The Australian Digital Health Agency has denied claims by technology start-up E-Nome that patients will be able to access their My Health Record and sell their medical data to researchers, governments, pharmaceutical companies and insurers via the company’s upcoming app.
But head of E-Nome Nick Curtis has told Healthcare IT News Australia the My Health Record data isn't crucial to the success of the company's platform, with plans to integrate into GP, hospital, allied health services and wearables systems, enabling people to trade their most private of information, including genomes.
The Daily Telegraph reported on Monday that E-Nome was seeking investors to fund the development of its online platform.
According to the company's Position Paper, the app will allow individuals to share their de-identified health data with whomever they choose.
“E-Nome’s business is about providing a platform by which the consumer is empowered to be placed in the middle of a global market worth billions of dollars a year trading their data,” E-Nome’s position paper says.
“Current data collection and transfer is managed by major corporate intermediaries. These corporate intermediaries profit directly from the inefficiency and constraints in data collection. E-Nome is seeking to disintermediate data transfer in the health sector.”
The company is seeking to raise revenue by offering a new crypto-currency called Nomes for sale and hopes a two-stage investment process raises up to $60 million to fund the development of the “E-Nome Ecosystem”, including the E-Nome App, E-Nome Research Portal, E-Nome Medical Practitioners Portal, E-Nome Electronic Data Warehouse and the E-Nome Core.
It claims an initial $10 million would be used as a strategic investment for 30 per cent of Tyde, a registered Portal Operator with the Australian Government Digital Health Agency and My Health Record, which would be “the first key pillar to delivering partnership content onto the E-Nome platform,” E-Nome’s position paper said until Monday when the claim was deleted.
But in a statement the ADHA debunked E-Nome’s assertions, claiming the federal government’s online repository for Australian’s health information is view-only and no API can connect to it.
“It is currently not possible for a mobile app to download information from the My Health Record system,” the ADHA statement said.
“The My Health Records Act does not permit a third party to sell a healthcare recipient’s information without the Healthcare Recipient’s consent and other legislation, such as the Healthcare Identifiers Act and Privacy Act, strictly regulate the use of healthcare identifiers and other personal information.”
Since yesterday, references to My Health Record on E-Nome’s website and within its promotional materials have been removed.
E-Nome’s Nick Curtis told Healthcare IT News Australia that the ADHA’s claims do not constitute a roadblock to the company’s plans.
“The E-Nome Ecosystem does not rely exclusively on My Health Record data. Our vision for E-Nome is to be a consumer consented anonymised health data platform to allow consumers to contribute to medical research or for-profit studies anonymously,” Curtis said.
“E-Nome’s initial data collection will be through the integration into GP’s practice management systems and subsequent build out to multiple other health data sources including other specialists, hospitals, allied health professionals and wearables data pools to name a few.”
Curtis acknowledged the sale of medical data is a contentious issue but said there is already a well-established multi-billion dollar global market for the trade of consumers’ de-identified health data by global organisations without legal requirement for consumer consent.
“We see no roadblock for cooperation in the future with the ADHA. We believe that E-Nome is building an excellent consumer consented health data management platform that is complementary to the work of the ADHA. We look forward to engagement with them on potential use cases in the future.”
The Garvan Institute, an E-Nome foundation partner, continues to support the company and plans to conduct a clinical trial of the platform using data accumulated by the Dubbo Osteoporosis Epidemiology Study, which has been tracking over 2000 participants since 1989.
According to the joint media release announcing the partnership in October:
“Under the terms of the agreement, Garvan and E-Nome will collaborate to explore the application of E-Nome’s blockchain-enabled health record management platform to medical research. Together, Garvan and E-Nome will assess the potential of the E-Nome platform for the secure storage of genomic information, and for the collection and management of research data across Garvan’s six Research Divisions.”
On Tuesday, a spokesperson for the Garvan Institute confirmed that the partnership between Garvan and E-Nome “is as strong as ever.” She said the two organisations are working towards the next stage in the joint investigation into how E-Nome’s technology can be used to manage and store research information. They are also exploring the possible involvement of additional datasets beyond the Dubbo Osteoporosis Epidemiology Study.
E-Nome has a patent pending on its blockchain-based platform, which was created to “provide a consumer with the ability to easily and securely consent, acquire, approve, store and share their personal medical information with anyone they choose.”
Once the app is available, with trial sales beginning next year, those who choose to trade their health records will be paid in the Nome crypto-currency to the value of the information provided.
“The E-Nome App is designed to encourage consumers to build up their medical profile. For example, the value of a consumer's profile significantly increases as the number of profile components increases,” E-Nome’s position paper claims.
“Adding the genome enables wider application of the data points in a research study to find new correlations and insights. By incentivising the consumer to collect their medical data and build up their medical profile, E-Nome has the ability to create a unique consumer consented data base for medical research and clinical trial purposes.”
The company’s board of directors includes the head of I-MED Radiology Network Steven Rubic and data and technology business lawyer Peter Leonard. Former Chief Information Officer of St Vincent's Heath David Roffe is on the management team, alongside Curtis’s son, Oliver, who was released from Cooma Correctional Centre in June after serving a year-long jail sentence for conspiracy to commit insider trading.
Nick Curtis claims the expertise behind the E-Nome platform will see it solve the interoperability problem while enabling people to be in control of their heath.
“It is managed and supported by a group of very experienced business and healthcare executives who believe that the application of blockchain technology may provide a solution to the very real and difficult problem of creating a future of interoperable but secure health data management systems that empower the consumer to better engage with their own health outcomes.”
He also insists the E-Nome platform is secure and the de-identified data is failsafe.
“All consumer identifiers are removed from the health data and the anonymised health data is stored in an encrypted electronic data warehouse. The ‘keys’ to the health data are securely stored in the consumer’s mobile phone and an encryption hash is locked onto the blockchain. Once done, changes cannot be made to the data. Health data is stored as individual episodic data points with no single link to other related health data for a particular individual.
“If a consumer consents to a request for their longitudinal health data, the data set sent to the requestor remains in the anonymised format. The trial phase of the E-Nome system will include engaging a respected and well known external party to undertake penetration testing of the production IT environment, the anonymisation process and also to undertake re-identification hack attempts.”
But a report released by the University of Melbourne's School of Computing and Information Systems on Monday shows that the de-identified health data from the Australian Medicare Benefits Scheme and Pharmaceutical Benefits Scheme that was exposed in an embarrassing Department of Health error in August 2016 can be re-identified.
“We found that patients can be re-identified, without decryption, through a process of linking the unencrypted parts of the record with known information about the individual such as medical procedures and year of birth,” report co-author Dr Chris Culnane told the Sydney Morning Herald.
“This shows the surprising ease with which de-identification can fail, highlighting the risky balance between data sharing and privacy.”
Meanwhile, a spokesperson for the Office of the Australian Information Commissioner urged people to exercise caution with the sharing of their health information online.
“We encourage all Australians to be conscious of how they share their personal information and be alert to privacy risks. This is particularly important for sensitive health information. People should take the time to review privacy policies to understand how their personal information will be used, disclosed, and stored,” the OAIC spokesperson said.
The OAIC’s 2017 Australian Community Attitudes to Privacy Survey found that 65 per cent of Australians do not read privacy policies, and about 40 per cent only sometimes or rarely check that a website is secure before providing personal information.