CHOICE membership

MyHealth Record - Megathread


I am a Queenslander and didn’t have a MyHealth record and this was confirmed on my opt out (I asked the teleservice staff member). Some did have them created in trials so if you have one you may have been in an area where it took place. Opting out and asking for deletion of your current records if you have any is now permitted so perhaps you should inform the Opt out service you require deletion when you ring them or contact the MyHealth service and have them cancel your record and delete the data.

Cycnical as I normally am, I am not sure what this deletion will entail or even if it will be a true deletion but at least it will stop further accumulation and may actually result in actual deletion.


Lax security culture in hospitals could affect My Health Record privacy, insiders fear

Have the promised amendments to the My Health Records Act surfaced yet?


Wait for the government to spin it as an opportunity to standardise the lack of privacy, rather than have it disjointed and inconsistent …


Further comfort that the Government is serious about data security.


How our government deals with our data (the view of an IT professional):

[Hilarity no. 1:
[This article appears within an hour of two of the foundation Minister for ‘Home Affairs’ resigning.

[Hilarity no. 2:
[Agencies have for many years had an obligation to comply with the entire ISM (Information Security Manual).
[Because agencies were completely unable to comply, in 2010 the obligation was reduced to a list of ‘top 35’ mitigation measures.
[Because agencies were completely unable to comply, in 2013 the obligation was raised to ‘mandation’, but reduced to a minuscule sub-set of ‘top 4’ mitigation measures.
[Agencies generally continue to be completely unable to comply. This article mentions precisely 2 that have got there.

[Hilarity no. 3:
[DHA is one of the agencies whose data holdings and whose culture would seem to have required the most stringent data and IT security, from the date that it was formed in late 2017.
[But it was formed through the merger of some or all of 5 agencies (ABF - ex Immigration and Customs, ACIC, AFP, AusTRAC and ASIO), all of which would seem to have required the most stringent data and IT security, from the date that each was formed, in most cases many decades ago
[That DHA still isn’t compliant is extraordinary.




The default security settings seemingly won’t prevent this, no matter what denials or smokescreens the government offers.

Also, were a medical insurance company to offer this service to non-members then it could very plausibly argue that it is not accessing the My Health Record for insurance purposes - and yet non-members are of greater interest than members. Many companies (in many industries) put more effort into winning new customers than into keeping existing customers happy.

However, as the article says, this general idea is not likely to amount to much. Fear of litigation means that providing medical advice without actually seeing the patient is a fraught business - unless you are prepared to fire up your webcam. :slight_smile:


In theory, the patient/member/subject must consent to the company accessing their record. In practice, I can hear all the insurance company spin and discounts now. Show us your records, and we MIGHT charge you less. Refuse and we WILL charge you more.


If it was advice like the QldHealth service or the current Medibank service (customer initiated though) then if the data was reviewed by a Registered Nurse and just a general recommendation made eg “we see from your blood results that you might like to be checked for diabetes by seeing your Dr” then this would be medical advice of a more general nature and could be done by reviewing written reports. The problem this raises however is that massive amounts of data would be mined and collated without the individual’s express consent.

Also what does it mean about the terms of your agreement when you sign up for their Insurance, will they deny cover because they found some reference to a possible problem when you were a child? Will their PDS be amended so that express permission will be taken because you use their insurance? If they do it what will stop the myriads of others following suite. A real quagmire could easily develop for the customer, particularly if notes are then added by Medibank to a customer’s MyHealth record when they review records for the data they wish to use for this “help health” service.


It would make for an interesting perspective regarding “pre-existing conditions”. In theory any health insurance (or life insurance) company has a right to protect themselves against fraud.

There are a lot of worms in that can.


Medibank would potentially access one MyHealth record if one has insurance with them and goes to a private hospital or seek treatment covered by the insurance. The records of such would be added to MyHealth unless one either tells them not to add them or one has opted out of the MyHealth record service.

The only difference with this will be the existing health phone line support service may be added to MyHealth…and the operators access user information to provide advice based on one’s recent medical history.

Personally, I would not use this phone service as if one has an ailment which is of concern, the best solution is to see a health professional (pharmacists, GP, specialist etc) face to face where a proper diagnosis can be performed, along with relevant testing (heart, lungs, ears, throat, temperature etc).


The enhanced privacy bill (22 August) is summarised by theregister, including a link to the bill itself. It is unclear how everything went in Canberra over the past few days.


I have now had first hand experience of the MyHealth records.

I help care for an elderly neighbour and yesterday she had to be admitted to hospital. I was fortunate to see how the system works for a person who may not be able to fully remember or communicate information about past medial history, including medications one is on and allergies.

