Monday, February 25, 2013

E-Health Records and Consumer Privacy Issues




Up until now every doctor, clinic or hospital you have visited has maintained a separate record of your health. But now, with your consent, you can have an e-Health record (called a PCEHR or Personally Controlled Electronic Health Record) created to supplement your health records by linking key information about you. The idea is that wherever you are in Australia, no matter which doctor or hospital you visit, a summary of your healthcare information will be available to assist in your diagnosis and treatment. This information might include medications that have been prescribed to you, any allergies you might have, and treatments you may have received.

In managing your PCEHR, you can set controls specifying which healthcare provider organisations and nominated representatives may obtain access to your record. Advanced access controls allow you to limit access to the whole of your PCEHR and/or to limit access to specific documents within your record. It is also important for you to talk to your healthcare providers about the type of information that can be uploaded to a PCEHR, as well as advising if there is are any records you do not want uploaded to your record.

The Office of the Australian Information Commissioner (OAIC) recently distributed a number of draft fact sheets providing comment around some privacy issues of current relevance to the PCEHR. The topics include consent and handling of personal information, emergency access, and how to manage your e-Health record. These are the first of a range of guidance material on specific e-Health topics that will be developed by the OAIC.

The Consumers e-Health Alliance (CeHA) has brought to our attention a number of issues raised in these fact sheets. One of the main issues for concern relates to the registration process, which seems to mandate that each applicant create an ‘australia.gov.au’ account, which will link to other nominated Australian Government agencies. There is also reference made to the ‘communication benefits’ for those creating an account, but not much explanation as to how the reverse access across Government entities might work. CeHA will query these issues and welcome any other issues of concern from consumers.

At the moment, the interest and powers of the OAIC seem restricted to privacy/security issues broadly, but do not appear to cover the actual implementation and ongoing operations of the PCEHR system. The PCEHR is at the early stages and there isn’t yet much meaningful information stored in the record, but it is still important to work through privacy concerns and ensure that sufficient safeguards are in place.  The PCEHR is an opt-in system, so it’s your choice to participate. However, this may not always be the case so it is worth considering any privacy issues that might be of concern to consumers as these records develop in the future.

We will let you know when the OAIC’s fact sheets are published, or other important privacy information regarding PCEHR is available – in the meantime you might like to check out the OAIC’s Privacy fact sheet 15: Ten tips for protecting the personal information in your eHealth record.

Kathryn Briant

No comments: