CHOICE membership

MyHealth Record - Megathread


But your medical information is not in one place but distributed so your GP has some of your medical history and information, your pharmacy has some, etc. All that MyHealth record is a linking system to those records. There’s no big central computer.

GP practices that are still using paper records means that any staff can access your records. You can usually see the cupboard with this paper files behind the receptionist in any GP practice. With MyHealth, you determine which medical personnel can see your record. You cant do that with paper records.


My understanding is that the records will be uploaded to the MyHealth system by the various health service providers, unless one specifically asks when not to do so or one has opted out of MyHealth. MyHeath will in effect have a copy of that which will also potentially be retained, in the interim, by these service providers. In the longer term, there is potential that health providers may not store copies themselves (think this is unlikely due to insurance/liability risks as they will want access and manage their own records).


@m.hedley, I attend a ‘Super Clinic’ which uses computer for appointments, my history, etc…
There is so much info out there, my dentist has a photo of me on his computer!
But, it is so widely distributed that it would be very difficult to put it all together.
In comes My Health Register to make it easy for my health care providers, especially in case of an emergency, and for anyone ill intentioned to get all the info they want!
No site can be 100% secure. That’s my only worry: ID theft.


Medical, hospital, dental, etc records are held on separate databases. For example, each state and territory has nominated specific systems. Individual citizens have unique identifiers and that is part of the process of linking specific information and data to the various databases. Centrally stored data would require a very big computer. Australia avoided the UK NHS central database approach which didn’t work very well. Memory and storage requirements of medical information is growing and growing. A digitalised X-ray file is much bigger than one even five years ago.
You have raised the issue that all of this has been very badly or not explained by the Federal Department of Health.
Your credit card company probably has more health information about you than MyHealth, and that information is analysed to work you out.


I concur. The wife of an acquaintance told me recently that her husband had a stroke while they were on holidays. She had forced him into having his MyHealth record and that meant that the emergency department knew how to give specific treatment to match another medical condition he has. Without his MyHealth record, the emergency department would have delivered the standard drugs and they probably would have nearly killed him.
We must make sure that governments now and future can never sell our records to insurance companies and the rest to raise funds for government coffers.
ID theft is a worry but then people give out so much personal information to social media without qualms or control. MyHealth does well in security and the distributed nature of an individual’s data may help reduce the openness for ID theft.


I’m being cautious for the present. I’m sure there will be improvements in the future.
I hope we’ll always have a choice to opt in or out.


Actually, there is. But it’s not big enough.

The My Health Record is held on a government-controlled system. It’s only a snapshot of current information, provided by whatever health professionals are authorised to input data on you. The system is not big enough to hold your history. Nor is it big enough to hold a comprehensive record. If something goes wrong, it may or may not hold information relevant to the current emergency. If it holds that information, it may or may not be in a form that’s accessible to the relevant personnel.


PDF files are generally the reports (based on selections) generated from the data held in the various systems. They can be a snapshot in time of a data set. PDF files are not all that useful in an information system as manipulating data in a PDF file is not very easy nor useful.

Think of banks - a PDF bank statement is produced from the data in a bank’s treasury ledger, database, CRM, etc.

Maybe CHOICE could get a summary of the architecture of the MyHealth information system and share with us. I am not sure how up to date I am now the the system.


Reading the history of this topic, it seems the problem stems from the software used in medical practices. It’s closed-source and won’t allow direct access to raw data. The only way to get information out is to generate reports, which are generally PDFs.


This probably deserves a thread of its own. “myGovID”; what colud possibly go wrong? :expressionless:

Interesting comment on My Health Record:


Would love a system that would make me feel secure about my personal ID.
I’d like to know more about the Digital ID.


The Government has announced increased penalties for the misuse of My Health Records.


Increased penalties are not the only need here?
There is no legal requirement for remedy, redress or compensation from the consequences of loss for any individuals affected.

It is good to include penalties and define legally what is and is not permitted.