The paramedics and hospital staff had access to much of the recent medical history which saved enormous time and risk in relation to unknown treatment complications. They could check the prescription medications she was on with the records. For someone who is very old, the consequences of applying the wrong treatment could be devastating.

While I had not been fully persuaded on the merits of the MyHealth Records, and could see the pros and cons, I now see why it is potentially important to use. The ambulance paramedics which attended commented on how long it can take to develop a medical profile on someone, which can be invaluable time otherwise used to instigate life saving treatments. They are cautious in instigating treatments until some level of history is known and risks of treatment can be ascertained…I suspect that this may be different where a patient is incapacitated and required emergency life saving treatment/response…fortunately this was not the case I observed yesterday.

The thing it made me realise is my own life and health more important than the potential risks of misadventure with the information…the balance from this experience has fully swung to the merits case. I now will be choosing to use MyHealth records knowing what the risks are, as the risks of not using it to me far exceed the risks of not (even though I am a healthy individual - but one can’t predict the future).


Thanks for sharing this perspective @phb, certainly worthwhile considering these factors when discussing the issues.


Relying on a single instance could be viewed as a logical fallacy of anecdote.

As you’ve taken us down that path:
A woodscrew can be driven with a hammer. Some may aver that hammers are cheap and driving a screw that way is quick, so it saves on labour. I reckon there’s a better way.

The potential of a central health database cannot be denied. The risks shouldn’t be.
My questions are:

  • does the system that we have adequately realise the potential and;
  • does it adequately mitigate the risks?

As pointed out above, the system was designed from the beginning to save money. From the available evidence, that focus has compromised the system. For example, the use of a document format (pdf) to store some data, instead of a database format, is indicative of compromises putting short-term cost considerations above usefulness and performance.

Like the hammer-driven screw, MyHealthRecord will work sometimes. Will it work well when most needed? Do we have the best tool for the job that we can afford? Do we have a cheap hammer, when we’d be far better off with a different tool altogether?

I was a supporter of the PCEHR. Then I found out about some of the corners that were cut and realised the impact on both the utility of the system and its security. They’ve changed the name and made it opt-out, when it really should have been put down.

Should we go back to the beginning and build a system focused on saving lives, promoting health and safeguarding our information? That would tacitly concede that both sides of politics have screwed up, to the tune of $billions. I reckon we should. I doubt it will happen.


Sadly if the many badly conceived government (and private enterprise) programs were subject to that mode little would ever get completed, just lost in recrimination, partisanship, and new studies, over and over.

Reality is with the exception of government flagships done shoot from the hip and off we go, it normally takes about 5 years to get a program proposed, approved and funded. If you proposed something that got approved and funded, that you realised was really stupid at 4 years and try to fix it, that 5 years usually starts again. It is the nature of the beast. I trust that makes a point and possibly provides insight into why so many seemingly idiotic things are rolled out. ‘Something’ no matter how imperfect is usually progress no matter how little it may be, or at what cost.

The product analogy is that the engineer can always make the design better given just another week. The salesman needs something to sell (P/L). The customer needs something in his hand ASAP (eg getting their job done). Guess which of the three ‘wants’ is in the weakest position?


Is it safe to get on the bus or is it safer to stay waiting at the bus stop for the next bus?

There are risks and uncertainties with either decision.

Should we point out the possible risks before boarding the bus?
If we are aware of the risks should be still board the bus and seek mitigation as we proceed?
Is there a benefit to the community and individuals if we all board the same bus?

What do those who do not board the bus risk?

Should a refusal of others to board the bus prevent any from boarding?

Morally for any one who considers the proposition:
“to improve our health outcomes and assist those vulnerable or at serious medical risk we have shared responsibilities”
it should not be too hard to answer the previous questions.

Since most of us probably see the moral position as a priority more clearly than the political ineptitude it becomes much easier to deliver a less than perfect outcome. That is currently the price of progress?


Was the system built to do that? Was it designed instead to be cheap?

If we believe that the hammer-driven screw will hold adequately, then perhaps your position is moral. If not, then perhaps not.


Is it a screw? And who’s using a hammer?
Would you not choose a nail to save money instead of wasting a screw?

No need to answer precisely. However it might be useful to understand better the supposition that it was designed to be cheap? Or to save the government money? How is this quantified?

For the NBN we have a budget and measured outcomes as a reference. Is there a similar level of detail and costs available for MyHealth?


Read my post

Follow the link in my other post.

A similar question was asked and answered previously: