OVER the next 3 months, people around Australia are being offered an important choice about how they want to interact with their own health information. By the end of 2018, all Australians will have a My Health Record created for them, unless they choose not to have one.
Their decision will be just that: one for them to make after considering the benefits of having immediate online access to their own data about their health and care, and being able to have their clinicians see that information too. They will have access to information such as their medicines and allergies, hospital and GP summaries, investigation reports and advance care plans — this could save their life in an emergency and help their clinicians find vital information more quickly so that they can make safer health care decisions. This information will empower them as they carry their health care history with them in their pockets, on their mobile phones.
Australians will make their choice in the context of our digital world, where the privacy and security of personal information is paramount. In other parts of our lives, we have already made the digital transition. The health sector has been naturally cautious in its adoption of online technologies, awaiting the availability of systems that can adequately ensure the privacy and security of our health information.
Trusted health care providers – GPs, specialists, pharmacists and others – are likely to find that their patients will want to talk to them about their decision. The My Health Record system is here to support better, safer care, but it’s not here to replace our current systems for clinical record keeping and professional communication. Neither will it somehow replace the patient–doctor relationship and our clinical judgement. It’s simply a secure online repository of health data and information that we wouldn’t have had access to otherwise. The data flow from securely connected clinical information systems in hospitals, general practices, pharmacies, specialists’ rooms, and pathology and radiology providers. It also provides access to Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) data, the Australian Immunisation register and the Australian Organ Donor registry.
People will want to be assured that the Australian Digital Health Agency – the operator of the My Health Record system – holds the privacy and security of their health information as its first priority. The security of the system has not been breached in its 6 years of operation. There is no complacency however – My Health Record system security operates to the highest standards, working with other leading security operations such as the Australian Cyber Security Centre. It undergoes constant surveillance and threat testing, protecting the health data of the 5.9 million Australians who have already opted in and chosen to have a My Health Record today.
The legislated privacy controls that My Health Record offers people are world-leading and easily accessed on the consumer portal. They include features such as a record access control, which is similar to a PIN that a person can apply to their entire record so that it can’t be viewed unless they share it with their clinician. In an emergency, the legislation allows a clinician to “break glass” and see vital medicines and allergy information; however, all instances of this are audited and people can choose to receive a text or email to let them know in the event that this happens.
There are many other privacy features. People can turn off Medicare data flows such as PBS and MBS information, and they can see a complete audit history of anyone who has ever interacted with their record in real time. They can pick and choose which information they’d like to keep entirely private with a limited document access control, which is an additional PIN that they can apply to specific documents. They can block health care provider organisations from viewing their record, and effectively delete documents in their record completely. They can enable an alert so that they receive a text message or email if a new health care provider organisation views their record for the first time.
The steps required for a health care practitioner to view the My Health Record are robust and require a number of security authentications to take place. For a provider to access the My Health Record via their clinical information system, they must be a registered health care provider – for example, registered with the Australian Health Practitioner Regulation Agency. They must also have a valid provider identifier. They must work within an organisation that has a valid organisational identifier. They must have conformant software that has a secure and encrypted connection to the My Health Record system. In addition, the patient must have a record on the provider’s clinical information system as a patient of the practice. Following this, the conformant system must use five pieces of information to validate the patient. Only then can the clinician see whether the patient has a My Health Record and the clinician’s access will depend on their patient’s individual privacy settings.
There is compelling evidence that we need to modernise our systems and embrace the benefits of digital technologies in health care. People are being subjected to avoidable harm and death as a result of data silos and their clinicians being unable to access critical pieces of health information. We know that Australia delivers a world-class health system ranked among the highest globally for efficiency and health outcomes. However, we know from consultations with thousands of Australians who contributed to the National Digital Health Strategy that we could do better – that people want access to their own health information and that they want their health care providers to have access to it too.
We also know that a staggering 230 000 hospital admissions occur every year as a result of medication misadventure, costing the Australian taxpayer $1.2 billion annually. Many of these admissions could be avoided if people and their clinicians had better access to vital medicines and allergy information.
