As the Federal Government today pushes the button to create My Health Records for every Australian who wants one, the industry has stepped out asking for more transparency around security and secondary use of the records to enable people to make more informed decisions about it.
The industry has also voiced out about data de- and re-identification, a global approach to cybersecurity issues as healthcare digitises, information security requirements of the future and blockchain as a way to alleviate some of the challenges associated with the My Health Record system.
On 26 November 2018, the Federal Parliament passed legislation to strengthen privacy protections in My Health Records Act 2012 without debate or division.
The new legislation means that Australians can opt in or opt out of My Health Record at any time in their lives. Records will be created for every Australian who wants one after 31 January and after then, they have a choice to delete their record permanently at any time.
The date of 31 January follows much deliberation from the Federal Government to extend the opt-out date. Australians initially had until 15 October 2018 to opt out of the national health database, or a My Health Record was to be created for them by the end of that year.
But following the opposition calling for an extension to the opt-out period, the public outcry against the potential for the data to be shared with police and other government agencies, a leaked government document detailing the Australian Digital Health Agency’s response to concerns and a raft of changes recommended by the Senate Inquiry into My Health Record, the Federal Government pushed this date back and relaxed its stance on when Australians can opt in or opt out of the system.
Australian Academy of Technology and Engineering (ATSE) President Professor Hugh Bradlow said the collection of health data across the population will result in better health outcomes as it not only shows how effective interventions are, but also allows treatments to be personalised based on the experience of thousands of other patients.
“New forms of measurement (based on artificial intelligence) will also give patients far more significant information about institutional performance, practitioner performance, the outcomes of specific interventions, etc.” he said.
The Society of Hospital Pharmacists of Australia (SHPA) Chief Executive Kristin Michaels said the My Health Record debate highlighted the need for an integrated ehealth system, accessible only to health professionals and set up at the request of health organisations, for the benefit of all Australians.
"All Australians, regardless of any illness or condition, deserve to get the highest-quality care,” Michaels said.
“More often than many would think, patients are unable to explain the medicines they are already taking and for what conditions they are already being treated, particularly after a seizure or if unconscious. Many of these patients are unaccompanied. Sometimes this lack of information leads to errors that have serious impacts on people’s lives.
“[Hence] hospital pharmacists have long called for a shared, electronic patient data system that links up a fragmented health system and empowers patients in their own care."
The issue of security
However, University of Melbourne Department of Computing and Information Systems Cybersecurity Senior Lecturer Associate Professor Vanessa Teague expressed her concerns around the privacy implications of secondary uses of My Health Records not being accurately explained.
“Both doctors and patients can be easily and confidently identified in a dataset… In the case of patients, this means that a few points of information, such as the patient's age and dates of surgeries or childbirths, is enough to identify the person and thus, retrieve all their Medicare bills and PBS [Pharmaceutical Benefits Scheme] prescriptions for many years.
“Easy and confident re-identification has been demonstrated on numerous other datasets that were shared in the mistaken belief that they were de-identified. It is probably not possible to securely de-identify detailed individual records like My Health Records without altering the data so much that its scientific value is substantially reduced.”
Teague said patients may choose to opt out of secondary uses of their data but are unable to make a “genuinely informed decision” if they are inaccurately told that their detailed record cannot be identified.
“Even more importantly, those whose identifiable MBS [Medicare Benefits Schedule]-PBS records were already published in 2016 should be notified, because the earlier release could make re-identification of their My Health Records much easier,” she said.
Harvard Medical School International Healthcare Innovation Professor Dr John Halamka also previously criticised the system for relying on outdated technology, saying that the $2 billion My Health Record was nothing more than “digitised paper” as it uses such “out-of-date” technology that crucial patient information on test results and diseases are unable to be read or shared by computers.
University of Wollongong School of Computing and Information Technology Professor Katina Michael said health data breaches, for some, could have a huge impact.
She used the recent example from Singapore, where 1.5 million Singapore health records were breached in a highly targeted effort on SingHealth. Among the breached health records was Singapore Prime Minister Lee Hsien Loong's personal records.
“What does this tell us when one of the world's most advanced cybersecurity nations suffers such a large-scale attack? Plainly, that no one's personal information is safe, no matter the measures in place,” she said.
"If we have learnt anything over the last four months, it is that electronic health records are hackable. We need not have to look too far to see that no system is impenetrable.”
Michael also speculated that there is the possibility of a ramp up of blockchain initiatives to beef up on My Health Record security.
“We will likely be told in the not too distant future that we wildly underestimated our security requirements and as such, must go one step further and protect our credentials,” she said.
According to Professor Michael, this involves the implant of a 16-digit Personal Health Record (PHR) ID number into people that also reads vital signs while embedded. This technology then alerts first responders of ailments and medications without the need for the person to provide any information.
ATSE’s Bradlow said the industry needs to be “realistic” about it as the danger of data leaking due to cyber hacking is as true as hacking any other data system.
“Let’s remember that many [healthcare professionals] have easy access to today’s paper-based health records – an electronic record is actually a step up in privacy. Within My Health Record, we can make it the default to require a patient access code,” he said.
“A well-designed record system which is managed by a professional security organisation and has a clear audit trail, for example, provided by blockchain, can mitigate this risk significantly."
Source: Hafizah Osman, 31 January 2019, “Industry calls for more caution over MHR system”, https://www.healthcareit.com.au/article/industry-calls-more-caution-over-mhr-system
Note: Thank you Hafizah Osman— interestingly I was referring to the VeriChip experiment of the PHR that Dr John Halamka trialled for a short time and wrote about in 2006 here: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1656959/