UPDATE, 15th November 2018 – Concerns still remain, and the date has been put back again until January 31st 2019
A huge amount has happened since we posted this overview months ago. The government has come under significant pressure, with many calling for the program to be scrapped completely. The privacy officer overseeing the project has resigned. They have embarked on a desperate advertising campaign, and had major level concerns raised by all levels of government, numerous doctors, NGO’s and privacy advocates. (including this thorough overview by a doctor casting doubt on whether basic compliance would even be possible for the average clinic) Of particular concern is section 70 of the My Health Records Act, which empowers the Australian Digital Health Agency to disclose patients’ health information to police, courts and the Australian Taxation Office without a warrant, if they did not opt out. It has also been confirmed that data will be made available to private corporations. The government have made some minor concessions and extended the opt out date till NOVEMBER 15th, though they will not have legislated many of the recommendations at the time of opting out. They have made it easier for the 100’s of people who appear to have had records created without consent. Do you trust them? That is up to you. Read more below and decide.
People in this country have demonstrated the level of trust they have in government by crashing websites and call systems with 20 000 people opting out of #MyHealthRecord in the first day and many thousands more since then. Numerous people have found out they have had records set up without their active consent and huge concerns about privacy have been raised.
We are providing a round up for you to enable an informed decision. As we support and train advocates and activists we have become more aware of the huge issue of digital privacy and how little the average person seems aware of, let alone the activist community. We want to help improve literacy in this area, and encourage more discussion regarding the extensive surveillance and data harvesting undertaken by government and corporates.
You can check out the huge compilation of concerns we covered during the #CensusFail situation. Regarding MyHealthRecord, you can assume all of the same privacy concerns apply but also throw in sexual activity and orientation, gender, stigmatised diseases, prescriptions which could identify your condition, life threatening and chronic health conditions, fertility, reproduction rights and more – to get a full picture of concerns.
Oh, and sections of this data is reportedly going to be accessible by NEARLY ONE MILLION PEOPLE. At the minimum all doctors (more than 70,000) and pharmacies (of which there are nearly 30,000) will have access to significant aspects. Many articles refer to a number of 900,000 health professionals.
TL, DR ~ huge privacy concerns have been raised – you can opt out until 15th November 2018. Sassy cartoon from patron cartoonist to progressives here.
Here are some considerations:
- The government is not capable of securing data. This has been proven time, and time again. In Singapore just days ago, 1.5 million health records were hacked, including the countries PM.
- The government has used personal data for political reasons, giving private Centrelink information to a journalist.
- Many people with serious health conditions have opted out, ostensibly those who should benefit.
- Dozens of people have come forward saying they have had records set up without consent and are now spending hours on phone hold to deal with this privacy breach.
- Mental health bodies have advised people to opt out.
- The Department of Health last year commissioned the development of the framework for using My Health Record data for purposes other than its primary purpose of providing healthcare to an individual. This could include research and policy analysis (source).
- The decision is permanent. If you don’t opt out now, you get a record regardless, and apparently will not be able to opt out in future. Your record will remain on file for 30 years after your death. This appears to go against basic principles of health and consent.
- Private health insurance companies are already lobbying for access to this data. Malcolm Turnbull has indicated he would support this.
- In England a similar system was cancelled in 2016 because drug and insurance companies had paid to access data.
- Police are lobbying for, and may already have access to this data, and an ABC news article stated: “If personal information is disclosed to law enforcement, the decision about whether to notify the My Health Record holder will be decided “case-by-case”.” (EDIT: 22/7 – there have now been reports that doctors are appalled that police and ATO can access this data and this letter from an IT professional notes that doctors can request a search warrant under current system, not so with My Health Record which requires a mere suspicion of a crime. Section 70 of My Health Records act details this)
(it might be useful to note here that police already have a long history of accessing information unlawfully for personal reasons) So have hospital staff.
WANT MORE INFO?
This twitter thread neatly lines out some scenarios which could apply – and also responds to some concerns shared by doctors.
- Comprehensive case for opting out in the Conversation.
- Sydney Criminal Lawyers blog here.
- Overview of who could gain access including police
- Excellent overview from health website, Medical Republic
- Sex workers and those with stigmatised health conditions express concerns
- Radio national discussion with experts advocating for the program
- Check out the good folks at Digital Rights Watch
- As usual twitter is a great source for much debate and discussion, check out folk like Asher Wolf and the #MyHealthRecord hashtag
From the Guardian: Currently, 5.9 million people already use My Health Record and 6.46 million medical records have been uploaded to the system. A total of 6,498 GPs, 3,273 pharmacists and nearly a thousand hospital organisations have used it.
We understand why people might want to use this program, and absolutely the choice is yours… (well, we would argue that a choice involves informed and active consent but semantics!) To have a record you literally don’t have to do anything.
For people with chronic and critical health conditions you may believe it is worth it. It is absolutely exhausting if you have a chronic or complex health condition to explain and re-explain to all different kinds of specialists. It can also be stressful to have to defend to doctors your genuine need for strong medication for chronic pain.
