My Health Record – guidance for members
This advice to members informs you of the AFAP’s view which has been decided on after a careful review of the relevant legislation as well as discussion at AFAP’s Executive Committee meeting on 25 July 2018.
The subsequent options and resulting recommendations for you have thus been taken very seriously for the purpose of arming you with information.
As many members will be aware the My Health Record system is a central electronic record accessible by medical practitioners (eg, doctors) and health care providers (eg, hospitals). The system has been in place as a voluntary “opt-in” for several years and currently 5.9 million Australians have a My Health Record.
The Australian Government has amended the system to make it an “opt-out” system as opposed to an “opt-in”. The three month period to opt-out commenced recently and ends on 15 October 2018. People can opt out online through the My Health Record website.
Official information about My Health Record
Please refer to the My Health Record website at http://www.myhealthrecord.gov.au
|Recommendations for members
The AFAP recommends all members undertake a balanced assessment of each of the options set out below when determining if they should opt-out of the system as their choice will vary based on individual personal circumstances.
The primary recommendation to discuss is that members become informed, starting with this advice, and their own research, but that they not just "do nothing".
We encourage members to discuss their intended course of action with their healthcare provider(s) to take into account specific medical circumstances, because for particular individuals the possible benefits of the My Health Record may outweigh any perceived or potential privacy or other risks.
If you have specific concerns not answered in this communication, we recommend you speak with is (call AFAP Aviation Legal Counsel Joseph Wheeler on (03) 9928 5737 or email firstname.lastname@example.org).
Options for members
- Do nothing: This is not recommended as it is important to make an informed decision, including deciding how to allow access to your information should you not opt out.
- Opt out: If after reading this advice (and if you need to discuss any health concerns with your Doctor, you have done that) and you then decide to opt out, please go to this page, and follow the instructions to opt out by 15 October 2018:
- Keep your My Health Record and assess and curate your own private information that is viewable in the record, using your ability to restrict and remove information and documents, using Record Access Codes, and Limited Document Access Codes:
- If you have specific concerns: If you have a query not answered in this communication, we recommend you speak with us (call AFAP Aviation Legal Counsel Joseph Wheeler on (03) 9928 5737 or email email@example.com) as soon as possible, but at any rate well before the deadline to opt out.
Some of the issues surrounding My Health Record
Privacy vs life saving
Advocates for the system highlight the potential to save lives, such as in emergencies when a hospital can access records to determine urgent medical information when a patient is unable to do so (eg, it may be that a person has particular allergies or medical condition but is unconscious so cannot advise the treating doctor).
Critics have raised concerns as to the privacy of the My Health Records and capacity for cyber criminals to access records through a GP clinic or other health care provider with lax IT security.
Further tools for CASA?
Certain “enforcement bodies” (ie, those defined in section 6 of the Privacy Act 1988)may seek access to records from the “System Operator” (the Australian Digital Health Agency, ADHA) for prevention, detection, investigation, prosecution or punishment of criminal offences.
Conceivably this could include CASA.
Present protections for your medical information
A Doctor can refuse access to medical records in most circumstances but is authorised, as summarised under the Australian Medical Association (AMA) Guidelines for Doctors on Disclosing Medical Records to Third Parties 2010, to disclose information from a patient’s medical record without consent if the doctor reasonably believes the patient:
may cause imminent and serious harm to themselves, an identifiable individual, or group of persons.
In such circumstances, disclosure may be necessary to lessen or prevent a serious and imminent threat to an individual’s life, health, safety, or welfare or a serious threat to public health, public safety or public welfare.
The AMA Guidelines go on to describe the rights of patients in the context of legally required disclosures of information as applicable independently of the My Health Record system and which could apply in relation to that system (eg, those instances where CASA may conceivably apply to the ADHA to see information in a pilot’s record) as follows:
26. There may be circumstances where the law actually requires a doctor to disclose a patient’s medical record, regardless of whether or not the patient has consented; for example, by statute, warrant, subpoena, or court order.
