“Trust me, I’m a doctor” is so universally accepted that we don’t even have to say it. Patients know that they can trust their doctors implicitly. What are we asking patients to trust us with though? The current debate or argument about the pros and cons of opt-in or opt-out with MyHealthRecord may endanger the trust patients have in their doctors. Let us dissect and discuss trust in a doctor-patient therapeutic relationship.
Patient trust that doctors will do our utmost solely for the patient benefit. “Whatever you think is best for me, doc” is what we commonly hear from patients. We should feel honoured by that statement as it basically says to us that they have trust that we will look after them. Embedded in that trust though, without saying, is that they expect us to be on top of our game to make those medical decisions for their good. Patients expect that we stay up to date and the treatment they receive is according to world best standards.
Patients also trust that we keep their medical information private and confidential. It is pretty much accepted by all patients and doctors that what is discussed in the room stays in the room although we still have minors occasionally double checking with “now, you won’t tell my parents what I am about to tell you”. Of course, we qualify that privacy and confidential issue with “yes, as long as your life is not in danger”.
Patients’ trust in us to maintain the privacy and confidentiality of their medical records extends to who else get access to their records. The concept of the trusted third party is also fairly well accepted when patients placed their trust in us. Patients put their trust in our judgement as to which third party we can trust to hold or have access to their medical records. They expect and trust us to do the due diligence before we allow a third party to access the records.
So, where does MyHealthRecord feature in this concept of trust? I remember vividly that maintaining patient’s confidentiality was drummed into us within the first week of medical school. As doctors, we all understand the importance of the concept. We are happy to pass on medical records to another fellow colleague (subject to patient’s consent, of course) because we know that he or she feels the same way about this giant issue of privacy and confidentiality.
But can we trust the custodian of MyHealthRecords to share the same level of maintenance of privacy and confidentiality of patient information? Can we trust an agency who sees the issue of privacy and confidentiality as an afterthought? We are clearly not on the same page. Many of you who has young children would double check that the family your son or daughter is sleeping over will pass your “100 point check list” before agreeing to leave your child there overnight.
The Australian Privacy Principle (APP) has a special category for health information. The Australian Privacy Principle 11 states that If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:
- from misuse, interference and loss; and
- from unauthorised access, modification or disclosure.
Well, the current level of security with MyHealthRecord doesn’t pass the test.
Loss of privacy doesn’t just mean leaking of private information. It leads to loss of trust. If patients cannot be assured that their information is safe with their doctors, they will hesitate to confide with their doctors. The entire doctor-patient therapeutic relationship will be severely affected. The phrase “trust me, I’m a doctor” cannot be taken for granted.
Some of you are old enough to remember the grim reaper commercial in the 1980s shortly after Australia recorded its first HIV case in Sydney in 1982. Apart from the advertising blitz, two of the most important “guarantees” we had for patients were that the results of the HIV tests were kept absolutely confidential and that HIV testing can only be performed with patients’ consent. This was to prevent patients with HIV from being outed and ostracised which was not uncommon back then. This was necessary to encourage all patients (especially those at risk) to see their doctors for screening. Trust was a vital component of the campaign. A default opt-in goes against the issue of consent.
We cannot take patients’ trust in us for granted. If patients can’t have faith that their medical records are safe and secure, then they may not be able to trust us enough to tell us everything. We cannot be assured who else get access to those records. As it stands, the current custodian of MyHealthRecord has not demonstrated to me that I can trust them.
Most of us are probably swayed by the attraction that access to your health information through a cloud based MyHealthRecord can assist your medicare care especially in times of medical emergencies. I get that. But if information in MyHealthRecord is to facilitate medicare care, why do we need to allow non-medical parties access to the data under the guise of research and health planning. We already have information in government databases which can assist in health service planning. I will be less hesitant if strictly only medical parties are allow access to the information.
I am opting out and I have actively encouraged all my patients to opt -out of MyHealthRecord. I am the custodian of my patients’ records. My patients trust me to keep them safe and secure. Patients expect me to maintain their privacy and confidentiality at all times without exceptions. I am prepared to forgo the financial incentives they government throw my way. I cannot be bought.
Oh, by the way, my understanding is that every time you present to a public hospital, your encounter will be uploaded to myhealthrecord unless you opt out each and every single time. They are automatically uploaded unless you say no.
If everyone opts in, will the government change the system? How else are we going to get them to listen to our concerns? Slight tinkering of the legislation does not do it.
Opt out today. Go to:
https://optout.myhealthrecord.gov.au/pext/optoutextweb/views/getStarted.xhtml
Please don’t take trust for granted. Once gone, it’s hard to regain it. This is my opinion.