As you may know by know, the government can’t be trusted when it comes to protecting your data. After all, connected databases are very difficult to manage and if they keep valuable information, it is even more likely that hackers look for ways to compromise them. There are many threats that lurk online and privacy enemies who look for ways to access sensitive information such as medical records. Apart from hackers, cybercriminals and other parties, it is possible that your data can be at risk due to corruption, internal threats and even mistakes that can result in the loss of personal information. Over the last few years, government organizations focused on healthcare such as the United States Office of Personnel Management OPM and Britain’s NHS, have been subject to cyber attacks that have exposed the vulnerabilities of the databases run by the government. Heath records are as or even more appealing to cyber criminals than financial records.
My Health Record
Although the risks of keeping centralized databases are very high, governments all over the world keep advancing proposals to implement them. Take for instance the situation in Australia, where the government has pushed forward a project known as My Health Record (MHR) and people are being advised to opt out of it. This digital health record database is currently being set up and it is estimated that by the end of 2018, it will include the health records of every Australian citizen, except for those who choose to opt out. Activist groups focused on the right to privacy have denounced that thousands of records have been already added to My Health Record, even without the knowledge and consent from those involved. Activists have expressed their concern about the extent of the information collected and the fact that the Australian government is not exactly trustworthy when it comes to looking after citizens’ private records.
Reasons to be concerned
Even before activists groups criticized the implementation of a centralized database, Malcolm Crompton, Australia’s former privacy commissioner had already questioned the measure due to the risk that it poses to people’s privacy. However, the government didn’t take the warnings seriously and moved forward with the scheme. Considering that My Health Record database contains a great deal of sensitive data (including health conditions, fertility, prescriptions, sexual activity and oientation) and in the past, the Australian government has not protected private information as it should, it is understandable that privacy advocates are being very vocal on their criticism of the system.
Human rights activists are not the only ones worried about the central database implementation plans. Health care professionals and technology experts are also concerned about the risks involved and the lack of guarantees that the information will be dully protected. There is a high chance of data breaches that could have devastating consequences for people whose records are being maintained in the database. If the information kept in My Health Record is leaked, people could face discrimination, face issues at work or see their treatments affected. One of the most disturbing aspects of MHR is the fact that a large amount of people is set to have access to it.
Thousands of doctors, health organizations and pharmacies are set to be able to access the records. This increases the risks of data breach and mishandling of the information. In spite of the high level of security that is meant to be used to protect the central servers of the database, there doesn’t seem to be a system in place to ensure that those who have access to it won’t misuse the data or won’t compromise its security willingly or by mistake. There are so many people who can log in to the system, that at some point, it is likely that someone will break its security.
Additional parties accessing the database
To make matters even worse, it has been reported that Australian law enforcement is also requesting access to the database. Although the Australian Digital Health Agency (ADHA), which is in charge of controlling access to MHR database has states that it would only grant access with a warrant, they can change the requirement at a later stage. Thankfully, not everything is bad news. Following the campaigns from privacy advocacy groups, Greg Hunt, who is the Federal Health Minister has assured that a warrant is a must-have for police, tax office and other parties who want to access the database. Still, it is not known if patients will be made aware in case access is granted. Apparently, the decision to notify or not someone if law enforcement has been granted access to their records, will depend on the case.
Furthermore, there is a possibility that in the future, the records could become accessible to private medical insurance companies. There have been previous instances when private companies obtained access to sensitive health data without people’s consent so there is no guarantee that this won’t happen again in the future. There are not real benefits for patients and there is no transparency about the purposes to collect such large amount of data. Thankfully, people have been given the chance to opt out and while originally there was a deadline (October 15), the officials involved in the scheme have states that this will be changed and that it will still be possible to opt out once the system is launched. The government has promised to offer guarantees to those who wish to have their records deleted from the system permanently.
How to opt out
While there is no time limit to opt out, it is advisable to do it as soon as possible. You can opt out now and prevent your data from being added to a database, which not only offers very little benefit to citizens, but that also puts data at a higher risk of being compromised. You can follow the below simple steps to opt out of the My Health Record scheme:
- You need to have your Medicare and Drivers Licence numbers at hand. Then go to the My Health Record Opt-Out website.
- Complete the form with the details needed to make sure that you are not included in the system once it goes live at the end of the year.