Residents’ My Health Record data will be inaccessible to police without court orders – the move comes after federal health minister Greg Hunt succumbed to pressure over widespread privacy concerns.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Mr Hunt announced on Tuesday night the My Health Record Act 2012 will be redrafted to ensure "no record can be released to police or government agencies, for any purpose, without a court order”.
“This policy requires a court order to release any My Health Record information without consent,” Mr Hunt said in a statement.
Residents may also choose to permanently delete their records as part of the changes.
However, CSU Wagga’s associate professor in computing Dr Tanveer Zia said that legislation changes were not “the same as improving security [of the platform]”.
“Security and trust in the platform should be two other key factors to improve on – the three need to work together,” he said.
Dr Zia said that security concerns relate to the number of users accessing data on mobile devices and the fast-changing nature of technology.
“I’m not saying that the administrators of the platform are not careful. Indeed, they’re professionals and trained, but the worry is that the more users there are, the increase in security risk,” he said.
“Casual or part-time medical staff, for example, may not always be fully aware of the procedures [in maintaining data security] compared with a full-time practitioner.
“Human factors are always security’s weaknesses – we're the weakest links.”
Dr Zia also said the recent cyber attack on Singapore’s health database, where details of 1.5 million people (including Prime Minister Lee Hsien Loong) were stolen, was as an example of security failure.
“No matter how tight security is, any large database is still vulnerable to attacks,” he said.
Human factors are always security’s weaknesses – we're the weakest links.
- Tanveer Zia, CSU Wagga’s associate professor in computing
His comments come around the same time in which a report found that the private health sector recorded the most number of reported data breaches.
In the Office of the Australian Information Commissioner’s Notifiable data breaches quarterly statistics report for April 1—June 30, 2018, the sector recorded 49 notified breaches out of 242 notifications.
The report, announced on July 31, 2018, does not include the My Health Record scheme.
Of the 49 notifications, human error accounted for 59 per cent while malicious or criminal attack made up 41pc.
The OAIC’s Acting Australian Information Commissioner and Acting Privacy Commissioner, Angelene Falk, said that the findings showed that the Notifiable Data Breaches scheme helped ensure individuals were made aware when the security of their personal data was compromised.
“The report provides important information on the causes of data breaches so all entities can learn lessons and put in place prevention strategies,” she said.
On August 1, Ms Falk welcomed Mr Hunt's announcement, saying it strengthened privacy protections.
“The proposed amendments to require a court order to release any My Health Record information without consent will create certainty and enhance privacy safeguards for all Australians,” Ms Falk said.
The proposed amendments to require a court order to release any My Health Record information without consent will create certainty and enhance privacy safeguards for all Australians
- Angelene Falk, Acting Australian Information Commissioner and Acting Privacy Commissioner
“Significantly, the proposed amendment to allow an individual to permanently delete their record will give the community greater control over their health information.”
The changes announced by Mr Hunt would align the Act with the existing policy by the Australian Digital Health Agency, which administers the My Health Record platform.
They were made after talks with the Australian Medical Association and Royal Australian College of General Practitioners.
Mr Hunt said no documents have been released in more than six years under the agency's policy and no documents will be released without a court order.
“This change to the My Health Record Act will therefore remove any ambiguity on this matter,” he said.
“In addition, the government will also amend Labor's 2012 legislation to ensure if someone wishes to cancel their record they will be able to do so permanently, with their record deleted from the system.”
Mr Hunt said the changes would be made “as soon as possible”.
The Murrumbidgee Primary Health Network has been sent a list of questions related to the changes.