A confidential government document has detailed the Australian Digital Health Agency’s response to a raft of concerns about My Health Record, including doctors’ claims they couldn’t sign up, plans yet to be made for securing the details of children in care, and a communications strategy that had failed to adequately reach some vulnerable groups.
The leaked ADHA Q&A contains responses from the agency to questions by members of the My Health Record Expansion Program steering group, which is comprised of consumer, healthcare provider and digital health industry representatives.
According to the official document dated August 20, the steering group raised a number of concerns about the national health database, with data privacy, the safety of domestic violence victims, technical problems and clinician burden among them.
It is a rare backroom view of the ADHA’s reaction to the media storm and public data privacy backlash following the start of the opt out period in July, and shows an agency variously holding steadfast or fixing problems on the fly.
Within the insights contained in the Q&A are the government’s plans to scale up call centre resources in the last four weeks of the opt out period ending on November 15, and its refusal to release the numbers of those who have opted out or cancelled their My Health Records.
The ADHA also dismisses calls to change default security settings on people’s records from open access to healthcare providers to passcode protected, claiming it would “effectively render the system opt-in.”
Health Minister Greg Hunt introduced legislative amendments to My Health Record last week in reply to the recent controversy, preventing access to people’s confidential health information by law enforcement and government departments without a court order. The new bill also commits the government to the permanent deletion of records on request.
The major health infrastructure project was launched as the Personally Controlled Electronic Health Record in 2012 and has so far cost taxpayers $2 billion, with about 6 million people signed up to the system. A My Health Record will be created for every Australian by the end of the year unless they opt out.
Protecting the details of children in care
According to the leaked document, the ADHA was asked about the protection provided to children who are under the guardianship of the minister, which includes those in residential or foster care.
The system operator of the My Health Record said it is developing a process for access to a child’s My Health Record to be urgently closed when they may be at risk.
“The Agency is working with all jurisdictions and care agencies to develop a process whereby care agency employees can expeditiously secure the My Health Record for children in their care. Specifically, to ensure that information about their location is not accessible to parental authorised representatives considered a risk to the child.”
Data security and privacy
Steering group members questioned the ADHA on privacy and cybersecurity issues, including whether the agency would consider instituting default passcodes on the records.
“This may require a legislative change which is outside the jurisdiction of the System Operator and would have to be directed to the Department of Health [ADHA emphasis]. Should access be closed on creation of a record, this would effectively render the system opt-in.
“Currently there are 6 million Australians where less than 1 per cent of people have set access controls. MHR is a secure system where only healthcare providers involved in an individual’s care are able to access a record.”
[Read more: Canberra chaos: Health Minister offers to resign, is rebuffed and introduces My Health Record privacy amendments | Chronic care patients forced to have My Health Records to access government's Health Care Homes program]
In response to concerns about the cybersecurity of third-party systems, such as those of GPs, specialists, pharmacies, allied health services and hospitals, the agency reiterated its position that the system has “strong security, which ensures information is only stored and accessed by trusted connected health systems and users such as healthcare providers and consumers”.
The agency said it has also published the Information Security Guide for Small Healthcare Businesses, which provides "simple guidance for non-technical health professionals on issues such as privacy, passwords, software updates, back-ups and staff security awareness”.
About 900,000 healthcare providers will have access to My Health Record, providing a substantial attack surface for hackers or potential for human error, according to privacy and cybersecurity experts.
Healthcare provider frustration at sign-up problems
Weeks into the opt out period, doctors have continued to experience technical difficulties registering to use My Health Record via the Department of Human Services’ Provider Digital Access platform – or PRODA.
“Is the Agency doing any work with the Department of Human Services in relation to difficulties the providers are experiencing when registering for the MyHR through PRODA (this has been raised in operational meetings with the agency)?” the agency was asked.
“There is a potential missed opportunity when organisations spend time explaining, assisting and getting health providers to the point of registering, only to learn that the process has been so frustrating they give up (and presumably may take a considerable time to try again – if ever).”
In its response, the ADHA said it would introduce an information page at the start of the registration process to help provide clarity and follow up with DHS on the cause of delays.
Organisation versus individual access logs
Concerns were raised about the logging of organisations that have accessed people’s My Health Records rather than the individuals who have done so, with the ADHA advising that people can contact the agency or the organisation listed in the audit log to help determine the source of any activity.
“We understand the challenges to consumers around monitoring access by organisation rather than individual healthcare providers. If a consumer has a concern with information provided in their record’s audit log, they can contact the System Operator or the organisation directly to understand who has accessed their record,” the ADHA said.
Protections for victims of domestic violence
A number of questions from the steering group related to the protections provided within My Health Record for domestic violence victims to ensure perpetrators are unable to access the data of their former or current partners’ data, such as an address they may have fled to.
The ADHA claimed there are strong existing systems in place to protect victims of domestic violence and their families, and advised that victims could take steps to prevent their private information falling into dangerous hands.
The agency said an individual can remove a nominated representative who may have previously been allowed access to their record. They can also suspend their My Health Record by calling the help line, restricting access on the part of healthcare providers unless in an emergency. People can also register for a My Health Record using a pseudonym, opt out of the system, or cancel an existing record.
The agency said it is “working with jurisdictions and DHS to ensure that an individual’s safety is not jeopardised by information potentially found in their My Health Record”.