But at the same time, have you ever been frustrated by a doctor’s lack of care, or opinion that you were “faking it?” This is experienced more by Aboriginal women, and people of colour, queers, trans and many minority groups. Heck, even badasses like Serena Williams have had an issue with not being believed. Could one note on your file, from one doctor impact how you are treated forever more? We don’t know that yet. But concerns have been raised:
“I have had a semi-complicated medical history, with doctors that have previously misdiagnosed, or made assumptions, that have later proved to be incorrect by other doctors,” Jamie explained.
“If any of those doctors decided to upload my file … the implications for that [would have been] huge.” ~ read more.
The same article also outlines concerned from people who believe they have been signed up without their permission or adequate explanation. One woman was told she had been added in 2015 and had 200 documents uploaded since that point.
Another article points out that multiple apps will have some access to the records as well as, “Earlier this month, it was revealed Australia’s biggest online doctor booking service, Healthengine — one of My Health Record’s partner apps — had been passing on patient information to third parties, including legal firms.” – read more
This article also notes that there are privacy controls, but they are not default settings.
Also, records can be downloaded, and once that occurs the privacy will be in the hands of whoever has downloaded it.
It is important to note, that the concerns being shared by privacy experts go way beyond the issue of malicious hacking, though that has been highlighted as a huge issue as health data is of high value.
Know what you are getting yourself into:
- Could this information be used to harm you at any point? Stop you getting a job? Increase your health premiums? Undermine an insurance claim?
- Could a record of mental health issues, or stigmatised disease impact your life if an employer or health insurance body got hold of it?
- Have you ever been subject to domestic violence? Your current address will be visible to 100s of 1000s of people
- Could your sexuality, choice of work, gender, or chronic health condition be used in a way that limits work or other opportunities?
- Do you know anyone who doesn’t like you, or may want to do damage to your character who works in the health sector? Currently reportedly including one million people.
BUT THEY KNOW EVERYTHING ALREADY
Yes, we live in a surveillance capitalism society. (meaning that invasion of privacy is monetised) But that doesn’t mean we shouldn’t push back. We might work in workplaces that have issues we don’t like – we can still organise. We might realise that some activists are probably under surveillance by police or corporate spies – it doesn’t mean we have to be complicit in handing over access to our vulnerable health data to the state on a plate.
And they don’t have everything yet. The issue is the concentration of data and the HUGE numbers of people who will gain access to it, and the potential for this to be increased in future. Your fertility, sexuality, mental health, and chronic health conditions have not previously been as easily accessible to 100s of 1000s of people.
You can make a choice if you want people to have access or not.
For us, we’re opting out.
HOW DO I OPT OUT
You need to provide a medicare number and another piece of ID, such as a drivers license. If not, you will need to call the hotline. There have been reported delays and (wait for it) technical failures.
WHY ARE YOU EVEN WRITING ABOUT THIS
We provide training, support and resources to activists. Activists are at risk of government surveillance and we know that some people and groups we work with will have files on them. They may not wish to make themselves more vulnerable by adding to the health data easily obtained by governments or corporations.
We are also seeing more and more repressive laws being introduced and there is no guarantee what this data could used for in future. Do you trust government? Your call.
**
We have a collection of resources on Digital Privacy here, and have written about risk management for Facebook here.
If you appreciate us researching and providing information like this, consider becoming one of our CounterActivators.
I am concerned that in order to opt out of the My Health Records I am required to provide online, my driving licence details. Up until now that information has not been connected to Medicare and has been knowingly only been supplied visually as verification of identity in situations such as in some bank transactions or to police at speed checks.
I have a clean driving licence and have very little in the way of medical records.
I would be pleased to provide my driving licence as a visual proof of identity “over the counter” perhaps at a Medicare office but have no confidence in providing it online as a record for the purposes of Opting Out.
I believe stridently that the two separate records should remain that. To be required to concede on this issue in order to protect my privacy from the risk that the My Health Records represents is unacceptable. I have no confidence that the supporting documents for Opting Out records will be held securely.
Once this view is articulated, I’m sure others must be of the same opinion.
Yes its true. Its a bit chicken and egg isn’t it -you want to ensure you are the only one able to edit your record and therefore its good they are asking for detail, but you don’t want to put more detail on file! We have no confidence full stop, but work on the assumption that your medicare and drivers license detail would be easily cross checked by government already. It is for mygov accounts if you have one.
Filled in the firm opting out but have no acknowledgement from them when I completed it that I had been successful .. do what now? Any comments please
Sorry for late reply. I’d check back in with them if I were you.
The PM has already stated Health funds should have access: insurance companies will be his next extension!
The problems incurred in opting out are a method of preventing opt out: the agency is aware wait times are typically from 1 hour onwards to ‘whenever you get through’ . It’s not good enough!
The similar UK system failed the security test. Singapore’s system has just had a major breach . There is zero reason to trust this increasingly authoritarian government, especially as they have used ‘opt out as a means to suck people in!
We are with you on that one!
how do i opt out?
By following the opt out links we give in the post 🙂
The trouble is, once you opt out, they retain your data and you are no longer alerted if its is accessed or changed. The system sucks.
Yes it does! Not sure this is true though.
Mine’s a question. I’ve heard that you can get information they have already collected removed from the record. Is this true, and if so, how do we do it? Have a good one.
Not sure to be honest. That seems unclear at this point, especially with legislation not being introduced and passed in time.