Issue 23 / 20 June 2016

THE government’s My Health record system gives the patient full control over who can access and add clinical information about them. This is far from the notion of physician ownership of health records declared in Australian case law.

Breen v Williams was a decision of the High Court about a patient’s right to access their medical records from a clinic. At that time, patients receiving private care did not have rights of access under the federal Privacy Act and the court determined that the professional could therefore refuse production. Historically, the right of access was only available to public patients under the Freedom of Information Act.

Now federal and state legislation affords all patients the rights to access, amend and define some uses of their health records, with some exceptions (see s6D(4)(b)). The physician can refuse access on the grounds that it may pose “a serious threat to the life, health or safety of any individual, or to public health or public safety”. Ordinarily, however, the physicians’ rights of possession and management of the record are not exclusive.

The My Health system places patients in a position of control that is rarely seen in practice today. The government is currently trialling an opt-out model for My Health which would see the creation of an electronic record for every Australian patient.

Imagine if My Health had the 99% uptake of the health records system in Denmark. This would change how information is shared.

The patient would no longer need to make an appointment with their doctor to obtain their pathology results, for example. The information would be online for them to view, analyse, discuss and share with others.

While this level of patient participation will no doubt have benefits, it is also likely to raise concerns about medical liability if adverse events arise from patient management and self-diagnosis.

Eric Topol, cardiologist and editor-in-chief of Medscape, brought this debate front and centre in an article addressed to Medscape readers. Topol queried why doctors and hospitals legally own health records, and asked whether it was time for patients to control the access of doctors and hospitals. 

“After all, the patient paid for the visit, procedure, lab test, scan, or hospitalization. It’s his or her body,” he wrote.

Essentially, patient ownership would tilt the balance of power, giving patients unrestricted management of their records. Topol’s paper was met with some interesting responses both in favour and against the idea of patient ownership.

In such a flipped system, how would the intellectual property rights of the professional stand? The patient does not usually contribute to their diagnosis and treatment and, therefore, cannot ordinarily claim copyright interests in their health record.

What we have seen with My Health is the introduction of copyright exceptions to enable non-copyright holders to use the records for the purpose of treating patients. This replaces the previous My Health method of licences being distributed by the copyright holder to intending users. A similar exception could be drafted to protect patients from copyright infringement arising from their control of the record. 

My Health and privacy legislation are shifting the control paradigm from the doctor to the patient. The debate on My Health often centres on issues of privacy; however, arguments relating to ownership and control are just as worthy of debate and discussion among health professionals, lawyers and regulators.

Bianca Phillips is a Victorian lawyer and medical law academic, researching and publishing on the intersections between law, technology and medicine.


Who should own a patient's medical record?
  • Both (47%, 70 Votes)
  • The doctor (29%, 43 Votes)
  • The patient (24%, 35 Votes)

Total Voters: 148

Loading ... Loading ...

5 thoughts on “Ownership challenge for My Health record

  1. Dr Louis Fenelon says:

    I’m not at all sure this is about ownership and privacy. If that were the case then individual patients would approach individual practitioners to prepare an individual record accessible by the patient when interacting with other services. The practitioner would be responsible for what they provide voluntarily (so to speak), much the same as we do when writing a referral. I support patient access to records and was a fanboy for personal health records dating back to early credit card days. I thought cards could be scanned for history, meds, allergies and other essentials; not for everything to be added continuously. I am no fan now.

    This is about control and $. The guvment gains control of data. You think they already have that via MBS items etc? Not really. They have data but not enough leverage over how practitioners work. Manipulation of numbers offers more than a better focus on what the heath system does, it can allow targeted action.

    Next year patients will choose GPs or practices to manage their complex diseases and we will have to use the e-health system as part of the funding deal. That means GPs will have to accept and work with patient demands on the content of their record to have a chance of receiving funding via Medicare. That’s just the start. Then we get told exactly what “complex disease management” means. Maybe crippling musculoskeletal disorders don’t make the list. The e-health system ensures Medicare catches doctors and treating such people outside their rules.

    This is about whether the medical profession loses control of our profession to politicians, led by politicians like Dr Hambleton. Our professional integrity is at stake yet again and recently we have a very poor track record!


  2. CKN Queensland Health says:

    Thank you for surfacing the debate. The area is often confused by rolling privacy and ownership together, whereas the two are better managed as separate debates.  Additionally, most of the patient request for ownership is to protect privacy, not to use the record as a saleable item. The topic is well covered in a US paper called ‘Much ado about data ownership’, which points out the failings in using propertization as a surrogate for privacy protection. It also points out that governments commonly have the legal right to resume property in the greater public interest.

    In business, the owner of the data is usually the entity who pays for the creation of the data and the costs of storage and custodianship; often identified by determining the business entity that would lose the most from failure of the database. Using this test it would be the private practitioner who owned the record, not the patient.

    The advent of Fitbits, phone pedometers, and smart health apps has markedly changed the landscape. Although these are clearly part of an individual’s health record, the data is in fact owned by Fitbit/Apple/Google/Samsung, and all the individual has access to is a data representation that the vendor allows. In addition the individual has little if any control over use of the data, apart from choosing not to participate. And even with this, some of the data collection is still more an opt out model (for example, pedometers built in to phones).

    I therefore believe the debate needs to be based around privacy primarily rather than ownership, and viewed through an additional lens of the current state of connected consumer electronic health monitoring devices.

  3. Greg Hockings says:

    I was recently referred a patient for assessment and management of osteoporosis. Initial investigations showed significantly abnormal liver function, although there was no history of liver disease documented. When I discussed them with the patient, she said “the LFTs are abnormal because I am taking two anticonvulsants for epilepsy”.  When I queried why the anticonvulsants were not in her medication list and epilepsy was nit in her list of diagnoses on the referral letter, she said ” I don’t want anypone to know that I have epilepsy, so I won’t give consent for my GP to include it in my medical records”.

    This is the danger of giving patients control over their medical records. This patient’s epilepsy was relevant to their other diseases, as some anticonvulsant drugs are associated with an increased risk of low BMD and fracture, and there is a real potential for drug interactions with anti-convulsants. Also, the risk of minimal trauma fracture during a tonic-clonic seizure is high and can influence the decision on osteoporosis drug treatment. I didn’t enquire whether the patient had aconditional driving icence because of the epilepsy, but the answer could have been interesting.

    So no, Dr Hambleton, I will not be using or supporting any electronic health record while the patient can control what is and isn’t included.

  4. steve hambleton says:

    When I graduated my medical records were an aide memoire to help me better treat my patients.  As group practices and subspecialisation progressed my notes, as well as helping me treat my patients, helped others in my practice treat practice patients.  That same set of notes formed the basis of a good referral, to help my colleagues in other specialties outside the practice, more effectively treat “our” patient.  Now my medical records have a further purpose and that is to help my patient get better care from everyone contributing to their health even, in the absence of a direct referral.  I believe I have a responsibility in partnership with my patient to provide an up do date health summary reducing that “information chaos” for them and for all of my colleagues in the health system.  Their My Health Record now provides that vehicle.  Imagine reducing medication errors by 90%….. 

  5. Aniello Iannuzzi says:

    This article is long overdue. Whenever this has been raised within medical and government circles I mix within, it’s always relegated to the “too hard” basket. Are we getting to the point where 2 sets of notes are required? As is often the case, the winners will be the lawyers and the courts.

Leave a Reply

Your email address will not be published. Required fields are marked *