My Health Record myths
1. Police can access your My Health Record whenever they wish – FALSE
The Australia Digital Health Agency has not and will not release any documents without a court/coronial or similar order. No documents have been released in the last six years and none will be released in the future without a court order/coronial or similar order Additionally, no other Government agencies have direct access to the My Health Record system, other than the system operator.
2. Insurance companies can access your record – FALSE
My Health Record data cannot be accessed by insurance companies and your data cannot be sold. The use of My Health Record data solely for commercial and non-health related purposes is not permitted and is illegal, anyone who were to do this would be prosecuted.
3. Centrelink and ATO can access My Health Record to use against someone in denying them a financial claim - FALSE
Polices, Government bodies and employers do not have access to the My Health Record system. The Agency considers any formal request on a case by case basis. However, their operating policy is to release information only when they are legally compelled to do so eg. Receive a court order.
The Agency would not permit access to a My Health Record in a scenario where a request to access the My Health Record system was for protecting public revenue. The Agency does not consider that an employment check is healthcare and therefore the use of My Health Record would not be permitted.
4. There have been multiple data breaches of the My Health Record system - FALSE
In 6 years of operation, there has never been one security breach of the My Health Record system. The system was designed at its core to have the highest level of security and meets the strictest cyber security standards.
5. My data will be used for secondary use for research and public health purposes – TRUE
It is expected that My Health Record data will be used for public health and research purposes from 2020. You can decide if you don’t want your My Health Record data to be used for research and public health purposes.
There is framework in place that clearly states the potential use of your data. The framework includes:
- There will be no use of My Health Record data solely for commercial and non-health related purposes.
- Insurance agencies will not be permitted access to My Health Record system data.
- Data can’t be used to assess eligibility for benefits (e.g. use by Centrelink and/or the ATO to make determinations relating to an individual).
- High standards are set for protection of people’s privacy.
- Use of identified data will be subject to strict ethics approvals and you must consent first.
- My Health Record data released for secondary purposes must not be sold.
After the opt-out period, parents of newborn children can opt out of My Health Record for their child as part of their Medicare registration.
7. Patients have no control over who can access their My Health Record – FALSE
Individuals can set document access controls within their My Health Record and can restrict the access of their healthcare provider organisations. In addition, you can review the audit log to view the healthcare provider organisations who have accessed your record and when they access the record.
8. After the opt-out period, once you cancel your record it will be archived – FALSE
The Australian Digital Health Agency is currently amending the legislation, so if someone cancels their records it will be gone forever and not be stored.