The “Medicines View” is a recent addition to My Health Record that has been applauded by clinicians using My Health Record. It provides a consolidated summary of the most recent medicines information from notes entered by GPs, hospitals, pharmacies and consumers, allowing previously siloed medicines information to be brought together into a single view.
In addition to improvements in the features of My Health Record for people and clinicians, over the past 12 months, the system has undergone a significant transformation in terms of the richness of its clinical content. We have now seen the connection of public and private pathology and imaging providers, and a vast increase in connected pharmacy systems as well as hospitals around the country. The addition of this valuable clinical content will accelerate the realisation of benefits as clinicians find that they now have access to a more comprehensive source of information within the My Health Record system.
This week, a national communication plan has been launched to ensure Australians are well informed when making their decision about whether or not they would like a My Health Record. Our peak clinical and consumer bodies including the Australian Medical Association (AMA), the Royal Australian College of General Practitioners, the Pharmaceutical Society of Australia (PSA), the Pharmacy Guild and the Consumers Health Forum are among numerous organisations who have given their public support to the system and its benefits. Former AMA President Dr Michael Gannon described the system as “the future of medicine”. Guidelines on the use of My Health Record from the PSA have recently been published and the AMA will be releasing its revised guidelines in the coming weeks.
Our role as health care providers is to be our patients’ advocate, to support them in making the decisions and choices that will lead to better health outcomes and ensure that they have access to safe and effective care. My Health Record isn’t here to solve all of our problems, but it is an important step forward in our ability to deliver a safer and better connected health care system.
Clinical Professor Meredith Makeham is Chief Medical Adviser of the Australian Digital Health Agency.
The statements or opinions expressed in this article reflect the views of the authors and do not represent the official policy of the AMA, the MJA or MJA InSight unless that is so stated.
To find a doctor, or a job, to use GP Desktop and Doctors Health, book and track your CPD, and buy textbooks and guidelines, visit doctorportal.
Why has it not been commonly mentioned that FIVE Government Departments (including the ATO) will have un-vetted
access to myhealth records ….. meaning they can check on anyone’s records whenever they wish without having to answer to anyone?
Security breaches can occur and those in charge need to do more to protect our information, our identities.
Read what the country with the most advanced IT in this area does.
https://www.aljazeera.com/indepth/features/2015/03/estonia-redefines-national-security-digital-age-150318065430514.html
so, all are up in arms about all the real and also perceived issues with this system. my problem is that many GPs are still not fully computerised for patient visits, so how is that going to be overcome. yes, names are already managing to put wrong information, and babies/children do not exist according to My Health Record. security, if anybody says it cannot be hacked, they are either uneducated for the job they do, or trying to lie to the people. look at Sing Health, and I can tell you Singaporeans take security much more seriously than us in Australia – 1.5 million people’s info got raided.
if you think about it, if the system records the health practice not the individual, then all sorts of people could look up details during say, hospital admission of those who are famous, or friends. not the best way to secure these records.
then again, if you opt in, you have lost consent to not allow certain things to go in, as we have been told not to reconsent patients each time. the flip side of the coin – patients may remove things off the record; so be careful as you cannot assume they do not have an issue etc. back to taking the whole history again.
so in the end, we are not better off – I have opted out, knowing that if in say 3 years, the system issues are resolved, I can always ask for an opt in.
An important choice would be opting in. Being caught unawares and sneakily being opted in without giving any explicit consent is not choice, it is sheer arrogance at best. Shame on Dr Majeham for her Orwellian ‘newspeak’.
And yes, I will be an advocate for my patients interests – by pointing out the gross deficiencies in protecting the records against ‘legal’ misuse. I am not worried about hacking, I am worried about what the government allows already and might allow in the future. I certainly opted out, and so did the rest of my well informed family (4 of us doctors)
I haven’t examined the system yet in detail but note the comments above. Whilst it may appropriate for the patient to view their own record, it would not necessarily appropriate for the patient to be able to arbitrarily amend the record without an e-trail. Obviously, incorrect information should be able to be corrected but like any medical record, the process should be clear ie that the record has been amended or corrected or that a file has been deleted. In a paper record, this of course was by putting a line through the incorrect entry (ie not removing it, not using whiteout nor obliterating it etc), initialing the correction and writing an amended entry (with the date and time of the amendment). Similarly, the presence of any blocks to some users should be visible to all users.
