How to control the settings for secondary use of your My Health Record data

Now that over ninety per cent of Australians has a My Health Record, we need to start using it. That also means becoming familiar with the dashboard and settings. Most people are not aware that they can control who sees what information in their record.

For example, you have the option to switch off secondary use of data. Secondary use is when third parties use your health information for purposes not directly related to your care.

This includes public health policy development and research – but also many other purposes. If you want to know more, read my blog post about this topic.

When a new MyHR record is created, your data will automatically be shared for other purposes. If you do not want this, you need to click the ‘do not participate’ button.

Unfortunately, this button is not available under the ‘privacy & access’ tab where it should be so it may be hard to find. Look for the button at the bottom of the ‘profile & settings’ tab (see screenshot below).

Secondary use of My Health record data

It is your choice to share or not share your data. There is also a helpful video available with instructions on how to control settings for secondary use of data.

My Health Record: what’s next?

The end of the My Health Record opt-out period is in sight. Unless the government decides otherwise, next month the vast majority of Australians will have a digital national shared health record. What’s next?

A while ago I saw a patient who was passing through my town, on her way home from Cairns to Sydney. She had been seen at the emergency department in Cairns and was told to visit a GP for follow-up. She had no hospital letter or medical records but with a few clicks I was able to get access to the hospital discharge summary through the My Health Record, which included results of blood tests, ECG and chest x-ray, and I could see what medications were prescribed.

This is a rare example of the benefits of the MyHR; once the system will be used at a larger scale this could become an everyday reality.

The Australian Digital Health Agency (ADHA) says that about 1.14M Australians have opted out and apparently the opt-out rate is slowing down. At the same time others are signing up and there is an expectation, based on the opt-out trials, that many of those who opted out will eventually opt back in.

The Australian My Health Record is a compromise between a consumer record and a clinical record. This means that there will always be people in both camps who are not completely satisfied. Despite everything we’ve come a long way.

Work in progress

The My Health Record, currently in version 9.4.2, continues to evolve. Looking back over the years progress has been slow but significant.

For example, the software is far less clunky these days; accessing a record or preparing and uploading a shared health summary can now be done within seconds; we got rid of the dreadful participation contracts; there is a secondary use of data framework and users can choose to opt-out of secondary use of their data.

It is expected that more pathology and imaging providers will come on board next year and the legal framework will be further adjusted to improve privacy of Australians, including complete deletion of data if people decide they don’t want a record anymore.

Awareness?

According to ADHA over 87% of Australians know about the record and more than 85% of general practice is registered.

It is likely though that this awareness is rudimentary despite hundreds of engagement activities by the agency and Primary Health Networks (PHNs). Most Australians will not be aware that they have control over who-can-access-what in their records and how to change the privacy settings.

The RACGP has held many PHN-based peer-to-peer workshops across the country as well as webinars for general practitioners and staff, and around 2000 people attended – which is a lot but probably not enough. Most non-GP specialists are not yet on board.

Then there are still the concerns about for example privacy, workflow and accuracy, many of which are summarised in this year’s senate inquiry report. It appears there is still work to do.

The next stage

The agency has started preparing for the ‘post opt-out period’. As it stands around mid December empty shell records will be created, and activated once accessed by providers or consumers.

ADHA says the aims of the next stage of the consumer campaign will be maintaining awareness, taking control of the My Health Record and encouraging consumers to discuss the MyHR with providers.

The provider campaign will focus on the expected benefits including improved efficiency, such as less search-time, and better health outcomes – although skeptics will question the latter claim by the agency.

There will also be a focus on getting specialists on board, aged care access, improved family safety and child protection and education for vulnerable consumer groups.

International review

Meanwhile ADHA has released an international review of digital health record systems. The findings show that the Australian MyHR empowers consumers to access and personally control their information, including what’s in it and who can see it.

ADHA emphasised that, although many countries have laws that allow users to view their health information, only Australia and a limited number of other countries allow citizens to control who sees their information and request corrections to their own health data.

The MyHR PR machine is in full swing. It will be interesting to see what the response to the senate inquiry will be and what happens next year. I hope the momentum of recent times will continue.

What needs to change?

From a usability point of view the wow-factor is still missing and although that’s nothing new in healthcare, some work in this area would go down well.

For example, it would improve workflow and safety if doctors could download MyHR information not just as PDF but import new medications straight into a local medication list.

The secondary use of data framework is fairly broad, and could be tightened up a bit further. Many have commented that the messaging around the MyHR should be less promotional and more about benefits versus limitations – but I’m not holding my breath here.

What change do you want to see?

Details have been changed in the case above to ensure patient confidentiality.

It’s not just the My Health Record we should be concerned about

It’s often been said, the Australian My Health Record is not a finished project. It is evolving and has, indeed, lots of potential to improve and streamline patient care. Sadly, the privacy issues that have haunted the project for years still seem to be unresolved. And when it comes to secondary use of patient data, there’s more to come from a different direction.

