Published on the 26/07/2018 | Written by Jonathan Cotton
Prudence, paranoia, or just bad PR? Everybody loses as the new national health database explodes on take off…
The sudden rush to opt out of the new My Health Record database reveals a paradox at the heart of public sector IT initiatives: How do you serve a populace that simply doesn’t trust you?
At a cost of AU$1.2 billion, it’s not cheap, but the intention is sound: To create a shareable management database that can be used by healthcare providers to access accurate patient information 24/7 to provide better care to patients.
“While the temptation to sneer is real, there’s something tragic about the failure of the My Health Record project.”
The basics of the system have been in place for six years now, and so far, a near six million users are already on board. But there’s the catch: Those users didn’t opt-in. Rather, the My Health Record database automatically populated with citizen data and if you don’t want to be part of it, the onus is on you to opt-out.
Sounds like a public relations disaster waiting to happen, right?
And now it’s happening, with 20,000 users opting-out last Monday, the first day of the opt-out ‘window’ (set to close October 15 this year).
Yup, it’s a mess, and it stands to reason that Labor is making hay of the disaster. Liberal backbencher Tim Wilson for example, has vocally withdrawn from the programme, adding with a flourish that his “instinctive position” as a liberal is that “systems should be opt-in and people should be able to freely choose to opt into a system rather than having to go through the process of opting out”.
For the record: Labor supports the eHealth initiative in both principle and application – but it’s the government’s handling of the rollout they’ve got an issue with and on that, they’ve got a point. The Australian government’s seemingly endless ability to crash IT projects is the stuff of legend – Centrelink robo-debt, the 2016 national census, et al. – and their handling of the current e-health initiative has done little to inspire confidence. (Let’s note here that even during the opt-out process itself, many users are reporting error messages while trying to withdraw from the service and now blind users are reporting similar problems).
And while the temptation to sneer is real, there’s something tragic about the failure of the My Health Record project. Of all the public services missing out on the benefits of digitisation, the health sector is surely one, and the public it serves – especially those more vulnerable elements – have the most to lose here.
So what’s with the exodus? Is it just another public relations fail?
Yes and no. The first and perhaps most acute issue here is the fact that the government doesn’t seem to demonstrate an appropriate level of respect for the private information of the public it serves. Sure, the government’s commitment to privacy is publicly stated and any violation of that trust would be a major public scandal, but for goodness’ sake, running the eHealth initiative as an opt-out only process doesn’t exactly set privacy-paranoid minds at ease, does it? After all, before you can respect the sanctity of citizen health information you’ve been trusted with, it pays to ask politely if those citizens are actually willing to share it in the first place. For the more suspicious among us, failure to do so must seem like a clear breach of trust.
And that suspicion is further aroused by the firebrand rhetoric of those who disagree with what you’re doing on principle: “In the eyes of the current government, Australian citizens’ digital rights are considered negotiable,” fumes privacy watchdog Digital Rights Watch.
“Even more concerning is the push to remove rights with a complete lack of any efforts to improve access to robust services, privacy standards and infrastructure.”
“The concerns raised by human rights experts, doctors, tech industry and the general public should put an immediate halt to this rollout, to allow for a complete re-think of how an informed, respectful, opt-in, rights-based approach can instead be utilised.”
Secondly – and perhaps more troublingly – there are very real security concerns here. While the government is at pains to assure users that it’s doing all it can to make the My Health Record data secure (which it surely feels it is) and that there hasn’t been a breach of the system in the six years the system has been running (so far, so good), such systems are prone to security failure. Just ask one of the 1.5 million people whose information was stolen in the “deliberate, targeted and well-planned cyberattack” on Singapore’s government-run health database last week.
Now the Australian government is in damage control as it tries to restore confidence, assuage the public’s fears and try to prevent this from being just another expensive, embarrassing and pointless exercise in IT mismanagement. Either way, this looks very much like a lost opportunity for the Australian public and those hoping to see Australia finally succeed in rolling out a functioning public IT sector solution.
But that still leaves the $1.2 billion question: Should you opt out of the My Health record system?
It’s a tough call. If you can understand the need for a fully-functioning national digital health database – privacy be damned – then do nothing. You’re already signed up anyway. If your digital privacy rights trump the convenience – and just plain common sense – of a national e-health system, then get thee to the opt out page on the official website (and good luck!).
It seems that at this point in time, you’re damned if you do damned if you don’t. That’s surely a sentiment the government can appreciate.