Your health history will be available online in October, unless you opt out
With an update to My Health Record imminent, many are wondering whether the government can be trusted with their personal information, Shaun Prescott writes.
It’s been just over a year since reports emerged that Medicare card details were being sold online. Dubbed ‘The Medicare Machine’, the darkweb storefront made it possible to obtain the details of any Aussie citizens on Medicare’s records for a mere $30. According to the vendor, they were “exploiting a vulnerability which has a much more solid foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay.”
Barely a year later, the Australian Government is set to re-launch its online health agency My Health Record (MHR). Previously an opt-in system when it was introduced in 2012, the medical history database will become an opt-out system from October 15, thanks to legislative amendments made in 2015. The site will provide an overview of all medicines you’ve been prescribed, all treatments you’ve received, and all allergies or illnesses you suffer from. Of course, this is not publicly available and one can only assume that some pretty serious measures are being taken to keep it secure. But given its track record, it’s difficult to trust that the government can keep the lid on it all.
And that’s before you consider who can legitimately access these records. According to the parliamentary library, MHR “represents a significant reduction in the legal threshold for the release of private medical information to law enforcement”. Currently, without the consent of a patient, law enforcement agents are required to have a warrant, subpoena or court order in order to access medical records. And yet, according to the My Health Records Act 2012, the organisation responsible for the records, Australian Digital Health Agency, can provide this information in order to counter “seriously improper conduct”. It can even do so to “protect the public revenue”.
So a government that’s demonstrably untrustworthy when it comes to cybersecurity is making it easier for police to access personal information it would previously need to struggle to obtain. When faced with news like this, many are inclined to say: “Well, I don’t break the law, so it doesn’t affect me.” But if it weren’t for advocates and interest groups, news of the forthcoming opt-out nature of MHR probably wouldn’t have reached us. In other words, it doesn’t matter whether you’re breaking the law or not. What matters is that the government is making sweeping privacy changes like this without any broad consultation with the public.
Privacy advocates are warning everyone to opt-out of MHR before it switches over in October. But there are some well-meaning organisations calling for the opposite to happen. While it’s naturally in the interests of the ADHA to do so, other medical bodies such as the Australian Medical Association, the Royal College of Australian GPs, and more, have backed the online database. It’ll make life easier in the medical world, but whether you can trust government organisations with handling your data online is a very fair question.