Government MyHealthRecord secondary data usage consulting

On Monday I’ll be attending the public consultation in Melbourne. For anyone else interested in attending with me please register via and send me a message so we can meetup beforehand.

I was also hoping to grab some feedback and suggestions from the party. At the moment I’m still going over our policies and brainstorming ideas for a policy presentation, so here is some key points I’ve got so far:

  • Data should only be provided to vetted organisations and individuals for a narrow purpose.
  • Where possible, data provided should be narrow and time limited.
  • An access vetting process should exist that includes ethical usage standards similar to academia.
  • The vetting process should include a privacy impact assessment (eg the risk of denonymising the data)
  • Consent mechanisms should be provided for an individual’s record through an accessible portal (mygov)
  • Secondary usage should be opt in (I’m on the fence about this one)
  • Organisations which obtain access to data for secondary usage should demonstrate implementation of best practices of data security
  • Use cases must demonstrate non-profit/common good as their intention.
  • Strong penalties should exist for misuse of data.
  • Feedback should be provided to individuals about what their data is being used for

The security of this data is of the utmost importance, there is a reason why the medical community takes data security extremely seriously, is because even though health insurance companies have a HUGE financial incentive to get a hold of this data by any means necessary, it undermines how the health insurance system works. It’s like letting them count cards in Blackjack, the data could let them pick their own odds in a game where life & death is at stake.

While the privacy concerns are real, we must also be realistic that this idea will keep coming up because of the potential health benefits of a centralised health record. For example, access to health history in an emergency, faster care with less redundancy, and complex conditions requiring the work of multiple specialists.

There are two ways that this could go- fight this all the way on the argument that the lives lost and human suffering if this data got out would be much greater than a marginal amount of health benefits that doctors can already cope without anyway. The way this is going, I don’t like our chances though.

Or do we work on the change from the inside to push that if it is to happen, it must be on our terms, without compromise.

Is it even technically possible to secure such a large honeypot of valuable data when the stakes are so high?

If such a thing was to go ahead, we should set forward some technical requirements, none of which can be ignored. Perhaps there is a pathway to eHealth records, by first having a technical feasibility study on how the data can even be kept secure with the stakes so high which adequately addresses all the issues.

This needs to cover not only the security of the database itself, by also how secondary users can get access for a seemingly unrelated reason, in a world comparable to how the the US, a “Social Security Number” has become the de-facto standard of identity, but sharing this code with anyone even for a secondary use also grants access to the person’s entire identity without limitation

My vision for a workable eHealth record system would be one where it is in a standard format rather centrally managed by one party. The government can not be trusted to manage sensitive data, with rogue staff within Medicare proving this. The only person who you can trust is yourself.

For example, a standard data format of health record which you can either host yourself or trust another party to host for you (under strict regulations and auditing of security best practice, and absolutely no connection to health insurers. Your data file is transferable to another party. Perhaps an appropriate data holder for anyone who can’t be fussed with self-hosting would be your primary care GP or the practice which they belong to, who have a vested interest in keeping health insurance affordable. There are opportunities for commercial vendors to assist GPs/Medical Practices with hosting of this software, and this would be under strict controls also.

Within this data format, the application needs the ability to grant different permissions to different users and limited to only the parts in the file which the user allows.

For your ease of reference Miles

APF’s summary of MyHR

Kissing goodbye to your health privacy? Governments must work harder. (APF media Release September 10th, 2017)

APF Submissions and Associated Correspondence on Health Records from 2015 on


We went to the consulting workshop yesterday afternoon. It took the form of a 90 minute Q&A with HealthConsult who are running the public input phase. We spoke to the panel and I’m confident they are considering strong safeguards to protect privacy as well as looking at international and local better practices. For example early in the presentation, the speaker made it clear that any access requests with a primarily commercial purpose were out of scope, but commercial outcomes for the access requestees was still within scope. The exact criteria is ofc open to consultation. Many notes taken.

I’ve got a list of feedback questions from the workshop and am putting together some ideas for a submission. HealthConsult released a white paper on their website to guide and inform public participation: I’ll try to make it along to the next PDC meeting to discuss my findings and progress and hopefully @Archaic and others will be interested in commenting on the submission. It will only be short response to the questions so should be more readable than submissions in the past.

I spoke on 4ZZZ community radio today with Dr Dan from Brisbane Hacks and Hackers about MyHealthRecord and facial recognition. Listen online here:


Another example of why this is a bad idea:

A big point is the opt-out,this is a huge red flag that they didn’t do a good enough job with opt-in, really need to drill this point

1 Like

Bump. Written submissions close this Friday 17th November

Welp re-identification has happened already

1 Like

Well colour me surprised, for one, that it took this long for anybody to figure this out.

ABC’s take on essentially the same report as the SMH one

Oh and researching how to re-identify has been made illegal too, problem solved - apparently

No credit to the curators. Want to bet somebody made a creative data entry?