In this case the participant in MHR was asked by her GP what she was doing to manage the Hep C. Some how the line “+ve Hep C” got added to her record and she had another blood test from GP to prove it was an error.
The kicker seems to be the record can’t be edited, you can delete all the MHR data but not an element and it didn’t seem it tracked authors of entries. This seems like truly basic stuff one would expect in a data management package of this nature.
In the current political environment, the true “basic” seems to be:
“give the appearance of doing something, as cheaply as possible.”
The rising incidence of failures from trying to do things on the cheap (NBN and building inspections come to mind) is not coincidental. My Health is yet another.
You neglected that once accusations are made they are rejected despite often overwhelming evidence damning whatever ‘it’ may be, and the responsible pollies smugly go on, business as usual.
They would likely have to follow up with the entity that conducted the original test, as they are the ones which will have to fix the record on their system and then I assume can (re)upload that corrected record.
This is not a ‘data management’ system though!
This is a health record/pathology result … end users (i.e. the general public) and even the GP’s/Hospital staff that order the tests should never be able to alter those records!
It is indeed a data management system. It pretends to be an accurate database of a persons health records, but there does not appear to be any quality control regarding data that is input into it, nor sufficient controls on who can view it.
It is a data management system for health/records/pathology.
If that were the case errors would be preserved forever, possibly becoming life threatening if incorrect information was used for emergency (or any other) treatment. Of course there should be permanent change logs of what was changed, who changed it when and why, as part of the record’s system logs.
Yep there should be an audit trail.
Just like in privacy laws and data storage where data is incorrect it should be a system that is able to allow amending or removal of incorrect data.
“It pretends to be an accurate database of a persons health records” - it explicitly does not! The system is absolutely clear that it can represent neither a complete nor accurate record of a person’s health. It is a repository for documents created by health practitioners, diagnostic providers, dispensing pharmacies and others. The accuracy of the information is entirely governed by the accuracy of the documents submitted. An example of the cautionary statement from a My Health Record viewing system when displaying an individual’s Health Record Overview is: “This is not a complete view of the individual’s health information. For more information about the individual’s health record or data, please consult the individual or other healthcare professional as needed.”
The My Health Record is a document oriented system in which the information comes from other organisations, not the custodians (the Australian Digital Health Agency) themselves. Individual items of information are not edited directly as they would be in the majority of systems we are used to, but arrive as complete documents (discharge summaries, prescriptions, dispense records, shared health summaries and the like).
While it is true that only the organisation/provider that created a document within the system can replace that document with an amended version, it is also true that any individual can remove an inaccurate document from their own record.
There are many philosophical issues to argue over as to whether having a My Health Record is a beneficial thing or an intrusion on one’s privacy, but as far as IT systems go it remains the only such system I personally have ever encountered that offers me a complete audit trail of who has looked at what information as well as an ability for me, the affected individual, to remove records. Try doing either of those tasks with what your bank has recorded against you, or your phone provider, or Medicare, or the ATO, or …
“able to allow amending or removal of incorrect data.” Yep, does that - see my other response.
“… should be an audit trail.” That’s covered also. If anyone is interested in reading the auditing requirements that organisations submitting documents to the My Health Record need to comply with, there’s a mountain of specifications on the agency’s website (but you probably need to sign up as a software developer to get to them) - https://www.digitalhealth.gov.au/
One last comment (I hope). By its very nature, by default the system will allow all health professionals with valid credentials to view an individual’s My Health Record. But unlike (I feel like I’m repeating myself here) any other system I have encountered, it allows the individual to block access for particular organisations, and/or set an access code so that only providers with the access code can gain access to the information. There is a “break the glass” function that allows an emergency override of this access control, but the use of this function is heavily monitored and audited. The laws around who can access an individual’s record and for what purpose are very explicit. Each individual can set alerts against their own record to be notified via SMS or email whenever their record is accessed and if they have any reason to believe this access should not have occurred, can determine from the audit trail who it was that accessed their record and what exactly was accessed, and potentially have that person prosecuted with penalties including them being struck off the register and jail terms.
You are technically correct in the description, and you seem close to the project. Are you in the design, implementation, political teams, or in medicine in any way?
If it is not an accurate record why do it? So those who access it can receive incorrect information and make poor decisions? Researchers who might be allowed its blind data could be misled?
That has been mentioned. That distilled into everyday use means it can be difficult if not impossible to find something quickly, and possibly difficult or impossible to find at all. Like throwing papers into a filing cabinet drawer. One has to sift through to see if what you need might be there, not have a working index of what is there at any detailed level. Or is my impression incorrect?
I am sure those are as rigorously enforced as say building standards, or what licensed tradies do once they have their credentials, or companies paying correct wages, or …
Pardon my cynicism but.
That sounds like one can block those they know while they might be worried about those they do not know about. Simply that burden is on us. Why should it be on us?
I seem to remember some police who misused their databases, exposed people’s information improperly, and caused great harm, who have yet to be disciplined or sacked. I am sure this will be taken far more seriously. Will it?
We may agree on [what is meant to be] the legal framework, but disagree on its efficacy based on evidence from similar databases.
So what’s the point? Why spend so much to achieve so little (while raising so many other issues)?
Which, in my view, is a fatal weakness (potentially, in more than one sense).
Does it? The last I heard, access was identified only to the level of the organisation. Individuals doing the accessing were not identified. Has that changed?
From their site “Control your health information securely, in one place”. That means to me a complete health record in one place. Not a repository of some of my health information but a repository of all my health information. So are they having a bet each way? (is my cynicism showing about how much I believe it)
To answer TheBBG, no I am not involved in the design, implementation or political teams, but over the last 7 years have been involved in various projects integrating other systems with the My Health Record (many people either don’t realise or forget that this has been live since 2012). So, yes I have first hand experience of the requirements of the system and of the conformance processes (known as NOC - Notice of Connection, CCA - Conformance and Compliance Accreditation and CCD - Conformance and Compliance Declaration) that a software vendor must go through before their system is given access to connect to the MHR.
The system can never be “complete” because of one very simple fact: any individual can at any time withdraw their consent for an organisation to submit documents to the MHR. The health provider organisation has some flexibility in how they apply this withdrawal of consent: it may be at the individual document level, at the episode of care level or even for all future interactions with that individual until consent is reinstated. The MHR could only ever be a complete health record if a) it was compulsory for all health provider organisations to take part and b) it was compulsory for all data from all interactions to be uploaded. Neither of these is the case.
However, to condemn it as useless just because it is incomplete is nonsense. If that were the case then no health database in use at any health provider organisation would have any utility as none can ever be complete as they are disconnected. Clearly this is not the case, even a limited health history is of benefit to a provider.
My personal view is that it is completely valid for an individual to have concerns regarding privacy and to opt out of the MHR. But it is also completely valid to believe that the MHR has gone further to address such concerns than pretty much every other database out there and I for one have opted in. If you truly believe that such systems are an outrageous intrusion then I would suggest you opt out of Medicare also because their database will have evidence of every medical interaction you have had with no ability for you to view what is there, no say over who can access this information, and no ability to see what accesses have occurred. But now I’m straying into tinfoil hat territory and that wasn’t my intention. MHR allows opt out, so if you have concerns, opt out.
Thanks for that and always good to have an expert add his voice. Not to be argumentative, but software vendors are neither medicos nor us, excepting when not at work. Thus stringent protocols for developers do not give me significant comfort for the final product.
edit: I did not mention complete and the reply appeared to be to myself. My query was why do it if it was not ‘accurate’.
@PhilT I mentioned complete in reference to what they say on their site. “Being correct” is obvious to many that it isn’t always and it can be hard to get something amended as per the Hep C one mentioned:
How did it end up on a record in the first place if such stringent procedures are in place? What if the Dr hadn’t queried the patient, when would they have known? What if the patient had needed some form of treatment prior to knowing and had unnecessary treatment applied because of a flawed record?
It is probably a good system for some, but for my Dr, myself, my spouse, and most of my family we have opted out of generating a record. Thankfully we were given that choice before ours was created but to get the choice for many who didn’t at first understand it took a lot of public effort to get changes made to allow the withdrawal post creation.
Further do we really know it will be deleted? It is more likely removed from active systems but archived somewhere and if required I am pretty sure it could be resurrected for those who wanted to know.
And there are other reports you can get from the Medicare site.
As to who accessed my record and when the IHI (Individual Healthcare Identifier) statement lists all those who accessed the Medicare record for my details (strictly my IHI number) and is again available on the site.
My daughter is 15 and I am her carer and until I contact Centrelink and jump through the loops I can’t get her record connected to mine. She’s been asleep for four years so there’s nothing very exciting on there. The other issue I have is some drs adding to it and some not. We moved last year and I have had trouble finding a gp. Especially since I have chronic conditions and so does my daughter. I am on some pretty weird medications,(topamax for migraines) they don’t use up here for some reason and painkillers. I wanted to be on the My health and signed up for it so drs could see that I had these prescriptions. I wasn’t abusing them.i wasn’t an addict or dr shopper and I was open and honest. Instead I have been accused of being an addict. I had one dr tell me I could just change what was written on the MyHealth myself for my own benefit ( you can’t) and asked if I had been to rehab. No but I have a degree in counselling and a diploma in community services in alcohol and other drug if she ever needs advice about how to discuss the correct way to talk to patients in her practice because that certainly isn’t it. Luckily I haven’t ended up in hospital but I’ve got some horror stories, and I still haven’t found the " right dr" just an ok dr. It does help a bit if the dr understands but theres so much misinformation about it and if a dr fills something in incorrectly like in the past my daughter was diagnosed by our go with labyrinthitis and I took her to the hospital a few days later. They filled out the report after we left and wrote no nystagmus. Nystagmus is the sign of labyrinthitis and why they gave her an MRI. That one line made it difficult for us after that to get any professional to take us seriously when she had complications later. That is the power of professionals making a mistake. As someone else said. Once it’s on there it’s almost impossible to remove and they assume it’s true.
Also you should all know the government has these records already. They are not deleted. You can’t completely opt out. It’s part of Medicare. They know all of your private information. My drs knew my daughter’s information before they saw her because it was sent to them. None of our information is private anymore. All our information is public. The Australian government collects some of the most information on its citizens of any country in the world and we gave them permission to do it a few years ago. We literally live in big brother now. So not to make you too paranoid but the government already has access to every record it wants and every health record. It’s just a matter of how convenient do you want it and do you want access to it too? And personally if everyone else has access I want access.
The My Health Record audit of it’s cybersecurity is pretty damning:
"revealed the government agency could not guarantee that all “emergency access” requests to view an individual’s record were legitimate
…//…
The review found that only 8.2% of requests met guidelines
…//…
the ADHA monitored emergency access and requesting responses from the accessing organisation, it had no procedure for what to do next. In a number of instances the ADHA received no response, and had not notified the information commissioner about any of the accesses"
Colour me shocked.
Take any poll of medical practitioners with a grain of salt. They don’t want patient-centric records but want to keep their control over our medical records.
