Ready or not, here comes My Health Record. And along with it, data privacy concerns from businesses and consumers alike.
While businesses will not often deploy nation-wide health record databases, the recommendations and feedback being given to the team behind the upcoming system should be carefully considered by all those who would store any personal information of customers and clients.
My Health Record is to be a system to record information such as current and past medications, medical conditions, allergies, etc. in a centralised system that can be accessed by any authorised medical practitioner. This record will be created for all Australians in 2019, unless they have opted out within the (recently extended) opt-out period.
It is in these opt-out figures that we can see the concern of many Australians as to how safe their data is when stored in a system largely out of their control. As at October, over 1.1 million had opted out, and enough attempted to opt-out last week that the system’s website suffered outages throughout the last day of the original deadline.
This large number of opt-outs clearly show the importance of both providing secure systems and making it obvious to users that every precaution is being taken to keep their personal data safe. Though the system may greatly aid in providing medical care, and has the full backing of the Australian Medical Association, the inability to convince all users of its security means none of those opting out will reap its benefits.
The AMA’s continued backing of the system is affording them the ability to make recommendations – and they have made many suggestions that at their core are very important fundamentals to data security to further protect the system.
Per the AMA’s report on November 15, amendments primarily focused on who will have access to a patient’s data – which is always important to consider. All systems should be secured against access from those unauthorised, but who actually receives authorisation should also be scrutinised and closely controlled.
Further amended by the AMA was the prevention of de-identified data being given to third parties for research purposes. Sometimes allowing third party access to data is important, but this should always be carefully considered and only implemented when absolutely necessary.
These key points are principles that all systems storing personal data should incorporate, and will continue to shape My Health Record into the most secure system that it can be.
For a holistic review of how securely you’re keeping your clients’ personal data and whether their trust in you and your systems is well deserved, contact the Altitude Innovations team before you too have customers ‘opting out’ over privacy or security concerns…
