Sharing patient health data for secondary use universally denounced
MELBOURNE: The sharing of patient health data for secondary use is now under attack by doctors, lawyers and privacy experts.
Australia has joined with health policy group Future Wise, charity Digital Rights Watch and the Australian Privacy Foundation to call again for a comprehensive review of privacy provisions for healthcare data, at the same time as denouncing the sharing of patient health data for secondary use.
The call comes from the group following the HealthEngine scandal in 2018, and the recent use of Pharmaceutical Benefits Scheme (PBS) data to assist recruitment into research on Bipolar disorder, when a Twitter user on Friday 23 August shared a SMS message attempting to recruit him into a clinical trial.
According to the Digital Frontiers this appears to have occurred through the use of Precedence Healthcare’s InCa (Integrated Care) health platform, and research by members of digital rights organisations on Monday revealeing that sensitive patient details—including contact details, demographics and complete medical histories—can be shared with a wide range of partners, including, it appears, private health insurers.
Dr Trent Yarwood, health spokesperson for Future Wise and a medical specialist, said “Secondary uses like this are a very ethically murky area. People don’t generally expect to have personal details from their healthcare providers made available to anyone, even if well intentioned.”
The terms and conditions of the application include access to data from myHealthRecord, and Dr Yarwood says that “while the My Health Records Act includes privacy provisions, once this data is accessed by an external system, these provisions no longer apply”.
“I’m very concerned that practices making use of this system are not aware of just how widely this data can be shared—and that they are expected to fully inform patients of the nature of the data use,” he concluded.
“This kind of barely-controlled data sharing is only possible because of how little privacy protection is provided by the current legislation,” said Justin Warren, Electronic Frontiers Australia board member.
“People have made it clear time and time again that information about their health is extremely personal, private, and they expect it to be kept secure, not shared with all and sundry,” he said.
“What people think is happening is quite different to what actually is, and these companies are risking catastrophic damage to patient trust with their lust for data.
“If you found out your doctor was sharing your full medical history with private health insurers, or the police, would you keep seeing them?” Warren added.
Digital Frontiers says robust privacy protections are needed for all Australians, such as by “finally giving us the right to sue for breach of privacy, requiring explicit consent for each disclosure of medical or health data to a third party, and proper auditing of record-access that is visible to the patient. It is imperative that the risks of health data sharing receive greater attention”.
