[LINK] MHR - letter to local paper

David dlochrin at key.net.au
Mon Jan 28 14:20:57 AEDT 2019


On Monday, 28 January 2019 10:45:51 AEDT Karl Auer wrote:

> If you have a My Health Record, the information in it will be available to any Government agency that wants it, for any reason at all. That includes the ATO, Centrelink and law enforcement. The legislation also makes clear that your medical information can be provided to commercial third parties.

I'm not convinced the following can be taken at face value but, for what it's worth, the agency claims the legislation "My Health Records Amendment (Strengthening Privacy) Bill 2018" ensures:
- see https://www.myhealthrecord.gov.au/for-you-your-family/howtos/frequently-asked-questions -

QUOTES
o   Which doctors and other healthcare providers can look at my health information?
Only healthcare provider organisations involved in your care, who are registered with the My Health Record System Operator, are allowed by law to access your My Health Record.  This may include GPs, pharmacies, pathology labs, hospitals, specialists and allied health professionals.

o   Can the police, Centrelink and ATO access my record?
Under new Health Record privacy laws, no information can be released to law enforcement or a government agency without your consent or an order from a judicial officer.

o   Can an insurance company or my employer access my record?
Under new laws, no-one is permitted to access, or ask you to disclose, any information within your My Health Record for insurance or employment purposes.

o   Can My Health Record data be used for commercial purposes?
Under new laws, the My Health Record system cannot be privatised or used for commercial purposes.  Only a government organisation will ever be able to manage the My Health Record system.
END QUOTES

However I detect the presence of weasel words in the second & fourth items quoted.

The second would have little force if some other piece of legislation gives a security agency, for example, unfettered access because a "judicial officer" would then have no choice.  And in any case, I wonder whether there are any limitations on the circumstances when access can be given.

The last point, as explained in that FAQ, doesn't distinguish between the system per se and the information it contains and doesn't explain what "manage" actually means - can the Health Department outsource the hosting of MyHealthRecord?

NSW has an act "Health Records and Information Privacy Act 2002 No 71" intended to regulate the whole general area which includes specific exemptions:

QUOTE
This Act does not apply to the Independent Commission Against Corruption, the Inspector of the Independent Commission Against Corruption, the staff of the Inspector of the Independent Commission Against Corruption, the NSW Police Force, the Law Enforcement Conduct Commission, the Inspector of the Law Enforcement Conduct Commission, the staff of the Inspector of the Law Enforcement Conduct Commission and the New South Wales Crime Commission, except in connection with the exercise of their administrative and educative functions.
UNQUOTE

Call me a cynic, but I'm out of it...

David L.




More information about the Link mailing list