Click to select, or scroll down the page:-

Most people have a My Health Record. On 15th October 2018, except for those people who have already opted out, everybody will have a My Health Record. ABC News has reported that, according to the Australian Digital Health Agency, six million people already had a My Health Record before the opt-out period began on 16th July 2018. Many records were created automatically for people during pre-implementation trials. Also, people have been able to opt-in since 2012. Many opted into the scheme when setting up a MyGov account, possibly by ticking boxes without thinking,

Anyone can opt out of the scheme at any time. Opting out after a My Health Record has been created will prevent further personal data from being added to the database. Data added to the database before opting out will not be deleted.

A person's data will remain in the database for thirty years after their death. In effect, as far as the person is concerned, their data will stay in the system forever.

A person who has opted out of the system can opt in again at any time.


Ms Scipio's opinion is that the new medical records database offers little real benefit for most people, whereas the system has serious potential pitfalls and negative aspects.

Ms Scipio recommends opting out unless:-
- a person is very old.
- or a person is severely incapacitated, such as some stroke victims.
- or a person is mentally impaired.
- or a person requires specific medication to stay alive.
- or a person has exceptionally poor record-keeping abilities.


Official information about the new "My Health Record" system, and about how to opt out of it, can be found at the relevant government website, currently located at http://www.myhealthrecord.gov.au.

The system is administered by the ADHA (Australian Digital Health Agency) whose website is currently at https://www.digitalhealth.gov.au.





All your medical data is in one place and is accessible to medical staff.

All your medical data is available even if you are unable to communicate, for example if you are unconscious.

All your medical data is available even if you have forgotten some details.

These are benefits for individual people. Other claimed benefits, such as being able to access pathology test results via mobile phone apps, either already exist or could easily be delivered by other systems. The database may also be used for research and for statistical studies that may be of benefit to people in general.




There will be errors

People make mistakes. Even doctors make mistakes. Every database contains errors.

How easy or difficult will it be for a patient to get data errors fixed? Patients will not be allowed to correct errors by direct access to the database. Corrections will have to be processed via administrative procedures. Bureaucratic systems tend to be cumbersome at best, and are often subverted by bureaucrats to make their lives easier and to protect wrongdoers.

To ensure that their data contains no errors, each person will have to scrutinise all new data that is added to the database. Nobody else can do it for them. This will be more inconvenient than keeping their own medical records would be. Then, if a person finds an error, they will have to go through all kinds of hoops and hurdles before the mistake can be corrected and, after all that, sometimes the error will not be corrected.


Many people will have access to the system

Innumerable people in the medical industry will be able to access your data.

The system allows a person to restrict access to their data to just a few people of their own choosing. However, in an emergency, access restrictions can easily be overridden. Otherwise the whole system would be pointless. This is actually a loophole. The system is riddled with loopholes.

Although government marketing spin says that there is full user control of who can see their data, this is not exactly true. Access rules can be found in the website of the government's Australian Digital Health Agency.

For example, in answer to a doctor's question,
"Do I need the individual's consent to view their My Health Record?" -

- the website replies:
"No. You do not need the consent of an individual to view their record, and you can access an individual's record outside of a consultation, provided that access is for the purpose of providing healthcare to the individual."

"Individuals may, however, choose to enable My Health Record privacy settings to control which healthcare organisations can access their My Health Record. They can limit access to their entire record (using a Record Access Code) or to particular documents (using a Limited Documents Access Code). The patient will need to provide their access code to a provider for them to access their My Health Record when prompted by their clinical software to do so (unless it is an emergency situation in which case a provider can use the emergency access functionality). "

"Currently, the number of individuals opting to use these privacy settings is fewer than 2 out of every 1000 individuals registered, and where an individual has opted to use privacy settings, healthcare organisations do not have to be granted access to a My Health Record in order to upload to it."

It will be possible for a person to be notified each time that somebody accesses their data. If an authorised person accesses your data then you will be notified. If an authorised person gives your data to a non-authorised person then of course you will not be notified.

Data can be passed from one person to another in an envelope, leaving no digital trace of the transaction. If data is illegally passed into the wrong hands, there will be little possibility of uncovering who was the culprit, out of the many people who had access to the data. Anyway, culprits will get away with plausible excuses such as "I must have miskeyed in the wrong code".

