The breach of Medicare data that resulted in patient card numbers being sold on the darknet should not have any significant implications for the government rollout of My Health Record, says the peak body for general practitioners.
My Health Record will involve patient’s health information being uploaded to an online database.
In its submission to the Senate inquiry into the Medicare data breach, the Royal Australian College of General Practitioners (RACGP) said a Medicare card number alone would not allow access to a patient’s My Health Record.
“The authentication process for both the consumer and provider portals of the My Health Record are complex and have many layers of security,” the college said.
“Individuals can elect to opt out or can set strict privacy controls, enabling full control over third-party access to personal information. A clear and targeted consumer communication strategy will be important during the implementation of the opt-out My Health Record System to allay any fears of identity theft and connection with this recent data breach.”
My Health Record will be in place for every Australian by 2018, and people will have to opt out if they don’t want their information uploaded and shared between doctors, hospitals and other health practitioners.
The Senate inquiry was announced following a Guardian Australia investigation which in July revealed that a darknet vendor on a popular auction site for illegal products was selling access to anyone’s Medicare card details. The seller used an Australian Department of Human Services logo to advertise what they called “the Medicare machine”.
The Racgp told the inquiry that the government’s response to the data breach was appropriate. This is in contrast to a submission from the University of Canberra’s Centre for Internet Safety, which described the government’s response as “disappointing, confusing and often contemptible” and risked leaving Australians weary and distrustful of My Health Record.
The Australian Digital Health Agency said the successful rollout of My Health Record One was essential, with one in three general practitioners seeing patients who were unable to provide adequate health information, including Medicare card details.
“Many patient records are created as paper files which are regularly transmitted between healthcare providers using unsecure email, fax machines and by post,” the agency’s submission to the inquiry said.
“The My Health Record system provides significant benefits to Australians. Benefits include avoided hospital admissions, fewer adverse drug events, reduced duplication in diagnostic tests, better coordination of care for people seeing multiple healthcare providers, and better informed treatment decisions.”
Timothy Pilgrim, the Australian information commissioner and the Australian privacy commissioner, said that his office only became aware of the data breach when alerted to it by a Guardian journalist in July.
“The department briefed my staff about its initial response, including the referral of the matter to the Australian federal police for criminal investigation,” his submission said.
He wrote that security of personal information was essential to ensuring public trust and confidence in the government’s handling of personal information.
“This is important as the Australian community is increasingly aware of privacy issues, especially in light of new technological advances and information sharing initiatives. People expect government to act transparently when handling their personal information and to keep that information secure.”
While surveys revealed 58% of people scored state and federal governments highly in terms of trustworthiness, this was still below banking and finance institutions (59%) and significantly below healthcare providers (79%), Pilgrim said.
The inquiry will report its findings to the government by 16 October.