My Health Record: lawyers warn of system abuse and call for privacy protection in law
28th Jul 2018
My Health Record will have undoubted medical benefits but the Australian Lawyers Alliance (ALA) is concerned that access to the data will be abused and says legislation changes are needed now.
“Our concerns are more about system abuse than a mass data breach,” said Andrew Stone SC, NSW President, ALA. “My Health Record will be beneficial but we need to think about the ways in which it will be abused and misused, and address these issues now so the benefits can be delivered.”
According to the ALA, legislation is needed to protect against access to My Health Record data by anyone aside from health providers and to guard against access in which authorisation is coerced.
“Easy access to all our medical data makes an attractive target for organisations with whom we may not be willing to share our information,” said Mr Stone.
“It is easy to foresee the day where we may be coerced into sharing. Many employers have an interest in the physical and mental health of their employees and could insist on access before granting employment.
“We also believe there is a very real risk that organisations who issue health insurance, life insurance or income protection policies could seek access to the data from individuals as a condition of issuing policies.
“Handing over a log in and password to allow an organisation to download an individual’s full health record could become a condition of receiving insurance or even being offered some types of employment. This is a very concerning forced breach of privacy.
“Legislation is needed to make it an offence for anyone such as an employer or an insurer to demand access to our My Health Record. We need to prohibit non-medical requests for access.
“The current government policy apparently ensures that there is no government access to the records without a warrant. But government policy can be changed without public consultation and without reference to parliament.
“The only way to ensure government does not touch the data without a warrant is to have that protection in legislation, not merely government policy.”