Are you concerned about your personal information and data breaches in My Health Record?  This might help shed some light on the subject.

There has been a lot of talk lately about data breaches in My Health Record, and however you feel about the system, you really want to ensure that your private health information is safe before you choose to stay or opt out.

With all of the information and opinions out there, we thought it was time to explain the changes that are happening, and whether data breaches in My Health Record should be a concern.

What is My Health Record

The intention of My Health Record is to provide Australians with a secure, online record of medical information that can be accessed by the record-holding individuals and health practitioners from anywhere in the world.

The sort of data that is to be kept on record in My Health Record is information such as prescription medicines, medical diagnoses and conditions, allergies and test results.

What are the advantages?

In theory, it sounds like a wonderful idea, and could save a lot of time and hassle at the hospital, or if a patient is seeing several practitioners at once.

Imagine not having to ask a doctor for copies of test results to take to another practitioner.  Perhaps you like the idea that it can save you from having to keep files at home.  Both of these are very valid advantages.

Why are people opting out?

The Australian Government has given the public the opportunity to opt out of My Health Record, with the deadline now set for 31st January, 2019.

There are different reasons that people are giving for opting out.  Some don’t feel comfortable with hospitals and practitioners having access to all medical records, while others are concerned about the possibility of a security breach.

As a company dedicated to the security of private information, we’re going to discuss the second reason in a little more detail!

Data Breaches in My Health Record

How valuable is medical information?

Our medical data is diamond-level data for identity thieves, even more so than credit card details.  Consolidated medical records gives people access to more information than they could dream of – contact details, birthdates, family history, names…

This information sells for a lot of money, and hackers are quick to offload it to identity thieves for a nice sum.

Data breaches in My Health Record – is this really a risk?

In August 2018, the Government stated it will make changes to increase the security of My Health Record.  This includes police and government agengy’s not being able to access the information without the patient’s consent, or a court order.

Some members of the welfare sector have also expressed concern that non-custodial parents may be able to open a My Health Record for their children, which is particularly concerning in domestic violence or family law situations.

There are procedures in place in the event of a data breach.  The administrators of My Health Record must report a notifiable data breach to the Office of the Australian Information Commissioner (OAIC).

According to www.myhealthrecord.gov.au:

“…a notifiable data breach must be reported when data may have been accessed or viewed by someone who does not have appropriate authorisation. Errors of this type have occurred due to either alleged fraudulent Medicare claims or administrative processing errors.

A security breach occurs where the system or data is accessed by bypassing the security controls in place, for example if a person were to break the authentication controls and gain access to a record for which they don’t have authorisation.”

While those responsible for the security of data insist that the system it secure, we need to consider the impact, and look at other examples.

Singapore – data breach struggles!

The Singaporean Government has a centralised online medical database, very similar to My Health Record.  In July this year, hackers accessed 1.5 million health records in the database… including the Prime Minister’s.

While the Australian Government insists that My Health Record is secure and this should not be a concern to the Australian public, what this does is show that regardless of the level of risk, the impact could be catastrophic.

Poor habits in the health industry

The IAOC’s Notifiable Data Breaches Quarterly Statistic Report (1st April to 30th June 2018) cited 49 data breaches reported within the health industry for the quarter.  While this data doesn’t include any reports from My Health Record (these are subject to different notification requirements).

These data breaches affected tens of thousands of individuals.  Some were small breaches, some larger.  One of the data breaches affected up to 25,000 people!

Of these notifications, none of them arose from system faults, 59% were a result of human error, and the remaining 41% were due to malicious or criminal attacks.

These figures are alarming, and may be considered a sign that My Health Record security needs to be locked down tight before we proceed to the next level!

While they may not be direct data breaches in My Health Record, this does indicate a potential issue with data security within the health industry itself.  Some have suggested that the administrative practices within different organisations need to be addressed before data can be securely centralised.

 

At the end of the day, it is up to each individual as to whether they want to opt in or out of My Health Record.

iShred has been built on the belief that we have a fundamental right to the knowledge that our private information is safe, and that our lives shouldn’t be tainted by the actions of criminals.

On a smaller scale, you can make sure that all of your medical and health records are kept safe, and destroyed securely if no longer relevant.  This includes expired Medicare cards, as well as old referrals, prescriptions and invoices.

If you have obsolete records and documents that are no longer needed, iShred can help with secure document destruction.  Contact us today to find out more, or head over to our website or Facebook page to find out more about our popular Community Shred Days.

Data breaches in My Health Record

Sources:

www.myhealthrecord.gov.au/media-releases/statement-notifiable-data-breaches

www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics-reports/notifiable-data-breaches-quarterly-statistics-report-1-april-30-june-2018

www.abc.net.au/news/2018-08-02/my-health-record-still-not-safe/10063026