Welcome to Eureka Street

back to site

AUSTRALIA

Data, distrust, and the disastrous My Health Record

  • 06 July 2017

Plagued by sluggish uptake, clinician reticence and a substantial privacy backlash, the $1.2 billion My Health Record has proven, thus far, something of a lemon.

No amount of rebranding away from the unfortunately-acronymed PCEHR ('pecker') to My Health Record, or push to a coercive opt-out model can overcome the simple fact that it isn't very popular. After five years just five million Australians — one in five of us — have signed up for a record, and only 10,000 doctors, hospitals and other health providers are on board.

The putative benefits of an electronic health record have been expounded at length by the government, and are purported to include: less fragmentation of health data across a heavily siloed system; improved availability and quality of information; fewer adverse events and duplicated tests or treatments and improved coordination and quality of care overall.

Savings, of course, feature prominently — some $7 billion in direct costs every year, according to modelling done for the government. Untold billions more could be leveraged through sale of deidentified data (something that is already taking place).

But for success there must be buy-in, and for buy-in, there must be trust, according to the Productivity Commission. Both are lacking, and it is important to consider why.

In general terms, Australians have little reason to trust the government when it says it can protect their data. The 2016 Census distributed denial of service fiasco exposed fundamental infosec flaws; indeed, Cyber Security Minister Dan Tehan speculated that Australia had only managed to dodge the recent WannaCry ransomware attack because it fell locally on a weekend.

Wannacry threw Britain's National Health Service into disarray, highlighting the vulnerability of online systems hosting some of the most sensitive data about a country's citizens. A similar attack crippled the Ukraine and sent ripples across the globe last week, with hospitals among those affected.

Serious doubts were raised about the sanctity of health data already held by the Australian government this week after The Guardian revealed the Medicare details of any citizen were available for sale from the darknet, in real time — implying a live and active leak. Electronic health records are estimated to be 100 times more valuable than stolen credit cards, and healthcare is second only to financial organisations as the top target for data breaches worldwide.

 

"These unknown unknowns may be trivial, or they could be pivotal to a diagnosis or course of treatment. So too, the information never disclosed to