I am a general practitioner and a long standing proponent of electronic health records but I am going to opt out of the Australian Government’s My Health Record (MyHR). This will, for the first time in history, create health records which are not under the custodianship of health professionals. This will be done without the person’s consent. I consider this be dangerous.
I may opt in when I can see advantage for me, and that will be when it really is MY Health record. I work in a context where many people use and benefit from the shared record. But they understand what is going on and have consented. It was a local thing. Now it is out of control. Literally, out of your hands.
Whose Health Record?
GPs have been keeping reasonably comprehensive individual health records for many years with letters to and from hospitals and specialists, pathology and radiology results, and progress notes – which are the GPs’ reports of the interaction with that person. General Practitioners, with your funding, have generated this resource.
Who sees the value?
As health care has got more complicated this comprehensive record has become more valuable. In view of this, and the fact that patients move and change their GPs, society has legislated that a person should be able to get a copy of their record and give it to their new GP. If that record is electronic (which is almost always the case these days) you would hope that they might be able to receive it over the internet and incorporate it into the new doctor’s software. It may seem unbelievable, but it usually comes on paper! Even when the same software is used by the practices at each end! If not paper then it will be “electronic paper” as a fax, a pdf or html. I received a ‘wodge’ of paper from a nearby GP’s dot matrix printer when I first went into practice nearly 40 years ago. It wouldn’t fit into my folder as the size was not standardised. Despite working to create an international standard health record format (openEHR) that could outlive systems and software, I still get paper and faxes. Never a record we can incorporate into our software.
Is it Accurate or Complete?
There is another change that has taken place: public concern about the accuracy of digital records – health or otherwise. Giving people access to their digital health records is a check and balance on the completeness and accuracy of these records and is helpful if people have concerns (and know how to access them). Patients in some parts of the world can look at their doctor’s records on line – and show them to others. It is rare that they can add to them, but there is increasing interest in co-production of health information between health professionals and the person themselves. This will allow entry of measurements such as blood sugar and blood pressure, logs of exercise and perhaps the fact that they have stopped or not taken prescribed medication or have started a treatment they did not get from a health professional. After all, only people themselves can know what medications they are taking or have stopped.
Ownership or Access?
Ownership of health records, particularly electronic health records, is ambiguous. The simplest axiom is to accept that it is the property of the person who is the subject of that record and the set of authors of that record. The subject of the record (or their guardian) can give access to whoever they want. It has not to this point been the government’s health record in any sense, but MyHR starts to blur that boundary.
In fact, MyHR supposes that the government is a better curator of your health record than your GP or some other provider who is attempting to meet your health interests. In the absence of standardisation, there is always pressure to centralise. Although this is attractive to bureaucrats it is fraught with many problems, most of which we have not yet faced.
Dangers of a Single National Database
“If it is on the internet, you probably need to see it as public at some time in the future”, a speaker at a security conference said to me recently. The ex-foreign Minister, Julie Bishop, said the same thing on Tomorrow Tonight on the ABC last week. Wow, that goes against the grain. Why is MyHR a particular risk?
The larger and the more centralised a data repository, the higher the risk of security breaches. The ransom to unlock a hacked national database is likely to be many millions of dollars so it is very attractive. It is certainly true that a very high level of security is possible for such a monster database but governments will never have the resources that a company like Facebook has to spend on security; and yet 50 million Facebook records were recently hacked. That is twice as many as can possibly be in MyHR. There is an even more important risk to security in health care. Health care is now the biggest employer in most settings involving more than 1.5m people. Your relatives and personal adversaries are likely to work in health care or know someone who does. They are actually insiders – administrative and clinical people who have access. By contrast to MyHR, a GP practice has a very small database largely unknown to an outside agency and it is relatively secure as risks are local and more likely to be known.
Once information is in the national database it will be inordinately more difficult to remove and correct it than when it is only stored locally. We are not known to the government agent on the end of the phone. Inevitably, and many (hundreds? of) times a day, health professionals will write in the wrong person’s record and save it to MyHR. This may sound neglectful, but it is difficult to prevent completely. Once that information is pushed up to the national health record it needs to be removed. The real problem is, it is not in your health record, and someone who doesn’t look at their health record might have the wrong information in theirs for years, or forever.