There will be penalties for anybody who misuses peoples' data. But how easy will it be to prove a case? Who can investigate a suspected case of data misuse? It is certain that any person affected will have no power to investigate anything, but will only be able to make complaints.

There are professional hackers who are motivated by the fortunes that can be made from their work. Personal medical data is probably more attractive to blackmailers and tabloid journalists than mundane tax file data or centrelink data. It can be expected that there will be more attempts to hack into the My Health Records database than other government databases.

Can you rely on public servants to even know if their database systems have been hacked, let alone prevent it happening? Of course not.


Once the genie has escaped it can never be put back

Data is knowledge. Knowledge cannot be "unknowed" just because some important idiot says so.

If somebody accesses your data legally and then illegally passes the data on to others, how can anybody undo the leak?

If hackers get into the system and steal and leak your personal data, how can anybody undo the leak?

Once your data has been stolen, you have no way of knowing or controlling where your data will show up next.


There are innumerable ways in which databases can leak data

There are many authorised people who will have access to your data. Having got your data, they can do what they like with it.

Some people choose passwords that are easy to guess. Other people do not keep their passwords secure. For example, a cleaner might find a note stuck onto a keyboard with a userid and password written on it. The cleaner might copy it and sell it to a wrongdoer. The wrongdoer can then access the database as much as they like. The system will think that it is an authorised user who is online.

Every professional database system has backup data copies taken at regular intervals. Many database systems have leaked simply because old backup copies were found on a rubbish tip.

System administrators will probably be able to sidestep most safety controls. Security officers must have full access to every aspect of the system in order to do their jobs effectively.

There will have to be investigators if there is to be any meaningful prospect of apprehending and prosecuting wrongdoers. Investigators will require full access to all data, logs, system files, etc. Who will watch the watchers?


Administrative and data access rules are certain to change

Politicians and public servants will change whatever rules it suits them to change, whenever it suits them. When this happens, people will not be allowed to delete any existing data that they don't want available under the new rules.


From time to time the system may malfunction or crash

There has never been a complex computer system that has not contained software bugs.

Every software system requires hardware to run it. Every comms network requires hardware. All hardware is constructed of electronic components. All electronic components can fail.

According to ABC News, Health Minister Greg Hunt noted that since the My Health Record trial started six years ago, there had so far been no security breaches or problems. It is rather unlikely that any large and complex computer system has not ever had any problems, so Mr Hunt's remarks suggest that much of what the government says is probably propaganda. Or perhaps it may be that there have been no problems that Mr Hunt knows about. Many politicians don't seem to know much about anything that is complex. If the system was as leaky as a sieve, would any public servant or politician admit it? Would they even know about it?

ABC News has reported that according to a government spokesperson, the My Health Record project had a communications budget of $114 million. This is a massive advertising budget. Good luck to those who believe everything that politicians and advertising agencies say.

The major banks have spent billions of dollars over many decades on their computer systems. Banking systems tend to be more secure and reliable than any government database systems. The computer systems of big banks still sometimes fail.


Security agencies can use your medical records as evidence

Police are among those who will have access to your data, without your authorisation and without your knowledge. So, if you require medical treatment for wounds received during your latest bank robbery then you might be tracked down. Fair play.

But if you require treatment for drug addiction through no fault of your own, then you might end up in jail instead.

There are some subsets of people, such as sex workers, whose activities show up in distinctive patterns of medical treatment. For example, a person might get flagged in police systems as a sex worker if they had merely been particularly unfortunate in their choice of partners. Sex work is illegal in some places.

Increasingly, there are government agencies tracking every aspect of peoples' lives. All phonecalls and emails appear to already be available to security agencies. Who wants their medical records added to the pie?


Local politicians may be able to access your data (not legally)

The underhand tactics used by some local politicians are amazing. In Queensland, there always seems to be some local council in the news because of claims of impropriety, although it is perfectly possible that most local politicians are squeaky clean.

Is your local council more transparent or more secretive than what is consistent with the public interest? The answer to this question may be a good indicator of whether a particular set of local politicians can be trusted.

The SBRC (South Burnett Regional Council) owns a private hospital. The SBRC controls its private hospital via a secretive private company. Contrary to the spirit of local government, the meetings of the directors of the company are secret and the company's accounts are secret. The SBRC appointed a board of directors, including doctors, to run its private company. The board is accountable to SBRC politicians who supposedly act on behalf of all ratepayers. The private company and the SBRC gifted the hospital rent-free to a commercial healthcare organisation to run as a business for their own profit. Meanwhile, all ratepayers are forced by the SBRC to subsidise the upkeep of the hospital. Most ratepayers do not have private health insurance. Many ratepayers are understandably annoyed by this state of affairs where what should be a valuable community asset is actually a liability, except for the wealthiest subset of the community.