Back in 2013 I wrote this in a blog post about the My Health Record, then called the Personally Controlled Electronic Health Record or PCEHR:

“The PCEHR Act 2012 states that the data in the PCEHR can be used for law enforcement purposes, indemnity insurance purposes for health care providers, research, public health purposes and ‘other purposes authorised by law’. This is far from reassuring. There are many grey areas and unanswered questions. There are too many agendas. The PCEHR should first be a useful clinical tool to improve patient care.”

Five years later and there are still ambiguities about when, how and for what reason law enforcement agencies and other non-medical parties can access the national My Health Record system. This should have been crystal clear by now. Here’s is what I posted in 2015:

“(…) at the moment the information in the PCEHR may be used by the Government for data mining, law enforcement purposes and ‘other purposes authorised by law’, for up to 130 years, even after a patient or provider has opted out. (…) The legal framework should be reviewed, and any changes must be agreed upon by consumers and clinicians.”

When asked about this issue at yesterday’s Press Club AMA president Dr Tony Bartone indicated that he is prepared to push for legislative amendments to improve the confidence of Australians in the My Health Record.

I was glad to hear this. I’m all for amendments of the My Health Record legislation but at the same time the Department of Health is on a journey to get its hands on GP patient data – and this is unlikely to change.

For example, the Department of Health is preparing a new data extraction scheme, to be introduced in May 2019. To remain eligible for practice incentive payments GP clinics have to agree that de-identified patient data will be extracted from their clinical software by, perhaps, Primary Health Networks. From there the data may flow to, possibly, the Australian Institute of Health and Welfare, the organisation responsible for the secondary use of data in the My Health Record.

If this scheme goes ahead, government organisations will begin to take over data and quality control of general practice. The argument will be that it is in the interest of the health of the nation. Perhaps it’s my well-worn tin foil hat, but I have a sneaking suspicion what I will be blogging about in the years to come.

Why your GP doesn’t have a Facebook sharing attitude

The success of Facebook is based on sharing content with friends and family. I’m a fan of social media but in healthcare sharing of information is often a no-go zone.

Doctors don’t like sharing patient information with third parties for various reasons: they have sworn an oath, must adhere to a code of conduct and have an ethical and legal obligation to safeguard the privacy of their patients.

The patient-doctor relationship is built on trust: patients need to feel safe to share their concerns with a doctor. Unfortunately in Australia there are a few worrying cracks in the system, such as the access of insurance companies to health records.

Life insurance industry

Last week I had the opportunity to present the concerns of the Royal Australian College of General Practitioners (RACGP) at the Inquiry into the Life Insurance Industry of the Joint Parliamentary Committee on Corporations and Financial Services in Canberra.

The issue is well summarised in this ABC News article ‘Doctors resisting health records being sent to insurance companies’. Based on feedback from GPs, the RACGP recommends in its submission into the inquiry that insurers should not be allowed to ask for full patient health records.

This is an example of inappropriate sharing of information with a third party (which differs from sharing between health professionals) and can have serious ramifications.

Inquiry in Life Insurance Industry
Last week I had the opportunity to present the RACGP submission at the Parliamentary Inquiry into the Life Insurance Industry.

5 reasons not to share

There are five reasons why third parties such as insurance companies should never have access to health records:

# One

People often don’t understand that ticking a box on the life insurance application form means that insurers can have access to their health records, including confidential information that has been shared with doctors, often over many years, and may not be relevant to the insurance company.

In the experience of GPs many people withdraw their consent once they are aware of the possible repercussions, and in some cases discuss with their GP to submit a targeted, more relevant medical report instead.

# Two

The therapeutic trust relationship between a GP and a patient could be affected.

Patient knowledge of the issues they may face after disclosing symptoms or seeking treatment, particularly for mental health issues, is likely to discourage disclosure and help-seeking, which adversely affects patient wellbeing.

# Three

Understanding that medical records can be requested by an insurer may lead GPs to under-document or under-identify patients at risk in efforts to make sure the patient’s access to insurance is not affected.

GPs have advised that they feel they are placed in a difficult situation where they need to ensure adequate documentation of their consultation with patients while also considering the broader impact this may have on their patient. This in turn may have medicolegal ramifications for doctors.

# Four

Insurers not only have access to but also store thousands and thousands of health records. This raises all sorts of questions with regards to data usage and standards around security, privacy and confidentiality.

# Five

Many GPs are concerned about the risks of misinterpretation by insurers when reviewing a patient’s consultation notes.

Medical consultation notes are a comprehensive written record of concerns, symptoms, examinations, investigations, treatments and planned reviews. They function as an aide memoir and are not made for the assessment of risk for insurance purposes.

Suggested solutions

There should be a tightening of the requirements around requests for full medical records by insurers. With patient consent, doctors should only be asked to provide a targeted and relevant report to the insurer.

