Welcome to Eureka Street

back to site

Don't fall for My Health Record data binge



This past week has seen a flurry of activity in Australia concerning privacy and human rights. UN Special Rapporteur on the right to privacy, Professor Joseph Cannataci, has spoken at a number of events as part of consultations he is undertaking while visiting Australia. In the same week, the Australian Human Rights Commission launched its own issues paper on human rights and technology.

Thermometer and pillsMeanwhile, Australians have been caught up in yet another government data project whose design confounds even the most basic notions of privacy. My Health Record is a centralised electronic medical record created automatically for every Australian. While originally Australians could opt in to the service, it has now become 'opt out'.

The concept sounds good. Imagine a one-stop-shop of your medical details at the fingertips of your doctor. For people with complex health needs in particular, such a record would surely assist in providing seamless care. However, there are three serious flaws in the system that together demand our serious attention before we hand over control of our collated health data to My Health Record: these are the design of the system, its legal framework, and the overarching culture surrounding data in Australia.

Rather than a complete record of a patient's medical history, My Health Record provides summary information including instances of Medicare-rebated health care and prescribing history, as well as immunisations and allergies. Doctors may also upload clinical notes. Patients may also place constraints on what information is uploaded to their record, and who may access that information.

Doctors accessing this information in one place is a recognised benefit of the system: it will help bridge gaps in communication between treating doctors. But people will still need, and will still have, full medical notes at their doctor's and from hospital visits. The My Health Record system is no substitute for a full medical history.

Information in My Health Record may be breached or released by a host of others beyond those working in a doctor's surgery or hospital. This is expressly contemplated by the legal framework of My Health Record, in the My Health Records Act. Of particular concern, the Department is authorised to release patients' information for law enforcement purposes where it reasonably believes disclosure is reasonably necessary for a broad range of law enforcement purposes.

This is not a mandatory provision. The Department is not obliged to release patient information to law enforcement agencies. But it is authorised to do so. Therefore, there is no requirement for a warrant to access patient information if the Department is willing to hand it over.


"It is incumbent on citizens to vote with their feet — to protest and to opt out of My Health Record — to send a message to government that we do not accept this incursion of state power."


The Department has indicated that its policy is to refuse to disclose information. However, a policy does not give patients a right for their information to be protected. Beyond the Act, Australia has no bill of rights. We have no entrenched privacy protections. There is no check on government power over our sensitive health information which government will capture by default.

In response to persistent public outcry about My Health Record, the Prime Minister indicated late last week that the government would review the legislation. He stopped short though, of explaining what action would be taken.

And this brings me to the culture surrounding data in Australia. Data is seductive. It (legitimately) forms the basis of scientific inquiry, of evidence-based government policy, and of commercial enterprise. Government therefore has a tendency to try to use pools of data for as many purposes as possible — including to sell it. This is what happened in the 2016 Australian Census, and what caused such opposition.

On the other side of the equation, citizens as users of the internet have been softened into giving up their data to corporations, largely unknowingly. Governments have capitalised on this learned complacency in developing information infrastructure that gathers and aggregates our data from diverse sources. This data provides government with the means of making decisions for the public good, but it also expands government power at the expense of the citizen's freedom, autonomy, and self-determination.

My Health Record is the latest example of a system that lures us with proclaimed benefits and convenience, but in a way that enhances government power without balancing government responsibilities to ensure citizens' civil liberties. The power to share health information with law enforcement raises questions about Centrelink enforcement proceedings, NDIS investigations, workers compensation matters, and disciplinary matters against professionals, among others.

The relationship between My Health Record and secondary services or apps, such as those used to book appointments with your doctor, is also unclear, with the potential for health information to be shared with (sold to) commercial third parties.

It is not possible to understand the benefits of a massive data collection program such as My Health Record in the absence of considering its effect on the relationship between citizen and the state. It is incumbent on citizens to vote with their feet — to protest and to opt out of My Health Record — to send a message to government that we do not accept this incursion of state power. And it is incumbent on government to listen and act.

See the Australian Privacy Foundation for information on how to opt out by the due date of 15 October.

Make a submission here to the Human Rights Commission about technology and human rights.



Kate GallowayKate Galloway is a legal academic with an interest in social justice.

Topic tags: Kate Galloway, health, privacy



submit a comment

Existing comments

Is there a large component of fear and conspiracy theory in current hysteria about My Health Record?. The conversation is starting to resemble camouflage jacket clad backwoods survivalists internet rantings about the government stealing our freedoms. What has been the track record on "liberty" of it's well established predecessor? The panic stricken public want their Cake, and eat it too..."don't collect my data! Give me Free GP visits and free Hospitals"

