My Health Record: Former digital transformation head raises concerns about security of online system
18th July 2018
The man appointed by Malcolm Turnbull to transform the Commonwealth’s digital public services has said if he was Australian he would probably opt out of the Government’s controversial online health database.
- Former head of the Government’s Digital Transformation Agency says he would “probably” opt out from My Health Record
- Critics say the database is a tempting target for hackers
- Around 20,000 people decided to opt out on Monday
From this week, Australians have three months to opt out of My Health Record, which gives people an online summary of their health information.
But privacy advocates have ramped up their attacks on the database and are urging Australians to steer clear of it.
Paul Shetler, the former head of the Government’s Digital Transformation Agency, is not an Australian citizen but told the ABC if he was he would “probably” withdraw from My Health Record.
He said he took issue with the way My Health Record required users to arrange their own security settings, rather than defaulting to a more private set-up.
“I think it’s problematic. Those kind of security settings kind of make sense for an opt-in system … but when it becomes an opt-out system, and you find out all your data is on there, ‘oh, and by the way it’s all being shared’, well, no — I think that’s one of the flaws,” Mr Shetler told RN Breakfast.
Some academics have warned the database presents a tempting target for hackers. They also say private health apps will be able to mine the database for information, despite legislation that says patients must give their consent.
Last month the ABC revealed that Australia’s largest doctor appointment booking service, HealthEngine, had funnelled private medical information to law firms searching for clients who might want to file personal injury claims.
Government maintains ‘any Australian’ can choose to opt out
Health Minister Greg Hunt was questioned about the security of the My Health Record system this morning, and maintained that “any individual Australian” had the ability to opt out of the system if they had any concerns.
“They don’t have to be part of the system, nobody has to be part of it. But everyone should have the right to their own records,” Mr Hunt said.
“It’s their data, they own it, and for the first time they have access to it with total control as to whether or not they even want a record, or if so whether only they can access the record or if they want their doctors and their specialists to be able to access it.”
Mr Hunt also noted that since the My Health Record trial started six years ago, there had so far been no security breaches or problems.
Mr Shetler said the way My Health Record had been set up meant millions of Australians would be given an online record without realising that they would have to manually change their security settings in order to ring-fence their medical history.
“I think the security model is quite strange, the fact that your data can be accessed for things that have nothing to do for your health,” he said.
“Again, that might have made sense … when it was an opt-in system. But it’s not opt-in, it’s opt-out, and it’s kind of hard to opt-out.
“Then all of a sudden you find these weird loopholes.”
Mr Shetler said it was too early to predict whether My Health Record would become a “tech wreck”, but surmised the rollout was being dogged by many of the problems that had accompanied similar projects overseas.
While he has worked in the UK Government’s Digital Service, Mr Shetler made it clear he had not worked on the rollout of a similar system there.
“[The Australian Government] didn’t learn from the history,” Mr Shetler said.
“You don’t spring something on people and tell them ‘we’re going to be doing this’, with no preparation, with no clear understanding of what the benefits are, without having designed it around user needs and then with this weird security model.”
Around 20,000 people decided to opt out of My Health Record on Monday, when the withdrawal period began.
The Federal Government has pointed out that is a tiny proportion of Australians.
But Mr Shetler had a different assessment.
“They had to opt out under very difficult circumstances. They had to opt out after waiting an hour, and an hour-and-a-half on the phone to do that,” he said.
“If you were launching a new product and you had 20,000 people willing to wait for an hour-and-a-half on the phone, be put on hold, and go through an obscure process and they signed up, you’d say that’s a pretty amazing demand for that product. That’s a pretty successful product.
“Now reverse that.”
Mr Shetler, who left the Digital Transformation Agency in 2016 after about a year-and-a-half, has previously criticised the handling of the Government’s debt recovery system.