A question particularly relevant to the South Burnett is:-
Do any local politicians have strong links with the medical profession?

Or perhaps the question is, with the new My Health record system, if a person criticised a local politician, who might well deserve much criticism, would the security of the person's medical data genuinely be safe from retaliation? Perhaps the only way to be safe is to not be part of the system.

Another question is, will self-serving politicians in the future extend system access to officials from all levels of government? Perhaps this could happen after some future federal election landslide. Politicians are forever granting themselves special privileges. Politicians will of course claim that the data will only be put to "good" uses. If this ever happens then local politicians may legally be able to access ratepayers' personal medical data.


Data mining may result in marketeers targeting people

ADHA (Australian Digital Health Agency) is the system operator of the My Health Record system. ABC News has reported that ADHA says that it takes its role as custodian of Australian's health information seriously. ADHA also said that third parties connecting to My Health Record were required to undergo strict assessment and that any parties deliberately accessing data without authorisation may face criminal charges. Sounds great, but this never happens. Also, as has been pointed out above, policing the system may be difficult.

Paul Shetler, formerly head of the Government's Digital Transformation Agency, appointed by Malcolm Turnbull , is an expert. He is probably as expert as anybody about the new system. ABC News has reported that he has said that if he was an Australian (he isn't) then he would probably opt out of the My Health Record system. Among the quotes that ABC News reported him as saying were:-
"I think the security model is quite strange, the fact that your data can be accessed for things that have nothing to do for your health".
"Then all of a sudden you find these weird loopholes".
" ..... weird security model."

Legislation says patients must give their consent for private health apps to be able to mine the database for information. Some people might think that there should be no circumstances in which private health apps can mine the database for information. Since some politicians don't seem to see any problem with data mining, when the next recession hits, will the government of the day start selling off access to private data to raise some revenue?

ABC News has reported that a doctor appointment booking service, HealthEngine, which is part-owned by Telstra, passed on details of an average of 200 clients a month, between March and August 2017, to a law firm which was looking for prospective clients. It appears that many people had unthinkingly ticked boxes, giving their consent to data-sharing without realising it.

ABC News also reported that:-
"HealthEngine also has a data-sharing arrangement with the Federal Government's My Health Record digital medical record system. However, the company said it was unable to directly access patient data held by My Health Record or the Australian Digital Health Agency."

After the HealthEngine data-sharing story was published, ABC News then reported that ADHA was amending its contract agreements with app companies.
ABC News reported that:-
"Companies Telstra, HealthEngine, Tyde and Healthi already have access to My Health Record information such as Medicare records, test results, scans and prescriptions, for their app users to view on mobile phones."

It will be a big surprise to many people that a telecomms company is allowed anywhere near the My Health Record database. The amended contracts give ADHA the power to terminate a contract under some circumstances. In other words, ADHA might be able to take action after the horse has bolted, but there is no guarantee that ADHA would do so. What is actually needed is the power for any individual person to shut down the ADHA contracts if any of the horses bolt. Nobody should hold their breath waiting for this to happen, so all that a person can do to protect themselves is to avoid being part of the system in the first place.


Information overload

In an emergency, time may be of the essence.

Most doctors would probably prefer to see a well-formatted one-page summary of relevant data about a patient's medical history, especially in the context of a busy emergency department. Many patients are capable of providing something useful like this.

Looking far into the future, a 70 year old person will have 70 years of medical data for the overworked doctor to trawl through, including everything that has become completely irrelevant. Taking another government computer system as an example, in Centrelink's online claims systems, even old bank accounts from banks that no longer exist have to be scrutinised, page after page, one page for each non-existent account.

For the 70 year old person, the patient will be long dead and the doctor will have retired before all relevant data from the patient's 70 years history can properly be filtered out.

Even a medical record that is only ten years old will contain mostly data that is utterly irrelevant to whatever appointment or emergency is at hand. After several years, in many situations a patient's "My Health Record" might be more of a hindrance than a help.

