Victorian government must ensure its proposed healthcare database has iron-clad security and privacy

Last weekend, The Age reported on a Victorian government plan, quietly unveiled three months ago, that would revolutionise the collection of the private medical data of every Victorian who has ever used public hospitals or health services.

Known as clinical information sharing (CIS), the plan allows the Department of Health and Human Services (DHHS) to gather and collate every patient’s medical records. The records will be stored on a government database and made available to clinicians as required. The database will include information such as clinical details, demographics, attendance information, medications, allergies and adverse reactions, discharge summaries and test results.

According to the proposal, CIS will be expanded over time to include information about treatment pathways, family and social history, and lifestyle factors. The department has also flagged extending the initiative to include patient details not only from public sources but also private hospitals, general practitioners, mental health systems and ambulance services.

The need for better sharing of medical data was highlighted in an independent report commissioned by the government in 2015. It followed several potentially preventable baby deaths at the Bacchus Marsh Hospital.

While this all sounds highly meritorious, there is one problem: unlike the federal government’s controversial My Health Record, it is not possible for anyone to opt out. About 10% of people have opted out of My Health Record, which is not unexpected.

Victorians will have no such option. True, they will have access to the data through an electronic portal, but they won’t be able to change anything or delete information.

This creates a dilemma for the government: even with the best motives, when it comes to anything to do with human services, compulsion is always a sticking point. One abandons the requirement of consent at one’s peril.

Read more: Why aren't more people using the My Health Record?

Let’s examine each side of the argument.

On the one hand, assembling all medical information of all eligible people from a broad range of sources into one database provides public hospitals and health services with an immediate and complete picture of any patient’s history. Health professionals will have quick access to medical images and laboratory results.

Indeed, it is sometimes impractical to obtain the consent of a person in emergency situations when treatment is required to prevent death, serious damage to health, or significant pain or distress. This is especially so when patients are not conscious and are not on record as having given any prior consent.

CIS is also designed to facilitate access to the information in a patient’s My Health Record, including information from other states and territories.

On the other hand, there are concerns.

While sensitive to the need for privacy safeguard mechanisms, the Victorian Healthcare Association strongly recommends there be a two-year pilot scheme before the plan is rolled out. This will help ease concerns the data will simply duplicate a lot of what is contained in the My Health Record system.

Others have been more scathing of the CIS proposal. In a blog on the Australian Health Information Technology site, a medical practitioner comments:

The idea of aggregating locally held clinical data from the private and public sector with the variably complete and timely data held in the #myHR is surely both overly complex and a uniquely difficult data management task – even if the private sector data was accessible. Of course, privacy, consent and data sensitivity issues seem not to even warrant a real mention and the claimed benefits are all pretty nebulous and unproven.

So where do we go from here?

The starting point is that governments must ensure no policy sacrifices our right to keep private what we would prefer to be private in the pursuit of a goal that can be attained by less intrusive methods. This has been the successful mantra of the drive to contain the COVID-19 pandemic.

Certainly, legislative protections are in place in Victoria for health information when it is handled by public and private sector organisations. There are general data privacy rights under the Privacy and Data Protection Act 2014, but this act does not apply to health records. The protections for these data are contained in the Health Records Act 2001, which is overseen by the Health Complaints Commissioner. It is a good system, but data protection is never completely foolproof.

Read more: Is the government's coronavirus app a risk to privacy?

Data leakage is the biggest risk to public confidence. The concern is that there are always risks associated with giving a broad range of service providers ready accessibility to highly sensitive personal records, which in turn might be used to discriminate, or even worse.

This information might include historical data concerning sexually transmitted diseases, pregnancy terminations, mental ill-health episodes, DNA tests and matters to do with family violence and child protection. This material can be highly embarrassing to some people. In the wrong hands (journalists, insurance companies, private investigators, personal opponents), it could be politically and personally damaging.

The CIS is a three-year initiative. The project is in phase one, and the DHHS is seeking feedback. The public will need assurances that CIS will be able to balance appropriately the public interest in the legitimate and essential use of that information with the public interest in protecting the privacy of health information.

If parliament is to amend the Health Records Act and abandon the requirement of consent, it will need to be rock solid behind data security assurances, and emphatic in its list of uses to which the data can be put. The Victorian government cannot afford to get this wrong.