This popped up a few days ago:
Setting the record straight!
Published 12 April 2016
There are a number of positive and negative assertions circulating the media, so each month we will be ‘setting the record straight’ and highlighting which My Health Record rumours are facts and which are not, so you can be confident when dealing with your customers. This month we set the record straight on privacy.
Here are some of the misrepresentations, along with the actual facts:
Assertion: Individuals cannot control who sees their My Health Record
Not true. Individuals can ask their healthcare provider not to upload certain information to their My Health Record and can also choose to be notified when their My Health Record is accessed. They can also set controls to restrict access to certain information in their My Health Record or to prevent certain healthcare provider organisations from seeing anything in their My Health Record. For example, individuals may want to restrict access or ask a provider not to upload their sensitive health information, such as sexual or mental health issues accessible by all healthcare providers.
Assertion: Government agencies will be able to access people’s personal data
There are very limited circumstances where anyone, including the Government, may access someone’s My Health Record. Those circumstances are narrower than under existing laws like the Privacy Act 1988, so My Health Record actually provides more protection of sensitive health information than exists for health records outside of the system. Limited circumstances include:
- For the purpose of providing healthcare to an individual, including in an emergency;
- For law enforcement purposes – in line with current powers under the Privacy Act, enforcement bodies may access information for particular investigations;
- For the purpose of a healthcare provider’s indemnity cover – for example as part of a provider’s defence (or that of their medical indemnity insurer, acting on their behalf) in proceedings of negligence. This reflects longstanding rights of providers to use health information in records they hold in their own systems as part of proceedings.
Assertion: Personal information won’t be safe - the My Health Record system is a gold mine for hackers and blackmailers
The privacy of people’s personal information is taken extremely seriously. A range of legislative and technical mechanisms work together to ensure the privacy and security of people’s information in the My Health Record system.
My Health Record uses bank-strength security including strong encryption and firewalls, secure logins and audit trails. It meets Australian Government Security Standards and is regularly tested for security compliance and vulnerability. These standards are regularly updated to address emerging cyber-threats. The staff who operate and maintain the My Health Record system are vetted and undergo police checks, consistent with government standards.
Further, the unauthorised collection, use or disclosure of information in the My Health Record system, is subject to both civil and criminal penalties where an action is deliberate or reckless. These penalties do not apply where a mistake has been made – for example, if a healthcare provider inadvertently or accidently accesses an individual’s My Health Record. The penalty for not complying with the My Health Records Rules is $18,000 for individuals and $90,000 for bodies corporate.
Further information about the My Health Record system’s privacy and security policies can be found on the My Health Record website
Here is the link:
All good? Well no actually.
On the first Assertion we need to remember that myHR cannot know which staff member is using the Practice Credentials to access the myHR. With that being the case the patient essentially has no control to who locally will have access and who might make changes and so on.
Equally the patient has to be very well informed to know just what might be deduced from what is uploaded in a health summary. For example, having a history of use of all sorts of types of legal drugs can provide rich information the patient may not understand they are making available.
For Assertion 2 the Government makes it clear all sorts of people in Government may be able to access the myHR records. It will be interesting to see when we get richer details of just what Government ins doing with the data - as there is just no way the clinical benefits of the current myHR are remotely worth the billions being spent.
For Assertion 2 the Government makes it clear all sorts of people in Government may be able to access the myHR records. It will be interesting to see when we get richer details of just what Government ins doing with the data - as there is just no way the clinical benefits of the current myHR are remotely worth the billions being spent.
Equally Assertion 3 is just begging us to all wait for the first data breach. Sadly it is inevitable and it is just a matter of time - especially if the use of the system expands.
For anyone who wants to understand the full details and risks associated with the myHR can I recommend the following detailed information. It has been carefully researched and provides detailed references for all the points made.
David.
Bagikan
I Suspect That The Department Is Getting Worried About The Public Level Of Trust In The myHR.
4/
5
Oleh
Unknown