Harry Spratt | 31 July 2018  

Modern Medicine is more than adequately equipped to diagnose and treat any serious threat to life or general health without access to a life long record of any patient. Government should spend our money on staffing and facilities of health providers. It is the lack of funding for essential services that most frequently leads to the occasional disasters that happen in our health system, not the lack of easy access to a lifelong medical history. Doctors, nurses and paramedics are trained to the highest levels of expertise in this country and their patient's will not be served by un-informed political interference which polices their life long health record with little intent other than to serve control by "big brother", a beast usually possessed of a hidden agenda, a beast which in this case is more likely to serve government coffers than sick people. And in the future who knows ? Perhaps the culling of those who are costing government too much once we have successfully "progressed" to legalised murder (euthanasia ) under the guise of the right of the terminally ill to die with dignity. Or perhaps a cap on what government is prepared to pay for any one individual during a government prescribed lifetime. We already have experience of health insurers capping benefits in the interests of executive salaries, management bonuses and stock-holder profit. We already have experience of government capping and indeed decreasing Medicare benefits despite increasing taxation levies on health care. A dark, brave new world is looming above us today, a Damaclean sword, some half a millennium before Aldous Huxley envisaged it in his literary science fiction conceived "Brave New World". All of we poor little pigs on the farm have the power to stop big brother - "Animal Farm " verses "Brave New World". Take your pick Australia!

john frawley | 31 July 2018  

So let's move forward to reigniting discussion on a Bill of Rights rather than whipping up another round of social media fuelled hysteria , which I have to say reminds me very much of the alt right in the same sex marriage debate. Certainly the My Health Record scheme appears to have some limitations. Sadly these are not going to be remedied now we have slipped into yet another round of nonconstructive public 'debate'. Those of us with complex health needs (even simply those inconvenient ones that come with advancing age) will for the most part welcome anything that provides timely access to our medical history. Try explaining one's medical history late on a Saturday night in a busy metropolitan hospital when you have gone there with a suspected stroke or heart attack and you will know just what I mean. Anyone who has significant concerns about privacy is of course perfectly justified in opting out but preferably not without very carefully considering the long term implications of doing so. My own concern is that we have been given (as in personally presented with) so little information that we are susceptible to the fearmongering.

Margaret | 31 July 2018  

Informative article, thank you, Kate. Another reason for opting out of the My Health Record data base is that information added to a My Health Record is only as good as the person entering the data. People I know have an unusual last name. One child's medical records had additions that rightfully belonged in the other child's records at a children's hospital. This created enormous problems later for the parents and both children.

Maureen Helen | 01 August 2018  

Thanks Kate for your informative article. The wife and I have decided to opt out as we are not satisfied with the safeguards so far agreed to by ( forced on to ?) the Government . Properly administrated, with stringent safe guards , the idea has a lot of merit. However for us, only the medical professionals dealing with us and to whom we have given authority, should have access NO ONE ELSE should be able to access our medical history- court order or no court order!

Gavin O'Brien | 01 August 2018  

Margaret. I am sure that if anyone goes to emergency late on Saturday night with a suspected stroke or heart attack, modern Medicine will sort that out very smartly and treat it very well without any knowledge of a past history. Junior doctors spend five or six years learning how to diagnose even those who can't speak or are unconscious and the specialists have spent up to ten to twelve years training before they are let loose on the public and most of them are pretty good at what they do. The My Health Record is nothing more than a thinly disguised ploy to provide government control. We will be all right without giving government control of our lives by signing up to this fraud.

john frawley | 01 August 2018  

I'm out, mainly for the reasons given in this article. In the present climate of increasing government regulation of our lives, and decreasing interest in our individual rights, I just don't trust the government enough to meekly hand over my information. I agree with John Frawley. I see once again how some science fiction has a prescient quality, and I don't want to be part of the movement by which the 'Brave New World' becomes real. (And in my case I'm pretty sure no-one is going to upload my entire medical history to My Health Record. I'd guess it would only be new diagnoses and treatments, even if I had a Health Record online.

Joan Seymour | 01 August 2018  

And I will opt in with gratitude. With multiple serious health conditions, I know the difficulty of trying to keep all specialists in the loop with changing medications, tests and results. For some of us, privacy concerns are outweighed by our relief in knowing that all members of our medical teams will be able to access important health information.

Anna Summerfield | 02 August 2018  

My own experience of insurers' outrageous denials of cover based on past health events reclassified spuriously as risks, and my GP's experience of feeling browbeaten by the swell of demand from insurers and so handing them carte blanche access, means I have one message. Opt out now, folks.

Christopher Ryan | 03 August 2018  

There seem to be a few things involved. First is humans gradually adjusting to new technology as it becomes available. Such as courtesy standards around mobile phones. But this is also about power and we trust authorities less and less. And as the article and respondents point out data are very saleable. Is there also an assumption that all doctors tell the truth?

Michael D. Breen | 03 August 2018  

Similar Articles

Walking home alone

  • Neve Mahoney
  • 07 August 2018

It's 11.30 on a weeknight. I'm on the train, coming home from catching up with my friends. I'm on the phone with one of them as I move to the doors. 'Yeah, I'm right to walk home,' I tell my worried friend. 'The train's pulling up the station now.' I said that too loudly. I glance behind me and there are two men standing there.


Migration compact will benefit Australia

  • Carolina Gottardo
  • 05 August 2018

The adoption of the GCM should not be politicised as it is a non-binding framework that benefits our country, the international community and migrants. Migration is a global phenomenon, not a situation that single countries can deal with in isolation. Australia has nothing to lose and much to gain from adopting the Compact.