Why and how to opt out of My e-Health Record
Latest update 18 May 2018
After the article “My Health Record gets one million more reasons to sign up” was published on health.gov.au, it seems only fair that someone should mention at least a few reasons to opt out.
By “one million”, the Department of Health meant a million of Australians chosen to be Guinea pigs in the new e-Health trial where online heath records were created for each of them without them asking. The trial is touting its success saying that only 2% opted out of My Health Record (MyHR). However, the low opt out rate could easily be down to the fact that the trial participants were only sent glossy brochures plastered with photos of smiling people and outlining only the benefits of having an online health record, without mentioning any risks, disadvantages and implications. Just like it is done in other medical “information” booklets: pick up any pro-screening brochure at your doctor's office and compare the length of text urging you to screen and the text honestly disclosing risks of misdiagnosis, over-treatment and other harms. The situation with MyHR can hardly be expected to be any different.
Every person needs to know all pros and cons before making an informed decision. We all heard about the promised benefits of having an online medical record. Here is a small list of reasons on
Why opt out
The laws and legislation governing and protecting My Health Record can be changed at any time to suit the political agenda of the day.
It already happened once: the parliament passed a bill specifically to enable the creation of trial online health records for one million people who never asked for it. Back then the need to obtain consent was a big legal obstacle — so this was removed. Now the law does not require your consent for your health data to be collected and stored. At the moment, the e-Health scheme allows to opt out, but there is no guarantee that opting out won't be stopped or made excessively difficult in the future. There is also no guarantee that one day some budget genius won't come up with an idea to start selling health record data to private corporations, insurance companies, pharmaceutical giants, marketing researches or anyone else. It will be simply a matter of another bill hastily passed through.
Eventually, all the health information may be stored in a large database where it can be used for purposes other than health care and matched against other databases. Australian Bureau of Statistics already announced its plans to link census data with medical records. The Australian Taxation Office is also pushing for increased sharing and use of Government held personal data.
The patient control over My Health Record can be scrapped at any time.
At the moment, MyHR is being sold to Australians with the promise that they can control what goes into it, and who is allowed to access it. However, there is already a strong medical lobby that wants patient control over eHealth records revoked.
Sadly, despite the mounting evidence of positive outcomes of the opposite approach, Australian doctors don't have a good history of treating patients as equals, or encouraging patient empowerment, or allowing high patient involvement and control over their own healthcare, or letting the patients to know all the information necessary for a truly informed decision and consent. Most doctors prefer their relationship with patients to be that of a master and a serf, rather than of equal partners; and keep the medicine a closed-ranks elite club, rather than a transparent service to the population that is paying for it.
For example, there are numerous self-tests for various diseases available around the world, yet in Australia they are ether blocked, or locked behind doctor's referral or prescription. Australians cannot check anything about their own bodies without this being recorded and reported somewhere. This begs the question: is it about “finding a problem early” and “saving lives”, or is it about keeping Australian patiens under surveillance and medical control?
Personal and health data is at risk of being sold off to private corporations.
In 2016, despite a strong opposition in parliament, the Department of Health handed the National bowel cancer screening and the National cervical screening registers over to Telstra, thus giving a for-profit organisation access to the most intimate health information without people's consent. “Telstra is a strong proponent of big data, of open data. They're obviously a commercial operation — they're often seeking to use personal information for uses beyond what it was originally collected for and to push the limits of privacy and data protection law”, commented David Vaile, the Executive Director of the UNSW Cyberspace Law and Policy Centre. After this alarming move, it is obvious that eHealth data can be — and most likely will be — transferred, sold, shared or outsourced in the future.
Your phone calls, text messages, emails, bank accounts, Internet browsing, purchases, travels and movements are under surveillance.
Do you really want your medical records to be under surveillance too?
Nobody can or will guarantee the safety, security and privacy of your online medical record.
When a system has so many users, most of whom, including medical practitioners, have only basic computer skills, and a massive amount of highly personal data, it will inevitably suffer from attacks, breaches and misuse. The Census 2016 disaster was a perfect proof.
If your electronic health records are lost to an online criminal gang, will the government pay you the value of that loss? You can't compensate someone for the loss of their personal information, this is the distinction. Once your identity has been stolen it can never be returned, it's thieves' to use for perpetuity and a lot of people don't realise that... If you talk to people who have been the target of identity theft they will tell you what a miserable life they lead. The ability to access personal e-health records at anytime from anywhere is unnecessary and does not have enough advantages to make it worth the risk. (Graham Ingram, AusCERT general manager)
Once the information is out there, you can't truly delete anything.
As data storage gets larger, faster and cheaper, nothing gets deleted. In modern databases, the deleted records are only marked as “deleted”, but all the data stays there for years, sometimes forever. If someone is saying that you can delete your electronic health record at any time, this only means it will appear hidden, but all your health information will still be kept, accessed by anyone who can get to the database, and used for any purpose the laws of the day allow.
