Legal, privacy and data security experts have seized on the Andrews government’s intention to quietly create digital medical records for millions of Victorians without their explicit knowledge or consent, accusing it of acting in bad faith and treating patients “with contempt”.
Earlier this month, the government reintroduced a bill to create a centralised database of the private medical information of every person who has used the state’s public health system in the past three years, resisting pressure to provide patients with an option to opt out of the scheme.
Few modifications have been made to the controversial bill, the first iteration of which was unveiled with little fanfare in late 2020 with a view to removing barriers to data sharing between health providers. Its stated aim was to improve efficiency measures across the public health system and, by extension, health outcomes.
While the proposed scheme is limited to current and historic medical data obtained from the public system, including public hospitals, the government has flagged an intention to expand its ambit to include private hospitals, GPs and the mental health system.
Describing the bill as “disproportionately intrusive”, Australian Privacy Foundation president David Vaile said the failure to seek patient consent via an opt-in or opt-out provision fundamentally undermined patient autonomy and risked setting a “dangerous precedent”.
“That you can’t even opt in or opt out demonstrates utter bad faith [on the part of government] and is a good reason not to trust it,” he said.
“It’s quite a different beast to the My Health Record, where the former federal government had to be dragged kicking and screaming to an opt-out version.
“Here, there’s been no attempt to get patient consent whatsoever and so there’s no incentive for government to explain the risks attached to [holding] the data. The fact they’re not willing to be open, transparent and accountable really sets alarm bells off. It’s treating people with contempt.”
Against the backdrop of recent high-profile data breaches, including the Medibank and Optus cyber-attacks, and a general rise in data insecurity, Vaile said it was particularly concerning the government has expressly decided against demarcating the types of health information which would be held.
As it stands, a person’s digital record wouldn’t necessarily be limited to laboratory and image results, prescribed medications, discharge summaries and medical conditions, but could — at the discretion of the secretary of the Health Department — conversely extend to their entire medical history.
“All around the world, the information contained in health records is recognised as a sensitive, special category of information,” Vaile said. “So one of the clearest problems with not confining the scope of information is it increases its vulnerability to hacking and unauthorised [internal] access.”
It’s a sentiment shared by Liberty Victoria and the Law Institute of Victoria (LIV), both of which have also pointed to the corresponding lack of embedded safeguards against misuse of or unlawful access to patients’ data.
Under the proposed model, criminal penalties would attach to deliberate or knowing breaches, but the means by which such breaches can readily be brought to light are limited given the decision to exempt the scheme from the state’s freedom of information laws and overarching audit controls.
In practical terms, critics say the bill both makes a mockery of data security and deprives patients of a right to ascertain who and in what circumstances their data has been accessed.
LIV president Tania Wolff told Crikey that in such circumstances it was unlikely criminal prosecutions would follow.
“Clearly it’s going to be very difficult [for patients] to trace who has accessed their information in an inappropriate way,” she said, adding that the utility of criminal penalties to individuals was, in any case, questionable once “the horse has bolted”.
In this connection, the bill’s failure to embed proper safeguards has attracted particular criticism for its potential to compromise patient-doctor confidentiality which, in turn, could dissuade some from seeking treatment for certain health conditions — particularly those that carry real or perceived stigma.
“It’s not for [the government] to second-guess the valid and reasonable concerns Victorians might have about the use of their private and confidential information,” Wolff said. “There are some occasions where principles are more important than efficiency, and I think this is one of them.”
Opposition health spokesperson Georgie Crozier was of a similar view, telling Crikey the Liberal Party’s concerns with the proposal remain unchanged: “We have very serious concerns around a number of aspects of the bill which, like the first iteration, go to privacy, the inability of Victorians to opt out and lack of patient autonomy.”
It’s understood the opposition will press for an opt-out provision and to have the bill referred to the legal and social issues committee for review.
Meanwhile, Greens health spokesperson Tim Read said that although he understood and supported the bill’s purpose, he was surprised the government had not accommodated some of the privacy concerns.
He said the Greens would seek amendments centred on audit controls, enabling patient access to their records and providing patients with an ability to nominate certain data as requiring more protection. He added that the Greens would not, at this stage, rule out any proposed amendments which include an opt-out provision.
