Yet another scare campaign – or legitimate concerns?One has to wonder if these Health Department spokespeople have actually looked at their own product?
If your IT System is configured correctly all you need is their name, dob and Medicare number and you can get into the person’s MyHR
When a patient has an active MyHR our computer shows the following:
The obvious interpretation by the Health Care Practitioner looking at this is that they can therefore simply click on the button and open the patient’s MyHR as part of the general management of the patient.
The reality however is that:
- Some patients are not even aware that they have a MyHR – and this is not restricted to elderly Luddites. I demonstrated this to a young patient in their 20s today and this person had no idea that they had a MyHR. I find such a patient several times a week
- Nearly all patients do not comprehend or has never been advised that the default settings when signing up means that:
- They are allowing access to all healthcare providers who has the IT system and their details on it. Even if they only see that patient every few years or has seen them years ago
- They will not be notified if a Facility has accessed their records – they would need to access their MyHR via MyGov and manually change the default settings if they wanted to be notified about any access.
This issue is a potential medicolegal nightmare for Healthcare Providers.
As documented in a previous blogpost the Digital Heath Authority does not see it as an issue (similar to the Health Department Spokesperson in the linked article) yet our Medicolegal advice from our Insurers was very clear in that we should not trust the message on our computer screen advising us that we had legal access to the MyHR. We should instead obtain additional specific permission from each and every patient before we accessed their MyHR. The reality is that that is NOT going to be happening and someone, somewhere, is going to end up being sued.