27. For example, doctors may be required by statute to disclose information from a patient’s medical record in cases of mandatory disease notification or mandatory notification of child abuse.
28. In cases where there is a warrant, subpoena, or court order requiring the doctor to produce a patient’s medical record, some doctors may wish to oppose disclosure of clinically sensitive or potentially harmful information. The records should still be supplied but under seal, asking that the court not release the records to the parties until it has heard argument against disclosure.
29. Whether disclosure of information from a patient’s medical record is permitted or required by law without patient consent, where appropriate the patient should be informed of that having occurred and this information should be documented in the medical record.
These facts (including the protections inherent in the doctor-patient relationship) will remain, notwithstanding the My Health Record system.
In fact, under the My Health Record system a log is maintained for users to view all occasions of access to the system, and by whom/when that occurred. The key difference is that the disclosures, in the digital world, may occur faster by legal compulsion than is presently the case.
If and when may CASA access medical information in the Record?
In relation to pilots, CASA has no direct access to the My Health Record system as they are not considered a “participant” (ie, they do not provide health care).
CASA could foreseeably apply to access data from the system (from the ADHA) in the circumstances set out at section 70 of the My Health Record Act 2012, that is:
…if there is a reasonable belief that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body (as defined above at note 1):
a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of law imposing a penalty or sectional breaches of a prescribed law;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime;
(c) the protection of the public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
Can my DAME access My Health Record?
A DAME (like other doctors) will have access to the My Health Record when a pilot attends and provides authority to access the My Health Record.
Exclusion or restriction of information from third party access
There is flexibility given to users to exclude access to other doctors and healthcare providers (of their own choosing) which limits the chances of there being an unwanted or unnecessary disclosure to a doctor that a pilot does not want to see parts or documents from their previous "record".
It is notable that documents may also be "removed" from the record as well as preventing some doctors from accessing it at all.
For information on security controls on access to data see the link below.
Concerns about data breaches: background information
We note that there is a new (2018) scheme administered by the Office of the Australian Information Commissioner (OAIC) which establishes a notifiable data breaches scheme in Australia for breaches occurring at certain agencies. It was put in place by the Privacy Amendment (Notifiable Data Breaches) Act 2017:https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
While the first quarterly statistics report of this scheme, which indicates the number of breaches reported on the notifiable data breaches scheme per month, has increased and shows that health service providers are the number one industry sector reporting breaches within the quarter (noting that the scheme only commenced on 22 February 2018) we are not specifically concerned by that alone, simply because this is hardly a statistically significant trend. Rather, we are instead pleased that there is in place now a system for public notification of data breaches which could occur through the My Health Record and other such systems, including also, to breaches by CASA themselves.
Given the flexibility given to users (pilots/public) to exclude access to other doctors and healthcare providers (of their own choosing) the real chances of there being an unmanageable disclosure to a doctor by a pilot who they didn't want to see parts of their previous "record", are potentially low.
Notwithstanding our optimistic view above, the fact is that, like any online system with multiple vulnerabilities, medical information in My Health Record is susceptible to data breaches.
This very risk eventuated recently when the Singaporean Health database (SingHealth) suffered a breach on 20 July 2018, which resulted in confidential medical information of 1.5 million citizens being unlawfully obtained by an orchestrated cyber attack. The country’s Prime Minister was one of 160,000 people who had their outpatient prescription data stolen.
See https://www.straitstimes.com/singapore/singapores-privacy-watchdog-to-investigate-singhealth-data-breach for more information on this breach.
There exists a new potential for members’ private medical information to be leaked inadvertently, maliciously or otherwise or, while less of a concern, be applied for by and thereby reach CASA in certain circumstances (investigation of prosecutions) where it may not have been necessary or desirable for it to occur. While the risk of an unjustifiable access to a Record is low, it is also a vulnerability we are concerned to advise you about.
