CHOICE membership

MyHealth Record - Megathread


Based on what I see of the local bus drivers around here, it’s possibly safer to ride a motorcycle, without a helmet, naked, blindfolded and fast …


Which brings us inexorably to Yes Minister:

Sir Humphrey: Something must be done, this is something, therefore we must do it.
Sir Arnold: But doing the wrong thing is worse than doing nothing.

In the case of MyHealthRecord, I reckon we’ve done the wrong thing, primarily because we did it for the wrong reasons.


While we get our knickers in a knot about MyHealth Records, if you live in Queensland the Queensland Government has been keeping health records of Queenslanders for many years. As I found out today, these health records are accessible by the medical profession and emergency services in Queensland, and appear to duplicate some/much of the information which will also be stored on MyHealth. I haven’t been able to, from a quick search, whether MyRecords will ultimately replace this existing health record system to prevent additional bureaucracy and/or unnecessary duplication of records.

I suspect that if Queensland has such a record system in place, other states are also likely to have such systems. It is also worth noting that one does not have a choice to opt in or out of the Queensland systems…and appears to have been a mandatory system adopted statewide.

While one could argue that my recent experiences with the current health records systems is a one off (even thought I have had the chance to discuss record system merits with paramedics, medical practitioners, pharmacists and hospital personal), it demonstrates the value of the system particularly to those which may have current (or unknown future) medical conditions which may affect treatment in the case of an emergency or incapacitation. If there is no record (which now appears there may be through state government systems), then there are significant potential health risks under such circumstances.


Yeah… but that’s Queensland :wink:


How uncomfortable for you. :rofl:

Most of us probably have multiple records. Every medical practice, medical professional and hospital we’ve attended throughout our lives is likely to have a record of some sort. Of course, accessibility will vary. Many will be archived, on paper, destroyed or lost. Queensland, with its history of universal, publicly-funded healthcare is a special case, but I don’t doubt that more than one state government has made an effort to centralise records. That might be a problem or an opportunity.


No need to brag.
It may indeed be possible.
If you own an 1885 Daimler Reitwagen and only ride it on a closed circuit alone Top Gear style under a vintage classification any thing is possible. Even the dress sense, although I would make an exception for Clarkson. He is sh*** on two wheels.

You might still need a MyHealth record after the event!


Lets’ just say that your report is not consistent with the aggregate of responses I’ve received over the past six years or so. I’ve been following this issue since it was first mooted in 2010/11 and consulted extensively at all levels.

Anyway, I’ve now had a chance to follow up with one medical professional. He, like most, started out enthusiastic about the potential. Like most, he was quickly disillusioned by the reality. From a user’s perspective, he said, it’s obvious that the focus of MyHealthRecord is not health.

Meanwhile, in news just to hand:


This is the kind of person where a My Health Record may, on balance, be a good idea.

Polypharmacy, multiple non-trivial health conditions, declining memory.

However this shows why it ought to be “opt in”. As it stands today, a whole heap of people (the majority of Australians) will be opted in, by default, without their knowledge, let alone consent, and yet where the benefit will be negligible.

Even with such a person as your neighbour, there would have to be some concerns that they are also more likely to fall victim to identity theft or other fraudulent activity. So we should still ask questions about whether legislation, organisations and procedures are all optimally set in order to avoid that possibility - and whether the government is being transparent about it, so that not only is it solid but it can be seen to be solid.

Unfortunately IT failures (of all types and causes) are far too frequent for me to have good confidence in the solidity of this system.

In any case, it is already abundantly clear that the security v. convenience trade-off has been made in favour of the latter.


from which “Referred to Committee (23/08/2018): Senate Community Affairs Legislation Committee; Report due 8/10/2018”

Will this amendment even have come info force by the deadline by which people are supposed to have decided to opt out?

By my count there are 8 sitting days for the House and 8 sitting days for the Senate after the report is released and before the opt-out deadline. It is hard to imagine that this amendment will be a priority, given that privacy rarely seems to be a priority for government.


There’s a lot to be concerned about in that article. The focus still seems to be on privacy. To my mind, they need to make the system work well enough to justify the risks. The fact that it’s a sad mess from the foundations up isn’t being addressed.

An article linked from the one referenced above:


That’s disgraceful.

So it’s optional until it’s mandatory?

Is a workaround for the patient to “consent” to the creation of a My Health Record but to apply a password to the record and to decline to provide the password to any entity? Or will the government simply bypass the password anyway?


