My Health Record 'dumb and useless': Australian Privacy Foundation
" My Health Record (MyHR) is not yet a f*** up because hardly anybody's using it, [but] it's a f*** up in terms of how much money the government has spent, and how little they've got for that expenditure," Dr Bernard Robertson-Dunn, who chairs the health committee of the Australian Privacy Foundation (APF), said.
"It's cost AU$2 billion so far, it's costing over AU$400 million every year, but the government has never told us how it has improved health care or reduced health costs. All it is doing is putting patient data at risk."
Latest Australian news
With the Census, the Australian Bureau of Statistics (ABS) was trying to do the right thing, but got it " somewhat wrong", Robertson-Dunn told ZDNet earlier this week. However, the Australian Digital Health Agency (ADHA) is trying to make access to MyHR easier, the data is far more intrusive, and it's continually collecting data, as opposed to the Census' five-year cycle.
Established in 2012 as the "personally controlled e-health record system" (PCEHR), MyHR is billed as a "secure online summary of your health information". Its 2015-16 Budget allocation alone was AU$485 million.
But as of August 7, 2016, only 4,029,386 individuals have accounts. That is to say, fewer than 17 percent of Australians have registered.
Apart from 332 million Medicare documents and 4.5 million pharmaceuticals documents, which would have been created automatically, the system contains fewer than 1 million clinical or user-generated documents.
That's a mere 0.25 documents per registered user.
After four years of operation, the vast majority of Australians haven't registered for My Health Record, and the vast majority of registered users aren't using it.
Robertson-Dunn says MyHR isn't useful anyway.
"They've built a glorified document management system. It's not really a health records system ... The data is contained mostly in PDFs, which are documents. It's difficult to search them."
If a health record system is to be useful in clinical care, Robertson-Dunn said, it needs to be complete. That means the notes and data from every visit to a doctor, the results of every diagnostic test, and much more. Outdated information needs to be deleted, and medical data can go stale within hours.
MyHR's own website warns medical practitioners that they can't rely on its data.
"Clinical information you find within your patient's My Health Record should be interpreted in much the same way as other sources of health information. It is safest to assume the information in a patient's My Health Record is not a complete record of a patient's clinical history, so information should be verified from other sources and ideally, with the patient," says the site's FAQ.
As the APF background paper put it, "[My Health Record] is a dumb and useless repository of badly managed documents with no clinical value."
Whether or not MHR is "useless", Robertson-Dunn thinks it's unlikely to get better.
"The sort of stuff that does go into health records, I believe, is going to change in the future, and that pure document management systems like [MyHR] is just totally useless, from any perspective," he said.
"You could accuse this government of building this system because they want to literally gather data on people to monitor them."
Personally, I'd go for incompetence over a surveillance conspiracy, but there are certainly privacy concerns.
Unlike the Census, with data in theory only accessible from within the ABS, by its very nature a patient's health record has to be instantly available in its entirety to every doctor and nurse in the country.
You never know where an individual might need urgent medical attention. You never know which document might contain vital facts. And the individual may well be unconscious and unable to authorise access.
Emergency departments quite rightly prioritise speed of access over data security.
Another concern is that the government has switched MyHR from opt-in to opt-out, to help boost user numbers. Steve Wilson, vice president for digital safety and privacy with Constellation Research, says that's a policy no-no with a "very bleak implication".
"The privacy clanger there is going from opt-in to opt-out like you can flip a policy switch. No, the fact of opt-in is actually a security feature of the system that has been cemented into the architecture. NEHTA [National E-Health Transition Authority] should have recast the whole security architecture before swapping to opt-out," he told ZDNet earlier this month.
The Australian government is working up a new national single sign-on (SSO) project through the Digital Transformation Office (DTO). Wilson is worried the government will change its mind with that system, too.
"DTO promises the SSO system will always be opt-in. This is one of their chief counterarguments to the national identity objection. But the government's overall trustworthiness on privacy is shaky," Wilson said.
Yet another concern is the government's plan to open up MyHR data for "secondary use". That would include releasing de-identified data for "analysis, research, quality and safety measurement, public health, performance management, policy, and other business applications".
The key worry here is that de-identified data is increasingly easy to re-identify, especially when it's possible to combine it with other data sets.
A public consultation paper on developing a framework for secondary use is scheduled to be released by mid September. Watch this space.
There's at least one obstacle to this plan, however. Documents in MyHR are likely to be studded with personal data. De-identification will be hard to automate, and may well require expensive manual processing before the data can be released. Again, watch this space.
ZDNet understands that the documents in MyHR are better-structured than the APF fears. Nevertheless, Australia has spent AU$2 billion and rising on a way to make a bunch of documents available wherever a patient happens to turn up. What a waste.
It would've been cheaper and less risk to privacy to send every Australian citizen a 64GB encrypted USB stick to wear around their neck or pop into a pocket.
Update: Added clarification to descriptions of the documents in MyHR.