Australia’s divisive digital medical records program is set for strengthened privacy protections. Across the country, there has been debate if the electronic health records can be trusted even though its intention is to support the health and care of Australians who choose to have one. Many are concerned about a data breach. According to the Office of the Australian Information Commissioner’s quarterly report, healthcare service providers have reported the most data breaches
This week, the Australian Parliament passed legislation for amendments to the My Health Records Amendment Bill 2018.
Changes to the Bill reflect Aussie’s demand for even stronger privacy and security protections for people using My Health Record.
According to the amendments, the following have been agreed to:
- Australians can choose to permanently delete their records, and any backups, at any time.
The new legislation will allow Australians to opt in or out of My Health Record at any time in their life. Records will be created for every Australian who wants one after 31 January 2019. Following this date, one can choose to permanently delete their record at any time.
- For teenagers aged 14 and over, greater privacy will be provided.
Parents will be removed as authorised representatives once a child turns 14 years old.
- Protections for people at risk of family and domestic violence will be strengthened.
The changes stipulate that the notification of certain decisions will no longer be mandatory if in doing so, another person is put at risk. Furthermore, parents with a court order who do not have supervised access to their child, or pose a risk to the life, health and safety of the child or another person, will no longer be eligible to be an Authorised Representative.
The Agency will continue working and consulting relevant stakeholders to reduce misuse of the My Health Record System.
- Only the Agency, the Department of Health and the Chief Executive of Medicare (and no other government agency) can access the My Health Record System.
These measures will provide Australians with greater assurances that only government agencies involved in the efficient delivery of My Health Record are involved in managing the system.
- Law enforcement and other agencies are explicitly required to produce a court order to access information in My Health Records.
Insurers cannot, for any reason, access data from My Health Record. The system is a valuable source of information on Australia’s health system and the outcomes of care being achieved. Primarily, it guides service planning, policy development and research for the Australian health system. However, there are principles in the Framework to guide secondary uses of data which will become law. Any data released must be in line with the rules and a Data Governance Board will be established to approve it.
- The system cannot be privatised or used for commercial purposes.
Only a government organisation will be able to manage the My Health Record system.
Harsher penalties and fines for inappropriate or unauthorised use of My Health Records are supplemented.
At present, more than 6.3 million Australians have a My Health Record. Over 14 000 healthcare professional organisations are connected on the system. This included general practices, hospitals, pharmacies, diagnostic imaging and pathology practices.