I’m operating this morning so may have to halt this tweet stream midstream but want to talk about My Health Record and #optoutMHR.
By way of disclosure, I was invited on an ADHA Committee about MyHR last year. It’s unpaid & I’ve never attended because I’m already fully booked with patients when they announce the meeting dates. Also, I’m an AMA Federal Councillor. The AMA is broadly in favour of a national
medical record, but I make these tweets as a private citizen & surgeon, not because I’m AMA affiliated. Also, I did a project on MyHR last year with non-directed funding from @avantmutual - a practice grant that supported a study into MyHR implementation in specialist practice.
If anyone wishes to see the resources that were created in that study they’re at melbournehandsurgery.com/35-mhs/268-my-…. The study write up has been submitted for publication so I can’t release that yet. But suffice to say it discusses Issues.
Back now.
It seems that some of the concern expressed in recent days reflects that people hadn’t realised that free healthcare isn’t exactly free. By which I mean, if you accept Medicare rebated services (or private health insurance rebated services) then an organisation
It seems that some of the concern expressed in recent days reflects that people hadn’t realised that free healthcare isn’t exactly free. By which I mean, if you accept Medicare rebated services (or private health insurance rebated services) then an organisation
automatically opens a file on you. And if there is a file, then there are privacy concerns. And there can be privacy leaks.
Please don’t make an incorrect assumption that I’m blasé about privacy leaks in healthcare. I’ve had my pathology info faxed to a colleague, and more. So angry about that. But stuff happens. Death & taxes, as the saying goes.
The misconceptions I’ve seen about My Health Record include that it holds lots and lots of information. Almost as though it takes reams of hospital & GP & other notes & puts it in a medical file. It doesn’t. Currently one of the problems is the lack of information in MyHR.
Those who are choosing to #OptOut report extreme concerns if they discover that they or their child already have a MyHR and that it can’t be deleted. There have been suggestions that information put on MyHR can’t be deleted.
When a MyHR is created it includes (at the start) your Medicare & PBS data. That’s the data that the government already has about you. That’s why the government agency can upload it to a file on you.
The government doesn’t upload information that’s in your medical file at your GP or from day surgeries or hospitals where you have been treated. “They” don’t have that.
If I upload an Event Summary for you after you have an operation in private under my care, I upload it with your consent & only if you have an existing MyHR. If you don’t like the content you can ask me to delete it, & I will (& can).
You can have privacy settings on your MyHR so that the first time I access your MyHR you get an SMS. And you can set a PIN so that I can only see the info if you provide me with that PIN.
My administrative staff can’t see whether someone has a MyHR or not, because you need to have a HPI-I (a number only AHPRA-registered healthcare practitioners are given) in order to access MyHR.
Sometimes I can’t determine if a patient in front of me has a MyHR even though I have all their demographic details, as if there are errors (eg DOB or address or name not entered correctly at either end) then the system doesn’t “match”.
In the study that I did that meant trying to work out where the error was, and trying to fix it. Under normal conditions it means I tell the patient that I can’t access it & I ask her/him if they have a MyHR.
Some of my patients think they have a MyHR but they don’t.
Some of my patients have a MyHR but don’t want an Event Summary uploaded. Actually, so far n=1 on that.
I have a MyHR. I don’t assume that it is unbreachable. I don’t assume that my credit card data is unbreachable. I know that a certain path company faxed my path results to a colleague & didn’t record why (so couldn’t explain). I think my confidentiality is more likely to be
breached by a colleague or healthcare organisation than MyHR.
I also know that I’ve recently made 5 separate requests to a public hospital to obtain medical records on a patient I’m treating, to obtain information needed to determine what treatment I can offer them.
I also know that I’ve recently made 5 separate requests to a public hospital to obtain medical records on a patient I’m treating, to obtain information needed to determine what treatment I can offer them.
Each request has resulted in some more information being faxed. I still don’t have what I need. Some is illegible. The x-rays that I can access with a login paint a better picture than the medical notes obtained.
Trying to track down radiological investigations that patients
Trying to track down radiological investigations that patients
have had prior to seeing me is a daily task for me and for my staff. Patient recall of what tests were done, & by what provider, is imperfect at best. I try hard not to repeat tests that have been done elsewhere, & to obtain relevant information, but sometimes I can’t.
In an ideal world a patient would see the same GP & be referred with all the relevant information. But unfortunately many individuals don’t have a regular GP. Don’t remember the name of their surgeon. Or where they were treated. Or what test they had.
They certainly don’t know what brand of screws were used in their fracture surgery. That’s information I put in an Event Summary, in case it is relevant down the track. I gather radiologists would find it useful if prosthesis data was included & readily accessible in MyHR.
If MyHR was known to contain prosthesis data and Advanced Care Directives (it doesn’t come with those as standard, just as the PIN & privacy SMS aren’t standard) then many people might see value. But MyHR isn’t fully developed in the sense of what it contains, & how it is used.
This week has also shown that the communication about MyHR - what it is and what the privacy implications are - hasn’t been what it needs to be for many people to feel that it’s something they wish to be a part of.
If you’re wondering what I had to do, as a healthcare practitioner, in order to gain access to MyHR, so that I could look up MyHR files for patients I am treating, and upload Event Summaries:
Firstly, I had to prove to the government that my business is a registered actual business. Certified documents. Then they issued me a digital certificate to install. Then I found out & entered my HPI-I number to my practice software.
I also established a variety of policies & procedure documents. In order to access your MyHR I need some key pieces of demographic data, & I have to be at my password protected computer, logged in to the password protected software as me.
If I access your MyHR for kicks (which I wouldn’t do because looking at the medical records of someone you’re not treating is the wrong) then there’s a record of that and I can be fined and jailed.
And if you’ve set an SMS notification and a PIN then chances are you’ve notified the ADHA before I’ve worked out your PIN, so I get fined/jailed/deregistered & I’ve not even seen your data.
It is valid to have security concerns, and valid to #optoutMHR, but also worthwhile considering whether MyHR is “worse” than Facebook, or Twitter, the ATO, VicRoads, your bank/GP/hospital/pathology provider/home security/telecommunication provider.
There is a valid argument against an #optoutMHR. I am not arguing for an opt out system. I am not telling anyone that they shouldn’t opt out.
I will say that I don’t think the argument “the government bungled the census so I don’t trust them to manage MyHR security” doesn’t make sense to me.
If my patients want me to upload a pathology result in an Event Summary to their MyHR then I will do that. If they want me to print it on a piece of paper then I will do that.
If they want me to upload a Specialist Letter then I will apologise and say that I can’t because my software vendor hasn’t built that functionality into their system, even though MyHR has.
We’re still at an early stage with MyHR. Although it’s also 4 years since I had a patient in front of me who seemed peeved that I could not access his carefully curated MyHR.
And I think it will be years before most public hospitals have options for their doctors to access MyHR. At least here in Victoria, where we are not particularly progressive when it comes to MyHR but nonetheless have a highly optimistic #SafeScript implementation plan.
I heard last year that I’m one of two specialists in Australia who regularly upload to MyHR. Most doctors don’t & can’t upload to it. Even many hospitals that are listed as ‘able to connect’ can’t use it. And there is an onus on every practitioner who uploads information to do
so in an appropriate manner, following local policy/procedure. Otherwise complaints will flow, they’ll be obliged to remove the upload & they will suffer the consequences.
There is still much work to be done, but also much misinformation. I hope that this thread has helped you, and thank you for making it this far.
