Politics 101: My Health Record: are you in or out?


Things are heating up in parliament with the government’s controversial My Health Record scheme in the cross hairs of public criticism. Fatima Olumee dishes everything you need to know about the program so you can decide whether or not you want to opt out.

Data security has been a hot topic this past year, with numerous breaches resulting in individuals’ private information being vulnerable to third parties. More recently, the Australian government’s medical database, My Health Record (MHR) has taken a hit due to concerns regarding data security. As a result, 20,000 people opted out of the online system on 16 July 2018. It’s understandable why the public is concerned with who is able to access their private health information. The outcry that has ensued has many wondering whether the rapid digital revolution that has been thrust upon us will determine the demise of patient confidentiality…

What is a My Health Record?

For those of you who may be wondering what MHR is, you’re not alone. It’s a fairly new addition to the Australian healthcare system that collates all of an individual’s medical history into a digital profile of sorts. It contains all of your past illnesses, medications, allergies and test results. Individuals can control who can access their records online and also share information with medical professionals. The idea is that each Australian can track their health over time through their online record, which is great in theory. This year, the government has implemented a measure that will automatically create a MHR for every Australian unless they specifically opt out before 15 October 2018.

How the debacle unfolded:

Credit:  ITK, 2017

Credit: ITK, 2017

So why, six years after the MHR program was introduced, should you suddenly be concerned for your privacy?

Critique from Paul Shetler, the former head of the Federal Government’s Digital Transformation Agency led to rising concern for the security of MHR. Mr Shetler said that he himself would withdraw from the system if he was a citizen, arguing that it was “problematic” with its “weird security model”. An ex-government head making these strong criticisms is a pretty big deal, which is why so many people have been quick to opt out of the program.

With citizens deciding their own privacy settings, Mr Shetler argued that people’s records are vulnerable due to the lack of a more secure default setup. What’s worse is that given the information is online, private health apps are able to mine the database for information, in breach of legislation that requires patient consent to do so. These records are also temptations for less legitimate perpetrators such as hackers. According to the Office of the Australian Information Commissioner (OAIC), the sector that faces the most data violations annually is health care, which comprises 24% of all of the said breaches. Online medical databases are goldmines for hackers, given that they are riddled with all the juicy ingredients for identity theft.

The digital revolution has meant that a large portion of the information we share online is often passed on to third parties who maintain their own agendas. These third parties may be advertisers, external organisations or, in the case of the recent review of the HealthEngine app, law firms. Last month, the ABC revealed that HealthEngine, the nation’s biggest online doctor appointment booking service and MHR’s partner app, has been distributing private medical information to law firms seeking clients for personal injury claims. Like MHR, HealthEngine enables users to control their privacy settings themselves. There is also no option to opt out of sending information to third parties for users of such apps, given that they agree to it when they accept the terms and conditions.

Another major issue that has been raised is parents creating MHR accounts for their underage children. Teenagers aged 14 to 17-years-old have a right to opt out themselves, and if they fail to do so, their parents maintain control of their records. This means many teens aren’t being given the medical privacy they’re entitled to. With parents having access to all of their information, teens are less likely to seek treatment or talk about sensitive issues, such as their sexual health, or domestic abuse, for example.

Many Australians have been swift, so far, in opting out of MHR before 15 October 2018, for many reasons. After this date, a MHR will be created for you automatically and choosing to cancel your record after this period doesn’t actually eliminate it from existence. You will have no access to the information already stored and the government will hold onto your record until 30 years after your death. Secondly, you’d just have to take old Turnbull’s word for it that the your data won’t be breached and that it's in his safe hands. Click here if you want to opt out of having a MHR.

What are the benefits?

Now that you’ve been scared into oblivion of your personal health data being compromised, it’s time to turn the issue on its head. Are there any benefits to the MHR system? How likely is it for a data breach to occur?

Australia has a very fragmented health care system and MHR attempts to combat that. With all of your medical history stored in one place, it makes it easier for this complex system to be navigated. In emergency situations, access to this type of information in one place could save lives. This comprehensive system aims to reduce the rate of medication errors on patient records. MHR also paves the way for empowering individuals by making them more aware of how the healthcare system works and of their own health. Patients that are armed with the right information are better able to communicate with medical professionals about their wellbeing. The MHR database may also advance medical research in tracking how diseases are inherited across family bloodlines, something researchers have struggled to do thus far.

As for data security concerns, in its six years of operation, MHR hasn’t faced any major data breaches that critics can claw onto. All criticisms are theoretical and based on what could happen rather than what has happened. Given the system is fairly new, there really hasn’t been any incidents as of yet. Despite this, it’s important to remember that Australia is over a decade behind countries like the US in data security, and recent cynics of MHR are preparing for the worst.

So… what now?

Credit:  US Army, 2017  

Credit: US Army, 2017 

With our world constantly evolving digitally, storing our information online seems to be an inevitability of this day and age. It’s really down to you to decide for you to decide if you want any part in MHR or not. Whether the system secure or not, something tells me we haven’t seen the worst of the many-headed ominous beast that is the data breach ...

This article was brought to you by Fatima Olumee, a second-year Journalism student. Besides being an absolute bookworm and obsessed Potterhead (not to be confused with Pothead), her passions include yoga, horse-riding, and Bollywood movies. This girl is a big bag of weird… the good kind, she hopes.