There is also a clear need for greater patient education on consent and the release of health information to insurance companies.

Warning: digital challenges ahead

There were a few interesting tech news facts this week. I thought this one was interesting: a Dutch campaign group used a drone to deliver abortion pills to Polish women, in an attempt to highlight Poland’s restrictive laws against pregnancy terminations.

There was scary news too: a private health insurer encouraged its members to use a Facebook-owned exercise app to qualify for free cinema tickets. Not surprisingly, Facebook was entitled to disclose all information shared via the app, including personal identity information, to its affiliates.

But there was also this: Telstra has launched its ReadyCare telehealth service. For those willing to pay $76, a doctor on the other end of the phone or video link is ready to care for you. No need to visit a GP or emergency department.

The telecom provider will offer the service to other parties like aged-care facilities and health insurance funds. Telstra is aiming for a $1 billion annual revenue.

Digital revolution

Digital developments increasingly create new opportunities, challenges and risks, but we have yet to find ways to incorporate the new technologies in our existing healthcare system.

In an interview in the Weekend Australian Magazine Google Australia boss Maile Carnegie warned that the digital revolution has only just started and that Australia is not ready for the digital challenges ahead.

Carnegie said that 99% of the internet’s uses have yet to be discovered and although Australia is the 12th largest economy in the world, it ranks only 17th on the Global Innovation Index.

She said that Australia has become a world expert at risk-minimisation and rule-making. Unfortunately this seems to slow down innovation.

“We are either going to put in place the incentives and the enablers to create the next version of Australia as a best-in-class innovation country or we’re not,” she said. “And I think it’s going to be a very stark choice that we have to make as a community.”

Who’s taking the lead?

In the last ten years we have seen major progress in for example mobile technology, but my day-to-day work hasn’t changed much. Healthcare has difficulty harnessing the benefits of the digital revolution.

Is the industry leading the way and letting governments, software developers and other parties know what is required? Do we have industry-wide think tanks to prepare for the near future? Have we listened to what our patients need and expect from us in the 21st century?

The benefits of consumer online access to health records

Consumer access to electronic health records may not be far off. In the not-so-distant future people will look up their file from home or a mobile device. They will also be able to add comments to their doctor’s notes.

In its current version the Australian PCEHR allows limited access, but the US OpenNotes record system has gone a step further by inviting consumers to read all the doctor’s consultation notes.

Pulse+IT magazine reported that 18 percent of Australian doctors believes consumers should be able access their notes; 65 percent would prefer limited access and 16 percent is opposed to any access at all.

What are the pros and cons? Here are some of the often-mentioned arguments:

Pros

  • Improved participation and responsibility
  • Increased consumer’s knowledge of their health care plan
  • Better self-management
  • Consumers can read their notes before and after a consultation as reminder
  • Consumers can help health practitioners to improve the quality of the data, eg by adding comments
  • Consumers can better assist practitioners in making fully informed decisions

Cons

  • Consumers may interpret the data incorrectly creating unnecessary concerns
  • Increased risk of security breaches and unauthorised access
  • Unwanted secondary use of the data by eg insurance companies or governmental organisations
  • Practitioners may need to change the way they write their notes
  • Increased workload

An article in the New England Journal of Medicine reported that OpenNotes participants felt they had a better recall and understanding of their care plans. They also felt more in control. The majority of consumers taking medications reported better adherence. Interestingly, about half of the participants wanted to add comments to their doctor’s notes too.

Most of the fears of clinicians were, although understandable, ungrounded:

  • The majority of participants was not concerned or worried after reading what their doctors had written (many just googled medical terms and abbreviations)
  • Consumers did not contact their doctors more often
  • A minority of doctors thought OpenNotes took more time, others thought it was time-saving

According to the OpenNotes team transparent communication results in less lawsuits. I couldn’t find any information about the security risks of the system.

Overall, consumers were content: 99% percent preferred OpenNotes to continue after the first year. Doctors were positive too, see this video:

Culture change

Consumers have the right to know what information is held about them, and they have the right to get access to their health records. Online access therefore seems to be a logical step to exercise these rights. Although the PCEHR allows consumers to see a summary, the consultation notes cannot be viewed. OpenNotes is about sharing all consultation (progress) notes between a consumer and his/her practitioner.

I believe there are 3 trends happening that will push this development:

  • The culture of sharing data online
  • The increasing consumer participation in health care
  • Evolving digital and mobile technologies

The 3 main reasons why it will not happen overnight:

  • An attitude change towards full access takes time
  • Security and privacy concerns
  • Lack of incentives for software developers and practitioners

Improving transparency 

Online access to electronic records (viewing and commenting) will boost transparency. It will change the interaction between consumers and practitioners and may even improve quality of care. I’d love to see more trials and experiments in this area. What do you think?