ACOSS Calls on Government to Fix Privacy Concerns in My Health Record Legislation

27 July 2018

Friday July 27, 2018: ACOSS has expressed serious concerns about the lack of adequate privacy protections in the legislation for the “opt out” My Health Record system.

It is clear that the My Health Record legislation permits the System Operator (The Australian Digital Health Agency) “… to ‘use or disclose health information’ contained in an individual’s My Health Record if they ‘reasonably believes that the use or disclosure is reasonably necessary’ to, among other things, prevent, detect, investigate or prosecute any criminal offence, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; protect the public revenue; or prevent, detect, investigate or remedy ‘seriously improper conduct’.”

ACOSS believes that My Health Record has the potential to deliver better coordinated care and allow people more control over their health information. However, the My Health Records Act 2012 fails to adequately protect the use of a person’s health information and is out of step with community expectations of privacy.

ACOSS CEO Dr. Cassandra Goldie stated: “The promise of My Health Record is a system that will enable people to control their own health information and facilitate better coordinated care.

“However, it has become clear that the My Health Records Act currently allows the system operator, the Australian Digital Health Agency, to use or disclose information for a range of reasons completely unrelated to a person’s health. This is clearly unacceptable and of major concern.

“ACOSS is particularly concerned that the legislation specifically allows the Federal Government to use My Health Records to “protect public revenue”. This could result in the release of My Health Record data to government agencies in a range of circumstances unrelated to a person’s health, including social security, tax and the criminal justice system. This should only be done either with the person’s express consent, or by court order or subpoena.

“The Agency’s policy that they will not release My Health Record data for these purposes, whilst welcome, is insufficient protection. The legislation says that the Australian Digital Health Agency can release that information, and their policy can be changed at the stroke of a pen.

“We are heartened by the statements of the Prime Minister yesterday acknowledging the privacy concerns and committing to work with the Royal Australian College of General Practitioners and the Australian Medical Association on a solution. However, we urge the Minister to also work with representatives of health consumers in developing those solutions.

“We need to see legislative protection of My Health Record information, so that it cannot be accessed by third parties without a person’s express permission, or by court order or subpoena. Only then will people have confidence that the Federal Government will protect their health information.

“Until these legislative protections are in place, the Federal Government should cease the opt out period, and retain the current opt in approach. ACOSS has received financial support from the Agency to assist with communication to the community sector about the introduction of My Health Records and we will continue to provide the community with accurate information about implementation. ACOSS recognise the potential for major health gains if we get this right. However, we cannot support an Opt Out arrangement whilst it is clear that the current legislation is inadequate for protecting people’s basic privacy.”