Such an access to your Record might occur under section 70 of the Act as detailed above, in CASA’s (or the Commonwealth Director of Public Prosecution’s) pursuit of prosecutions of offences for alleged breaches of civil aviation legislation, which includes offences relating to medical fitness, and alcohol and other substance use. The possibility for misuse, like with all sensitive systems, exists.
In the AFAP’s view the situation is one which can be practically managed by pilots (see below) but is also one which might conceivably be taken advantage of by enforcement bodies (or “overused”) by enforcement bodies.
What else is the AFAP doing?
At the AFAP Executive Committee meeting on 25 July 2018 it was agreed that in order to advance certain steps to reasonably moderate the relatively new tool CASA may have to pursue its investigations in respect of AVMED issues, the AFAP would:
- Write this advice to all members;
- Pursue talks with CASA to, for example, seek protocols or processes around CASA first seeking responses on suspicions or requests for information from pilots directly, before triggering requests for access to My Health Records, through ADHA;
- Seek to negotiate some protocols with CASA for the process of making requests for medical information and opinions from AVMED to pilots directly in all circumstances (eg, by unexpected phone calls), which was a proposal put to Dr Michael Drane (Principal Medical Officer of CASA) on 25 July 2018 and which was welcomed; and
- Take this opportunity to remind all members of the continuing legal obligations they have to inform CASA of certain medical situations, which are unaffected by the My Health Record system (see below).
Remember: some things haven’t changed
If a pilot opts-out of the system they will still be required to advise CASA or their DAME of any medically relevant issues that have arisen. The law is unchanged in this regard.
All pilots will continue to have legal obligations to advise CASA or their DAME of:
a) any medical condition (other than trivial illnesses, like colds) lasting more than 7 days (for class 1 medical holders, and 28 days for class 2 medical holders); and
b) the need to ground themselves if they are unfit, meaning:
- they develop a medically significant condition;
- their condition impairs their ability to use their licence; or
- there is a change to their condition or treatment,
until cleared by a DAME or CASA AVMED to return to flying.
Importantly, this includes adjustments in medication dose or commencement of new medications, to ensure that there are no unforeseen side effects.
Finally, as is presently the case, CASA may have genuine grounds to request (or demand) the production of records from an individual pilot as part of an investigation, depending on the circumstances and rules engaged by CASA.
CASA is authorised to look at or use such information or records, when certain statutory conditions are met or if simply agreed to by a pilot, or it is provided to them by a pilot.
You may in fact agree (without meaning to) so we recommend you always seek AFAP advice first when faced with any request for information/response/documents or anything else from CASA that you are concerned by.
For more advice
AFAP members can contact Joseph Wheeler, AFAP Aviation Legal Counsel, on (03) 9928 5737 or firstname.lastname@example.org) if they wish to discuss their particular situation further. Joseph can advise members about specific concerns they may have.
Also, Joseph is available should pilots have medical or enforcement issues with CASA, be it threats to medical certificates (like intentions to refuse, suspend or cancel, or actual suspensions and cancellations), or licence enforcement actions.
The list of entities defined as “enforcement bodies” in the Privacy Act 1988 (Cth), is applicable to the My Health Records Act 2012(Cth) and consists of all of: The Australian Federal Police; The Integrity Commissioner; The ACC; The Immigration Department; The Australian Prudential Regulation Authority; The Australian Securities and Investments Commission; The Office of the Director of Public Prosecutions, or a similar body established under a law of a State or Territory; another agency, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction or a prescribed law; another agency, to the extent that it is responsible for administering a law relating to the protection of the public revenue; a police force or service of a State or a Territory; and a variety of other entities. [emphasis added].Australian Medical Association Guidelines for Doctors on Disclosing Medical Records to Third Parties 2010: https://ama.com.au/article/guidelines-doctors-disclosing-medical-records-third-parties-2010