Abstract
The last few months of 2018 saw a major battle over privacy, autonomy and use of health information in Australia as the basis for the national electronic health record changed from an opt-in system to one where every person had such a record unless they specifically requested to opt-out of the system. The debate was messy, involving both ethical and wider political concerns, with the ethical concerns partly heightened because of the political context. Canadian health leaders can learn from the mistakes and successes of this situation.
The context
In February 2017, Andie Fox, a “struggling single mother” in receipt of Social Security benefits published a piece in the media critical of the Australian government organisation responsible for managing benefit payments (https://www.smh.com.au/lifestyle/life-and-relationships/as-a-struggling-single-mother-centrelink-terrorised-me-over-expartners-debt-20170206-gu61nu.html). The piece drew on her own experience. In retaliation, the government released details of Andie’s claims experience to a sympathetic journalist (https://www.smh.com.au/opinion/centrelink-is-an-easy-target-for-complaints-but-there-are-two-sides-to-every-story-20170224-gukr4x.html). In May 2018, the Australian Information Commissioner deemed this release of personal data to be legitimate (https://www.oaic.gov.au/media-and-speeches/statements/centrelink-debt-recovery-system#concluding-statement-centrelink-release-of-personal-information).
This story was playing in the background as the government attempted to make changes to Australia’s troubled national electronic health record repository, known as My Health Record. National government dabbling in creating an electronic health record has involved an investment of more than $2 billion (https://www.itnews.com.au/news/ex-dto-chief-slams-significantly-flawed-my-health-record-498576), decades of promotion, inquiries, and good intentions, with very little to show for it. Take up of My Health Record’s predecessor was very slow (https://delimiter.com.au/wp-content/uploads/2014/05/FINAL-Review-of-PCEHR-December-2013.pdf).
Health information exchange is still in the Dark Ages in Australia, although to be fair, fax machines have replaced carrier pigeons for information transmission. The clunky technology adopted for Australia’s My Health Record still involves health professionals uploading PDF copies of their notes and findings. Originally called the Personally Controlled Electronic Health Record because individuals would be able to decide what was in and what was out of their record and who could have access to it, the system was designed on an opt-in basis—in order for a record to be created, an individual had to initiate a request for a record. Only a minority did so, and the promised benefits of information continuity to facilitate care continuity did not eventuate.
Opt in replaced by opt out
The government’s response was to change the record from opt in to opt out—the default setting was now one of presumed consent—that a record would be created for everyone, whether they wanted one or not, unless they specifically opted out of the system. This created a wave of public opposition, leading to changes in the legislation governing the scheme.
The benefits of the scheme are obvious and were touted by many health professionals and consumer organisations in the debate about the shift from opt in to opt out. The record would improve care by improving the flow of information, it would reduce duplication of tests, the need for patients to repeat their history to every professional they saw, and in emergencies, it could be potentially life-saving. To some extent, the benefits of a universal electronic record rely on a process analogous to herd immunity—the more people who have the record and the more ubiquitous it is, the more likely and routine it will be for health professionals to check what is in the record and what previous investigations and treatments have been, including test results, as part of their practice. This in turn increases the life-saving potential—because of knowledge of prior conditions and allergies—in emergency situations. Against this, if the electronic health record is ubiquitous, treating professionals may assume all electronic records are also complete and patients have not engaged in any redaction. Professionals might then initiate treatment on that, potentially erroneous assumption, creating an offsetting negative risk of the electronic record.
What stoked the public fire were the ethical questions. Whose information is it? Who has access to that information? Will health or other insurers have access? And, given the evidence that the government was prepared to use Andie Fox’s personal Social Security information for their political ends, will the government use the much more sensitive health information in the same way?
The government of course denied that it would ever dream of (mis)using health information in the way that it used Social Security information. The government agency in charge of the record said it had protocols in place which would preclude release of information in that way. Opponents of the record pointed to the clear wording of the governing legislation: The System Operator is authorised to use or disclose health information included in a healthcare recipient’s My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more…things done by, or on behalf of, an enforcement body. (Section 70, My Health Records Act 2012, as applied up to late 2018)
The ethical dilemmas
The last decade has seen a proliferation of “nudge units” and “behavioural insights teams” created in government departments to apply the findings of behavioural economics and psychology to government processes. The switch from opt in to opt out for the My Health Record uses citizen laziness to increase dramatically the number of people with records.
The stronger protections over disclosure of information allay many privacy concerns but still many remain. Many LGBTIQ+ people still face discrimination and fear that their status might be used against them either in treatment or with inadvertent and illegal use of their record (http://www.starobserver.com.au/news/national-news/damaging-trust-my-health-record-sexual-gender-minorities/168585). People with mental illness expressed similar concerns (https://thenewdaily.com.au/life/wellbeing/2018/07/18/my-health-record-opt-out-mental-health/).
Hacking the record will always be a risk, as will release because of mismanagement. Inadvertent release of personal information has already occurred (https://www.smh.com.au/politics/federal/critics-want-my-health-record-delayed-again-after-recording-42-data-breaches-this-year-20181231-p50owr.html).
Of course, inappropriate release of health information is not new—paper records can be misused and the information contained therein released without the consent of the patient. Electronic records magnify the potential for this to occur.
Opt-out arrangements in healthcare are not new, most notably for organ donation in some countries. Opt-out countries generally have higher rates of organ donation compared to opt-in countries (https://onlinelibrary-wiley-com-443.web.bisu.edu.cn/doi/abs/10.1002/hec.3111). But again the debate is to what extent presumed consent tramples on individual autonomy (https://jme.bmj.com/content/41/10/832) and is that legitimate even if there are wider societal benefits.
These ethical issues, especially privacy concerns, took place in a political context. The Government’s decision to leak Andie Fox’s personal information probably did long-lasting damage to citizens’ trust in governments’ use of their data. Some reluctantly strengthened privacy protections are not sufficient to rebuild trust.
Australia is on the road to becoming an Orwellian “surveillance state” (https://www.smh.com.au/opinion/the-surveillance-state-is-here-already-we-must-pause-and-rethink-what-this-means-20171010-gyxu2v.html), with government increasing its power to monitor communications in the name of identifying terrorists (https://www.computerworld.com.au/article/644257/australian-government-drunk-surveillance/), and this may have also contributed to a general sense that government knows too much about us.
The Australians My Health Record saga nicely focuses the choice: How conscious and purposive should a decision to expose one’s health information to privacy risks be? Is it legitimate for government to assume that, in an emergency, you would want the information to be accessible, even though you haven’t decided in advance that would be the case? Should the default settings for any government policy be everybody is in unless they opt out, or that the citizen gets to weigh up the benefits and risks of each data sharing opportunity?
The average reader of this commentary will have a university education and a reasonable degree of health system literacy. We can easily navigate the health system that controls who knows what about us and our health status. Should our policy settings be set for this demographic, or for the average person, who is not so computer literate or aware of their options?
The opt-out method provides a veneer of control to the average person, giving a nod to their autonomy. The reality, though, is that the purveyors of the My Health Record and their nudging friends, know that relatively few will opt out. Importantly, what the furore about the My Health Record showed is that many in the general community are still very concerned about their privacy—even in these days of over sharing in social media.
Footnotes
Author’s note
Stephen Duckett is Director of the Health Program at Grattan Institute in Australia and a former President and CEO of Alberta Health Services.