Problematic entries make it more difficult for people to navigate the health system without prejudice or inappropriate treatment. These problems are very easy to correct locally where the client and clinician are known but very difficult and time consuming when it is anonymous.
Curating Your Health Record
Currently, if you want a mortgage you will usually have to agree to the lender getting information from your GP. Some GPs fall for the lender’s request to forward the entire record; something they do not have the right to do without your explicit consent. I have not had one patient agree, when consulted, to send the entire record to the insurance company. A considered report of key information is what is required. It takes time and responsibility. But the situation may be considerably worse if you have a MyHR. You can understand in the light of this why the government has said earlier this year that it is inevitable that insurance companies will get access to MyHR in the future, as people want to get mortgages. Personal access control will not stop insurance companies legitimately requesting access before providing a loan. GPs currently vet the request and the health record, withholding sensitive and potentially confidential information that bears no relation to health risk in the future while providing information that allows assessment of risk pertinent to the insurer’s decision. This will include data such as cancer diagnoses, blood pressures, weights, smoking status, waist circumference and other measures that are associated with shorter life expectancy. In the case of MyHR, who will consider the interests of the patient?
Who Benefits from a Shared Health Record?
There is little evidence to date that a national health record repository will make any major difference to care although it has been particularly important in Aboriginal health in the Northern Territory. Having access to accurate information about people as they move about the health system is likely to be beneficial, particularly if you are mobile. But it has to be trusted and complete in relevant aspects to be useful. While many people who are mobile or have major illness will benefit from the sharing of health information, it is unlikely to make a major difference to standards of care in most instances as this information is already available from the client or in correspondence. Very up-to-date prescribing will probably have some utility at this scale.
So how can it be argued that consent is not required? I am very happy for people to opt in once they believe they will benefit and I am sure there are many people who will. The risk of privacy breaches, of inaccurate or incorrect information being recorded and the lack of curation will be balanced for some by their health providers having access to information at the point of care around the country. But in general, the risks of publishing our health information demand our consent; it must not be assumed.
Further, government agencies will undoubtedly have access for what are deemed to be ‘honorable purposes’ by governments of the day. Again, I think we should have to consent to specific secondary purposes, understand the need for completeness of information, and the potential benefits to us or others from the involvement in some way.
Is making participation in the national health record repository involuntary the best solution? The shift to “Opt out” means you get one if you take no action. That is not respecting a person as a citizen.
Why Would I Want To Opt Out?
Being involved as Citizens and not Consumers
We are now consumers and we consume healthcare at an alarming rate. Never mind the over-treatment, the over-diagnosis – the more we get the better. That works politically up to a point…happy consumers. But there are consequences to this consumption apart from the waste. If we have been prescribed antidepressants for a normal reaction to the loss of a loved one, or had an ECG for chest pain that shows some ambiguous changes, or have a high blood pressure reading because we are frightened and full of adrenaline, the content of our record damns us in the future. It does so unnecessarily, as we actually have no health problem, but in a way we cannot control. Consider the possible consequences. Higher insurance premiums perhaps, more unnecessary tests because the next doctor is anxious or a persistent shadow of mental illness or suicide risk and difficulty getting travel insurance? The problem with our health information is that it is a threat to our autonomy. If people have certain information about us they can legitimately act on that basis, and defend it legally. To be citizens and partake in society as autonomous individuals we must guard our health information closely.
What Happens with Dr. Shonky, Stays with Dr Shonky.
When an incorrect record is created in a shonky ’emergency clinic’ it stays there. A record stating that we had ‘pneumonia requiring a major course of potent antibiotics for 14 days because it did not respond to the first course‘ rather than a more likely diagnosis in a fit person of ‘a viral lower respiratory infection‘ can have a major influence in future. But at least no one else knows. The more mobile you are, the more you see different practitioners, the more you find free and easily available services , the more your MyHR will be promoted as ‘valuable’ and the more full of noise it will become. There is little or no value in this information, especially when compared to a comprehensive letter from a specialist general practitioner or physician, whom you know well, providing information relevant to the problem you want solved to another practitioner you are going to see.
