Ex-DTO chief slams "significantly flawed" My Health Record

Former Digital Transformation Office chief Paul Shetler has labelled the rollout of the My Health Record “significantly flawed”, citing issues with its security model and design as barriers to take-up.

Speaking on ABC Radio on Wednesday, Shetler criticised the Australian Digital Health Agency for not altering the personal electronic health record system's “weird security model” to meet its new circumstances.

The current security model requires users to manually set privacy settings to restrict access to the record or avoid sharing certain types of information after a record has been created.

“[My Health Record] was initially designed as an opt-in system, and those kinds of security settings kind of make sense for an opt in system because you kind of know what the system will be used for. You know why you’re going to be in it, you’ve chosen to do it and so therefore you want to make this data available,” Shetler said.

“When it becomes an opt-out system and you find out all your data’s on there - and oh by the way it’s all being shared - I think that’s one of the flaws.”

Shetler said this change had created “a lot of similarities” between My Health Record and the UK's failed Care.data project.

That initiative was paused by the National Health Service in 2013 - before being pulled in 2016 - after accusations it was being pushed through without explaining the benefits.

“This security model, which is basically unsuited for the particular use case they are doing here, and the way they are signing people up, seems to be symptomatic of the way the government handles IT for these big project,” he said.

Shelter said the system’s security model – along with “the fact your data can be accessed for reasons of public revenue” –  would probably be enough for him to opt-out if he was an Australian citizen.

“If I was Australian I probably wouldn’t sign up for that. Simple reason – on the security model, I think it’s actually quite strange,” he said.

The ex-DTO chief also questioned whether the e-health record was being actively used by the majority of the six million people that have already signed up.

The federal government has used the fact that six million people already have a record as a major selling point for the e-health record as the opt-out window began this week.

However, with more than one million becoming automatically registered during the opt-out participation trials in 2016, and many users discovering they already have a record set up during the opt out process, there is considerable chance that users are not necessarily active.

“I think actually when we’re looking at the numbers and we're talking about usage we need to careful,” Shetler said.

“That six million people who have kinda signed up for it, that doesn’t mean they’re actually using it.

“When I was first briefed on this about three years ago I was told that about 10 percent of the population had signed up, but about 10 percent of that 10 percent were actually using it – so the take up of the service was about 1 percent.”

He likened the possibility that users aren’t using My Health Record to passing fads in social media.

“It’s kinda like if you signed up for Myspace and you haven’t used it. You’re still a Myspace user but you’re not actually on it and you probably haven’t been on it for the last seven or eight years,” he said.

Shetler said whether people were using the e-health record, or not, had a lot to do with not only its use by medical practitioners, but more fundamentally, how it met user needs.

“If when this was built people had actually looked at what are people looking for, what are the actual user needs that are meeting with this, perhaps people would be more willing to both sign up and use it,” he said.

“I think one of the issues that you have right now is that you’ve spent about $2 billion over a decade developing a piece of software without a clearly defined set of needs that it meets, either for the practitioner or for the patient, and as a result you’ve got to now make it mandatory.”

This has taken away from the utility of the record, which he noted was really good idea “in theory”.

“It’s a nice idea to have this kind of data available. It’s a nice idea that if you get sick or you hit by a car or something like that that the data will be available, that you don’t wind up getting an allergy, you get the proper medication, they know you blood type, they know your medical history.”

“But the way that it’s been presented to people as sort of like ‘poof’ you got this record we didn’t tell you anything about it after spending 17 years of working on it, spending $2 billion dollars. And in the light of a whole series of tech wrecks, it doesn’t inspire a whole lot of confidence.”