It's promoted by the Government as the inevitable (and entirely necessary) future of healthcare: one central digital repository of all health records relating to each of us. It allows healthcare providers to check on every condition, medication, treatment, and rash or growth we've ever had. Ostensibly to allow for better quality healthcare (which we're sure it will), it also gives the Government a massive treasure trove of sensitive information about us it didn't previously have. And all in one lovely digital, searchable, and hackable format.
Health benefits aside, we see issues:
We have all been signed up without giving our consent. We do have the ability to opt out by 15 October 2018, but that assumes we actually know about it in the first place, and have the fortitude (and means) to endure the opt out procedure. There is a principle in the Privacy Act (which also binds government departments) that an organisation can only collect, use and disclose personal information with an individual's consent. Entirely contrary to this principle, the Commonwealth has decided to not bother asking us first*.
Health professionals do not need our consent to access records. They are simply asked to use their clinical judgement to determine when and how they will use the system. We can limit access to only healthcare providers we authorise, but the default is a free-for-all. The legislation only allows providers to access records for the purpose of providing healthcare to the individual, but practically there are no bars to accessing the lot.
There will 100% be unauthorised disclosure of our health information. Any health professional who is logged into the system (and there are around 900,000 of them) can access the records of everyone who hasn't limited access. Yep, everyone. We can see any number of scenarios of this going badly: let alone the fact that no database is hacker proof, there will be nearly a million users out there who can simply log on and check us out, or inadvertently allow access to nefarious types.
There are situations in which the system provider will give our records to non-health professionals without consent. These include to the police for the purposes of preventing or investigating a crime; and the `protection of public revenue' (whatever that means no guidance has been given). Also, any restrictions you put on access can be broken without your consent in the event of an emergency.
Where to from here? If you're a particularly private person, log on by 15 October and opt out. Otherwise, consider whether you want to limit access to only health providers you authorise, and set up alerts for when anyone accesses your records.
*We're not suggesting that the government has breached the Privacy Act, as the enabling legislation awards a get out of privacy jail free card to the entire regime.