Finally as a health professional, I have not received any information yet about using the system although my employer has requested that I advocate to patients on its benefits.
Presumably, all AHPRA registered Health professionals will now also have be registered as “organistions” including solo practitioners. It of courses, raises the issue that access to a record presumably comes within the umbrella of an organisation.
Today I heard Dr Makeham and Minister Hunt both repeat the claim made in this article – that MHR has suffered no security breaches in the six years of its operation.
Yet the 2015/2016 and 2016/2017 (I didn’t look back any further) “Annual reports of the Australian Information Commissioner’s activities in relation to digital health” detail data breach notifications involving “the unauthorised access of a health recipient’s My Health Record by a third party”.
What on earth do these two understand by the term “security breach”?
https://www.oaic.gov.au/resources/about-us/corporate-information/annual-reports/ehealth-and-hi-act-annual-reports/annual-report-of-the-australian-information-commissioner-s-activities-in-relation-to-digital-health-2015-16.pdf p.9
https://www.oaic.gov.au/about-us/corporate-information/annual-reports/ehealth-and-hi-act-annual-reports/annual-report-of-the-australian-information-commissioner-s-activities-in-relation-to-digital-health-2016-17
So many reasons to opt out at every level …. but not even mentioned in the article.
Such bias undermines the entire project – if a writer cannot be balanced in promoting their ‘baby’, then neither can we trust them with it.
Too much information is the problem with the EMR system I work within, too difficult to learn how to filter it, and the desired filters are commonly unavailable or laborious.
As many have said, if the person concerned can filter the information, it certainly cannot be trustworthy – one will always have to ask ‘what is missing?’.
Where is the certainty of identification? Short of an inserted microchip (a la puppy management), anyone could be carrying someone else’s phone.
My last job application was marred by the Medical Board reporting to my employer that I was subject to complaints – but they had mistaken which doctor with my name was responsible!
IF the erstwhile Medical Board can make that mistake, how many other mistakes of identity will follow in such a system? As the system is orders of magnitude bigger, so will the errors be much bigger.
When our children’s doctors get used to the mega systems, hopefully I will be gone, but I fear for my children.
‘Government accused of encouraging doctors to “sell” confidential patient data’
http://www.abc.net.au/radio/sydney/programs/pm/government-accused-of-making-gps-sell-patient-data/9999928
No mention of the government having to pay (bribe?) GPs to upload data. Should the patient not be told of this potential conflict of interest?
Not to mention that it reduces the amount of time a GP has available in a consultation to attend to the patient.
Just about everyone I have read who promotes My Health Record has some real or potential conflict of interest, including Meredith Makeham
So many faults & unresolved problems that are potentially harmful that this is a no-brainer! I will opt out personally & professionally. The crime is the huge waste of taxes squandered on this which could be much better spent on real health care.
I am concerned by Dr Makeham’s statement that people “can see a complete audit history of anyone who has ever interacted with their record”. The word “anyone” suggests an individual. My Health Record’s access-logging system does not track the individual accessing a record, rather the health provider organisation. So if you see that your GP practice has accessed your record, there is no way of knowing whether it was your GP who accessed it or your nosey next-door neighbour who happens to be the practice receptionist. Just another example of the unfounded reassurances we are being given about so many aspects of this system.
There was a not dissimilar system (JEDHI) introduced into the Defence Forces Medical records some years ago. When a practitioner came to use it, they were confronted with a plethora of pages, recording every test, examination, investigations etc., that the Serviceman had ever had—literally a library of concerns in some cases, if you ever had the skills to navigate it (which i never had , as i was a Luddite !).
The same system had been used in England, but was found to be a failure, so they SOLD it to the ADF for something in the region of $3 million dollars (original quote was 1.5 million !) and dispensed with the system entirely.
It was meant to prevent the Servicepeople from carrying their records to all their new postings.
It is a complete and utter abhorrence, and does nothing to promote the health and welfare of the patients, except in exceptional cases, who probably shouldn’t be in the Services anyway, because of their afflictions. Such patients should be treated elsewhere, and not clog the ADF, which is an organisation for healthy, active people.
