A bit of a worry:
Today’s Roundtable on ABC Radio National was on “My Health Record”.
There’s an email thread discussing the program, beginning at:
the third panelist was Professor David Vaile, Executive Director of the Cyberspace Law and Policy Centre at UNSW.
He revealed that medical information (other than a summary of any allergies?) isn’t held in a structured database but is a collection of PDF documents! Can you imagine a patient lying unconscious in ED while a doctor makes a cup of coffee and settles down to plow through them?
One apologist emphasised how there were legislated penalties for unauthorised access, and penalties seem to be the main security mechanism. But Prof. Vaille described MHRecord as having an appallingly bad IT security model, rather like leaving the bank unlocked because there were penalties for theft. By default, access is allowed and there are no account PINs. Furthermore, individual use is not logged, only the organisation responsible, and it may even be the case that those individuals are not even mentioned in the legislation.
The offence provisions might as well not exist, because they’re unenforceable.
The entire MyHR process and product is a fiasco and a fraud.
The elephant in the room is Section 71 of the myhr legislation
“Prohibitions and authorisations limited to health information collected
by using the My Health Record system”. This effectively says, even if
there are privacy protections and access controls in the legislation,
they don’t apply if the data can be sourced elsewhere.
Considering most clinical data can be sourced elsewhere (that’s how the
system has been designed), that doesn’t leave much data to be protected.
IMHO, the legislation (in addition to the possibility of future
governments changing it as they see fit) is totally useless.
As was so eloquently said in quite another context “the only way to win
is not to play the game”.
At an individual level, that means opting out now.
For the Government, if they are serious about doing something good for
the nation rather than their own bureaucracies, it means killing the
current project now.
If a health records system is deemed necessary, let’s have a discussion
around the actual aims first.
IMHO, it is more likely that the ALP will kill the thing.
The original ALP MyHR design was a virtual health record that
connected disparate sources of health data but left it where it was.
There was a small central database for additional information. This was
a reasonably sensible approach that did not overload doctors with manual
data input and did not involve giving data to the government. The system
was also supposed to have smart cards for each authorised user so you
knew exactly who had seen your data.
The organisation set up to deliver this (NEHTA) and a couple of project
managers in the Department of Health (run at the time by Jane Halton)
discovered the problem was much harder than they thought so they
hijacked the design, and simplified it (all data is uploaded to a
government owned and controlled database; no smart card so only the
institution is identified and a few other stupidities happened) so they
could meet their self imposed deadline of 1 July 2012.
There’s an old saying in the IT world: all projects have time, cost and
quality - you can only have two. In the case of MyHR they picked one -
time. It cost more and did less.
They can blame the Coalition for destroying trust
and can kill the thing, thus getting the political benefit and
eliminating the future risk. There are signs this is catching on.
The body that has a great interest in keeping this thing going is the
ADHA - it’s why they exist. They are feeding the minister incorrect
information and are doing their best to not draw too much attention to
it. It is totally against their best interest to extend the opt-out
period - the more people find out about it, the more people opt-out.
Health record systems exist - all health service providers have them.
The problems are exchange of data and patient access.
Data exchange, or interoperability, is the way to go - everybody agrees,
but it’s not an easy problem. NEHTA developed a framework in 2004, but
never delivered even though it was a prerequisite for MyHR.
Patient access to health record (for those who want it can be best
achieved via access to existing systems. There are apps that allow you
to view your GP’s system (or a least some of the data) on you smartphone
IMHO MyHR does not solve any problems, it just increases GP costs and
patient privacy risks. GPs don’t like it and the most likely outcome is
I think the design of the standard - interoperability - is one of the
The other is how to communicate user permission to data holders. How
does a citizen securely tell their doctor or whomever that they can
share that but not this? This is especially difficult if the
information is not document based. So it’s a two-part difficulty; how
do we securely communicate permissions how do we identify what the
permissions apply to?
Regardless of all that, the first thing that must be discarded in any
design is the “emergency room scenario”. The system should be useful
for some large percentage of normal medical interactions; it does not
need to be useful for every edge case.
The second thing that must be discarded is the desire for the system to
do everything. Pick one thing that will really make a difference, make
sure the interoperability standards are flexible and extensible, then
make that one thing happen well. It will cost a fraction of trying to
develop everything at once, will be doable in fraction of the time, and
will have an immediate positive effect. The lessons learned during
implementation will allow new things to be handled faster and better.
But mostly I want a statement of aims first.