5 Reasons to opt-out of the My Health Record

By Gabriel, 31 Jul 2018 , updated 31 Jul 2018

The My Health Record opt-out period has started the 16th of July in Australia and will last until the 15th of October. We have 3 months to make an informed decision about our health electronic data. In this post I'm sharing a 5 reasons why you should opt-out.


My Health Record website - opt-out page My Health Record website - opt-out page

What it is? My Health Record is an online summary of your personal key health information managed by the Australian government. When visiting your GP, an hospital or the emergency the healthcare provider will be able to access your summary, retrieve its content to better understand your situation and add new content to it: medicines they have prescribed, analysis results etc. You can access it too from Internet. The intent is too more easily share information inter-state (if you move) and hover a long period of your life.

But it has raised privacy and security concerns among the community. And as a consequence the government has agreed to set up a 3 months period for voluntary opt-out before rolling out the system nationwide. Here are a couple of reason why I think it is better for the moment to opt-out.

1- My Health Record database will be a honey pot by design

The Health ministry will face the task of securing from any threats the health data of 25 millions people for an infinite period of time. At the same time it will have to guarantee smooth and individual access to those same people and a slightly higher access to health professionals.

How do you really think it’s gonna end?

Chance are that one of the objectives will not be reached. Probably both. I’m not doubting of the effort that the ministry will put into the security, but the task is tremendous.

The recent news perfectly illustrate this risk: a major cyberattack happened in the government health database in Singapore Unfortunate timing for the australian initiative!

2- Abuse of authorized access

Even if there are no unauthorized access made to the system, things can still slip out of control by small steps. Today several private companies have already access to My Health Record, among them HealthEngine.

Familiar with this name? ABC reported earlier this year that the app has sold patients symptoms data to law firms seeking clients for personal injuries claims. The APP didn’t use My Health Record data in this case but the information provided by user when they were booking doctor appointement through the app. Anyway the My Health Record data is even more tempting for private companies. Fortunatly most of them will be trustworthy, but some will failed.

3- You can always opt-in at a later stage

If you opt out, you can still get a My Health Record in the future

Source: My Health Record site.

There is no rush. You survived until now! Use this opt-out opportunity to think about you want and to see how the system is behaving over the first years. In the future, if you need it, because your start to find a usage for it or because situation has changed for you. Just talk to your GP or go online and create your account.

4- Access without a warrant for Police

It seems that Police will be able to access it without a court warrant. I’m not a police paranoia in Australia, but this point may reach some people! And this is a slippery slope: The health data of population like lawyers, journalists or politicians will be an easy target for some potential malevolent individuals within the Police institution.

5- More limited solutions DO exist

This is not “My Health Record VS your GP handwritten notebook”. Doctors do use emails! Having a big national approach won’t make them stop using emails. And this is a good thing.

Today professionals already use some level of electronic health data. Labs are sending electronic results to medical center, hospitals have a bigger system to store and share data of their patients. And states and territories have program to share data between different states public workers. For example HealtheNet in New South Wales.

Read more

It seems to me that putting everybody health data in the Cloud is not the only way to embrace the future of health care Information Technology. In fact if the intent is really to put “your health record in your hands” it will be probably a good idea to start by NOT saving it in the cloud, in some unkown datacenters, far from you!

We can imagine other solutions like storing in a smart card, and adding a good layer of cryptography on top of it to keep it secure. Then GP or other current healthcare providers can keep a copy of those data for easier access and storage redundancy. By distributing the data like that, the global system will be more resistant to hackers than a centralized system. Patients will be more in control of their data. A chip on a smart card can store Gigabytes of data at a small cost. Not to mention that it can actually fit in your hand! (Plus this is more environment-friendly because it doesn’t use power when not used.)

The link: Opt out of My Health Record

My Health Record website - opt-out page done! My Health Record website - opt-out page done!

The expression of “security-grade” attributed to Health Minister Greg Hunt is misleading. There are no such a things as “military-grade security”. Military have different levels of security at different moment in time. I can assume that both the plan of central air conditionning in the Australian Army Catering Corps (AACC) building and the report of the Australian military intelligence agency need to be secure but not at the same grade. And anyway even if there was, this is very different from any “military IT system”: because military system are not design to be accessible by thousands of access only within the medical profession (doctor, hospital, labs). Using that expression is giving a false sense of security.

Once your data is out, it is out that’s it! no coming back