Default PIN codes, a one-year extension to the opt out period and more legislative changes to protect the privacy of patient information are among the raft of changes recommended by the Senate Inquiry into My Health Record, but Health Minister Greg Hunt has said opt out will end in November as planned.
The parliamentary inquiry, which spanned three public hearings and accepted 118 submissions, recognised My Health Record “has the potential to revolutionise the quality and continuity of healthcare in Australia” but expressed serious concerns about the system, including the risk it could be used by domestic violence perpetrators to find their ex-partners.
Within its 14 recommendations, the Senate Community Affairs References Committee called for default record access codes to be applied to each My Health Record, with individuals required to remove them if they choose. Override emergency access codes should also only be used by registered healthcare providers “in extraordinary and urgent situations”, it found.
The report says the government should move to ensure My Health Record data cannot be used for commercial purposes and no third-party access to medical information should occur without the explicit permission of the patient. Legislation should also prevent access for employment or insurance purposes, while the secondary use of data that could be identifiable should only be allowed with the individual's explicit consent.
Meanwhile, “access to My Health Records for the purposes of data matching between government departments” should be limited to a person's name, address, date of birth and contact information, the report says.
According to the committee, the shift from opt in to opt out has created concerns around consent and privacy that the government and the Australian Digital Health Agency – as the system operator – need to address.
“It is the committee's view that the responsibility of the System Operator to apply considered and robust default settings that protect the privacy of all registered healthcare recipients is considerably increased under an opt-out model.”
[Read more: Game changer: Creator of FHIR writes about approaching critical mass and a growing data sharing revolution | Senate inquiry hears 900,000 have opted out of My Health Record, “significantly” less than the ADHA expected]
The committee said it was not persuaded by evidence that a level of implied consent is implicit in an opt-out model.
“The fact that an individual does not opt-out of the MHR system, or does not take steps to restrict access to part or all of their MHR, does not necessarily mean that they have understood the risks and benefits of the MHR system and made a considered decision based on this,” the report says.
“While the committee appreciates that the opt-in participation model was not successful in delivering the critical mass necessary for the success of the MHR system, it considers that the current opt-out model has swung too far in favour of ease of access and has not focussed enough on the importance of ensuring that the public is able to make an informed choice about whether to participate in the system and the level of security they might require if they do.”
The Greens-led inquiry also recommended the Federal Government amend the My Health Records Act 2012 to protect the privacy of 14- to 17-year-olds unless they expressly request a parent be a nominated representative. The period a record can be suspended should also be extended for domestic violence victims.
Additional concerns were raised about the technical feasibility of the legislative amendments announced by the Health Minister and currently before the Senate that allow records to be destroyed on request.
“Evidence to the inquiry has expressed concern about the extent to which such a request can be satisfied, noting that it is standard practice to create backups of databases and create cache files,” the report says.
“The committee considers that the MHR system must include measures to ensure that any saved version of a person's MHR record is permanently destroyed in such circumstances and that cached or back-up versions of MHR records cannot be accessed by third parties, even after they have been deleted.”
But a spokesperson for the ADHA told Healthcare IT News Australia the platform is capable of removing records entirely.
“The Agency will be able to permanently delete all information associated with an individual’s My Health Record, including all back-ups, caches and audit trails,” the spokesperson said.
“Only an individual’s Individual Healthcare Identifier (IHI) and name will be retained for the purposes of advising that individual that their record has been permanently deleted. This functionality will be implemented into the system as soon as practicable after the legislation passes.”
[Read more: “Not fit for this purpose”: FHIR creator on My Health Record as the Senate inquiry gets underway |Exclusive: Leaked ADHA document shows the agency grappling with My Health Record concerns]
Opposition health spokesperson Catherine King said the inquiry had uncovered a number of new privacy and security concerns and as such the legislative amendments don’t go far enough.
“[T]he Senate inquiry process has exposed a range of deficiencies that must be addressed before this scheme rolls out to every Australian.
“The Government has stubbornly refused to fix these problems, instead pressing on with a bill that doesn’t come close to addressing all relevant privacy and security concerns.”
King also urged the government to conduct a review of the system by the Privacy Commissioner and the Office of the Australian Information Commissioner, and once again called for a suspension of the roll out.
But a spokesperson for Health Minister Greg Hunt ruled out an extension to the opt out period, which has previously been extended by a month and is due to end on November 15.
“The opt-out date has already been extended and the opt-outs are travelling at a significantly lower rate than expected,” the spokesperson said.
“We will not be extending it further as it would not be appropriate to delay the benefits to patients.
“The Government will review and respond to other items in the report.”
In the report, the dissenting Coalition committee members rejected the call for default PIN codes on records for reasons including that patients would forget them.
“Asking for a PIN, and requiring consumers to remember their PIN, will interrupt the clinical workflow and impede use of the record. Clinicians treating people who are unable to recall their PINs will not be able to view their patient's record. Both the clinician's and the consumer's time will be wasted while the consumer attempts to remember or locate their PIN,” the Coalition senators wrote.
They claimed “the proposal would also in practical terms effectively return the My Health Record to an opt-in participation model”.
The inquiry expressed additional concerns about the communications campaign designed to inform Australians about My Health Record and opt out, and recommended the ADHA revise its media strategy to provide more targeted and comprehensive education about the platform, including for vulnerable groups.
The committee also called for the ADHA to report “regularly and comprehensively” to Parliament on the management of the system.