My Health Record legislation to match ADHA policy in government backdown

Medical records to be released only with a court order, and a promise of permanent deletion upon record cancellation, were announced on Tuesday night.

Despite saying for weeks that policy will trump the legislation backing My Health Record, Health Minister Greg Hunt announced on Tuesday night that the legislation will be brought into line with the policy of the Australian Digital Health Agency (ADHA).

Hunt said the changes will remove any doubt, and strengthen privacy provisions.

"The amendment will ensure no record can be released to police or government agencies, for any purpose, without a court order," Hunt said.

"In addition ... if someone wishes to cancel their record they will be able to do so permanently, with their record deleted from the system."

Despite being in government since 2013, Hunt attempted to pin the blame on Labor's original 2012 legislation. In that time, the government Hunt is a part of has repealed a carbon tax, changed the direction of the National Broadband Network, and introduced a data retention scheme.

The government will also be looking to make the changes as soon as it can, Hunt said.

Must read: The My Health Record story no politician should miss

In recent weeks, Hunt has repeated assertions that My Health Record is safe and has a higher level of security than banks.

"The records are of course much more secure than in a GP clinic, which generally they have very, very high standards in any event, but this has a 24-hour cybersecurity centre," Hunt said last week.

"It's been tested to military grade. Some of the intelligence agencies have actually done the testing. And there's this 24-hour cybersecurity, which doesn't apply in relation to other records."

On the surface, the changes announced by Hunt do not address concerns that health providers are able to look up the data of any citizen they want.

In the latest quarterly Notifiable Data Breach (NDB) scheme update from the Office of the Australian Information Commissioner (OAIC), health was the only sector that reported being hit by insider threats, with three of the breaches falling under the rogue employee or insider threat banner.

Overall, health remained the most breached sector with 49 breaches, but the report only covers private health service providers under the NDB, OAIC said, with public hospitals and health services covered by the My Health Records Act and hence not included in the report.

Compared to the last report, health notifications jumped from 15 to 49 in this quarter.

Related Coverage

Private health providers called out in quarterly Australian data breach report

OAIC finds private health service providers and finance are the two most-breached sectors from April to end of June.

PM flags My Health Record 'reassurances' as RACGP expresses concern

Change appears to be coming to My Health Record, although the details are far and few between.

Ambiguity over access to My Health Record needs to end: AMA president

Australian Medical Association president Dr Tony Bartone says he will do 'whatever it takes' to clarify the discrepancy between ADHA policy and what is currently law.

My Health Record opt-outs tracking at less than 10 percent: Hunt

Everything is rosy for Australia's health minister when it comes to My Health Record.

My Health Record opt-outs will not sink system: Turnbull

Australian Prime Minister Malcolm Turnbull says the government's My Health Record won't be sunk by large numbers of people opting out of the system.

ADHA pins My Health Record opt-out issues on users with incorrect information

Call waiting times have been reduced, says the digital health record operator, and a spokesperson for the human services minister says systems were not overloaded.