Your Medical Records Exposed… Confirmed!


As I predicted in February 2016, your personal health record is being exposed, with or without your full knowledge. The Federal Government’s new $2bn national patient electronic health record system rollout is at full throttle.


This potentially means others have electronic access to your mental health, drug and alcohol abuse, sexually transmitted disease, domestic violence, and other sensitive information.

Do I opt out?

We have a saying’ ‘if in doubt opt out’. Indeed, you may wish to do this, but only after you have thoroughly researched how this may affect you or a loved one.

If you have any doubts, you need to opt out now before the three month deadline or an automated record will be created for you.

If you do opt out your records will not be deleted if you have opted in by default or with your permission – see Opt-out e-health records won’t be deleted

No warning?!

The Australia Card has arrived, amid controversy. It can give insurers, the ATO, researchers, police and Courts access to your personal information for up to 130 years: see My Health Record still not worth its $2b investment.

Our primary concern is the lack of a national TV, radio and print media campaign informing patients about the card and its implications. This is putting unnecessary pressure on your family GP.

The current system has its challenges so we are still not clear how useful or safe it is for anyone to use. Concerns include, and are not limited to, the fact that your health record may be open to misinterpretation. There are no internationally accepted and commonly agreed guidelines on how this data is collected and used. This is a fundamental flaw.

Currently, no internationally accepted and commonly agreed guidelines exist anywhere in the world. We question the quality and validity of the information collected: see No peer review for more information. Consideration of the quality and validity of the information collected would have been a useful starting point before spending $2bn on software programmers.

            This affects you! – what should you do next?

Every person in Australia is affected by this.

We recommend that you tell your doctor or practice whether you want your Government to have access to your records. Some key questions you should ask:

  1. What is the benefit?
  2. What are the costs and risks?
  3. Who is ultimately responsible if there is a privacy breach?

Make sure you confirm everything in writing before you decide. Also put your request in writing.

Forward this email to your local practice.

Now is the time to stick to your regular local General Practice if you want to ensure control of your sensitive patient records. Can you imagine having to contact all the GP’s you have visited in the last 2 years?

The bottom line is your local GP is being provided Government grants to upload your data. This comes at a significant cost particularly if you pay nothing to see your doctor.

What should practices do next?

            Practices need to have a position

Practices should offer patients a choice. It is an opportunity and not a problem. It is tempting, due to the long Medicare Freeze on patient rebates, to play catch up and proactively encourage patients to give permission to upload their records.

To avoid a patient backlash, you should consult patients first. Some may in fact take offence and complain that they were not consulted, or they may take other action, regardless of whether it is your fault or not. Be proactive and run your own education program.

Use the media reports as a new opportunity to encourage patients to remain with the practice and maintain continuity and convenience.

          Step 1 -Do your homework

Practices need to prepare some stock standard answers for patients for use in waiting rooms, in-house TV message boards, websites, messages on hold, emails and any other communication devices. Texting all patients may be a good option.

Practices need to confirm the medico-legal implications of the information they give and consult their insurer in relation to any concerns in writing.

For more information visit My Health Records Frequently Asked Questions.

            Step 2 – Decide whether to offer a fee paying opt out solution

There is a significant, new, compliance cost associated with consulting every patient in a practice. An annual $20 opt out administration fee per patient to offset this cost could be appropriate.

Practices have an economic dilemma.

The Medicare freeze has put pressure on practice sustainability. This is the thin edge of the wedge. It has been mooted for all General Practices that in 2018 the current PIP grant criteria will be completely replaced, with the number of patient medical records uploaded as being the primary criteria.

Introduce a $20 annual opt out administration fee

You may, as an alternative, ask your patients to pay an annual $20 ‘opt out’ administration fee to the practice to cease uploading their medical records. This revenue should go towards replacing the loss of any PIP grant funding. This will enable practices to maintain their bulk billing profile and reduce the impact on the quality of services offered.

To gauge how patients may react, we conducted a quick straw poll with interesting preliminary results in our February 2016 article called Your Private Medical Condition Exposed.

Below are some results from the poll:


If you would like more people to vote on this issue, share this article Your Private Medical Condition Exposed. We will report the results, or you can see them live.

The take home message is that patients should not be forced to opt in or out, until they feel the system is safe and it is worthwhile to opt in.


7 comments on “Your Medical Records Exposed… Confirmed!”

  1. As a healthcare professional I would hope u consider your duty of care to communicate facts not opinion…..absolute sensationalism

    1. I have the facts there are no secondary permission protocols in place or published. What part is sensationalist is difficult to respond to when your point has not been made clearly. I am happy to respond accordingly.

  2. Reblogged this on Dr Thinus' musings and commented:
    This has significant implications on GP as a business – recent press releases showed that 20% of ePIP registered Clinics had failed to meet their upload targets and were forced to repay about $11 million to the Government.
    The system still has limited clinical use so it falls back on Owners to try and upload enough patients to meet the targets set by the Government as Contractors and Employee Docs could not care less.

    The carrots have turned into a very big whipping stick

  3. Reblogged this on karenpriceblog and commented:
    Great thoughts from David Dahm on the opt out issues related to the My Health Record. The ethics on the consent processneed to be examined very closely imho. Not withstanding the secondary use of your private health data does not have a framework around it as yet. Consent seems therefore flawed.

  4. Excellent work David. The ethics around consent for this process are questionable. The process and secondary use of private data are opaque at best.
    Thanks for this.

Leave a Reply to DrKP Cancel reply