The use of Australians’ private medical information for commercial gain by pharmaceutical companies, and the provision of “patient identified” data to researchers are options on the table as part of a public consultation process into My Health Record launched yesterday.
The Federal Department of Health has contracted HealthConsult to develop a framework and draft implementation plan for the secondary use of data contained in My Health Record, described in the Public Consultation Paper as “the first data set that has the potential to allow analysis around the full set of health services received by a person”.
The framework will determine which organisations can gain access to this valuable personal information, which will include GP and specialist diagnoses, as well as pathology tests and medications prescribed.
According to the Public Consultation Paper, under the My Health Records Act 2012 health information in a My Health Record can be collected, used and disclosed “for any purpose” with the consent of the healthcare recipient, and its use will help achieve advances in healthcare.
“The questions that arise when considering the secondary use of health data are the same questions that arise in any attempt to achieve the public good,” the paper claims.
“Secondary use of health data has the potential to enhance future healthcare experiences for patients by enabling the expansion of knowledge about disease and appropriate treatments, strengthening the understanding about effectiveness and efficiency of service delivery, supporting public health and security goals, and assisting providers in meeting consumer needs.
“It allows a range of organisations to conduct research and innovate to improve health and healthcare outcomes, which can in turn improve wellbeing, productivity and the efficient use of resources.”
As a guide to the scope of the consultation process, the Public Consultation Paper says:
- The framework will address overlap between commercial and health related uses. For example, use of data for development of pharmaceuticals could be considered both a health related and commercial purpose.
- Potentially, data could be released for secondary purposes as patient identified, de-identified, anonymised or pseudo-anonymised.
- The framework is being developed with a view to defining a role for a single accountable authority for the management of My Health Record data for secondary uses to minimise the risks associated with privacy and security breaches such as re-identification of data.
- The framework will prevent the provision of data for secondary use by private health insurers without the explicit consent of individual/s concerned.
The paper says as the numbers of My Health Records and the healthcare providers accessing and updating those records increase over time, the data will become an even more valuable and sought after resource. The public consultation process, it says, will alleviate concerns.
“The development of a Framework will assist government and individuals to protect privacy and data security, and to build a culture of trust and integrity in the secondary use of the data for community benefit.”
The Privacy Act 1988, which applies to the My Health Record, states that in order for individuals to give consent for the secondary use of their data, they must be adequately informed and give it voluntarily. However, consent is defined as “express or implied”. During 2018, My Health Record will switch to opt out and: “If a person does not opt-out, their consent is implied.”
Medical specialist and spokesperson for technology think tank Future Wise Dr Trent Yarwood claims that while secondary use of health data has been used to come up with major breakthroughs in health, such as Professor Fiona Stanley’s work in folate supplementation and neural tube defects, data should only be used with informed consent.
“I would argue that ‘big data’ on health records violates this in a number of ways,” Yarwood says.
“I don't think patients really understand the privacy risks to big data. It’s hand-waved away by big data advocates saying ‘it's all deidentified’, but we know (from the Medicare leak, etc) that reidentification is often easier than people think it is.”
Yarwood says Australians place a high value on the security of their health data and would be unlikely to consent to its use in this way if the risks were better understood. He also claims the “vast majority” of doctors and public health researchers don’t understand the technical aspects of data privacy and reidentification.
His concern is amplified by the federal government’s recent record in data security.
“I have very little faith in the Australian Government’s data security (or IT practices generally) in light of the multiple IT shambles over the last few years. Given the sensitive nature of health information, the consequences of a breach are much higher, so I think a much higher standard of the precautionary principle is required.”
Yarwood says the secondary use of the My Health Record data also falls foul of the Privacy Act because it is not the original intended reason for collection, which is the provision of direct healthcare to an individual.
With a great deal at stake and diverse views to consider, the public consultation process will include live webinars on 12 and 16 October, and 12 workshops nationwide beginning in Sydney on 16 October. Written submissions will be accepted and an online survey will remain open until 17 November.
Five million Australians currently have a My Health Record, and every Australian will have on in 2018 unless they opt out.