“We’ve needed something like this bill for decades,” he said. “But I am genuinely puzzled as to why the bill has barely changed.
“We’re also concerned about the security of the data, not just from hackers, but from within the Health Department and the government itself. We don’t want anyone having access to it that shouldn’t or doesn’t need to.”
A Victorian government spokesperson denied the bill runs contrary to patient autonomy or privacy, claiming the government had consulted widely on the proposal.
“We take our responsibility in privacy matters and data security very seriously,” the spokesperson said.
“This health information sharing system will be a secure way to ensure that health services have the information they need to give patients the best care they can.”
They added that the database would only hold the most “relevant clinical data”, as opposed to a complete medical record, and that full audit trails would be created.
The government is yet to respond to questions regarding the ability of patients to access or control the data shared on the database, why they cannot opt-out, why limits on the information to be stored are not expressly defined in the bill, why audit controls are not embedded in the bill, and whether patients can request an audit.
Would you be OK with your data being collected in this way? Let us know by writing to letters@crikey.com.au. Please include your full name to be considered for publication. We reserve the right to edit for length and clarity.
I am a firm believer in not ascribing to malice that which can be adequately attributed to stupidity, but…
Any system like this must be designed built from the ground up with security, transparency, auditability and anonymity as hard requirements.
That it is not, not only a decade+ down the line but in a time when privacy and digital security is no longer something that people only hear about infrequently in vague terms, is way beyond any possibility of stupidity.
Perhaps it is time to add the possibility of ‘malicious stupidity’?
Negligence?
Agree, need to be grounded in broad and deep systems analysis or systems lifecycle in design according to agreed constraints e.g. storage, privacy & data protection, before implementation to avoid suboptimal band aid or patch solutions catering to various thought bubbles or issues arising later….
This looks about as bad as it gets for seizing personal data without any permission and refusing to explain or be accountable for what is done with it. For once ‘Dictator Dan’ seems about right. Of course at the same time the federal Attorney-General’s Department has released its Privacy Act Review Report with numerous proposals to revise the 1988 federal legislation. Is there any chance of a collision between the state and federal laws here, where of course the federal laws prevail?
The Medicare act is federal law and the data it collects is mostly attached to medicare numbers and prescriptions.
The state system has no right to access this data.
That’s not the point I was trying to raise. I am wondering what happens to the proposed VIC scheme to take and use personal data without permission if the federal law on privacy is amended to protect the privacy of such information. The Medicare Act is not involved.
I opted out of My Medical Record because I assumed that any Dr or Dr’s receptionist, and therefore insurance company, girl friend etc, could access my records. Is this not so? If not, then what is the point of it? If, say, I get sick on an interstate holiday?
Go privately and request your data be not uploaded.
I once found a wards man having a dig around in medical records belonging to his former girlfriend.
I reported him and found that he was using some nurses login.
Security is only as good as the average person’s memory for passwords.
I work in the private health system in Queensland and buckley’s is the chance that private practitioners will comply with a centralized system unless the patient explicitly authorizes it.
It is hardly ‘seizing data without permission’..at every step of the way you are requested to grant permission for data sharing.
Victoria is still the only state with specific privacy legislation which goes beyond Federal or any other state.
Access is through dedicated wired systems, not ‘the internet’.
You must be accredited staff to get on to an accredited computer…similar to the police system.
Malicious staff member cannot easily be guarded against, apart from systems already in place. Usage logs, permissions, flags to supervisors.
Did you read the article? Whatever you are thinking of has no connection to the proposed scheme, where there is no consent asked or required, no opt-in or opt-out choice. All the relevant medical data (which is not defined so could be almost anything) will be taken, like it or not.
Fellow swimmer, doe you recall the Casemix funding fiasco of the 90’s?
General dogsbody types were given access to medical files in order for them to code and seek payment for services?
Smaller hospitals had appalling breeches of confidentiality and inaccurate case codes too.
If Dan decides this is really the way to go, he may as well sign his resignation and choose his bronze sculpture.
Only as good as the password stuck to the back of their ID.