Empowering healthcare consumers to manage their information

Tony Kitzelmann, Chief Information Security Officer at the Australian Digital Health Agency describes how the security in the My Health Record system gives consumers the power to manage their health information.

I recently spoke at the Royal College of General Practitioners’ eHealth Forum about the way the My Health Record system can help to deliver safer, better quality healthcare. Digital health is about electronically connecting up the points of care so that health information can be shared securely and effectively.

I am a strong supporter of consumers having digital health records and have seen first-hand the security measures that protect the information stored in the My Health Record system. At the conference I talked about how we store and manage information in the My Health Record system and that the data is fully encrypted whilst in transit and at rest on our systems. By using this example, I was able to describe that even in the extremely unlikely event that someone was able to break all of our security controls and gained access to the system, it would have no value to them, as the data would be unreadable due to the encryption employed on the My Health Record. I went on further to describe that encryption is just one example of the robust security controls in the system which gives me great confidence in the security of the My Health Record, so much so that all three of my children have a My Health Record, and there is nothing more important to me than the safety of my children and the privacy of their data.

The My Health Record has been designed to give consumers more control of their healthcare information than ever before in Australia. As a consumer, you can go online and see a summary of who has accessed your information and set up automatic notifications to be sent via email or SMS each time a new healthcare provider accesses your record. This is what a user-centric security model is all about, empowering those who own the information to play a part in protecting what belongs to them. The Cyber Security Centre recommends setting an access code that is given only to healthcare providers you want to access your record and setting up automatic notifications via SMS or email to let the consumer know when their record has been accessed.

The Agency is supporting small healthcare practices to manage their security risks associated with My Health Record and other systems. The Agency’s Information Security Guide for small healthcare businesses was shared at the Forum, offering simple advice on how healthcare providers can manage this risk.

To encourage enhanced user experiences with My Health Record information, the Agency has established a Developer Community to drive innovation. I described how my daughter had commented that she would like to see the data from her Fitbit integrated into her My Health Record. This is the type of enhancement that I believe will improve the user experience and health outcomes and is just one example of how the Agency is focused on the “why” of delivering innovative digital health services for Australians.

I feel privileged to be part of the Agency and working with exceptional people who are delivering innovative business solutions to transform digital health in Australia.