shetler said the entire system is “obsolete” and requires a “fundamental rethink”.
The opt-out period was originally slated to finish in November, but was extended until 31 January by the Senate due to a number of concerns and ongoing issues.
The MHR scheme has been plagued by concerns surrounding the privacy and security of the highly sensitive data stored on the system, with fears it could act as a “honeypot” for hackers.
As the deadline approaches, the Opposition has renewed calls for the opt-out period to be extended, while GPs have raised concerns that they could be held liable for mistakes made due to incorrect information listed on a My Health Record.
Digital Rights Watch board-member Lizzie O’Shea said Australians should opt-out of the system due to the series of privacy and security concerns.
“There are many design flaws that have been made known to government and not been remedied. It’s deeply disappointing that civil society and others have been raising concerns about My Health Record for some time and the government has chosen not to act upon these,” Ms O’Shea told InnovationAus.com.
“We are worried about the pressure from industry to access health information, which may happen under future governments. We are also worried about security, given that hundreds of organisations and individuals can access records because of the way it is designed, in circumstances where there may not be good security practices at these access points.”
"This is not how you handle these kinds of problems, the potential impact on lives is too great."
A Guardian Australia report last week revealed that the body behind MHR, the Australian Digital Health Agency, had known about a “significant” patient data glitch since 2016 which could have left patient information out of date or missing.
A leaked report showed that an internal briefing to the ADHA in December outlined a software bug that has impacted MHR since 2016, preventing some medical clinics from “uploading clinical documents to the MHR system”, leading to “missing clinical information” and “amendments not uploading resulting in out-of-date or incorrect information”.
Mr Shetler said these revelations serve to “undermine” MHR as a whole.
“This is not how you handle these kinds of problems, the potential impact on lives is too great. The problem now is you have doctors and hospitals using this who don’t know if the records they’re using are correct. This is moving beyond the problem we had earlier to a basic data integrity question. Is the information in here correct? Is it incomplete or missing anything important? It’s kind of insane,” Mr Shetler told InnovationAus.com.
A number of doctors have also recently raised concerns with the reliability of MHR, with independent MP and GP Kerryn Phelps calling on the government to protect doctors from lawsuits involving incomplete or inaccurate information on MHR.
Opposition leader Bill Shorten echoed these concerns and called for the opt-out deadline to be extended.
“There’s a lot of concern. We like the idea and support the idea of digitisation of health records to make it easier for treating health professionals to deliver better quality care. The principal is sound. But the lack of safeguards around privacy has been most concerning. I think the government, rather than rush the scheme, should extend the period that allows you to opt out to see if it can’t address the concerns of Australians,” Mr Shorten said.
"We urgently need to update our information management systems for health providers and there are clear benefits in doing so, but MHR is not fit for purpose."
Mr Shetler, who was the inaugural boss of the government’s Digital Transformation Office until 2017, said he supports the opt-out period being extended, but a more fundamental rethink of MHR is needed.
“Somebody described it as DropBox and that’s basically true - it’s DropBox with less security and PDFs. Yes it would be best to have a longer opt-out period but it is also a good idea to fundamentally rethink the way they’re doing this,” he said.
“Back when I was in government we had discussions about other ways of doing this. There are much better ways of doing this than the way they envisioned it. It’s completely out of date, and it’s fundamentally digital - it’s not terribly sophisticated. It’s going to wind up being so incredibly obsolete and so expensive, and yet mandatory and incomplete.
“What the hell are they doing? It’s time for a fundamental rethink of the whole approach.”
Ms O’Shea said MHR in its current state isn’t fit-for-purpose.
“To invest this much public money in a ‘DropBox’ equivalent is unacceptable. We urgently need to update our information management systems for health providers and there are clear benefits in doing so, but MHR is not fit for purpose. The My Health Record system does not centre patient privacy or consent, and has not focused on security,” she said.
Mr Shetler said he told the government about these issues back in 2016, before the move to an opt-out system was announced.
“It was obvious and it has been obvious for a long time that this is not the way to do this. They should be taking a break, let people go into this but fundamentally rethink the whole architecture,” he said.