To maintain the highest level of privacy, it is important to opt put before your record is created. The Department of Human Services has previously revealed that a e-Health Record cannot be deleted once it has been created. It can only be deactivated and removed from view of some people and agencies who have access to the system, not all.
Your health record may be linked to census and other data.
Australian Bureau of Statistics disclosed its plans to link the census and household survey data to health information and other government databases. ABS recent decisions to retain personal information collected during census have already demonstrated an alarming mission creep and disrespect for privacy and safety of personal information. ABS has laws and power to force every Australian to hand over their private information during census and surveys. Why also give them access to deeply personal and sensitive health information when there is [still] a chance to opt out?
You may find yourself avoiding seeing a doctor if your health information is shared online.
Many people have valid concerns about their privacy in our digital age, and there already is a doctor avoidance trend, especially in delicate cases such as infections and sexual health. With electronic health records, your heath concern discussions are no longer something that is between you and your doctor only: anything you say can be entered into the system and accessed by anyone anywhere in the world within seconds. If MyHR becomes ubiquitous and either makes it hard to opt out or will keep patient health data despite opting out, the society will be put at a greater risk of viral and communicable diseases, because many infected people will avoid seeking treatment due to lack of privacy.
My Health Record will not enable patient access to the full information about their health.
Despite the illusion that with an online health record the patients will finally get to know all the details about their own health, it is not going to happen. MyHR will only contain the information already known to the patients, as its purpose is to make medical records available to other medical practitioners, institutions and the government, not to help the patients to understand their condition better. The doctors will continue keeping their notes to themselves, pass medical referrals in sealed envelopes and discuss their patients with other doctors behind their backs.
My Health Record will not make patient access to diagnostic test results any easier.
Many people were excited to hear that all their pathology test results and diagnosing imaging reports are going to be uploaded to MyHR. Many signed up for MyHR purely for the advantage of being able to see the results before the next appointment with their doctor. They thought they would finally be able to access the information about their body paid for out of their pocket/taxes, be informed about their own health in a timely manner, avoid unnecessary anxious waiting, be able to prepare questions for their doctor and make the most of their next appointment. Unfortunately, this is not going to happen.
The doctors already have and always had the ability to request for any results and reports to be forwarded to their patients as soon as they are available, and no MyHR has ever been needed for that. The patients are kept in the dark only because the majority of doctors believe that patients should only obtain information about their own health under doctor's control and insisted on so-called “follow-up” appointments. With MyHR in place, the results and reports will be uploaded when the doctor sees fit. If a particular doctor wants the patient to waste more time and money on a follow-up, they will keep doing that.
Doctors' favourite excuse is that patients are not qualified to understand the results, even though some results are as simple as yes/no, even though some patients, such as scientists, are often more knowledgeable in the area than the doctors, even though it should be the ultimate patient decision what and when they want to know about their own health. At the same time, some progressive doctors are happy to see their patient actively involved in their healthcare, happy to share all the information and respect patient decisions. Those patiens are no more “qualified” than the other. So it is nothing to do with patient's qualifications, and is all about power and control that some doctors can't let go.
Speaking of qualifications, the vast majority of doctors are not qualified in online safety and data security, yet they are using computers, and collect, keep and share highly sensitive information about their patients. According to Avant Group report,...
...92% of GPs don't understand My Health Record privacy requirements, potentially leading to the risk of privacy and security breaches.
Doctor's computer can easily be a zoo full of trojans, viruses, spyware and other malware, accessing and stealing patient's identities and health information, while the doctor has no skills to detect and/or combat the problem. If however the doctor involves an IT professional to look after their computer, this means a stranger not bound by any medical ethics or privacy laws gets access to all your medical history.
There is no widely-accessible, safe and secure means of online communication in Australia.
Signing up for MyHR requires a MyGov account, and that, in turn, requires the user to have an email address. Australia does not have any free, widely accessible email services that are guaranteed to be fully hosted and maintained within Australian borders by trusted Australian personnel. Most Australians are resorting to using Gmail, Hotmail, Outlook and other free email services that are owned and operated by companies in the USA and other countries. With the ubiquitous mass surveillance, this means that highly personal communications are processed, stored and spied upon by overseas agencies. It also means that those overseas agencies can access MyHR data and all other information in MyGov accounts registered with those email addresses.
The only data that cannot be misused, leaked, hacked, sold or spied upon is the data that isn't out there. There can be no other guarantees, ever.
How to opt out
DHS created a page with some information about its opt out procedure plans. It was announced that Australians who do not want their medical records stored in a national electronic database will be able to opt out of the scheme from 16 July to 15 October 2018. No opt-out facilities are available yet, so it is best to keep an eye on the news.
If you have more reasons for avoiding MyHR / e-Health and would like to share them, you are welcome.