Less educated people will be dealt the worst hand here and stories will slowly get to the press – wrong diagnoses, wrong treatment and occasional major harm.
The Special Case of Children
I am particularly concerned about children. Parents have persuaded government that they deserve the right to access to their children’s MyHR. This sounds reasonable. It is very rarely that children will benefit from having a shared record as they are usually robust, but I do accept that there are complex paediatric situations where parents are likely to opt in and they and their child will benefit.
However, in the new nightmare, children will ALL have a record. Now, in this dystopian future, consider the plight of the adolescent who is seeking contraception to prevent pregnancy. After the age of 14, adolescents will be able to turn off parental access to their health record. But will they even be aware of the existence of this thing? Will Dr Shonky understand the implications of adding certain information to MyHR? Most troubling is that the adolescent will not be able to turn off access without parents being aware of this. How many Adverse Childhood Events are going to arise because of the MyHR? The world is not the middle class playing field that people working for government in Canberra experience. Some children will suffer.
Is there a Utopian Future?
I would like to offer some examples of health records that I think could meet our needs, and by using the word ‘our’ I mean citizens and clinicians.
For the young, IT savvy person who is most concerned about privacy, I would propose an individual health record on their phone and backed up onto the cloud maintained by a regulated cooperative agency. The health record would be composed of transactions with different health providers, potentially in different countries and even in different languages. This does require standardised export from GP and hospital systems and a means of access to a person’s health record but this is quite possible. There are technologies now available that can be used to validate such records, enabling the person to have a fully validated health record despite no one else having a complete copy of it.
The next level of control for citizens is where the health record is held by a number of providers in a range of settings. Some information is likely to be aggregated in one place by their provider of choice, but this service would be paid for and the person able to move some or all of the record to another provider. This model would involve EhrBanks, trusted aggregators and qualified custodians of health information. These agencies would hold some of the information and links to other records on other systems. These links can access and be able to pull down all the source records if required.
The EhrBank agencies would ideally be non-profit and allow individuals to consent to ‘secondary’ use of their health information for specific purposes. A representative group of clients could agree to use of data for research or other proven benefits.
In this future, I would see a national health record, but only for people moving long distances and not having providers that were grouped geographically or cooperatively. You might just have your allergies and your prescriptions on the national health record if that was of benefit.
I believe that Australians should opt out of MyHR if:
1) they believe that unknown people having access to their health information is more of a concern than health professionals not having access to it
2) their health record holds information that could damage them in the future
2) they are under 18 (involving parents opting out their children at birth)
For those who want to opt out, it might be time to consider an open platform that allows a range of solutions to meet people’s needs, while ensuring control. There are some budding examples.
Declaration of compound interests
I need to declare a number of interests. First, I am a GP and work for Central Australian Aboriginal Congress in Alice Springs, which has expressed the Board's and management's specific concerns via their umbrella organisations AMSANT and NACCHO. I have not sought in anyway to influence these and am writing this from an entirely personal perspective. Second, I am a director of the international openEHR Foundation which offers a collaborative technological specification as a solution in this domain. openEHR does not prescribe the actual implementation model, rather it specifies how to make this work in any number of ways. It is being used in the NT and also in a couple of PHNs around Australia. This technology supports and unlimited range of solutions while preserving the meaning of the health information. Third, I am a shareholder and director of Ocean Informatics which provides this openEHR based software. I have not been part of the national debate for some time as I have been disillusioned by the lack of progress. I did write the original scoping paper for the national electronic health record and have chaired and participated in various national and international standards efforts.
4 thoughts on “It’s not My Health Record, it’s Yours”
You’ve convinced me Sam, hope it’s not too late to opt out.
Hope all is well.
Sent from my iPad
It’s bad enough that doctors are allowed to keep records about us at all, let alone putting them online. Doctors don’t seem to understand the barrier they are to us talking to them, that there are things we might not want written down so we therefore can’t tell the doctor at all. Putting the damn things online as well is a complete betrayal.
Why is MyHR a particular risk?
The larger and the more centralized a data repository, the higher the risk of security breaches. The ransom to unlock a hacked national database is likely to be many millions of dollars so it is very attractive. The more people getting into health record, more data and more challenging to secure our data.