What I’m Doing About My ‘My Health’ Record

What I’m Doing About My ‘My Health’ Record
Image: Getty Images

The government’s My Health Record (MHR) system promises to bring together a bunch of different healthcare data so that a trip to the hospital or doctor won’t require lots of information being recorded over and over again.

It should reduce some costs as healthcare providers can access pathology and other analyses without repeating tests and will simplify how we deal with some agencies. But it’s also being implemented in a pretty ham-fisted way, with everyone’s consent assumed unless they opt out. I’ve been looking at the system. Here’s what I’ll be doing.

How To Opt-Out Of The Government's My Health Record

July 16 marks the start of the three-month period in which Australians can opt-out of the government's My Health Record. Planned as an "online summary of your health information" that "can be accessed at any time by you and your healthcare providers", there are no guarantees about how your data will be used by said providers. Here's what you need to know about MHR and how to opt-out if privacy is your main concern.

Read more

What is MHR?

The Australian Digital Health Agency says the MHR is an online summary of key health information. It includes things like allergies, medications you’re on, medical conditions you have and pathology information such as blood test results.

The idea is that by having all this information in one place, when you seek access to health care, the professional you’re dealing with doesn’t have to ask you a bunch of questions as they can look at the data in a central system. That can be very handy if you’re taken in for emergency care and can’t provide the information yourself.

The information can be added to your MHR by healthcare professionals and you can add important information action such as emergency contacts as well. Up to two years of your Medicare history may also be added to the MHR as well as organ and tissue donation decisions and other data.

The thing to note is that this isn’t a clinical record. It’s not like reading a hospital chart and seeing lots of detailed information. It’s a summary. As far as I can tell, it provides a documentary record of the sorts of things you’d be asked during triage when you present to a doctor or at a hospital and they want to know about your medical history.

My Health Record: The Case For Opting In

The My Health Record opt-out period begins this week, and you have until October 15 to pull your records out of the scheme. But should you? Here are some compelling reasons to keep your records where they are.

Read more

Who Has Access To The Data?

The Conversation, in an article making the case for opting out, says:

MHR’s access-logging system does not track which individuals are accessing records, only institutions, which means you won’t be able to tell who has seen it.

This worries me. While the information is intended to be a summary, it will contain some information that might be considered sensitive. And while I’m OK with my doctor knowing certain things, I’m not so sure I need my personal information to be accessed by someone who I have not specifically given my consent to.

This is the heart, I think, of the matter when it comes with whether or not to opt out of the MHR system.

There’s Consent, And There’s Informed Consent

Consent is almost always presumed to be something we actively give to someone. In the case of the MHR, consent is assumed unless we opt out. And I have a really big issue with that. One might think the government is keen to bolster the credibility of a new system by ensuring the number of people in it is as high as possible.

One way to do that is to automatically enrol everyone into it and say that if you don’t want to be a part of it, that you need to take steps to ensure your personal information, which I think many people see as highly sensitive, is not included or is removed. I think the approach taken by the government is poor. The government has spent hundreds of millions of dollars on a cybersecurity strategy, imploring us to be careful about how we store and share data, only to take the decision about healthcare information away from us.

Rather than give consent, we have to withdraw it.

I have many friends and family who work in the healthcare sector. One thing that is clear to me is that there is a very broad continuum in technology expertise and understanding in healthcare. While some organisations will have solid controls in front of who can access specific data, there are others with far less stringent controls.

Even if I give consent to a healthcare provider, I don’t really know who I’ve given my consent to. When your MHR is accessed, there’s no way to be certain of who has accessed it. All you’ll know is what organisation accessed it.

My Health Record: The Time To 'Opt Out' Is Right Now

The My Health Record (MHR) opt-out period has begun, and you have until October 15 to decide whether or not to be part of the scheme. Unless you take action to remove yourself from the My Health Record (MHR) system, the federal government will make a digital copy of your medical record, store it centrally, and, as the default, provide numerous people with access to it. </p> <p>If you don’t opt out during this period and later choose to cancel your record, you will no longer be able to access that record but the government will continue to store it until 30 years after your death. You will need to trust that it will not be breached.

Read more

What Are The Real Risks?

Much has been said about the risk of hackers attacking the MHR system and gaining access to a vast treasure trove of information. That is a risk but I don’t think its the biggest one we need to worry about.

As I mentioned, there are the healthcare provider networks. Why bother hacking the government when your local GP is a much softer target? I think that’s a more serious issue. And within those offices there’s no way of ensuring you know who has actually accessed your record.

The government has said that the data will be used, in an anonymised form by third parties and app developers. But there are risks that the data could be de-anonymised.

The main risks that I see rest with people. There have many instances where law enforcement agencies have accessed personal information without adequate oversight or for good reasons. For example, if a disgruntled partner wanted to track down someone they could easily leverage emergency contact details of someone they know or even look at patterns for when pathology tests were taken to anticipate where that person might be.

What Will I Be Doing?

There are some clear benefits to the MHR system. Having a central, easy to access health record does have the potential to simplify how I deal with healthcare providers. It means, for the first time, that I have some control over my health records and can create a consolidated set of health information that can be used in my care.

While the government seems to have considered the system from the healthcare perspective, it has done a poor job of considering the most important people in the system – us.

While an opt-in system would have been harder to implement and required more effort, it would have also been a great opportunity to sell the benefits without the baggage that comes with the scheme being effectively mandatory unless you take steps to opt out. In effect, they have taken my choice for informed consent to share my data away.

A big part of me wants to tell the government to shove it just because of the way they have implemented the MHR. But me real concerns are the lack of clarity about exactly who (not the organisations but actual humans) can access the MHR and the poor security around the systems that could access the data.

That’s why I’ll be opting out.


