LOGIN
Health

Just how private will your digital health records be?

By | | comments
Digital health records can be easily accessed by the Government without your consent (Image via YouTube screenshot)

With an untrustworthy Government known for data breaches, a system of digital health records won't be as private as you think, writes Dr Jennifer Wilson.

THE CONCEPT of a digital health record system is a splendid one, particularly for people with complex health issues, people in regional and remote areas, as well as those of us who might end up in a hospital emergency room unable to convey our history to medical staff.

I would happily opt-in to such a system, were it not for the appalling record of the Coalition Government on privacy and data breaches.

We currently have a Government that has proved itself incapable of managing the security of citizens’ data. In 2017, we discovered that Australians' Medicare details were being sold on the dark web. The Government’s reaction to this breach was described by a former AFP expert in high tech crime as “disappointing, confusing and often contemptible”.

We also have a Government that has deliberately released intimate personal details of individuals and their previous partners to the media, as payback for those individuals’ public criticisms of agencies such as Centrelink.

We have an Acting-Privacy Commissioner who has ratified the publication of this personal data if the Government feels such action is necessary to correct any criticism of its agencies.

Just take a moment to absorb this. If you publicly criticise a Government agency that holds sensitive information about you, the Privacy Commissioner has validated the Government’s right to disseminate that information in the national media, under the guise of “correcting the record”. In the case of Centrelink, there is no option for you to withhold private information in the first place if you are attempting to access benefits. The Government has you by the throat. You have to tell them your private details. If you are publicly critical, your private details are weaponised and used against you.  

There is absolutely no reason to believe that this exercise of raw power will not be extended to the use of your health records if the Government or any one of approximately 15 “enforcement agencies” decide that is necessary. And the information in your health records is likely the most private and sensitive information you’ll ever have recorded.

As part of its marketing of the digital health record system known as "My Health Record", the Government has set up an information website and a Twitter account that offers answers to queries about the digital initiative:  

My Health Record

Verified account

‪@MyHealthRec ‪‏

My Health Record is a secure online summary of your health information. You can control what goes into it and who is allowed to access it.

Australia • myhealthrecord.gov.au

The claim that we have control over who can access our data is false. There are at least 15 Federal and State Government agencies that can be granted access to your private health records solely at the discretion of a departmental secretary, without warrants and apparently without oversight.

In the legislative framework for this system, the My Health Records Act 2012, it is stated that for the purposes of law enforcement that your private health data can be accessed by ‘enforcement bodies’ solely at the discretion of the System Operator.

The System Operator is identified as the Secretary of the Department, or a body established by Commonwealth law to be that operator.

In other words, any Government enforcement body can access your personal medical records without a warrant and without your knowledge.

Access is granted at the discretion of a department secretary, or a body established by the Government that controls the enforcement agencies seeking to access your records:

MY HEALTH RECORDS ACT 2012 - SECT 70

Disclosure for law enforcement purposes, etc.

(1)  The System Operator is authorised to use or disclose health information included in a healthcare recipient's My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:

(a)  the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a imposing a penalty or sanction or breaches of a prescribed law;

(b)  the enforcement of laws relating to the confiscation of the proceeds of crime;

(c)  the protection of the public revenue;

(d)  the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;

(e)  the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

The definition of "enforcement body" and "enforcement-related activity" is as follows:

'Enforcement body’ means:

(a)  the Australian Federal Police; or

(aa)  the Integrity Commissioner; or

(b)  the ACC; or

(c)  the Immigration Department; or

(d)  the Australian Prudential Regulation Authority; or

(e)  the Australian Securities and Investments Commission; or

(ea)  the Office of the Director of Public Prosecutions, or a similar body established under a law of a State or Territory; or

(f)  another agency, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction or a prescribed law; or

(g)  another agency, to the extent that it is responsible for administering a law relating to the protection of the public revenue; or

(h)  a police force or service of a State or a Territory; or

(i)  the New South Wales Crime Commission; or

(j)  the Independent Commission Against Corruption of New South Wales; or

(k)  the Law Enforcement Conduct Commission of New South Wales; or

(ka)  the Independent Broad-based Anti-corruption Commission of Victoria; or

(l)  the Crime and Corruption Commission of Queensland; or

(la)  the Corruption and Crime Commission of Western Australia; or

(lb)  the Independent Commissioner Against Corruption of South Australia; or

(m)  another prescribed authority or body that is established under a law of a State or Territory to conduct criminal investigations or inquiries; or

(n)  a State or Territory authority, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction or a prescribed law; or

(o)  a State or Territory authority, to the extent that it is responsible for administering a law relating to the protection of the public revenue.

‘Enforcement related activity’ means:

(a)  the prevention, detection, investigation, prosecution or punishment of:

(i)  criminal offences; or

(ii)  breaches of a law imposing a penalty or sanction; or

(b)  the conduct of surveillance activities, intelligence gathering activities or monitoring activities; or

(c)  the conduct of protective or custodial activities; or

(d)  the enforcement of laws relating to the confiscation of the proceeds of crime; or

(e)  the protection of the public revenue; or

(f)  the prevention, detection, investigation or remedying of misconduct of a serious nature, or other conduct prescribed by the regulations; or

(g)  the preparation for, or conduct of, proceedings before any court or tribunal, or the implementation of court/tribunal orders.

That these bodies can access your health records without legal oversight, merely on the say-so of a departmental secretary, is entirely unacceptable. This ought to give the most complacent among us pause for thought.

The situation we are in is intolerable. We need a My Health Record system for citizens who will benefit from its many advantages. Yet our Government has demonstrated that it is ready and willing to weaponise citizens’ personal information and use it against us. The Government, by its untrustworthiness, its record of incompetence, and its established and enthusiastic betrayal of our privacy, is preventing access to the healthcare record system we need. By allowing agencies access to our personal data without oversight, on the authority of an individual public servant, the Government is making the system entirely unsafe for citizens to use.

You have till October to opt out of the My Health Record system. After that, you’ll automatically be included. The RN Breakfast interview (shown above) with Paul Shetler, former Head of the Government’s Digital Transformational Office, is invaluable if you need an expert opinion to help you make up your mind. 

No mainstream journalist has thus far challenged the Government and its representatives on their claim that individuals have complete control over data stored in My Health Record. Health Minister Greg Hunt stated in an interview with Linda Mottram on ABC's PM Wednesday evening that a court order is required to access health records. According to the Act, this is not the case, yet Hunt’s claim went unchallenged.

It’s impossible to say if this is because no mainstream journalist has actually researched the legislation, or if it is because the media has some interest in propagating Government misinformation about health record privacy. 

You can follow Dr Jennifer Wilson on her blog No Place for Sheep or on Twitter @NoPlaceForSheep.

Support independent journalism Subscribe to IA.

 
Recent articles by Jennifer Wilson
Berejiklian and Morrison's eerie silence on bushfires and Sydney water quality fears

With bushfires now encroaching on Sydney and surrounds, experts have now expressed ...  
Morrison, Porter, Fuller, Taylor: Bin mates before investigations

“If you’ve got nothing to hide you’ve got nothing to worry about" — at leas ...  
Scott Morrison's religion and the bushfire crisis

As firefighters in four states struggled to contain unprecedented bushfires, the PM ...  
Join the conversation
comments powered by Disqus

Support IAIndependent Australia

IA is dedicated to providing fearless, independent journalism, free for all, with no barriers. But we need your help. To keep us speaking truth to power, please consider donating to IA today - even a dollar will make a huge difference - or subscribe and receive all the benefits of membership. Keep ‘em honest. Support IA.

Subscribe Donate