There will be lots and lots of data, but translating that data into useful information will be a problem. The list of all the types of data stored in a My Health Record is far too long to reproduce here. A complete list can be viewed at https://www.myhealthrecord.gov.au/for-healthcare-professionals/what-is-in-my-health-record.



These stories are not intended for amusement. They are included here to illustrate the diversity of database errors and communication errors that can happen, and to indicate how serious such mishaps can be. It can be deduced from stories like these that the more a patient depends on computer systems the more likely it is that horror stories will occur. It is suspected that there are countless untold stories of a similar nature.

These are all true events. Some unknowns and some possible explanations have been included in the narratives to broaden the perspective. Details that are not essential to the core of each story have been omitted, to protect anonymity and for the sake of brevity.

Explanatory note: Patients living in the South Burnett often have to travel to Toowoomba or Brisbane or other places for specialist treatment at major hospitals because local hospitals are too small to offer a full range of services.


A data calamity

A patient from the South Burnett was staying temporarily in a hostel in a city while receiving outpatient treatment at a major hospital. At an appointment at the hospital, the administration nurse checked through the patient's details on the computer. The patient explained that their address and phone number had temporarily changed while they were staying in the city.

The patient did not have a mobile phone number because there is no reception at the patient's rural home address. The nurse deleted the patient's home phone number and entered the hostel's phone number into the system. The patient later learned that the system could hold only one landline phone number per patient. Also, the nurse manufactured a non-existent address by combining parts of the patient's existing home address with parts of the temporary address. The patient later learned that the system could hold only one address per patient.

The nurse did not give any feedback to the patient about what had been done and did not explain to the patient that the details in the computer would need to be changed again after a few days. The patient had told the nurse that they planned to travel home in a few days.

As a result, the patient became non-contactable by the hospital. The patient only discovered the problem two months later during a phonecall to the hospital.

The underlying problem was that the hospital's expensive custom database system could not cope with the concept of out-of-town patients having a temporary address and phone number.

It is not known whether the nurse deliberately did not tell the patient about what had been entered to the system, or whether the nurse was not sufficiently well trained to realise that not telling the patient could create a problem. Perhaps the nurse assumed that all patients somehow knew how the hospital's computer systems worked. It is even possible that the nurse thought that they had done a good job in solving an awkward problem.


A charlatan psychic had access to a patient's hospital information

Over a substantial period of time, a person who claimed to have psychic powers occasionally phoned a patient who lived in the South Burnett. The psychic lived far from the South Burnett. The phonecalls always happened within two days after the patient either had attended an outpatient appointment at a major hospital or had been discharged after a stay in hospital. Although the psychic phoned the patient once after every single hospital event, the psychic did not phone on any other occasions, even though there were times when the patient was very ill at home.

The caller sometimes claimed that they had called because their psychic ability had told them that the patient was very ill at that moment. However, for some of the outpatient appointments, and after one of the hospital treatments, the patient was quite well at the time. Therefore, the phonecalls could not have been a result of psychic ability.

The patient formed the opinion that the self-proclaimed psychic was a charlatan and was attempting to create the illusion of being in possession of paranormal powers. Clearly the charlatan somehow had access to hospital data.

During each phonecall, the psychic attempted to fish for information about the patient's health. The patient never at any time gave the psychic any information about planned hospital appointments or admissions. The patient gradually ceased to give the psychic any information at all. The patient repeatedly attempted to dissuade the psychic from phoning. Still the calls continued, as predictable as clockwork.

The patient's outpatient hospital appointments were always arranged with the hospital weeks in advance. Of the admissions to hospital, two were arranged weeks in advance and one was the result of a minor emergency. A phonecall followed shortly after every visit to hospital by the patient.

Because the psychic did not state at any time that they knew any actual medical particulars of the patient, apart from claiming to know when the patient was ill and apart from discussing what little information the patient had divulged, it appears to be possible that the psychic only had access to notifications that a patient's hospital records had been updated.

If the psychic did have full access to actual medical records, then they were very careful not to mention anything about what they knew until after the patient had first mentioned something about it. In this way, the psychic might have sought to avoid creating a trail of evidence that could potentially incriminate them.

It is not known whether the psychic was acting alone, or had a database insider as an accomplice, or was using information passed to them by a medical staff member. If the psychic was acting alone, then they must have had some direct access to notifications or to the hospital's database.

