My Health Record: is it safe?

Photo by NordWood Themes on Unsplash

There has been a lot of furor in the media over the past few weeks over the security of My Health Record, which is an initiative by the government to keep all of your medical records and details in a central database, linked to your Medicare number.

On the surface, it seems like an excellent idea, and many years in the making. In fact, it has been actually running for the last 6 years- albeit in an incomplete fashion. In fact, many patients are unaware that doctors are unable to look up their medical details on some sort of magical database stored on our computers. And it is a good idea– our current system goes something like this:
1. I see a new patient
2. I would like to know when they had their last test, X
3. The patient cannot remember
4. In order to find out, they have to sign a consent form, which my receptionist faxes to their other practice, who then has to find the records, print them out, and fax them back.

Obviously, this whole rigmarole takes a long time, so sometimes it is easier to just repeat the test. Now, if we had My Health Record in place for that patient, I could potentially look up the test, see the result, and decide what to do next. So it is obviously a good initiative that could potentially save tax dollars, and lots of time- both patient and doctor time. Furthermore, it could add an extra element of patient safety, as hospitals would be able to easily and accurately bring up vital medical information such as allergies and medication lists.

The main concern is regarding security measures. The biggest concerns come from lobby group Digital Rights Watch. These revolve mainly around data security and access to health information. Despite the Australian Digital Health Security giving many reassurances that their cyber security is top-notch, most people are understandably concerned.

Let’s be honest: I am a doctor. I am not an IT specialist, I have no idea about any of this. I have no idea how secure My Health Record is. But here is a few things I do know:

Patients are able to choose who accesses their health record.

Here is a step-by-step guide on how to limit access to your online health record. You can even restrict access to particular documents with a PIN.

No police or government agency can access your record without a court order, according to an announcement made recently regarding changes to legislation.

Patients can choose what information ends up in their health record.

You can choose what information ends up there and you can always change your settings or remove data later on. Currently there is the option of having Medicare Benefits Schedule information, Pharmaceutical Benefits Schedule information (medications), Australian organ donor information, and immunisations from the Australian Immunisation Register. You are able to discuss with your GP about what information you do want in there and what you don’t want. With investigations such as blood tests, there is an option to check the “Do Not Upload to My Health Record” box on the referral form your GP gives you, and that information will not be included.

Patients can see who has accessed their information.

Currently that is not even possible, as your records are currently stored on general practice or hospital software and there is just no way to track who has accessed your health information.

Patients can cancel at any time

After cancelling My Health Record, your information is no longer accessible by anyone.

You have until October 15 to opt out of My Health Record, after which time, a record will be made automatically for you (which you can choose to cancel at any time). To find out how to opt out, click here.

For more information, please check out the official My Health Record website, including their frequently asked questions page or speak to your GP.