Australia, Melbourne — Monday 26 August 2019 — EFA, Future Wise, Digital Rights Watch and APF today call again for a comprehensive review of privacy provisions for healthcare data.
Following the HealthEngine scandal in 2018, and the recent use of Pharmaceutical Benefits Scheme (PBS) data to assist recruitment into research on Bipolar disorder, a Twitter user on Friday 23 August shared a SMS message attempting to recruit him into a clinical trial.
This appears to have occurred through the use of Precedence Healthcare’s InCa (Integrated Care) health platform. Research by members of digital rights organisations today revealed that sensitive patient details—including contact details, demographics and complete medical histories—can be shared with a wide range of partners, including, it appears, private health insurers.
Dr Trent Yarwood, health spokesperson for Future Wise and a medical specialist, said “Secondary uses like this are a very ethically murky area. People don’t generally expect to have personal details from their healthcare providers made available to anyone, even if well intentioned.”
The terms and conditions of the application include access to data from myHealthRecord. “While the My Health Records Act includes privacy provisions, once this data is accessed by an external system, these provisions no longer apply,” continued Dr Yarwood. “I’m very concerned that practices making use of this system are not aware of just how widely this data can be shared—and that they are expected to fully inform patients of the nature of the data use,” he concluded.
“This kind of barely-controlled data sharing is only possible because of how little privacy protection is provided by the current legislation,” said Justin Warren, Electronic Frontiers Australia board member.
“People have made it clear time and time again that information about their health is extremely personal, private, and they expect it to be kept secure, not shared with all and sundry,” he said. “What people think is happening is quite different to what actually is, and these companies are risking catastrophic damage to patient trust with their lust for data.”
“If you found out your doctor was sharing your full medical history with private health insurers, or the police, would you keep seeing them?” he added.
Robust privacy protections are needed for all Australians, such as by finally giving us the right to sue for breach of privacy, requiring explicit consent for each disclosure of medical or health data to a third party, and proper auditing of record-access that is visible to the patient. It is imperative that the risks of health data sharing receive greater attention.
Electronic Frontiers Australia is the premier voice for digital rights in Australia. Established in 1994, EFA is independently funded by members and donations. For more information about EFA, see https://www.efa.org.au
About Future Wise
Future Wise is an independent policy and advocacy organisation, focusing on technology, health, and education; and is a strong voice for digital privacy in Australia. Further information about Future Wise is available at their website: https://futurewise.org.au
The Australian Privacy Foundation is the primary association dedicated to protecting the privacy rights of Australians. The Foundation aims to focus public attention on emerging issues which pose a threat to the freedom and privacy of Australians.
For additional information about APF see https://privacy.org.au
About Digital Rights Watch
Digital Rights Watch strategically defends digital rights in Australia to ensure that Australian citizens are equipped, empowered and enabled to uphold their digital rights.
For media contacts download the media release