This system as well as others holding sensitive personal information (government or privately managed) create a world of misery and pain for individuals when there are breeches or losses. The demands (time, cost, pain and suffering) on the individuals affected in putting everything back as best as is possible can be significant.

I’ve noted in the privacy statement of a recent document relating to personal information the holder is excluding any liability arising from loss or breech while simultaneously committing to meet all legislated Australian data and Information privacy requirements.

MyHealth simply amplifies the circumstances given the nature of the information and now it might be misused by legitimate organisations.

  1. Should legislation be changed such that an holder of data cannot contract out of liability?

  2. Should the liability of the data holder include meeting all costs and a payment for time of individuals affected through any loss or breech?

  3. Should this be an insurance risk that must be provided for by all data holders? IE it would be unlawful to request or hold any personal data without this level of extended insurance being provide.

  4. Is it ever likely that individuals could obtain equivalent insurance cover? I suspect not as we as users have limited knowledge of the online or data management practices of those we share data with.


Those amendments I suppose will not be through the parliament before the deadline for opting out. So you are taking it on trust etc.

With 8 days to go before the deadline, even the existing amendments are not yet through the parliament.

So typical of politicians to be unwilling to lose face and delay the end of the opt out period until as many problems as they are prepared to fix have been fixed.


How about an amendment to make it worth doing? :expressionless: It could have been so valuable. Instead, they went for cheap.

Meanwhile; I didn’t even know Australia had a Science Party:


This will be interesting …

Insurers facing imminent legislative exclusion from ever accessing My Health Record data – de-identified or otherwise – are optimistic policyholders could soon proactively volunteer information on themselves to find the most appropriate coverage at the best price.

It might sound like a fantasy dreamt-up in a privacy parallel universe.

But at ANZ Wealth’s underwriting division, the pricing hard heads doing the numbers on risk reckon if the trust battle with the public can be won, there will be improvements for customers and businesses alike.

OK, so it’s a big if… but being able to trust banks and insurers again might be nice. Let’s dare to dream for a moment.

I’m not sure insurers have ever been ‘trusted’ - and banks certainly haven’t been trusted for a few decades now, in my view … I can’t see them clawing back consumer trust any time soon … ever, really …

Further into the article, maybe I’m cynical :wink: :

Jay Tutt, ANZ Wealth’s head of insurance operations, was similarly confident informed and empowered consumers can, and should, call their own tune.

Translation? should be cast adrift so we can divide them and conquer them …

It comes down to volition, Tutt stressed, and the need for consumer and citizen control.

I think the choice of words here was more accurate than was intended …

“It should always be back to the client to make the decision on what data sources you [an organisation] can get access to," Tutt said.

“In our industry there is a fair bit of work going on around that, and how we can make that a lot more transparent to the client.

So transparent, the client is unaware perhaps?

If the door is ever opened to some kind of opt-in to allow this kind of data sharing, I wonder how long it will be before the consumer is either enticed, bullied, or a combination of both, to allow that access to either get the product, or get it at pricing that is affordable - and of course there will be some who it simply rules out.


This is one of the reasons why I think that the private sector should be banned from offering health insurance. They’ll always cherry-pick the most profitable markets, leaving the rest to the public sector.


A bit of a worry:

Today’s Roundtable on ABC Radio National was on “My Health Record”.

There’s an email thread discussing the program, beginning at:

the third panelist was Professor David Vaile, Executive Director of the Cyberspace Law and Policy Centre at UNSW.

He revealed that medical information (other than a summary of any allergies?) isn’t held in a structured database but is a collection of PDF documents! Can you imagine a patient lying unconscious in ED while a doctor makes a cup of coffee and settles down to plow through them?

One apologist emphasised how there were legislated penalties for unauthorised access, and penalties seem to be the main security mechanism. But Prof. Vaille described MHRecord as having an appallingly bad IT security model, rather like leaving the bank unlocked because there were penalties for theft. By default, access is allowed and there are no account PINs. Furthermore, individual use is not logged, only the organisation responsible, and it may even be the case that those individuals are not even mentioned in the legislation.

