Health dept wants advice on de-identifying My Health Record data

The Department of Health has already started planning what it could do with an influx of information on Australians’ medical histories, just a day after legislation for the switch to opt-out electronic health record was given formal assent.

The government last week successfully passed legislation that will allow it to create electronic health records for all Australians based on Medicare records, unless they choose to opt out of the process.

The My Health Record policy was driven by a slow uptake in the Personally Controlled Electronic Health Record (PCEHR) scheme under the previous government, which mandated that customers register to receive an electronic account.

Having passed the new laws, the department is now thinking about how it can leverage the unprecedented insight into the health of Australians that the change will deliver.

It has approached the market to ask for advice on the sorts of steps it would need to take before allowing the “secondary use” of the information collected.

By stripping out personal identifiers, the government hopes it will be able to use the medical records to identify health trends and inform research, policy, and quality improvement in the health system.

This kind of work already has a precedent overseas, with researchers using de-identified health data to investigate the connection between various diabetes medications and heart attack risk, and analysing US veteran’s health records to select the most effective treatments for things like post-traumatic stress disorder and antibiotic-resistant staph infection.

Before it can allow these kinds of secondary uses, however, Health is looking for someone to devise a framework that will “ensure that personal data contained in the My Health Record system will remain secure and always be de-identified for secondary use purposes”.

It wants someone to conduct the research and consultation that will inform what level of de-identification will need to occur before it can be confident any data being released will remain confidential in all circumstances, and what kind of processes researchers and policy thinkers should need to go through to get their hands on the information.

The process of de-identifying and anonymising private information is problematic, however.

Privacy Commissioner Timothy Pilgrim recently voiced his apprehension about the mechanism, warning Australian businesses and government organisations that anonymised data should be treated the same way as personally identifiable information.

“Personal information is not just that which does identify you, but that which may,” he said.

The Department of Health hopes to have engaged someone to complete the work by the middle of March 2016,  and hand in a final copy of a proposed framework by August.