What is known is that the patient considers that the "psychic" was not actually psychic because the psychic did not ever at any time make any pronouncement that seemed to be in the least bit paranormal. The patient had known the psychic for some time through a friend, but had never sought or paid for any advice. The patient was not a person who sought the advice of psychics. The psychic did not get as far as attempting to sell their services to the patient, although the psychic often talked about a telephone psychic business that they were part of.

It is anybody's guess in what direction this story might have unfolded if the patient had not realised that the psychic was a scamster. If the patient had been more gullible, then possibly the patient might have been duped into becoming a paying customer for the psychic's services.

It is not known whether other patients have had a similar experience, so it is not known whether this was a one-off phenomenon or whether this was part of a systematic scam.


Substandard treatment will now include the creation of

misleading medical records that are permanent

Without going into all the details because they are irrelevant to the point of this story, a patient with multiple illnesses over a long period of time experienced substandard treatment at the emergency department of a local hospital in the South Burnett on more than one occasion.

The patient thinks that a particular senior person, who appeared to have significantly wrong opinions, was responsible for the low quality of service. The patient noticed that staff seemed to be acting on instructions and appeared to be making a show of delivering an inappropriately low quality of service, perhaps to impress senior staff.

The point of mentioning this story is that when a mistake has been made, whether intentionally or unintentionally, the My Health Record system will then be updated with information that is incorrect. The patient will not be able to correct this information because information in a doctor's report cannot be changed or deleted.

In doctors' reports, mistaken opinions of medical staff are recorded as facts. This is no different from before. These things have always happened. But from now on, mistaken opinions will become permanent records attached to the person. In other words, false facts will keep popping up again and again forever.

In the past, such errors could be contained. For example, a patient could go to a different doctor or move to a different region and hopefully then get better treatment. However, with the advent of the My Health Record system, doctors now have the ability, whether intentional or unintentional, to write false and adverse reports that could dog a patient for the rest of the patient's life. It appears to be probable that this will happen in the South Burnett.


An example of a mistake

A few days after having been discharged from a major hospital after a major operation, a patient visited the emergency department because of a complication that had arisen.

When recording the details of the problem, the triage nurse wrote into the records that the patient had had a different operation from the operation that the patient had actually had. It is not known whether the triage nurse had simply got mixed up and was not concentrating sufficiently on what they were doing, or whether the nurse genuinely thought that two very different operations were the same thing.

It eventually became clear that the patient and the medical staff were not on the same page, so no real harm was done. However, under the My Health Record system, it could have been recorded that the patient had had a major operation that they had not actually had. Years later, a patient might find themselves arguing with medical staff about what operations they had actually had.

At the moment, insurers cannot directly access a person's records. However, they may be able to do so indirectly, for example by simply demanding that the patient give them copies of whatever documents they are interested in. In any case, in the future, the rules may change to allow insurers direct access to peoples' data. If the data says one thing while the patient says something different, then insurers will generally believe what suits their profits best, which may be incorrect and may be detrimental to the patient.


A letter recommending a referral never arrived

A visit by a very ill patient to the emergency department at a local hospital in the South Burnett resulted in a letter being written by a hospital doctor to the patient's GP recommending a referral to a specialist consultant.

The letter never found its way through the communications network, according to the GP. After many fruitless visits to the GP, the patient filled in a form authorising the GP to request the letter again from the hospital. The letter still did not find its way through the system. The GP, who appears to have been a fool, did not see fit to make a referral at that time.

After several months had gone by, the patient found out that they could obtain the letter from the hospital on request. On enquiring at the emergency department, the patient was incorrectly told this was not so, but was told that the letter could be sent through the system again at the patient's request. When the patient made the request at the hospital's information counter, the patient discovered that they could actually obtain a copy of the letter immediately.

If the system had worked properly then the patient's suffering could have been reduced by several months.

None of the parties involved in this communications failure offered any plausible explanation as to how these events could have occurred. All denied any responsibility, effectively blaming the system.

One of the lessons of this story is that computer systems can be unreliable, to the detriment of those who have to rely on them. When failures do occur, it is often not clear whether it was the system that was at fault or the people running the system. In any case, nobody is ever held to account.

Lost time cannot be restored.



Ms Scipio is an advisor to kingaroar.com on many issues of public interest.

kingaroar.com main page

SBRC's Private Hospital
scam scam scam scam scam

Did SBRC deliberately force
Glendon Street Medical Centre
to permanently close down?