Weak safeguards on My Health Records
Research by the Parliamentary Library’s Research Branch contradicts the federal health minister’s claims on the privacy of My Health Record.
The federal health minister Greg Hunt’s repeated claims that a patient’s My Health Record could only be accessed by police with a court order has been challenged in a study by the parliamentary library and security experts.
The parliamentary library advice by Nigel Brew, the director of foreign affairs defence and security, notes that health information can be disclosed when the Australian Digital Health Agency “reasonably believes” it is necessary to investigate or prosecute a crime, to counter “seriously improper conduct” or to “protect the public revenue”.
He noted that currently, a patient’s consent was needed to release their medical records and “law enforcement agencies can only access a person’s records (via their doctor) with a warrant, subpoena or court order”.
The My Health Record legislation therefore “represents a significant reduction in the legal threshold for the release of private medical information to law enforcement”.
Security experts and even the Queensland Police Union agree.
IT experts say that the system is prone to cyber threats due to the weak cyber security of many GPs.
The QPU told its members that there is nothing in legislation “that requires any enforcement body to obtain a warrant”.
The minister has now promised to change this legislation to require a court order.