Business Marketing


  • Written by Peter Bragge, Associate Professor, Healthcare Quality Improvement (QI) at Behaviour Works, Monash University

Australians have just under three months to decide whether they want a My Health Record, which would allow the various health professionals who look after them to access and share their health information. From October 15, those who haven’t opted in or out will have a record automatically generated.

In emergency situations, access to information from My Health Records about allergies, medicines and health conditions can save lives. Day to day, it will provide benefits such as reminding us when we last had a tetanus shot, or allowing a back-up GP to access the results of a recent blood test so we don’t need another.

Efficiencies generated by My Health Records, including reduced duplication of tests, are projected to save more than A$300 million over three years.

Most arguments for opting out revolve around the security of health data in centralised record systems. But if you’re opting out of My Health Records, you’re opting in to “business as usual”. So it’s important to know what the current system looks like.

Read more: What could a My Health Record data breach look like?

As you read this, reams of medical data are being sent between health professionals in the mail, through conversations (on the phone or in person), and in small pockets of secure messaging. This includes emails, text messages and faxes.

In 2016, the Royal Australian College of General Practitioners recommended ceasing the use of fax machines within three years, noting that slow communication between health providers could result in significant medical errors.

Tragically, ten months earlier, Victorian man Mettaloka Halwala died after his cancer test results showing signs of potentially fatal lung toxicity were faxed to the wrong number.

This underlines the limitations of paper records as a method of storing and communicating medical information. There are numerous examples of paper medical files being found in bins and inadequately disposed of, including examples of records being found by complete strangers.

This is in part a function of their enormous physical volume. To give you an idea of the scale, in 2016, the Royal Adelaide Hospital faced the challenge of moving an estimated 400,000 paper records from the previous two years alone to a new site.

Read more: My Health Record: the case for opting in

Health services and systems have long known the limitations of paper records – which is why you already have several electronic medical records.

When you visit your GP, your consultation data will typically be stored electronically in a GP computer practice system such as Medical Director.

Any prescriptions will be stored on another computer system at your local pharmacy. Data on all dispensing transactions is also sent to higher-level government repositories.

If you are unwell enough to need a visit to hospital, more of your health data will be stored in another separate hospital system. This system may be mainly paper, fully electronic, or somewhere in the middle, which is the situation for most hospitals across most of Australia. Only three Australian hospitals have highly automated medical records.

In hybrid paper-electronic systems, paper documents may be scanned into your electronic record – creating two copies of the same information and thus doubling the opportunity for data breaches.

Many people would assume that these software systems are in some way compatible. They’re not. There isn’t even one software platform for each of these parts of the health-care system; there are multiple platforms available to GPs, pathology labs, hospitals and other practices.

Your My Health Record will contain summaries and subsets of all these types of data that are critical to your health care – if you maintain the general setting – as well as more detailed sources of the electronic data that already exists today in multiple locations.

Read more: My Health Record: the case for opting out

Australians are understandably concerned about hackers breaching the government’s aggregated data system. But there is comparatively little concern about their local GP clinic, pharmacy, imaging centre or hospital being hacked. Yet these systems have far less financial investment, no overarching governance authority and, at times, limited IT support.

True, each of these systems contains only a piece of your medical history. This means that if any one of them were to be hacked, you wouldn’t have all of your medical information accessed. But any argument about vulnerabilities in My Health Record data security can be more convincingly made for the present system.

It’s important to have all the facts about the status quo of health records, and what might be lost or gained through My Health Record, before deciding whether to opt in our out. If the considerable investment in My Health Record comes to nothing, the opportunity to address the limitations of the current system will have been lost.

Read more