My Health Record systems collapse under more opt-outs than expected

When citizens rush to opt out of an Australian government service, it says something about their levels of trust. When the system falls over under heavy load, it proves them right.

Australians attempting to opt out of the government's new centralised health records system online have been met with an unreliable website. Those phoning in have faced horrendous wait times, sometimes more than two hours, often to find that call centre systems were down as well, and staff unable to help.

The Australian Digital Health Agency (ADHA), which runs the My Health Record system, is reportedly telling callers that they weren't expecting the volume of opt-outs.

"On hold with @MyHealthRec for over 1.5 HOURS to opt out without providing my drivers license/passport number. Turns out their entire backed system has crashed and they are telling support staff to just punch peoples details into the website. Confidence inspiring!" tweeted one caller.

"The person i'm speaking to is stressed as f***. Its their first day. I feel bad for her but she also has no idea what's going on and puts me on hold every time I ask something that's not on the script."

The problems started early on Monday, the first day of the three-month opt-out period before digital health records are created automatically.

Also see: Tens of thousands opt out of My Health Record, but can Immigration and local councils view the rest?

"Call operator Laura answers. Pleasantly & politely tells me she can help. Uses my Medicare number to locate my record. But can't change alter my record as system down. She apologizes, guesses this is why I'm having trouble online and suggests I try again later," tweeted Dr Leslie Cannold at 7.29am.

Cannold, a research ethicist and health regulator, said she'd like to see government prove the value of My Health Record, as well as their capacity to keep it secure, before she opts in to have one. The system should also be designed to allow users to withdraw their record at any time. Currently, opting out merely marks your data as "unavailable", while actually keeping it on the system until 30 years after your death.

Those opting out have cited a wide range of privacy and security concerns -- something this writer thinks is completely understandable. The ADHA's Dr Steve Hambleton has downplayed the risks.

"I can absolutely categorically state that none of the apps and none of the use of the My Health Record data will be able to be sold to third parties -- that's absolutely prohibited," he said.

And yet earlier this month, the My Health Record partner app HealthEngine was caught doing exactly that.

We know full well that prohibiting something doesn't mean it won't happen.

Some of those opting out were concerned that the ADHA website used Google's reCAPTCHA, which works by sending data offshore for analysis, potentially including personal data.

"The Privacy Policy linked from the opt-out page says 'We will not disclose or store overseas any personal information you give us, but that's not how reCAPTCHA works," wrote consultant Justin Warren.

Must read: The Australian government and the loose definition of IT projects 'working well'

"reCAPTCHA watches what you do on the page via injected JavaScript controlled by Google, which sends info to 'an Advanced Risk Analysis backend for reCAPTCHA that actively considers a user's entire engagement with the CAPTCHA -- before, during, and after' ...

"Personally I think the devs just wanted to use modern web tools to prevent bots from spamming the page, and it didn't occur to them to think about the privacy concerns because they never do on other, less sensitive, websites. Which is just the kind of careful handling of sensitive data you want from a centralised national database of the entire population's health information."

Others were concerned that their health records could be disclosed in court under section 69 of the My Health Records Act 2012, or to law enforcement agencies without a warrant under section 70.

Law enforcement access can be provided if the ADHA "reasonably believes that the use or disclosure is reasonably necessary" for "the prevention, detection, investigation, prosecution, or punishment of criminal offences" or "the protection of the public revenue", among other reasons. The "enforcement bodies" with access are defined in the Privacy Act 1988, and are much broader than those authorised under the telecommunications data retention legislation.

"[The Australian public service] needs to understand that statutory interpretations aren't just for days in court, proper governance of your interpretation means stating it openly and legitimating it," tweeted Darren O'Donovan, senior lecturer in administrative law at La Trobe University.

"The objective criteria are key because 'reasonable belief' of 'reasonable necessity' is [a] pretty forgiving standard."

So far, the government has spent more than AU$4 billion on the digital health records system, which started life as the "personally controlled e-health records" (PCEHR) project in the 2010-2011 federal Budget.

Only 1.9 percent opted out of the initial trial involving 1 million people. The ADHA therefore projected that around 500,000 Australians would opt out during the three-month window.

The system was originally planned to be opt-in, but poor adoption rates led to the government flipping it to an opt-out system. Victoria's then privacy commissioner David Watts called that a fundamental breach of trust.

"I actually designed the regulatory system for e-health in Australia, and I swore black and blue ... that we would never be an opt-out system, and always be an opt-in. And of course it's now an opt-out system in order to drive take-up of e-health, because AU$4 billion had been spent on it and very few people had registered," Watts told a privacy conference in 2016.

One might think that after a series of Australian government IT disasters, they'd have planned more carefully for an unexpected overload and have a strategy in place for crisis communications.

But as of 16:00 AEST on Monday, the ADHA's social media accounts were showing nothing but a generic promo, and even that wasn't posted until lunchtime.

The Australian government still seems to have a real problem with computers. Those opting out of My Health Record would seem wise to be doing so.

Previous Coverage

Cancelled My Health Record data to be kept in limbo

Those choosing to opt-out of the My Health Record service will still have their data visible if they reactivate their account.

Less than 2 percent of My Health Record trial users opted out

Perhaps more worryingly, the use of privacy controls is sitting under the 0.1 percent mark.

My Health Record stands up cybersecurity centre to monitor access

Those who choose to keep their My Health Record will also have a real-time log of who has accessed their information.

My Health Record opt-out period from July 16 to October 15, 2018

The window for Australians to opt out of an electronic health record has been announced by the government.

My Health Record secondary data must stay in Australia and not be used for 'solely commercial' reasons

The Australian government's My Health Record data use guidelines require the data governance board to make case-by-case decisions on how the data can be used.