DoHA rejects claims patients “inveigled” into PCEHR sign-up
The Department of Health and Ageing (DoHA) has rejected claims by the Australian Privacy Foundation (APF) that patients are not giving informed consent to their information being shared on the PCEHR, and that some have been “inveigled” into signing up.
The APF recently released a statement claiming that the federal government's advertising campaign for the PCEHR was misleading and was “designed to pitch the benefits of PCEHR system registration without fully informed consent”.
The chair of the health committee of the APF, health informatics professional Juanita Fernando, said the advertising campaign and the many fact sheets about the system “fail to properly inform, and hence people are being [inveigled] into consenting to participation in the scheme”.
A DoHA spokesperson rejected the claims, saying the department was “committed to consumers having the information they need to give fully informed consent prior to signing up to use” the PCEHR.
“Consumers who register for a PCEHR are provided with clear and detailed information about how their personal information will be used in the PCEHR system,” the spokesperson said.
“Essential information is provided in each registration channel and a full privacy statement is available through a number of sources including online at www.ehealth.gov.au.
“As part of an application a consumer makes a declaration that they have read the essential information. The essential information was developed in close cooperation with the Office of the Australian Information Commissioner.”
Dr Fernando said while patients give consent when they sign up, she does not believe this consent is informed.
“The issue of informed consent is pivotal to this discussion,” she said. “One cannot provide informed consent without access to pertinent information. The information published by various DOHA-linked health authorities is incomplete and very hard to read.
“Also, one can consent to register and mechanisms exist for this, what if people change their mind – where is the mechanism that allows opt out?”
Dr Fernando said she had been contacted by several people who have said they were not told about privacy considerations before signing up, but she could not reveal any details as that would necessarily involve identifying them. She said she would encourage them to contact Pulse+IT, but so far none has done so.
The APF also said that “several individuals have reported approaches targeting Centrelink clients and those in rehabilitation, the chronically ill and parents of newborns while the mother is in labour.”
“Patients in rehabilitation have reported feeling pressured by health practice staff to encourage them to join the PCEHR system with 'assisted registration'.”
Dr Fernando said she could not reveal any evidence supporting these claims “without the consent of those involved, where real or perceived, they see themselves as whistle-blowers who would be imperiled by a public ID”.
She pointed to arguments made by health informatician Terry Hannan, who has raised concerns in the past about what he believes are inappropriate approaches to patients in the hospital setting, including at Launceston General Hospital where he is a consultant physician.
Dr Hannan commented on a recent Pulse+IT article, saying he had observed the registration of a patient with five children, “during which the registrant had no idea what he was signing up for”.
“The forms were being filled by the registering staff on paper with only one adult present (the father) whose educational level required more than 'minimal guidance',” Dr Hannan wrote.
“It is obvious that these members of the community have no idea of what they are registering for and are very unlikely to have e-communications available on a daily basis.”
Dr Fernando also raised concerns about what she said was a lack of information given to consumers on who can access their records, saying the fines listed under the PCEHR Act for inappropriate or unauthorised access to the PCEHR were not adequate safeguards.
“The OAIC and System Operator can choose not to act on proven breaches,” she said. “The System Operator and their agents are exempt from litigation. The fines exclude any human factors issues and make it clear that clinicians can say "oops" and no sanction will apply.
“Or we can rely on current privacy laws, which have proven ineffective for around two decades.”
Dr Fernando also said she understood on her reading of the available documentation that all clinicians, whether they were authorised to use the PCEHR or not, had access to the PCEHRs of people who were not their patients.
“[A]ll clinicians, whether registered or not, can review the Shared Health Summary, and PCEHR registered clinicians can look at the records of people who are not their patients unless the patients specifically directs otherwise and the clinician remembers to upload information. I'd love to be wrong.”
Posted in Australian eHealth