CHOICE membership

MyHealth Record - Megathread


What can be expressed in words can be stored as text. As Google has demonstrated, marvellous things can be achieved, analysing text.

Of course, much medical information is in the form of images. That too is open to analysis.

We really don’t know what can be achieved. First, we need to decide on a direction. At present, the focus of My Health Record is still on cost-saving (or at least, not being seen to fail in cost-saving).


Hi folks,
We’d like to throw a big shout out to everyone who has commented here, it has been a very elightening and interesting hearing people share their throughts on the MyHealth issue.

We’ve received some feedback that the megathread that has formed here has perhaps reached a limit on it’s usability. While there’s no need to go over things that we’ve already covered, we’d also like to encourage some more detailed discussions on particular aspects on this issue, so if a news article comes up or there is a particular point you would like to discuss, we encourage you to start a new topic thread.

As a trial, we’re planning to close this megathread at midnight tonight (that should allow enough time to wrap up any ongoing discussions) in the hope it will generate more branches on this popular topic. At this stage, we plan to open the thread again in the event of a major update on the issue or as needed.

We’re still receiving and open to feedback on the approach, so feel free to share your thoughts either in direct message to me or via the site feedback category.


How do we bring to your attention an update on the issue? (so that you can decide whether it is major) or will we be relying on your becoming aware of it for yourself?

In my view the major updates would be a) any relevant legislation being passed by the parliament (this is expected to occur, probably this calendar year) b) any change to the default-in date (currently Jan 31, 2019) c) the default-in date arriving.


Given that the opt-out period is to end on 31 January, this topic should probably reopen no later than 1 January.

closed #385

This topic was automatically closed after 7 hours. New replies are no longer allowed.


Thanks for the suggestion @n3m0, we’ll certainly take it on board.


An article claiming that the My Health Record software is out of date and that other countries have abandoned it.


Recently had to have a chest xray to see if something had flared up - so medical history is an important factor. The branch of QDI that I went to did not have qualified medical practitioner on the premises, just technicians and clerical staff.
So although I took three past xrays with me, there was no one there qualified to look at them to see what may have changed.
I asked that when QDI sent my xray offsite to qualified medical practitioner to analyse and review that I would like them to look up my My Health record, expecially as my most recent two chest xrays are digital only (performed at a major public chest clinic) in order to do what was needed.
Nah, they don’t do that.

How do we get medical practices, medical diagnostic imaging companies, medical pathology companies, hospitals etc to make use of My Health ?
So that the person with health condition(s), doesn’t have to carry around bulky medical records and “remember everything themselves” …

opened #389


Due to the recent news on data breaches, we’ve decided to open this thread for discussion.


This website provides a summary of the nature of the breaches.

It is worth noting that…

As with previous years, the agency said that “no purposeful or malicious attacks compromising
the integrity or security of the My Health Record system” were reported in the period.

The breaches appear to be operational issues rather than security issues/data being hacked or inappropriately accessed.


First, make MyHealthRecord useful. As it’s set up at present, the capacity of the system is extremely limited. It holds only a brief summary. Recent changes allow for listing of current medications and allergies. As far as I know, there isn’t room for diagnostic images.

MyHealthRecord is unlikely to change that, unless the system itself changes radically.

Most of us worry about things like hacking, misuse and identity theft. I wonder whether we should be more concerned about stupidity and carelessness. In the past, medical records might be found strewn around a Council tip or in an abandoned hospital building. These days, we might see information inadvertently exposed on the Web.

These risks will always be with us. The degree to which they can be mitigated is limited. The first question to be answered is: “Does the potential benefit justify the inevitable risks?” For many of us, I believe the answer is potentially yes, but the system will need to be substantially more capable and secure.


Just to be clear, no purposeful or malicious attacks were reported. That doesn’t mean they didn’t occur - it leaves an awful lot of wriggle room in defining such attacks as ‘reportable’. Of course, it also doesn’t mean that there were no ‘undetected’ attacks, and no ‘government policy-based sharing of information’.

I see that not only has My Health Record become opt-out, so has the use of your ‘anonymised’ data by third parties. As has been shown in many cases - including with Tor, in tracking down the Dread Pirate Roberts - if a third party can gather enough of your data (such as by comparing My Health Record data to survey data) it is quite possible to de-anonymise it.

But I’m sure it’ll be fine; our government has our best interests at heart and has surely made available the necessary resources for this centralised database of highly personal information. /s


One week to go, if you want to opt out.

The article below is about insurance, but for me MyHealthRecord is yet another risk in the same vein. Of course, it also raises questions about whether the private sector should be allowed in insurance at all (but that’s a different topic).

Julie Gilbert has no idea what her insurance company knows about her medical history.

she had to grant the insurer access to her records. Her GP and specialist were then obligated to hand over the records the insurer asked for, but she had no idea just how much information was passed along.


The pollies and managers who dismiss this with a straight face trying to justify their debacle deserve Personal Shonkies. Could that be a new category? Perhaps MyHealthRecord and the Minister for Health should be moved to Spot A Shonky! They are sure it only affects a small number of records but which ones and how do they know is just the tip of the question. Close enough is good enough!


