It is extremely alarming to witness the Turnbull Government engage in a deliberate campaign of misinformation regarding who has access to our My Health Record data.
It is nothing less than a massive betrayal of trust, designed to lull citizens into a false sense of security about the safety of data uploaded to an individual’s health record.
In the week since the My Health Record three month opt-out period began, there have been moves by Health Minister Greg Hunt and the Australian Digital Health Agency (ADHA) to reassure apprehensive Australians that data stored in My Health Record will not be accessible to agencies other than those directly concerned with our healthwithout a court order.
ADHA website, My Health Record, acknowledged widespread concerns on Twitter:
'We have had a few enquiries regarding other government departments and law enforcement accessing #MyHealthRecord. We will not release any documents without a court/coronial or similar order.'
Firstly, what exactly is an order “similar” to a court/coronial order? To what kind of order does this refer, who is authorised to issue such an order and under what circumstances? This “similar” order needs to be fully explained.
Secondly, why does this information from the My Health Record website contradict the My Health Records Act 2012, which is the legislative framework that governs the Australian Digital Health Agency (ADHA) and the law by which that agency must abide?
On the matter of disclosure for law enforcement proposes and so on the Act (Section 70) states:
Disclosure for law enforcement purposes, etc.
(1) The System Operator is authorised to use or disclose health information included in a healthcare recipient’s My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a imposing a penalty or sanction or breaches of a prescribed law;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime;
(c) the protection of the public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
'If the data collection were primarily for our benefit, it would not be necessary ... to allow access by 15 enforcement agencies, without a warrant and without our knowledge.'
It is clear in the Act that the "System Operator", otherwise known as the Department Secretary, has sole authority to release our data to enforcement bodies, without a warrant and with no oversight.
Alternatively, the Commonwealth Government may form a “body” to be known as the System Operator, authorised to release health data to enforcement agencies.
Neither the Department Secretary nor the Commonwealth Government body requires court/coronial orders to release the data. As for “similar” orders, well, we don’t know what they are.
The ADHA is either unaware of the legislation by which it is governed, or it is misinforming the public.
Labor Shadow Minister for Health Catherine King called on the Turnbull Government to extend the opt-out period beyond the current three months, to enable people to more fully consider their options.
Ms King also claims the Turnbull Government has
'... failed to explain to people how their rights will be respected and their privacy protected.'
There is no disputing the accuracy of this statement. However, the My Health Record Act 2012 was legislated by the Gillard Labor Government. There is no mention of the Act in Ms King’s media release. It is impossible to explain to us how our rights will be respected and our privacy protected when the law currently permits at least 15 agencies – that have nothing to do with our health – access to our most sensitive records without our knowledge. The ALP needs to address this legislation before it can make any guarantees of privacy and respected rights.
As Dr Kerryn Phelps states on Twitter:
The only way a centralised #MyHealhRecord could proceed is if law states:
- records can only be accessed by health professionals
- accessed only for the patient’s benefit
- all access visible to the patient
- no other external agencies can access the system for any reason
If the data collection were primarily for our benefit, it would not be necessary for the Government to allow access by 15 enforcement agencies, without a warrant and without our knowledge. If this system was intended primarily to enable health professionals to better treat our ailments, it would not be necessary for anyone other than those health professionals to access our data. It would certainly not allow access to the Federal Police, ASIC, the Department of Immigration and Border Protection, or any other agency responsible for “protecting public revenue”, to name just a few currently able to request warrantless access.
If nothing else, this misinformation campaign confirms that a centralised health database has little to do with our health and everything to do with government and corporate abuse of our most confidential data.
Support independent journalism Subscribe to IA.