So who is going to have time to do this – already we are drowning in systems and trying to access information – this is ridiculous – more time where we cannot actually talk to and work with our patients….
The steps required for a health care practitioner to view the My Health Record are robust and require a number of security authentications to take place. For a provider to access the My Health Record via their clinical information system, they must be a registered health care provider – for example, registered with the Australian Health Practitioner Regulation Agency. They must also have a valid provider identifier. They must work within an organisation that has a valid organisational identifier. They must have conformant software that has a secure and encrypted connection to the My Health Record system. In addition, the patient must have a record on the provider’s clinical information system as a patient of the practice. Following this, the conformant system must use five pieces of information to validate the patient. Only then can the clinician see whether the patient has a My Health Record and the clinician’s access will depend on their patient’s individual privacy settings
Our regular monthly medical meetings has illuminated important topics this year. The last meeting on the federal government ordained electronic medical record – My Health Record – was no exception. Despite good intentions, this initiative has many ‘doubting Thomases’ – and with good reason. Not all doctors are convinced that the contents of each patient’s electronic medical record will be that useful clinically. Many are suspicious of the government’s intent of using the data obtained for non-clinical purposes. Some doctors are not convinced that the security of the system can be really protected against determined cyber criminals. And both GPs and specialists are underwhelmed by the financial incentives for doctors especially in the private sector to spend the time and energy on summarising patient information, loading up the data and maintaining or curating it on the system. Despite a passionate defence of the My Health Record by our invited speakers I wonder how many of the audience were convinced? It will be interesting to see how many of our medical colleagues decide to ‘opt out’ of My Health Record during the three-month ‘opt out’ period starting this month.
When I started reading I wondered why the article was ONLY positive – when I came to the end and realised WHO wrote the article it became more obvious. There is NO mentioning of the issues which have NOT been solved – who is legally responsible, who pays the poor GP to spend MORE time on paper, well in this case – data work and not on patient care, who protects the GP as the curator from legal action and how do we explain to the patient, sorry, we THOUGHT it was safe but now your very personal data is in hands from Hackers, blackmailers – and the police, who THOUGHT they might prevent a crime by looking at your medical records. The idea is still great and potentially could save many lives – but not in the current form. The only reason there is not more outcry from GPs is not that they agree with the e health record – they are just too busy looking after patients to have the time and energy to fight another red tape. The college has failed so far to protect GPs from the unanswered questions mentioned above ( and there are more ). It would be very interesting how many doctors will opt OUT – that will tell the real story.
I’m out. Both personally and professionally. Can I refuse to have anything to do with it even if a patient wants me to use it? you betcha. Unless the system is improved in SOOOOOOO many ways.
MHR will not – absolutely will not improve Patient Health Care one iota.
If the Patient has a say in what is entered in MHR , then MHR becomes INACCURATE.
Patients will delete any Entry which states any & many more of these :
HIV Patients / Drug- dependant Patients / Alcohol Dependent Patients / Domestic Violence Perpetrors /
Workers Compensation Patients / Mental Health Issue Patients / Doctor-Shoppers , etc. etc.
DR. AHAD KHAN
“The security of the system has not been breached in its 6 years of operation. ” says Prof Makeham
This is untrue – according to the OAIC there have been breaches (more than 1) in both of the last reported years.
The OAIC audit them so they know.
David
The problem is in the ability of patients to omit or alter data themselves. That, in effect is that the doctor will always be looking at potentially corrupted data
It would be great – if it was user-friendly ie quickly accessible in the practice.
It is cumbersome and extremely time-consuming (and vexatious) to use.
Do I trust the government to secure my health information and protect my privacy? Yes. Do I trust health care providers to secure my health information and protect my privacy? Mostly yes. Do I trust myself to engage with My Health Record at the level needed to manage my health health information and protect my privacy? No, and that’s why I have opted-out of My Health Record. Excluding everyone is the only way I can be confident of personally managing who has access to which aspects of my health information.
My Health Record is ridiculous and does not make any sense. Patients can tamper with their own records and that will make the Doctors clinical judgement more confusing. NHS in UK has already rejected this and I don’t know why we are trying it here. Waste of Govt. funds