Australia’s digital health agency is reassuring Aussies that they My Health Record data online would be kept safe and secure as the opt-out period starts.

Starting today, those who do not want their medical records kept on the national digital database would have three months to opt out.

Steve Hambleton of the Australian Digital Health Agency (ADHA), remarked that after October 15 passes, there would be a month of reviewing who was in and who was out.

“If you haven’t deliberately opted out by the end of 2018, you will have a My Health Record,” Hambleton stated.

As part of My Health Record, patients and doctors can place medical information such as prescriptions, allergies and medical summaries on their record, and users actually have a say on what is there and who can see it.

“Patients control access to the record, so they can switch off their entire record and make it only available using a pin code, or use that process with individual documents,” Hambleton added.

Patients can get a message or an email anytime someone new gains access to their record but it is entirely up to individuals how they want their privacy and access settings set up.

Robert Merkel, who is a software engineering lecturer at Monash University, was quoted as saying in a report he was anxious the safeguards were not established by default.

“I am concerned that most people simply aren’t going to be aware of those privacy controls,” Merkel commented.

Many people who do not opt out and get a My Health Record may never actually log into the system and tinker with the settings, said Dr. Trent Yarwood, an infectious diseases physician who represents the digital advocacy group, Futurewise.

“Having [access controls] opt-in is complex, because it means it skews to people with better health literacy,” said Yarwood.

Hawking data to third parties is “absolutely prohibited”

A number of third-party health apps would be able to show patients their My Health Record data, but not actually keep it.

However, Hambleton relayed that stringent security safeguards are already in place.

“I can absolutely categorically state that none of the apps and none of the use of the My Health Record data will be able to be sold to third parties — that’s absolutely prohibited,” he said.

Earlier in July, it was divulged that Australia’s largest online doctor booking service, Healthengine had been relaying confidential patient data to third parties, which includes legal firms. The company has since declared it would stop doing so, with Health Minister Greg Hunt also mandating that an “urgent review” of the platform be conducted as soon as possible.

Merkel said he had apprehensions about app access, even if it was restricted to “view-only.”

“Just because all you can do is view, doesn’t mean there are no security concerns. If somebody’s private medical record is viewed by somebody who they didn’t authorise to do it — that’s obviously a very serious concern.”

Concerns over My Health Record security

The ADHA remarked that My Health Record had complex cybersecurity safeguards and was audited on a consistent basis.

But security experts cautioned that no online database could protect itself against all threats, and healthcare data was in fact, a very enticing target.

Merkel said he was bothered that by design, My Health Record would make health data obtainable to more medical practitioners than ever before.

While this has benefits, it also generates more opportunities for something to go awry, he claimed, whether due to an error or worse, a cyber hack.

A lot of privacy breaches of health data can be rooted from insider threats, Yarwood emphasized, such as doctors taking a look at files of celebrities or high-profile patients.

While My Health Record offers an online access log, so you can find out if someone has indeed accessed your record, he said he was anvious a population level system could make this kind of breach more and more likely.

“It’s right that there’s an audit trail, but audit trails don’t give people back their confidentiality,” Yarwood said.

However, ADHA chief executive officer Tim Kelsey said the new online platform has advantages over the old paper-based system.

“The ability to have an audit trail, I think … is a vitally important asset of digital technology,” he said. “Paper-based healthcare offers us no means of actually understanding whether our information is secure or not.”