The Science Party is a strong proponent of electronic health records, for their great potential to save lives and improve quality of life when used well. But this doesn't mean the Australian public should accept a high level of risk in return.
We've updated our electronic health records policy to detail some requirements around privacy, security and best practice.
What's in our policy?
Science Party policy is to protect your identifiable health data and put it to use for your benefit, while allowing de-identified data to be used for public health research.
Because security doesn't happen automatically, an Australian electronic health record system must include funding for:
- strong information security, including routine penetration testing and other security audits;
- securing the computer systems used in clinics and hospitals; and
- staff training to ensure correct use of the new system.
All of the digital security measures possible can't protect against unauthorised access due to human error or lax procedures. Good staff training is also necessary to ensure that accurate, comprehensive and relevant health data are uploaded to the system.
The system should also be opt-in, forcing it to demonstate benefit to gain users. Making the system opt-out is an admission that the public could not be convinced to sign up (this was exactly the result of trials of My Health Record).
What's wrong with My Health Record?
You should bea ble to trust that the only people who can access your health records are those who need it to care for your health, with a warrant required for access by law enforcement.
And yet, the My Health Record Act (2012) allowed access to records by any public office for "the protection of the public revenue", and by law enforcement without a warrant. These privacy holes were written in by the Labor government of the day (see our blog post about it here).
The history of giving Australians poor control over their health records while allowing extensive access by the authorities is long and bipartisan.
After strong criticism from users, medical groups and privacy advocates, Health Minister Greg Hunt promised to improve the My Health Record privacy controls, but the system will still be lacking. Australia should overhaul the legislation to replace My Health Record with a beneficial and secure system that serves individual and public health.