CHOICE membership

MyHealth Record - Coming to Us Like it or Not


Looks like the AMA is not still convinced either…


And I wonder: are those software companies Australian owned? Is the data stored on Australian soil and not subject to the US’s Patriot Act?


Good question. For MyHealthRecord, the government can mandate local storage (Whether it does, I don’t know). Practice software is a different kettle of fish.

AFAIK, part of the software producers’ business model involves selling information about our information. That involves some pretty heavy analysis and data-mining. The processing is probably done overseas.


Thanks @BrendanMays et al for putting the factual information together.

Hopefully this allows one to make their own informed decisions, removing some of the emotion and misinformation bandied about by the media and also by (the anti-) government critics


Real questions for the floor of Federal Parliament?

Where ever and who ever the government assign to keep and manage the data as well as any third parties.

Does the Australian Federal Governement guarantee that at all times and for all circumstances the data being collected and maintained will be wholy and solely under the control of the Australian Government and subject to Australian law?

Does opting in come with a life time assurance from the government that the personal data contained on each individual shall only be used for the personal medical needs and sole benefit of the individual to whom the data relates?

Note that in other circumstances we do have certain protections that information can be assigned protection and is not admisable in any legal action. It should not be that hard to answer.

I beginning to think there needs to be a big YES to both of the above, separate to any debate on whether the proposed system is ‘fit for purpose’.

So far there appear to be more doubts than reliable answers.


No Australian parliament can possibly provide such an assurance - because it can’t bind any future parliament.

In any case we already know the answer to

It is a resounding “NO”. The government never intended that. It is not the case today and so it is very likely that it will remain not the case for your lifetime (and, concerningly, beyond!).

To me this indicates that the government does not take privacy seriously - and views privacy as an inconvenience to the government.


I challenge that we are ‘anti-government’ but a few of us are admitted critics of ill informed shoot from the hip populist policy, as well as half baked ill advised badly managed programs, regardless of which party is in government and responsible. When ‘you’ are good at something you are. When you are not there is no getting around it.


The same could be said of all the personal data which has been captured for decades and held by local, state and commonwealth governments.

I am sure that they would not start giving any data away to private parties to manage somewhere else in the world as this would be political suicide.

The government has been collecting medical records for anyone who has a medicare card for decades. I understand that this will continue to occur irrespective if one opts out of MyHealth records. One can’t opt out of medicare record keeping. The MyHealth records is about creating visability to those in the medical profession to those who currently don’t have viability, to to also have a central storage system rather than records being duplicated and scattered around the country/world. There will be some new records created such as storage of test results such as pathology and scans.

Therefore, even if one choses to opt out, the data collected through medicare could still be shared by a future government. This is assuming that a fancy become a reality, which is highly unlikely and more likely the subject of s sci-fi novel/movie.


You neglected to include government has a knack for passing retrospective laws to absolve themselves of all wrongs, anytime they feel the need. And they do. Both coalition and ALP are equally enamoured with the concept.


But reality is in the execution as much or more so than the intent. Check the few paragraphs on privacy to see how well execution has gone.


This is not a fair comparison.

Decades ago there were no computers. Decades ago there was no internet. Decades ago there was no ‘cloud’. The question is an entirely fair one for the times in which we live.

The government either legislates the assurances or failing that provides the assurances separately from the legislation or failing that provides no assurances.

Not so sure it would. Firstly, people would have to know about it. Secondly, people would have to get excited about it - and Australians don’t seem to get excited about much in the political sphere. Thirdly, as long as support remains bipartisan for an issue there is so little choice that the issue doesn’t matter.

The government thought it was OK to allow a foreign company to manage #censusfail, no doubt all long-forgotten by the time of the election and not figuring as a major issue anyway.


My understanding is government started using computer systems in the 1970, if not beforehand.

Clouds have deen around for many decades. In the late 1980s, I used remote servers (some overseas) to store back ups and share research data with others.

Cloud is a recent/modern term for essentially the same thing.

The main change is we are more concious of data breaches, but still unaware of personal data currently held by others, including the government.

The fact remains that government has significant personal data collection of its citizens, for government use and decision making.


I went to my local GP clinic yesterday where they did an ECG as part of an annual check up. Their new ECG machine is connected to a laptop (WiFi enabled) which enables the results to be stored in the clinic’s health record system. The nurse was having problems logging in and ask for assistance. The older other nurse then glibly replied there is no password for that machine I have too many to remember already. Mmmm and people are worried about the government leaking their personal data!


My giddy goat - I’m glad you straightened that out! - I was beginning to wonder if I’d been in IT for over three (3) decades (when it was called EDP), using the Internet for even longer (back when all mail relays were open relays) and as for clouds, I believe it was Mr Karr who was accused of uttering “Plus ça change, plus c’est la même chose” … or ‘a cloud by any other name … etc etc’ heh heh heh …


Those computers, how they were used, and how data was stored and managed evolved quite dramatically. In the 1970’s each computer was an island unto itself, and that did not begin to change until the mid 1990s despite the internet starting to develop in the mid-late 1980’s from its ARPAnet origins.

I suspect you do not understand the difference between remote hosts/storage and the cloud. They are not the same and while having similarities are quite different in practice. Remote hosts/storage is a specific system located at a specific place. The ‘cloud’ is somewhere that you neither do nor need to understand, or so the ‘salesman’ tells us. I could go into more details, but this is not the thread.

Very true, and it is disjoint, difficult to access, and a mish-mash of mostly disparate systems. They are working to change that, but it is difficult, with or without privacy laws.


I reckon that might be because the salesman doesn’t understand it either. I remember with great fondness doing sales support (cough), it was a laugh a minute … I can sympathise with “Anderson” in this sketch …


Agree, but the tax office and other department (suspect those like ASIO) have sophisticated data-matching technologies which can scan, interrogate and compare different data sets.

Yes, I recall reading something a few years ago that some of the old data storage systems (ones decades old) were still being used as the experts, maybe like those in the video, couldn’t see an material benefits in changing to new forms.

I understand that since then there has been government projects migrating old data sets to new platforms to allow better management, analysis and interrogation.

Maybe some of the old ones are stored in filing cabinets and auctioned off from time to time?


WiFi enabled, you say? No password, you say? What was the address? :slight_smile:

This is actually one of the problems with My Health Record. If all health professionals all around Australia have access to everyone’s record (as I understand it, the default security configuration) then a compromise of any one health professional (such as the crappy setup that you describe), can mean a compromise of all records, including patients who have never been anywhere near that health professional’s practice. (You would hope that they would have network traffic monitoring so that the rapid exfiltration of 20+ million records would be detected but…)

Note that in the Singapore Government health record hack, they appear to be blaming a state actor (coughChina?cough). So we are not talking about isolated script kiddies. We are talking about skilled, motivated, well-resourced adversaries.


Individuals can control what information is in their My Health Record, and which healthcare provider organisations can access their record. A range of privacy controls are available including:

* Setting a Record Access Code (RAC) which the individual can give to their healthcare provider organisation to allow access to their record, and prevent other healthcare providers from access unless in an emergency
* Flagging specific documents in their record as ‘limited access’, and controlling who can view
* Removing documents from view within their record
* Asking healthcare providers not to upload information and, under the My Health Records Act 2012, healthcare providers must comply with this request.

For those who don’t opt out, setting a RAC may be worthy if one is concerned about who is accessing ones records.


However by the same principle that most people won’t opt out, most people won’t set a RAC. Assume that millions of records will be open to any health provider.

PS “Removing from view” is not the same as “deleting”. I expect that hackers will therefore still have access to “removed” documents.