The offence provisions might as well not exist, because they’re unenforceable.

The entire MyHR process and product is a fiasco and a fraud.

The elephant in the room is Section 71 of the myhr legislation
“Prohibitions and authorisations limited to health information collected
by using the My Health Record system”. This effectively says, even if
there are privacy protections and access controls in the legislation,
they don’t apply if the data can be sourced elsewhere.

Considering most clinical data can be sourced elsewhere (that’s how the
system has been designed), that doesn’t leave much data to be protected.
IMHO, the legislation (in addition to the possibility of future
governments changing it as they see fit) is totally useless.

As was so eloquently said in quite another context “the only way to win
is not to play the game”.

At an individual level, that means opting out now.

For the Government, if they are serious about doing something good for
the nation rather than their own bureaucracies, it means killing the
current project now.

If a health records system is deemed necessary, let’s have a discussion
around the actual aims first.

IMHO, it is more likely that the ALP will kill the thing.

The original ALP MyHR design was a virtual health record that
connected disparate sources of health data but left it where it was.
There was a small central database for additional information. This was
a reasonably sensible approach that did not overload doctors with manual
data input and did not involve giving data to the government. The system
was also supposed to have smart cards for each authorised user so you
knew exactly who had seen your data.

The organisation set up to deliver this (NEHTA) and a couple of project
managers in the Department of Health (run at the time by Jane Halton)
discovered the problem was much harder than they thought so they
hijacked the design, and simplified it (all data is uploaded to a
government owned and controlled database; no smart card so only the
institution is identified and a few other stupidities happened) so they
could meet their self imposed deadline of 1 July 2012.

There’s an old saying in the IT world: all projects have time, cost and
quality - you can only have two. In the case of MyHR they picked one -
time. It cost more and did less.

They can blame the Coalition for destroying trust
and can kill the thing, thus getting the political benefit and
eliminating the future risk. There are signs this is catching on.

The body that has a great interest in keeping this thing going is the
ADHA - it’s why they exist. They are feeding the minister incorrect
information and are doing their best to not draw too much attention to
it. It is totally against their best interest to extend the opt-out
period - the more people find out about it, the more people opt-out.

Health record systems exist - all health service providers have them.
The problems are exchange of data and patient access.

Data exchange, or interoperability, is the way to go - everybody agrees,
but it’s not an easy problem. NEHTA developed a framework in 2004, but
never delivered even though it was a prerequisite for MyHR.

Patient access to health record (for those who want it can be best
achieved via access to existing systems. There are apps that allow you
to view your GP’s system (or a least some of the data) on you smartphone

  • no government database.

IMHO MyHR does not solve any problems, it just increases GP costs and
patient privacy risks. GPs don’t like it and the most likely outcome is

I think the design of the standard - interoperability - is one of the
difficult problems.

The other is how to communicate user permission to data holders. How
does a citizen securely tell their doctor or whomever that they can
share that but not this? This is especially difficult if the
information is not document based. So it’s a two-part difficulty; how
do we securely communicate permissions how do we identify what the
permissions apply to?

Regardless of all that, the first thing that must be discarded in any
design is the “emergency room scenario”. The system should be useful
for some large percentage of normal medical interactions; it does not
need to be useful for every edge case.

The second thing that must be discarded is the desire for the system to
do everything. Pick one thing that will really make a difference, make
sure the interoperability standards are flexible and extensible, then
make that one thing happen well. It will cost a fraction of trying to
develop everything at once, will be doable in fraction of the time, and
will have an immediate positive effect. The lessons learned during
implementation will allow new things to be handled faster and better.

But mostly I want a statement of aims first.


I’ve opted out - me, family … I have a sense this really is going to hell in a handbasket, and the very things they say we are going to be protected against are going to hit head-on with big business, and we know who will win that one …


A summary as filtered by a media organisation.

I doubt everything in the article is dinkum, but probably more accurate than not.