What might MyHR mean for workers in Australia?

Unions are claiming employers could potentially get access to the record through third parties under the default clause and the government says this section below overrides the default clause.


Pilots and GPs are just two candidate job types where employers may seek access to health records under the guise of "duty of care" or "due diligence" using the "third parties" clause. 

We are living in a society where people are being routinely socially sorted into "at risk" categories based on various digital and physical chronicles. Should a pilot who seeks help to manage stress levels be stood down? Should a GP who has gone through relationship problems due to long work hours and is mildly depressed have their license to practice suspended?

The government is backpedalling on claims that third parties will not have access to health records based on seemingly contradictory legislation (section 70).

Fundamentally, what is new here? Is that while law enforcement has ALWAYS had the right to over-ride someone's privacy based on the proportionality principle from the very beginning of the enactment of the Privacy Act of Australia, letting third parties have access to sensitive information (of which health is) is a completely different proposition. The fact that the legislation is seemingly contradictory leaves Australian workers second guessing whether their individual case will be dealt with differently based on their employer's interpretation of the law.

It is one thing for an existing employee to have their license to practice revoked based on MyHealthRecord, and an almost completely different circumstances when a candidate is not hired for a job based on their MyHealthRecord. How would they ever know? It used to be that social media profiles of potential employees were screened for "best fit", but the future might be: "show us how mentally and physically healthy you are, and we will tell you how likely we are to hire you".

There are many GPs who have deleted their electronic health record to ensure they don't fall victim to such retrospective uses of the MyHealthRecord. 

Section 14(2) of the Healthcare Identifers Act 2010 :

(2) This section does not authorise the collection, use or disclosure of the healthcare identifier of a healthcare recipient for the purpose of communicating or managing health information as part of:
(a) underwriting a contract of insurance that covers the healthcare recipient; or
(b) determining whether to enter into a contract of insurance that covers the healthcare recipient (whether alone or as a member of a class); or
(c) determining whether a contract of insurance covers the healthcare recipient in relation to a particular event; or
(d) employing the healthcare recipient.

MY HEALTH RECORDS ACT 2012 - SECT 61 Collection, use and disclosure for providing healthcare
Collection, use and disclosure for providing healthcare
(1) A participant in the My Health Record system is authorised to collect, use and disclose health information included in a registered healthcare recipient's My Health Record if the collection, use or disclosure of the health information is:

(a) for the purpose of providing healthcare to the registered healthcare recipient; and
(b) in accordance with:
(i) the access controls set by the registered healthcare recipient; or
(ii) if the registered healthcare recipient has not set access controls--the default access controls specified by the My Health Records Rules or, if the My Health Records Rules do not specify default access controls, by the System Operator.

MY HEALTH RECORDS ACT 2012 - SECT 5 Definitions[2]
"healthcare" means health service within the meaning of subsection 6(1) of the Privacy Act 1988 .

PRIVACY ACT 1988 - SECT 6FB Meaning of health service[3]
Meaning of health service
(1) An activity performed in relation to an individual is a health service if the activity is intended or claimed (expressly or otherwise) by the individual or the person performing it:

(a) to assess, maintain or improve the individual's health; or
(b) where the individual's health cannot be maintained or improved--to manage the individual's health; or
(c) to diagnose the individual's illness, disability or injury; or
(d) to treat the individual's illness, disability or injury or suspected illness, disability or injury; or
(e) to record the individual's health for the purposes of assessing, maintaining, improving or managing the individual's health.

So a provider can assess, diagnose and record information subject to the “access controls” set by the user. This is where the issue of default settings comes into play.

Default Settings of My Health Record
How is consent managed in the My Health Record system?
By default, when an individual registers for a My Health Record they give standing consent for all registered healthcare provider organisations to access and upload information to their My Health Record. Healthcare professionals working in healthcare provider organisations can:
Access the individual's My Health Record during, or in regard to, a consultation or clinical event involving the individual; and
View all documents in the My Health Record system and upload documents to the My Health Record, unless the individual specifically requests the healthcare professional not to upload the document.

Face to face with Big Brother

drivers license oz.jpg
  • National biometric database to fight terrorism, identity theft and serious crimes 
  • Drivers' licences to start to be loaded into Home Affairs new database soon
  • The new database can also be used in the prevent outbreaks of serious diseases

A national facial recognition database system is set to become Australia's latest weapon in the crackdown against terrorism, identity theft and serious crimes.

Millions of driver's licences will start to be loaded into the Department of Home Affairs new biometric database within months, which every Australian drivers licence could be linked within 18 months, The Courier-Mail has revealed.

Police are currently being trained to use the Driver Licence Facial Recognition Solution, the publication reported.

Firearms, fishing and proof-of-age cards can also be uploaded into the system which can hold up to 30 million licences.

The aim of the database is to give national and state law enforcement agencies a new crime fighting tool in their crackdown against terrorism, identity theft and serious crime. 

To solve serious crimes, police will be able to run CCTV through the database, which will bring up to 20 possible suspects.

The database will also prevent outbreaks of serious diseases, where health agencies can request police to track down members of the public who came into contact with someone carrying a disease.

While all states and territories agreed to the identity-matching services last year, the  federal government is yet to get new laws passed through parliament.

Privacy has been raised as a concern, along with the vulnerabilities of biometrics.

Around half of Australia's population already have some type of visual biometric stored in a nationally-accessible database, according to technology and legal expert Professor Katina Michael.

She told the ABC earlier this year that figure to grow will 80 per cent with the inclusion of drivers licences.

'It's not like a one-on-one match, where you put (in) an individual's face and say: 'they're a suspect',' Professor Michael said.

'But rather what you get returned is a number of possibilities … you might get back 15, or 20, or 30, or 50 matches.'

Citation: Kylie Stevens, August 6, 2018, "Face to face with Big Brother: Millions of driver's licences to be linked to proposed national facial recognition database", DailyMail: Australia, http://www.dailymail.co.uk/news/article-6028795/Millions-drivers-licences-linked-proposed-national-facial-recognition-database.html

Stare into the Lights my Pretties by Jordan Brown


We live in a world of screens. The average adult spends the majority of their waking hours in front of some sort of screen or device. We’re enthralled, we’re addicted to these machines. How did we get here? Who benefits? What are the cumulative impacts on people, society and the environment? What may come next if this culture is left unchecked, to its end trajectory, and is that what we want?

Stare Into The Lights My Pretties investigates these questions with an urge to return to the real physical world, to form a critical view of technological escalation driven by rapacious and pervasive corporate interest. Covering themes of addiction, privacy, surveillance, information manipulation, behaviour modification and social control, the film lays the foundations as to why we may feel like we’re sleeprunning into some dystopian nightmare with the machines at the helm. Because we are, if we don’t seriously avert our eyes to stop this culture from destroying what is left of the real world.

Program title: Stare Into The Lights My Pretties.

Duration: 120 minutes.

Year of Production: 2017.

Website: https://stareintothelightsmypretties.jore.cc/

Trailer: http://www.imdb.com/videoplayer/vi666155033

Full version screener: https://stareintothelightsmypretties.jore.cc/files/StareIntoTheLightsMyPretties_1080p-4982k.mp4

IMDB Entry: https://www.imdb.com/title/tt7762882/

Family Planning NSW Data Breach

Katina Michael with Ally Crew, "Family Planning NSW Data Breach Financially Motivated", ABC Radio National Australia. May 14, 2018.

https://www.fpnsw.org.au/ on May 14, 2018

https://www.fpnsw.org.au/ on May 14, 2018

Thanks to executive producer Eleni Psaltis.