Discussion: (0 comments)
There are no comments available.
A public policy blog from AEI
The latest on technology policy from AEI, published daily.
View related content: Technology and Innovation
Australia — the “lucky country” whose foray into building a government-funded nationwide fiber network has resulted in cost blowouts, uptake disappointments, regulatory wrinkles, and system redesigns — may be on the cusp of yet another government-funded, centrally planned, nationwide-coverage information and communications technology debacle. In the spotlight this time is the A$4 billion database of citizens’ health information, dubbed My Health Record.
The viability of the nationwide system is at stake. An unexpectedly large numbers of citizens have opted out of participating in My Health Record, as sufficient concerns have been raised about the security and privacy of the sensitive information the database holds. When the three-month opt-out window opened last month, the system crashed under the sheer weight of applications for the “right to be forgotten” by the giant government health data repository. The 1.9 percent trial defection rate indicated 500,000 Australians in total would opt out. Either they all chose to do so in the first few days, or the developers have vastly underestimated the extent to which citizens do not want to participate in the government-mandated system. The latter may well be a function of the high volume of bad publicity recently — with citizens likely getting the message “if in doubt, opt out.”
A little background
Health care for Australia’s 24 million citizens is covered under a government monopoly central payer system (Medicare) funded by payroll taxes and general taxation. Consequently, government policy carries considerable sway in determining what care will be provided and by whom. In the burgeoning information economy, this extends to the provision of e-health services. The project began as the Personally Controlled Electronic Health Records in the 2010–11 Federal Budget. The 2015–16 budget funded the establishment of the Australian Digital Health Agency, which was, among other tasks, made responsible for the single central data repository now known as My Health Record. There, all health information relating to all citizens could be uploaded, stored, and accessed by citizens, their health care providers, Medicare, and other relevant parties. To date, over A$4 billion has been spent on the project.
The business case for My Health Record follows the familiar formula for such systems: All information is available in one place, can be accessed easily online, and will facilitate the communication of relevant information between provider and patient and between providers treating the same patient. As the website says, it’s convenient: “When your health care provider uses your My Health Record, you won’t need to remember all the details of your medical story, such as your prescriptions or the names of tests you’ve had.” It has the backing of all of Australia’s peak health bodies, including the Australian Medical Association, the Royal College of Australian General Practitioners, and the Pharmacy Guild of Australia.
Trials and (privacy) trepidations
The system was developed and trialed with a sample of a million citizens (now expanded to around 5.8 million users). Initially, as is the case for most electronic records systems, it was proposed as an opt-in system. Citizens were required to make an explicit, informed decision to join. However, poor adoption rates led to a change in government policy to make it an opt-out system. Guaranteeing uptake maximizes the payoff to the government funder and professionals using the information but raises considerable privacy concerns. The then-Victorian State Privacy Commissioner (effectively a regulator) David Watts called the change “a fundamental breach of trust” by the government to its citizens.
While the system offers citizens a wide range of security and control options, such as the ability to limit access to the record and specific documents in it to providers and authorized agents who possess a user-generated access code, the default settings impose no limitations. Any provider can access all of an individual’s health information unless the individual has enacted control provisions. Thus, individuals have to take specific steps to protect information uploaded by, say, their mental health provider from being accessed by all pharmacists. These arrangements privilege and advantage those who are already well versed in privacy issues — who will likely take advantage of the privacy and control settings — but offer little protection to those who are not so well informed and so will take no action.
And the vast majority of My Health Record users appear to either be woefully uninformed about its security implications or not care about who has access to their entire health record history. Of the 5.8 million users already using the system (after 1.9 percent of the trial population opted out), fewer than 0.1 percent have changed any of the default settings to restrict access to only their nominated providers or agents. While low rates are said to indicate that the intended purpose — for information to be available widely in the event of an emergency — was fulfilled, this must be weighed against the risk of unintended access to sensitive information in the far-more-frequent case of routine care delivery.
And opt-out is not really opt-out, anyway
Furthermore, the opt-out system still relies on all information relating to individuals being uploaded by default. Opting out does not result in the removal of information that was already uploaded. Rather, it simply marks it as “unavailable.” Should users who opt out subsequently change their minds and opt back in, all their historic information becomes “available” again. The information remains potentially accessible and vulnerable to hacking, despite the expressed preferences of the person to whom it relates.
And while all the usual assurances have been given that information on the system cannot be sold to third parties and that laws prevent the use of information for purposes other than those for which it was collected, these will be only as good as the effort put into monitoring and enforcing their adherence. Only days before the opt-out period began, it was revealed that Australia’s biggest online doctor booking service — a My Health Record partner application — had been passing on patient information to third parties, including legal firms.
Policy takeaways for the United States
The Australian case illustrates once again the risks associated with large, centralized systems underpinned by the government’s power to compel both funding and participation. However, it also likely highlights citizens’ lack of general knowledge and understanding of security matters relating to their online information. Governments, as well as private firms, can — and do — breach the trust citizens place in them to keep their information safe.
There are no comments available.
1789 Massachusetts Avenue, NW, Washington, DC 20036
© 2018 American Enterprise Institute