Tuesday, April 18, 2017

Despite The Sound And Fury Do We Really Know How Opt-Out Settings Are Being Set?

This article appeared last week:

Optometrists and dentists will know if you’ve had an abortion or mental illness in health record bungle

Sue Dunlevy, National Health Reporter, News Corp Australia Network
April 10, 2017 10:00pm
THE private health records of Australians can be accessed by more than half a million people under the latest bungle with the $2.2 billion electronic My Health Record.
News Corp Australia has learned that the privacy settings on the government’s computerised My Health Record, which lists every medicine a patient takes and records every medical visit and procedure, are automatically set on “universal access”.
This means every registered health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient specifically requested to opt out.
Occupational therapists working for an employer, doctors working for insurance companies, a dietitian, an optometrist or a dentist or their staff can view the record and see if individuals have a sexually transmitted disease, a mental illness, have had an abortion or is using Viagra.
“Potentially your employer’s occupational therapist can look at your record and get information they really shouldn’t be getting access to, its confidential data,” says former AMA president Dr Mukesh Haikerwal who was a government consultant on the My Health Record.
The bungle came about because the record was originally set up as an opt in system and when people set up their record they were given the option to set a PIN number to protect the information and determine who got to see it.
Nearly four million people set up a My Health Record under the opt in system but doctors weren’t using it because four years after it was established 83 per cent of Australians still did not have one.
Last year the Turnbull Government trialled turning the failed record into an opt out system.
One million people in the Nepean Blue Mountains area of NSW and Northern Queensland were given a record unless they opted out.
News Corp has now learned only 147 of these one million Australians automatically given a record under the trial set up a PIN number to protect their health information.
“147 My Health Records created in the trials have access controls set to restrict which healthcare providers can see the record, or have controls restricting access to certain documents in the record,” the Department said.
“This equates to 0.0151 per cent of My Health Records automatically created in the trials. This is consistent with the rates of access controls set by those who have opted to register for a My Health Record,” a spokeswoman for the department said.
There is a great deal more here:

http://www.dailytelegraph.com.au/technology/optometrists-and-dentists-will-know-if-youve-had-an-abortion-or-mental-illness-in-health-record-bungle/news-story/b73cccfaf20b6fe96862e9c021b49ae0

What is claimed is that the records created for those who are being opted in (failed to opt-out) have the security and privacy setting at full access until the individual involved logs into the record and changes things. This is true as far as I understand the system – certainly for access to my record this is the case. Once you can you access the record you get the lot (unless the user has changed access controls - and few do)!

What this means is that there are 2 crucial things that we need to know.

1. Are the populated records created at the time of the decision to go to opt-out or at the time of first attempted access? It seems probable in the trial areas they are created instantly - from user comment in the area involved.

2.Once a record is created what information is it automatically loaded with? Seems might be a bit later but who knows? There certainly seems to be no constraint on automatic uploading of discharge summaries etc.

The worst case (privacy-wise) is that the feeds of pharmacy and MBS data are used to populate the unused but now brought into existence records in a few weeks’ time or whenever. What this then means is that the myHR is populated with all the ‘automatic’ information and sitting there waiting for Shared Health Summaries and other specifically entered material.

Note that the automatic data allows a great deal of private information to be seen and deduced.

If the records are not created and not pre-loaded till use is attempted then there seems to be less of an issue.

I, for one, have not seen enough detail to understand how all this is meant to work.

Until this detail is out in the open we are all in the dark I believe. That said the planned opt-out looks like an approach that will create a lot of empty records which will, over time be automatically populated, given most people will not be really aware they have a record. (Info from users in the trials)

This means that once everyone had a record if you know a patient identifier and have access to the GP or other system you will have pretty total access to the record - unless the individual has gone in and changed access privileges.

So, joining the dots, it is possible to look up IHI's to put into local records if you are at a GP system, with an IHI you can locate a record and the record will most likely be open, given so few patients will have changed that. Overall it seems to me that the Tele was pretty close to the money then. (Remember lots of people have access to GP systems as GPs, staff etc.)

I look forward to explanations of where this is wrong and why. Also a new up-to-date CONOPS would be a really good idea I reckon. Would stop the confusion and wondering - to say the risk of any misinformation.

David.

3 comments:

Anonymous said...

I am interested in a few questions being answered. The last time I checked apart from Taxes and Death I thought we had freedom of choice?

Why can the government demonstrate the claim of the information in MyHR for use if population health, clinical decision support and say care planning? Surely amongst 4 million opt in citizens there must be at least 50,000 that can be used?

There are concerns raised over the usefulness of the data and the design being a document store not a content store, why cannot the data be used, or what is its limits?

Why have the privacy setting in full access? Seems a poor way to engage the customer base, would having it closed, inviting the subscriber to open it up to a known set of care providers be a far more engaging approach?

And finally why do we need a system like this, surely in this day and age there are superior ways to have technology working together across organisations?

Anonymous said...

Pravachol seems to be a recurring theme for the national health record. There is also a clear tactical pattern of playing the 'wait and it will run out of steam' this is backed up by what seems to be subtle marginalisation and credibility erosion of anyone who dares speak up. It seems strange that so little effort goes into addressing these concerns around privacy compared to that of suppressing alternative and valid perspectives. I might add many making these claims would appreR far more qualified and less impartial than those rebuking that concerns.

Sign of the times I guess the axe is mightier than the think tank.

Anonymous said...

Pravachol? You mean privacy concerns? Your device is intuitive:)

Yes this a recurring concern, probably more reflective of the lack of value to be had in any trade off. Also a trust factor.