My Health Record – the latest in the ongoing debate

The My Health Records Amendment (Strengthening Privacy) Bill 2018 was before both the House of Representatives and the Senate on 19 September 2018.  The House of Representatives agreed to a third reading and the Senate moved the second reading of the Bill.

The Senate had previously referred the Bill on 23 August 2018 for inquiry and report.  That report was due from the Senate Community Affairs Legislation Committee on 8 October however, on 19 September an extension was granted to 12 October.

The Bill ostensibly: 

“Amends the My Health Records Act 2012 to: remove the ability of the My Health Record System Operator to disclose health information in My Health Records to law enforcement and government agencies without an order by a judicial officer or the healthcare recipient’s consent; and require the system operator to permanently delete from the National Repositories Service any health information about a healthcare recipient who has cancelled their My Health Record.”

Pursuant to the legislation deletion of the health care recipient’s record is to occur “as soon as practicable”, although the Bill does not define this term, the Explanatory Memorandum to the Bill references a period of 24 to 48 hours depending on the timing of the request and operational issues.

The proposed amendments seek to address some of the concerns raised about the My Health Record system but Australian’s are still very concerned about what lies ahead.

The House of Representatives is noting that around 3% of Australians (900,000 people) had opted out of the My Health Record (MHR) at that point.

An online petition has garnered over 51,000 signatures.

The government acknowledged these concerns by extending the opt-out period by one month, to 15 November 2018 for anyone who wants to opt out by then.

From a data governance perspective, it is imperative that industry engages with and informs government policy – this also holds true when it comes to My Health Record (MHR). The MHR system is to be operated by the Australian Digital Health Agency however, they have the capacity to delegate any part of the system’s function to another party with the consent of the minister.  Just what due diligence may be undertaken before this could happen, or what safeguards must be ensured before permission is granted – is anyone’s guess.

Aside from corporate Australia, Australia’s own medical profession have weighed in heavily into the anti-MHR debate by suggesting that they may boycott the system and refuse to upload patient information.

Much of the medical debate has centred on the issue of genetics and biometric information.  This information is seen as particularly sensitive; in addition, there is concern that insurers may use genetic test results to discriminate.

Security remains the key concern however.  As recently as July 2018 1.5 million health records in Singapore were hacked, which were stored in the government’s online health system. Data breaches and security issues have the potential to taint consumer perception even further, irrespective of whether that failure is by government or by business.

DGA’s role as a leading body in the area of data governance is to ensure that industry is part of the reformatory dialogue, and through its related associations in the AADL Network, ensure that members, industry and consumers are appropriately informed.

Stay tuned for the next update once the report from the Senate Community Affairs Legislation Committee has been published.

DGA provides regulatory guidance to Members, subscribers and participants.  The information provided is general in nature only, it is not comprehensive and does not constitute legal advice.  You should obtain legal or other professional advice before acting or relying on this information.