It also claimed more changes could be made in future to the system that has drawn criticism from domestic violence groups.
“There are a number of technology, policy and communication changes currently being worked on or investigated further,” the ADHA said.
“The Agency and [Primary Health Networks] are also engaging with advocacy and support organisations to help provide MHR information to people who have experienced domestic violence and those who are homeless. A Family Safety Factsheet is in development which will be made available on the My Health Record website to provide support to anyone experiencing domestic and family violence and would like guidance regarding their My Health Record.”
A dramatic start to the opt out period in July saw the discovery by many people that My Health Records had already been created for them without their knowledge or consent.
Access to children’s records during custody disputes
A consumer advocate on the steering group raised concerns about processes around access to the My Health Records of children by parents in cases of separated families, particularly during custody battles.
According to the ADHA, a parent who is concerned about a non-custodial parent’s access to their child’s My Health Record can contact the call centre and suspend the record until the dispute has been investigated by the agency.
“When the record is suspended no representatives can access the child’s health information in their My Health Record. In line with the policies of other government agencies, the System Operator then investigates eligibility. Following investigation, an authorised representative’s access can be reinstated where appropriate. This can even be done before the child has a My Health Record and will ensure a record cannot be created if one does not already exist.”
The ADHA advised that parents can also opt their child out of the system, ask health care providers to not upload information, or cancel a My Health Record, “which ensures no one can access the information in the record”.
Protecting the privacy of 14–17-year-olds
Concerns have surrounded the possible compromise to the medical privacy of teenagers caused by My Health Record, and the ADHA claimed it has stepped up its efforts to engage experts and inform teens of the implications for them.
“A factsheet is being developed for the 14–17 age group and will be released shortly. We are engaging with experts and organisations including the National Children’s Commissioner, Australian Association of Adolescent Health, Orygen, headspace, School [Principals] Association, Women’s and Children’s Healthcare Australasia, school nurses, and others to help raise awareness amongst the 14–17-year-old age group. This is in addition to a digital and social media campaign targeting young people commencing 15th August.”
My Health Record ads and posts have been distributed on online platforms including Spotify and Instagram.
Communications strategy reach
The ADHA was questioned about the communications strategy and the decision to not send letters to Australians through the post or myGov.
The agency said the decision was informed by the opt out trials last year in the NSW Blue Mountains and northern Queensland regions.
“Letters were sent to all households within the opt-out trials locations and evaluation showed letters not to be an effective communication mechanism,” was the ADHA’s response.
“There is information being distributed via DHS through their communications channels including social media.”
[Read more: “Yet another wake-up call”: Privacy Commissioner releases new data breach report, with health sector top of the list | My Health Record data breaches caused by "fraudulent behaviour or human error"]
But a steering group member claimed there was a need for more information for vulnerable groups such as the homeless.
The ADHA’s document said new My Health Record communications materials have been developed, including for people with intellectual disabilities, with more work to be done following further consultation.
“We will develop additional information as required for different cohorts, as advised through engagement with the peaks and organisations supporting these individuals. We are also engaging through a variety of national and state-based advocacy and support organisations to support awareness raising across these groups.”
Amended clinical documents – who tells the patient?
According to the ADHA, doctors are responsible for informing patients when their My Health Record has been altered.
“Documents are uploaded following a visit to a provider. Changing or updating additional information should also be done as part of the consultation if it is material to the content. It is the responsibility of the provider to communicate any changes to the patient,” the agency advised.
In July, the RACGP claimed GPs couldn’t be required to obtain consent from patients every time a clinical document is uploaded into the system.
My Health Record cancellation and opt out numbers
A steering group member asked the ADHA to clarify the number of people who have chosen to shut down their My Health Record: “Has there been an increase in record cancellations as well?”
But the agency responded that it will continue to keep the numbers of cancellations and opt outs confidential.
“As with opt-out numbers, we will not be releasing information about cancellation of records. MHR system statistics can be found on the MHR website. Overall users of the system continue to increase,” the ADHA said.
Scaling up the call centre for the last four weeks
The ADHA confirmed that the number of calls made to the My Health Record call centre during the first three weeks of the opt out period were high, and is preparing for similar levels of demand as the opt out period comes to a close.
“We are working through the resourcing requirements for the last four weeks of the opt out period as we expect the calls to peak again. We will model this on the numbers in the first three weeks. We are also providing calls 24/7 to accommodate shift workers, etc.”
The first week of the opt out period saw the online platform go down in response to the demand, and wait times on the phone line stretching to over one and a half hours.
According to the ADHA, the recent controversy has provided welcome public debate about My Health Record, which it has described as an unprecedented global innovation in consumer empowerment in health and well-being. A “fully consent-based system”, the platform will provide clinicians with essential patient information, especially in emergencies, and save lives.
Two weeks ago, the government supported the Greens' push for an inquiry into My Health Record, preempting Labor’s plans.
The Senate Community Affairs References Committee has called for submissions, with the inquiry’s terms of reference listing privacy and cybersecurity concerns, third party access, the government’s decision to switch to opt out, and the handling of the roll-out, including the much-maligned public information campaign. The inquiry will also look into the prevalence of informed consent among users and compare My Health Record to similar international systems.
The Opposition has called for the opt out period to be suspended until concerns can be resolved.
To share tips, news or announcements, contact the HITNA editor on firstname.lastname@example.org