  • If it was opt in, no one would do it and the whole thing would be a waste of money.

    They should do the same with organ donation. You are auto opted in when you are 18 unless you opt out.

    • Yeah this is exactly what happened. They even promised it would never be opt-out, but no one signed up.

      That doesn’t change the fact that Australians are being exposed to huge privacy risks without their consent.

      It would be a good idea if the government could be trusted to secure it, but it obviously can’t.

    • Yeah this is exactly what happened. They even promised it would never be opt-out, but no one signed up.

      That doesn’t change the fact that Australians are being exposed to huge privacy risks without their consent.

      It would be a good idea if the government could be trusted to secure it, but it obviously can’t.

    • Yeah this is exactly what happened. They even promised it would never be opt-out, but no one signed up.

      That doesn’t change the fact that Australians are being exposed to huge privacy risks without their consent.

      It would be a good idea if the government could be trusted to secure it, but it obviously can’t.

  • So by opting out does that mean that the security systems and the current system in place of accessing your info are better secured. What I would like to know is how is the current system to the new system regarding security and privacy. If by opting out is based on security, then clearly you feel the current system is fine. But if it is not, then whats the point of opting out. Agree, wouldn’t target the government but the local GP but isn’t that case already.

    • Yes, but MHR pulls together lots of info from different places. Your GP, for example, doesn’t have everything in one place as far as I know. SO, now the GP becomes a more interesting threat vector for bad guys as the amount of data they can get increases.

  • Im Opt-Out… unless I get a life threatening condition (Cancer, etc) where information management is critical to my continued care across multiple providers. However my privacy is my concern.

    However, if I find data has already been entered and makes it difficult for me to Opt-Out. I will pursue the right to delete all the way to the top, they have no right to refuse. My Health Record is a digital COPY, therefore retention and disposal should NOT be 30 years past death and it should concede to the Privacy Regulations and I have a right to request to deletion especially since the Opt-Out periods social contract is I have a right to decide the fate of my data… after all the original record is with my healthcare providers.

    Interestingly that this Australian records keeping agency has not yet filed a Disposal Authority with National Archives and is applying such a generic definition of medical records to their data, which they admit it is not, its a COPY!!!

  • The irony is that 99.999% of people who opt out are happy to give Facebook and other social media sites the keys to their everything.

    The government should have outsourced this to Facebook – then all the sheeple would think it’s a great idea…

  • As someone with absolutely no medical or food allergies or pre-existing medical issues I will be opting out, I feel sorry for those who don’t have the privilege to do so.

  • Interestingly enough, the original proposal when Nicola Roxon was Health Minister was for an opt-in scheme.
    In typical fashion, we’re now faced with the opt-out scheme – which is exactly what I’ve done.
    There are just too many unknowns – this is not the government handling our data: that’s all been outsourced to the private sector. And we have no guarantees – certainly none that I’ve heard from government – that MHR providers are obliged to ensure that our data is NOT shipped offshore.
    Perhaps a better system would be a smart Medicare Card – we all carry them, and with biometrics we can be validated as the correct holder of the card. In physically holding our data within the card, we control who we give information to, and the circumstances surrounding that transaction. Any updates are added to our data on the chip, and away we go.
    Still issues to be addressed, but I think this is the better end-game.

  • So lets look at the whole “External entity accessing My HR” as a threat vector because there are some caveats that are missing.
    Full disclosure I’ve been involved in connecting 3rd Party clinical systems( including those used by some public hospitals) to My HR since 2012.
    In order for say my local GP’s system to access the My HR, before that can occur the system vendor has to go through some pretty rigorous acceptance testing, the system has to be validated as being allowed to connect to the My HR and it must present certificates for authentication and encryption of the data that are assigned to the HPIO (the 3rd Party Organization).
    So firstly you can’t connect any old system at any old practice and go data mining – it has to pass all the requirements for secure access, auditing etc. before it can connect to My HR and search for patient records.
    Secondly in general the clinical systems (at least the ones I’ve worked with) don’t let you search My HR for cohorts of patients or “any” patient. They let you search to see if a patient you already have in your system has a My HR record, request access to it, view available information or upload information from the local system to the patient record.
    So you’re not going to use the “local GP” system to go data mining for thousands of records, at best you might get to use it for the patient’s who already have records in the local system and if the clinicians and system admins of that system are letting anyone get access to any/all Patient Identifying information in the local system that’s a problem that is not necessarily made bigger by having a My HR record.
    Lastly even though My HR don’t audit which individuals are accessing the records (only the Organization via the HPIO) the local clinical systems accessing the records (to meet compliance requirements) log all activity within the system e.g. what local patients has a user searched for, which local records have they accessed, did they access My HR for a patient, what documents on My HR did they view. That means if you see an organization you don’t think you have a relationship with accessing your records you can a) block their access and b) then request all the audit logs from the local system of that organization related to your records under the Privacy Act.

    So in practice it won’t really mean hackers are going to target the My HR records en-mass via 3rd party clinical systems because these are deployed from a paradigm of “make it as easy as possible for the clinician to get to the records of the patient they are managing right now or they won’t use it” and not geared up for searching for “any and all records” .

    For my money the main concern is the provision of “de-identified data for research” because truly de-identified data becomes meaningless for research purposes as the relationships between different pieces of data are lost. This is why de-identified data can often be re-identified.

  • Two interesting question:-
    1. which politicians and senior health bureaucrats have/will opt out?
    2. how long ’til someone finds a printout or CD at the dump with millions of personal details?

  • I have already read somewhere that a person found they had someone else’s records.
    Imagine a hospital given them the wrong medication in an emergency.

    The incompetence of government IT is well known. No one should trust this.

Show more comments

Log in to comment on this story!