Opt in, opt out, or shake it all about

Was it bad timing or just bad luck that on the morning of the day the Australian Digital Health Agency decided to announce the date on which people could begin opting out of the My Health Record, a massive media storm exploded over what appeared to be a serious hack of Family Planning NSW's website, which could potentially have breached the privacy of thousands of people.

As it turned out, the hack exploited a vulnerability in a particular piece of software used to build websites, one of which just happened to belong to FP NSW. It was a ransomware attack of the kind that is increasingly common to all manner of industries and organisations, but which did not target healthcare, Family Planning or its vulnerable clients specifically.

Our honourable colleagues in the ravening media pack were all over it of course but the drama has died down since then. It did however overshadow the announcement later that afternoon that the period in which people can opt-out of the My Health Record program would start on July 16.

A couple of weeks ago we we polled Pulse+IT readers to see whether you thought the percentage of people opting out this year would be higher or lower than in 2016, when the two opt-out trials were held in northern Queensland and western Sydney. The result was reasonably even – 56 per cent of readers thought more than two per cent would opt out, while 44 per cent said the figure would be lower.

Pulse+IT was of the opinion that considering there will be a much bigger marketing campaign this time and everyone will know about it, more people would opt out – three or four per cent perhaps.

We're revising that projection slightly considering the increased focus at the moment on privacy, what with Facebook's dramas, the EU General Data Protection Regulation coming in next week, and every app you ever downloaded but forgot about now sending you emails saying they are updating their privacy policy.

A lot of the reporting on opt-out this week was around the potential risks to privacy of the My Health Record. The privacy lobby was prominent, warning of the potential horrors that lay before us. As those of us around back in 2011 when this was all debated in federal parliament will remember, the privacy lobby had a big win when it managed to stymie any consideration of opt-out in the concept of operations of the PCEHR, as we still fondly call it, despite most of the peak bodies wanting opt-out from the start.

This, in addition to the unarguable fact that the system was simply not ready to go live in July 2012 and has been pretty much useless since, has held up progress for several years. What it has also held up is moves towards opening up health information to the people it belongs to: patients.

While the privacy advocates argue they are working to protect citizens' privacy from an ever-encroaching government, they rarely explain their views on why they are actively working against a citizen's right to access their own information, which was one of the primary reasons the PCEHR was developed in the first place.

Just this week, we heard that questions were being raised about Medicare's Express Plus app, which people can use to change their bank account details and look up their MBS claims history. This is of course when the app is working, which reviews on the App Store say is not very often.

Apparently the privacy people aren't happy about this, because the data is only protected with a PIN. We are of the opinion that most people are perfectly capable of weighing up the risk of a privacy breach with the benefits of access to their own information, whether it's on an app or the My Health Record.

There are already strong structural barriers to patients accessing their own information, along with a certain amount of cultural resistance. What is often forgotten in arguments over the worth, usefulness and security and privacy implications of the My Health Record is that it not only means healthcare providers can access the information, but for many, it is the first time the patient can too.

A lot of people aren't interested in their health data and are more than happy to let their doctors take care of it for them, so we reckon a sizeable proportion of the population won't even bother to register for MyGov to have a look even if they don't opt out.

We also remain of the opinion that most people still trust the government – or at least Medicare – to manage their data safely. The government already holds lots of data about your health: they know when you last went to the doctor, what medications you were dispensed and what blood tests you have had, because they pay the bills.

Legitimate concerns over the My Health Record remain of course so there's the obvious third option: opt out now and if things go well, opt in at a later date. It may make the government's figures look bad, but so what. We reckon about 20 per cent of the population will give serious thought to opting out, and perhaps 10 per cent will do so. The rest will either be keen to have a look, or couldn't care less.

We'll wait to see what the agency comes up with in terms of its ad campaign. They tell us they learned a lesson from the 2016 opt-out trials, which were run by DOH and DHS. As well as sending letters to dead people, about 50 per cent of the participants in the trial couldn't even remember receiving a letter about opt-out, having just chucked it straight in the bin. There was also the little issue of the website for registering to opt-out, which forgot the S(ecure) in HTTPS.

Hopefully things will go a little better this time. ADHA has lots of staff on hand, with extra help for non-tech savvy people, and there is even the ability to opt out on paper. What could possibly go wrong?

That brings us to our poll question for this week: Do you reckon ADHA's opt-out operation will go without a hitch?

To vote in our weekly polls, sign up for our weekend edition or leave your comments below.

Our poll last week asked: Do you think ePrescribing will be ready to roll by October 2019? Not a chance, according to three quarters of our readers: 24 per cent said yes, 76 per cent said no.

Comments   

# SA Health staff member 2018-05-21 10:09
Thanks for the reminder to all that this is supposed to be about the consumer of Health services. Too often the assumption is that the PCEHR/MyHR exists for the benefit of the provider of services rather than the consumer because this is the normal pattern of IT systems created by large organisations. It's a shame MyHR doesn't go further though: I myself find it frustrating that I can't enter any notes about my health history that are actually visible to providers beyond current medications and allergies. Having lived in 3 different countries and moved house a few times in Australia, there is no single health provider that has a complete record of my health history and surely anything I can add to my record has the potential to be useful. Further, as far as I am aware there is no facility for providers to upload historical data beyond a current Shared Health Summary. I fully understand the technical difficulty in this having spent much of the last 5 years working on systems creating CDA documents for MyHR but if this is truly about a complete record for the benefit of the consumer then it would be nice to see an attempt.
# QLD Health staff member 2018-05-24 07:36
Totally agree with you on the idea of centralized Health Record. Don't agree about the way it was done, technology used and the level of control the patients have - still long way to go.

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2018 Pulse+IT Magazine
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.