I JOINED what was then the Patient Controlled Electronic Health Record, now known as My Health Record (MyHR), as soon as it was available. I won’t be opting out.
In addition to working in urban Sydney, I have worked in the Northern Territory since 2006, using the statewide (albeit very old) medical record, which has been instrumental in permitting continuity of care for patients who move around the NT. Of course, if they have care outside the NT, their treatment is blind to me.
I have been really impressed with the value of knowing who has had treatment already for a condition I thought I was seeing for the first time, of knowing what medications the patient is prescribed, in addition to the ones I thought I knew, and of having specialist access more easily.
The specialists in Darwin (750 km from where I work when I am in the NT) can share the patient’s history in addition to the email I send as referral, and on the phone we can sort things out. Face-to-face access is really difficult. In emergencies, transfer of care for things I cannot manage is always with the clinicians at both ends reading the same information.
How different to Sydney, where patients have numerous GPs (one had six, one for each of her conditions – we declined to be number seven), with difficulty in accessing and incorporating all the information from all the GPs the patient has seen.
There is much discussion about fear of data being accessed, which I find curious. I have not heard the same anxiety expressed about the ability lawyers have always had to get a list of all your use of Medicare, and so imply your mental health status (and they use this for contentious legal argument).
I have not heard the same anxiety expressed about the genome testing companies, who give you an answer but keep the sample, which is then theirs. So the person accessing these services is potentially giving their DNA away.
I have not heard the same level of anxiety expressed about other government agencies: are these same complainants worried about those mysterious hackers who are so keen to discover health or medical history, also hacking the other aspects of MyGov, my OPAL card, my car registration, and all the information gathered on MyAgedCare? No one gives us a universal guarantee of absolute confidentiality, in any aspect of connected life.
Readers of this article will include GPs, who know how a MyHR is created, and others who may not understand that the big opt-in/opt-out is all about creating a space to upload information. The “option” is all about computer handshakes and identification, and nothing about medical information. To have medical information uploaded, the patient needs to go to the GP (not the pharmacist or the specialist) and negotiate together what information will be uploaded. In my experience, everyone wants their allergies uploaded. We discuss what medicines are really being used and upload them, and look at the significant diagnoses and upload those the patient agrees to.
One of the difficulties GPs have had in the past 5 years with this system (Patient Controlled Electronic Health Record then MyHR) is the way the power is all in the hands of the patient. What is the value, GPs have said, in having an incomplete record? Shouldn’t we simply upload everything?
The developers of the process recognised the primacy of the patient in the original name: Patient Controlled Electronic Health Record. So, if you have concerns about what the mysterious hacker might discover, simply don’t upload it. Such gaps will of course decrease the value of the record, but if that makes the worried patient happier to take part, it is within that person’s ability.
The MyHR has been around since 2012, under different names, with huge difficulty in signing on when I joined (32 pages of identification), which was slowly made simpler. And that was just to identify me as the person I am. This difficulty signing on was so great, and such a barrier, that the government set targets for GPs to upload histories to encourage the GPs to encourage the patients to undertake the huge task of signing up. Very little money was distributed under this scheme, as the difficulty of explaining a completely new system to patients, getting them to go away and undertake the web or phone process of opting in was so great that it was hard to make the target.
Opting in was hard. Over the time the process existed, patients were not really aware that the option was available, and GPs ran out of puff to add this to consultations that are already always too short for the patient’s expectation. Even getting patients in public hospital waiting rooms to sign up, with dedicated staff to help, was difficult.
I have patients already who request that I change the medical record I keep for them, which is private to my practice, except for legal fishing by subpoena. I have patients whose hepatitis C is cured, so, they argue, is not relevant any more. I have patients who feel that their recurrent sexually transmitted diseases are treated, so again are no longer relevant.
So, opting in has been tried, over a length of time, with less than 30% of the country signing up. Is it any surprise that the signing in (remember, that is just the identity bit, not the medical bit) has changed to opting out?
Patients have less control over the multiple medical records kept by all the GPs they have seen, than they have over the MyHR. And we know Russians have already held a GP medical centre’s records for ransom.
I use Dropbox, Facebook, and internet banking. I fancy there is more potentially embarrassing and problematic information about me within these sites than the government sites that I have signed up for. I elected to join MyHR because I know the value of continuity of care, of being able to access my history when I am unconscious, and I will take the risk. After all, we manage the digital anxiety of the linkage that Google can make in relation to our photos and our shopping.
And those who cannot manage that anxiety, don’t connect. It is anyone’s choice to upload medical information, via their GP, and ultimately, to opt out. And it is anyone’s choice to give up the value of connected care out of worry about risk.
In my opinion, that worry is out of proportion to the risks we all accept daily.
Dr Linda Mann is a GP based in Sydney’s inner west and Borroloola, NT. She is a Visiting Medical Officer at Royal Prince Alfred Hospital in antenatal care, and the GP Clinical Lead for HealthPathways Sydney. She has a passionate interest in patient care through promotion of the relationship between primary care and the rest of the health care environment.
The statements or opinions expressed in this article reflect the views of the authors and do not represent the official policy of the AMA, the MJA or MJA InSight unless that is so stated.
To find a doctor, or a job, to use GP Desktop and Doctors Health, book and track your CPD, and buy textbooks and guidelines, visit doctorportal.
I am a hand surgeon, and have heard nothing from the government about how I am to access this, either in my rooms seeing a patient, or when someone comes in to A&E exsanguinating from an industrial injury. A reasonable person would assume that every doctor in the country would have been given some information about how to access this.
One can assume (again, quite reasonably) that the government is simply inept and had not thought this through, but I find it probable that the government may be devious rather than simply inept, as the conspiracy theorists are suggesting. Given that the patient’s own GP already has their regular health information, the main value of this system would be if the patient is seeing a hospital doctor or a specialist, who can check things like medications and allergies.