From the article linked above:

The ADHA also dismisses calls to change default security settings on people’s records from open access to healthcare providers to passcode protected, claiming it would “effectively render the system opt-in.”

So yes, it is an option, though not the default. Whether it actually works, Heaven knows. I suspect law enforcement (and anyone else the government chooses, now and into the future) will have ways.


I agree.

However, one must realise that medical conditions which may be diagnosed when one was young can still affect treatment when one is elderly (e.g. allergies to medicines, heart conditions etc). If one say chooses to opt-in later in life after such diagnosis has been completed, I understand that all historical records won’t be added to MyHealth Records. There is a risk that at the time one needs some for of treatment when elderly, the full medical history is not known and this may pose risks. One needs to determine if such risks are acceptable to the individual involved.

Also one can’t predict when when one is in some form of accident (workplace, car, home etc) resulting in incapacity. This can occur at any age. If one has a medical history which may impact on treatment at such time and chooses to opt-out, one must realise that the treatment at such time could pose some harm which would not otherwise have been the case if history was known.

The purpose of the MyHealth records is to have medical history available to medical professionals when treatment or diagnosis is required. Unfortunately this purpose has been overshadowed by the privacy advocates, the media and others by muddling the waters claiming that it is also not non-medical purposes, such as use by insurance companies to set premiums/risk profiles. As I have outlined above and also from recent discovery of the Queensland Health record system, if this was the case the insurance/legal etc industry would have already been seeking such information as records have existed either centrally (such as in Queensland) or dispersed and kept by medical practices/specialists. If one is concerned about this and thinks it will happen (I personally believe it won’t based on history and the political ramifications), one needs to include this in their own risk/benefit assessment.


Actually, to minimise cost, it’s planned that historical records will be progressively deleted from MyHealthRecord.


To explain better what my question is: If the government says that in order to receive service X, you must have a My Health Record, even when you don’t consent to doing so … does it extend further to …

The government says that in order to receive service X, you must not have a password?


The government says that in order to receive service X, you may have a password but you must disclose that password?

This is not a technical question. This is an administrative question about the conditions for receiving service X.

We already know that the password can be bypassed. It is a limited protection but worthwhile nevertheless.

It just shows how nutty this system is. What sane IT system would ever default to no password? (thereby allowing hundreds of thousands of people all around Australia access to your record, the vast majority of whom will never in your lifetime need access to your personal health information)

‘No password’ might have been the default 30 years ago but …

It just shows how the government has boxed itself in. The mindless and unreasonable pursuit of “opt out” implies (to them) a requirement for no password by default. If they took privacy seriously then they could have addressed that in other ways.


Nor would they be if you take no action now and end up in the My Health Record system by default in November this year. This was one of the issues with the original PCEHR system. Who pays the doctor / medical practice for the effort of uploading records?

If you’ve moved around a few times, there are probably multiple medical practices that you have been to, each for periods of some time - and who knows the odd practice that you have only visited once. I would guess that, at best, your current practice will upload the records that they hold if you ask them to. (Any former practices would not be able to get your consent to do anything with older records - and won’t be able to get your password if you have one.)

As such, if you completely swallow the Kool Aid, this system will not fully bear fruit for many decades.


Yes, but the medical professional ones currently sees and has historical records which are likely to be important for future reference, are unlikely be negligent and not upload such important records. I am sure that their insurers would be concerned if this did not occur.

If one also used knowing/unknowingly the former health record system, there are already to me many years of historical data already in the system. This historical data is also potentially better than none at all.

As time progresses, the system will have a better profile of the individuals who chose to use the system.

This is correct and I am not sure where you are getting this from. It is worth noting that the cost of data storage is cheap compared to the cost of system establishment. These costs have been decreasing substantially year on year.

Under the current law, the records will be kept for 30 years after the death or the cancellation of the ‘service’ of the record holder. Records won’t be deleted unless there is trigger such as these.


Costs of data storage are decreasing. Costs of keeping data online are far higher.

Can you substantiate that assertion?


refer Section 17(2)(b) of the Act. This outlines the triggers for deleting data. Cost is not one of these triggers and as such the information presented in a earlier post is incorrect. If we say that the registrar of the MyHealth Records per say did archive to save costs, would be unlawful under this Act and I suggest that his tenure as registrar would be under question.


Actually, it doesn’t. For many years, I worked in a legal section of a Commonwealth Department. Legislation is not that easy to read. That subsection deals with the record in entirety, not what’s online at any given moment.

The online record is defined as a “summary”. What that means in practice is that the information included will vary over time. Archiving is purely administrative.