Why I'm Opting Out Of My Health Record, And You Should Too
The opt-out period for My Health Record begins Monday and I, like many of my IT and privacy knowledgeable colleagues, have opted out as fast as I could.
I simply don't believe that a government agency that can't manage to answer the phone in less than an hour-and-a-half (which is how long it took me to get through) will be able to keep my information secure. We've seen too many IT-related failures under the current government—#CensusFail, #robodebt, the ATO's SAN outage—and the Senate inquiry into digital delivery of government services was scathing.
Information security is hard to get right, and if you can't manage the basic process of keeping a website online or answering the phone, how credible are your claims to being able to keep sensitive health data secure?
My Health Record is creating a single centralised database of sensitive health information that will be an absolute goldmine for cyber-criminals. The Department of Health has already had to deal with people selling access to Medicare numbers and we see news of a data breach seemingly every other day. Unlike my credit card number, I can't easily change my blood type.
Originally designed as an opt-in system, My Health Record was changed to an opt-out system after not enough people found the system worth using. It's right there in the legislation:
"Due to the low numbers of people choosing to register for a My Health Record, the [My Health Records] Act was amended in 2015 to allow for an opt-out model of participation to be implemented."
The Privacy Impact Assessment from 2011 was clear: "A central ‘privacy promise’ made to Australians is that having a PCEHR is entirely voluntary. It has been described as an ‘opt in’ system." This privacy promise has been broken, and now people are being forced to have a My Health Record unless they take active steps to prevent one from being created. Today multiple people have already discovered, to their horror, that a record has already been created for them without their consent.
Once a record is created for you, it can't be deleted, or so says the Australia Digital Health Agency, which is responsible for the My Health Record system. Any information uploaded into it will stay there for 30 years after you die, or 130 years, whichever is longer, even if you cancel your record.
The system defaults to allowing access to your information, so if you don't feel comfortable letting your physio know that you had an STI or an abortion a few years ago, you have to deliberately log into the system and figure out how to prevent access to that information to keep it private. Most people never change the defaults, so a lot of people are going to accidentally expose their data to people they didn't mean to.
Meanwhile, the ADHA is authorised by law to disclose someone's health information if it "reasonably believes" it's necessary for preventing or investigating crimes, or protecting the public revenue. ADHA has not responded to questions about what "protecting the public revenue" means. Centrelink has already deliberately exposed private information about an individual to "correct the record" when it was criticised, and the Office of the Australian Information Commissioner had no problem with this. Health insurers such as NIB have already started lobbying for access to My Health Record data.
All of these issues combined mean that I simply don't trust the government's ability to keep this very sensitive information secure.
It's not a risk I'm willing to take, so I've opted out, and I urge others to do the same.