While the concept of being able to retrieve the health care records of an unconscious patient is superficially appealing, it is not clear how this will be done if they have been involved in a near-drowning or a sporting field head injury, and do not have any ID on them. Even if they have their driver’s licence or Medicare card in their pocket after a car accident, does this guarantee access? Using current state of the art technology, if a patient has online x-rays, I can view them about 50% of the time, otherwise the website is down, the Internet is too slow, the high-resolution images will not upload etc.
For the moment, the most secure way of guaranteeing that your anaphylaxis or your diabetes is documented, is to wear a bracelet or pendant with the details on it, which is instantly accessible by every surf lifesaver, paramedic, or doctor who has never seen you before.
Unfortunately, Linda does not understand the workings of the opt-out version of what was the opt-in version that also removed the need to gain patient consent..
Once the opt-out program has completed its work, and all who have not opted out have been registered, the record will just sit there ready to be initiated. The statement “To have medical information uploaded, the patient needs to go to the GP (not the pharmacist or the specialist) and negotiate together what information will be uploaded.” is untrue.
All it takes is for a health provider to look up a patient to see if they have a record and it will be initiated. From then on data can flow into the record. Patients who do not realise this, who do not have access to computers, who do not understand computers, who are too sick to operate their computer can do nothing to monitor or change this.
It does require a GP to upload a Shared Health Record (which a patient cannot control access to, it will always be available for viewing). However GPs can upload Shared Health Summaries without the permission of the patient and probably will in order to qualify for ePIP dollars. Patients who understand this may always be asking themselves, Is this for me or for the GP?
(See this for an expansion of this claim https://privacy.org.au/privacy-trust-and-my-health-record/ )
MBS/PBS data will be accumulated along with discharge summaries and event summaries.
The realty is that patients have little control over the content of clinical documents (only the author does), they can hide documents but not delete them – the government will always be able to see them.
What GPs need to understand is that the main purpose of MyHR is not patient care, it is an effort to monitor and control GP behaviour. See my MJAI article for an explanation of this claim
https://www.doctorportal.com.au/mjainsight/2018/25/my-health-record-on-a-path-to-nowhere/
There is no medical justification for the government to hold patient’s personal health data. Any legislative protection or control over the data can be removed or modified by future governments. These two statements alone should send warning signals to the medical community.
There are better, cheaper and less privacy risk/invasive solutions to the problems the government claims MyHR addresses. Why the government did not select them is only a mystery if you do not accept the proposition that the real target is GPs.
Alexander Pope once wrote, “….. fools rush in where angels fear to tread”.
I have opted out.
“No one realises that the health information is mutually agreed on WITH THEIR GP first and then shared.” During the process of opting out over the weekend, I discovered that our youngest child already had a electronic health record. Neither my wife or I were aware of this! No one had asked for our consent to create this record. So much for informed consent! If there is a potential for this to happen (and I’m sure it has happened to many others), there is also potential for so much more to go wrong. In an ideal world, the electronic health record is a great idea. However, we don’t live in an ideal world!
The Government is putting a lot of money into MHR, and in return, they want access to the data for their own purposes. I’m absolutely sure of it. Much of the framework around MHR consists of guidelines rather than legislation, and guidelines can be changed more or less on a whim. Much better looking systems have been overlooked. How about the French system where the patient has an encoded smartcard, with a copy of their GP notes on it? It’s patient held, the patient can submit it to any medical provider they like, (who have matching encryption keys), so the patient knows exactly who is looking at it, and they’re in charge of it? If a card is lost, the data can be retrieved from their GP and put on a replacement card.
What we’re looking at here in Australia is a sad copy of a failed system which was trialed in the UK. It’s surprising how many times I see failed UK or US systems being adopted here.
I’ve opted out.
Like Dr Mann, I appreciate the potential MHR offers for improvements in coordinated, seamless care. It is a potential that will not be realised in its current form, as people rush for the exit for quite rational reasons.
Medicare records can only be accessed lawfully by third parties armed with a court issued subpoena, and can only be used for the purpose for which the subpoena was issued. There is no such protection in the current MHR legislation.
Further, no single GP or specialist records will contain a person’s entire medical record otherwise, as Dr Mann has highlighted, MHR would be without purpose. A breach of MHR or the willing disclosure of data by politicians to the press, as happened with Centrelink recently, is potentially far more devastating.
I dont know what it is you’re doing on the internet that leads you to fear disclosure of that more than your entire medical history, but I daresay others fear the reverse with equal validity. I could go on and if provoked, I will.
When our mendacious politicians provide legislated protections commensurate with the importance of this most desirable development in health care coordination I, and I suggest many others, will reverse their decision to opt out.
I totally agree with you, Linda, and that is the same reason I created a health record for myself way back in 2012. I am not opting out either. I see the problem as poor public communication and education about the way MHR is meant to work. People (even supposedly educated ones) assume that as soon as the opt out period is over, EVERYTHING on a GP file will be uploaded (this opinion canvassed by me asking everyone I know – family, friends, patients – in the past week). No one realises that the health information is mutually agreed on WITH THEIR GP first and then shared. Even pathology results can be opted out of by ticking the box. You can refuse to consent to a hospital discharge summary being uploaded. You can even set an alarm on the MHR that alerts you when your record has been accessed!
However, I can also see that a universal database is potentially a much bigger (and easier) target to hack, notwithstanding people’s carelessness with other aspects of their digitial lives. This is a real danger and issues of security need to be seriously addressed. I don’t know what the answer is, but I suspect that the general panic needs to be allayed, patient consent has to be reviewed, and doctors need to get on board as many of our colleagues are not helping the situation.