A letter to the editor from Karl Auer

Get out while you still can

The last possible day to opt-out of the My Health Record system is Thursday this week (31/1/2019). After that, you will get a record whether you want one or not.

If you have a My Health Record, the information in it will be available to any Government agency that wants it, for any reason at all. That includes the ATO, Centrelink and law enforcement. The legislation also makes clear that your medical information can be provided to commercial third parties.

You have almost no ability to control who sees what. You cannot control what is recorded. With minor exceptions you cannot change or remove what has been recorded, even if it was uploaded without your consent.

Once you have a My Health Record, you cannot delete it, only “cancel” it. A cancelled record remains available to the Government. The Government says it will delete your record on request, but the sad fact
is that they will probably not be able to.

This is not a party-political matter. Both sides of politics seem perfectly happy to put your sensitive medical information on the internet. The security is a nonsense; with hundreds of thousands of people authorised to look at it, anyone who wants it will be able to get it.

Get out while you still can. Search for “opt-out-my-health-record”. If you discover (as thousands have) that a My Health Record has already been created for you without your knowledge or consent, cancel it. If you have children, opt them out too.


This is more than a little over my head. Somebody here might get something out of it:

One thing they (ADHA) never talks about is the section in the legislation that effectively cripples the whole privacy protection stuff:

TL;DR If the data can be got elsewhere, all bets are off. FYI, the system is designed to get copies of data held elsewhere.

This is exactly what the legislation says:

Division 3—Prohibitions and authorisations limited to My Health Record system

71 Prohibitions and authorisations limited to health information collected by using the My Health Record system

(1) The prohibitions and authorisations under Divisions 1 and 2 in respect of the collection, use and disclosure of health information included in a healthcare recipient’s My Health Record are limited to the collection, use or disclosure of health information obtained by using the My Health Record system.

(2) If health information included in a healthcare recipient’s My Health Record can also be obtained by means other than by using the My Health Record system, such a prohibition or authorisation does not apply to
health information lawfully obtained by those other means, even if the health information was originally obtained by using the My Health Record system.

Information stored for more than one purpose

(3) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

(a) the health information is stored in a repository operated both for the purposes of the My Health Record system and other purposes; and

(b) the person lawfully obtained the health information directly from the repository for those other purposes.

Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be stored in a repository operated by a State or Territory for purposes related to the My Health Record system and other purposes. When lawfully obtained directly from the repository for those other purposes, the prohibitions and authorisations in this Part will not apply.

Information originally obtained by means of My Health Record system

(4) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

(a) the health information was originally obtained by a participant in the My Health Record system by means of the My Health Record system in accordance with this Act; and

(b) after the health information was so obtained, it was stored in such a way that it could be obtained other than by means of the My Health Record system; and

(c ) the person subsequently obtained the health information by those other means.

Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be downloaded into the clinical health records of a healthcare provider and later obtained from those records.


Is is still scare mongering if there’s a reason to be scared? I’ve spent my entire career installing health IT systems. I’ve dealt with my share of nay-sayers but I believe there are legitimate concerns about MyHealth. Previously 80%(?) AMA members expressed concerns related to incomplete or out of date MyHealth records causing miss-treatment. Ie If MyHealth does not say you’re allergic to penicillin, an ED doctor under pressure may assume that you’re not allergic to penicillin. My greatest concern however is the granularity of access control - or lack there of. If access is granted by institution and not controlled at an individual level then the opportunity for misuse makes it inevitable. Everyone knows someone who works at a chemist or at a hospital. It’s not a big deal now but I had reason to ask for an AIDS test in the 80s and was treated as a lepor just for asking. Come the next public health scare, employers, insurers etc will know your health secrets, whether relevant or not. Of even greater concern is that CHOICE has published an official AMA apparent endorsement of MyHealth without mentioning that 80% (?) of members had expressed grave concerns. I feel strongly enough about this to consider cancelling my choice membership as I’m no longer convinced that they’re impartial.


My wife and I opted out of MyHealth Record tonight after being signed up to it when it was first rolled out.

One of the clinchers was the article regarding the records of the 14,000 persons in Singapore having their AIDS status details stolen and placed online in addition to negative reviews by doctors.


What the legislation is saying is that once information is properly obtained from and taken outside of MyHealth Record then you have no right to privacy. This is absolutely awful, but also incredibly unsurprising - and inevitable given the system’s design.

MyHealth Record is made up of PDF files - you have to download these and open them (most browsers will download them to their cache, but the fact is that the record is now outside of the MyHealth Record system. So you download a record for a valid purpose - such as someone checking into the hospital. You then transfer it into the hospital’s record management system. I don’t know what laws protect hospital data, but it may for instance be possible that every month a private insurance company pays the hospital to siphon all of that data out. This may not be legal (and is certainly not ethical), but is just one example of why to stay away from the system entirely.

I opted into MyHealth Record several years ago. Absolutely nothing was in there at the time I decided to cancel it before it became opt-out last year.