900,000 Australians have opted out of the nation’s new digital electronic health record system due to privacy and security concerns plaguing the My Health Record database
Countries around the world continue to attempt creating a single national electronic health record (EHR) system. And though billions have been spent, success remains elusive. Australia (AU) also has joined the club of nations struggling to launch a shareable digital health record system. But though the country does have a national healthcare system, a significant number of Aussies have declined to participate in a national EHR system as well.
Privacy and Security the Biggest Challenge
In February, Dark Daily reported that Australia’s largest pathology laboratories signed agreements with the Australian Digital Health Agency (ADHA) to join the nationwide EHR project. And that, though they praised the potential of the AU’s My Health Record, a doctors’ advocacy organization also voiced concerns about functionality, interoperability, and added burden placed on providers.
My Health Record is a 16-year $2 billion (AU) project to create a digital database that contains the medical health records for nearly all of the country’s 24.7-million citizens. But the system’s rollout has been far from smooth. As of September 12, roughly 900,000 Australians had opted out of the program, which has been plagued by privacy and security concerns, ZDNet reported.
The developments in Australia concerning the effort to implement a single electronic health records system for patients are useful for those pathologists and medical laboratory managers who want to position their labs to support services like these. Australia is not the only country that faces challenges in the implementation of a single, nationwide EHR.
“Even though most Australians will likely end up having a My Health Record by the end of the year, it doesn’t mean the government can declare victory by any means,” wrote Contributing Editor Robert Charette in IEEE Spectrum. “Its e-health record system must quickly prove more beneficial and easier to use for healthcare practitioners and individuals than is currently the case, while avoiding any significant data breaches or privacy leaks. Otherwise, it will continue its past history of being ignominiously ignored until the system eventually suffers a slow, and very costly, death.”
Flawed and Unsecure
Technical glitches marred the mid-July start of the government’s opt-out period, but the biggest issues facing My Health Record are its ongoing privacy and security difficulties. The Australian Privacy Foundation (APF) argues My Health Record is a flawed “summary system” that offers minimal value to consumers or healthcare providers while exposing Australians to potential security breaches.
“The risks to your privacy, confidentiality, and information security need to be balanced by the value of any of your health records,” APF states on its website. “In our assessment, because it is not really your health record but a less-reliable copy, the My Health Record has little value for either your clinicians or you as a patient: you both need the real thing. This means the risks to you may be high enough to question whether My Health Record is worth it.”
Not only have privacy advocates questioned My Health Record’s threat to information security and confidentiality, the former head of the federal agency tasked with building the system also has questioned the security of the online system.
Stuck in a Time Warp
My Health Record does provide consumers with the ability to set controls that restrict access to their records. However, according to another ZDNet report, of the 971,252 records created during the EHR’s trial period, only 214 access controls were set. Of that number:
- 196 records had a code applied to the entire record;
- 10 had individual documents locked down with a code; and,
- eight had both record and document codes applied.
Grahame Grieve, Principal at Health Intersections, argues My Health Record is stuck in a time warp—a system built on technology that was state of the art in 2007—but that has not kept pace with technological advances during its years of development.
“In the last decade, there’s been a lot of change, smart phones, etc., and we’re all used to the way the Web works: a set of federated systems that act together to serve us,” he wrote in a statement to the Australian Senate committee tasked with investigating issues with My Health Record. “But the My Health Record is still frozen as if all this hasn’t happened: inconvenient, inflexible, with poorly controlled information access rules … Australia is lagging behind other countries which are prototyping innovative digital approaches to solve healthcare problems.”
According to IEEE Spectrum, the “political firestorm” that greeted the program’s nationwide launch caused the Australian Digital Health Agency to extend the opt-out period an extra month, to November 15, 2018. Doing so buys the government more time to pass legislation aimed at fixing other issues related to the 2012 My Health Record legislation, ZDNet noted.
In July, ZDNet reported My Health Record legislation would be amended to strengthen privacy provisions to ensure no health record can be released to police or government agencies, for any purpose, without a court order, and that those who cancel their My Health Record will have their record permanently deleted from the system.
“The advantages of having your medical history in the one place, both for consumers and healthcare providers, are numerous,” then-AHHA Acting Chief Executive Linc Thurecht claimed in an AHHA statement. “Apart from convenience, the potential benefits include better coordination of care among multiple healthcare providers, better informed decisions on healthcare that involve both the patient and the healthcare provider, reduced duplication of diagnostic tests, fewer adverse drug events, and reduced hospital admissions.”
Other Failed National Health Systems
Australia, however, is not alone in hitting e-Health speedbumps. The United Kingdom in 2016 pulled the plug on the National Health Services’ care.data initiative following a review into concerns over privacy, lack of informed consent, and the sharing of medical data with drug and insurance firms.
And in Singapore, the government recently halted plans to have all healthcare providers upload data to the new National Electronic Health Record System after hackers stole the personal info of 1.5 million SingHealth patients in the nation’s worst cyberattack.
Meanwhile, in the United States the debate over national healthcare and protected health information (PHI) security is ongoing, and lessons like these from around the globe illustrate that solutions are not yet on the horizon.
Finding answers to consumers’ legitimate privacy and security concerns will be increasingly important for medical laboratories that will be called on to deliver more value to healthcare networks, and be required to share patient data with other healthcare providers to do so.
—Andrea Downing Peck