Govt’s MyHealth Record scheme a “privacy disaster”, warns Privacy Foundation


news The Australian Privacy Foundation (APF) has warned that the Federal Government’s MyHealth Record system is a “privacy disaster waiting to happen”.

The scheme’s “biggest weakness”, according to the privacy group, is the Medicare Call Centre with its many operators – “all with potential access to MyHealth Record data”.

The APF cited the government’s 2011 promise of a “clear and robust framework” for the scheme’s call centres. “Five years later,” it said, “there are no rules or procedures in place, the necessary infrastructure or a robust framework of privacy protection.”

According to Dr Bernard Robertson-Dunn, chair of the health committee at the APF: “This total failure to deliver on its promise and put in place much needed protections exposes patients to curious call centre operators whose prying and spying are unlikely to be detected.”

“This will get even worse if everyone is forced to have a My Health Record, which the Government is trying to do with its opt-out initiative,” he added.

Accusing the government of “breathtaking negligence”, the APF said that call centre operators have “unlimited access” to patient health records in order to do their jobs.

“There has been nothing done to properly and adequately protect patient data from misuse by these operators, whether intentional or accidental,” it said.

Robertson-Dunn commented: “Health information is highly attractive to criminals and hackers. This is a serious threat not only to patients but to call centre operators
themselves who could potentially be pressured by outsiders to reveal health data on targeted individuals.”

Suggesting “prevention is better than cure”, he went on: “Relying on criminal and civil penalties will not protect privacy. It will only punish breaches, where they are detected.

“The priority for government now should be the acknowledgment and fixing of the privacy and security “flaws”, Robertson-Dunn said, adding that the MyHealth Record scheme is “not safe to use in its current form, “especially with the dangerous ‘opt out’ model creating records without prior consent”.

The Australian Privacy Foundation called on the Australian Government to “immediately stop the opt-out registration trials” and to “seriously reconsider” the “enormous privacy risks” of its call centre.

“Australians need to be aware that that the system has other privacy-threatening features such as that it is impossible to cancel or remove your record. You can only inactivate it,” Robertson-Dunn added.

“Unfortunately the MyHealth Records system is like Hotel California: ‘You can check out any time, but you can never leave’,” he concluded.

Image credit: United States Geological Survey, public domain