Avant statement on My Health Record
Avant supports the aims and potential benefits of the My Health Record (MHR) system which are to:
- Help overcome fragmentation of health information
- Improve the availability and quality of health information
- Reduce the occurrence of adverse medical events and the duplication of treatment
- Improve the coordination and quality of healthcare provided to consumers by different health care providers.
It is up to patients to decide whether the benefits of the system outweigh the risks (eg privacy and security risks) for them. If they believe the risks outweigh the benefits they can opt-out.
The system remains opt-in for health practitioners and it is up to each practitioner to decide whether they wish to use the MHR system for any of their patients. Practitioners need to weigh up the risks and benefits of the MHR for themselves and their patients. Potential risks for practitioners include medico-legal risks, such as the risk of incomplete information, or of not accessing information that may be available through the MHR system. Potential benefits include the ability to access relevant information about their patients of which they may not have been aware.
We have been involved in discussions about the MHR system (formerly the Personally Controlled Electronic Health Record) with the Department of Health, the National e-Health Transition Agency and now the Australian Digital Health Agency.
We are aware from these discussions that privacy and security is a key focus of the Australian Digital Health Agency’s attention.
The Australian Digital Health Agency has given the following assurances about the security of the MHR system:
- The MHR has the highest level of security and meets the strictest cybersecurity standards
- It uses a layered security model with multiple security controls in place to protect the information
- A range of security assurance activities are undertaken by the Australian Digital Health Agency to ensure that the security of the MHR is maintained.
- Only authorised users can access the system.
Cybersecurity is important for all organisations that hold data, particularly health data, and all organisations should take steps to ensure their systems are as secure as possible to reduce the risk of privacy and security breaches. Practices should take particular care as they are potential access points to the MHR.
Consumers should also take steps to ensure the security of their information in the system. They can place access controls on their record. They can choose to receive SMS notifications when someone accesses their MHR, and they can logon and view the access history log to see the access activity in the last 12 months.
A deterrent to unauthorised use of the MHR is that it is an offence to collect, use or disclose information from a MHR if a person knows they are not authorised to do so or they are reckless as to whether they have authority. Certain data breaches involving the MHR system must be reported to the Australian Digital Health Agency and the Office of the Australian Information Commissioner.