COULD OUR REGISTRIES use the information that we’re storing on My Health Record against us?
We were curious as well – so we went looking for the answer to the question.
- In mid-February, the National Shooting Council submitted a Freedom of Information request to the Department of Health seeking information on what if any access any police force in Australia had to the My Health Record system for information relating to applications for firearm licences, registration of firearms or any matter relating to licensed firearm owners
- The request was complicated by the fact responsibility for the system was transferred to the Australian Digital Health Agency in mid-2016 – but we’ve worked through that.
- The NSC has now received responses from both agencies and it is clear that: access to your information by any of our police forces is unlawful; and information held by them indicates there has been no access.
We all know about it: My Health Record was set up in 2012 to hold our health information to enable health practitioners attending to us to access it – unless we ‘opted out’ by January 31 2019.
We’ve been assured that the system is ultra-secure – but could a registry get the information and use it against us?
Don’t get us wrong – the idea that doctors helping us can get our medical histories when we’re in strife on the other side of the country has merit.
However, there was also a suspicion in the community that the security of our private information could not be guaranteed against misuse or cyber-attacks, especially after the online Census stuff-up in 2016.
Risks aside, the My Health Records website lists the benefits as being:
- (to) avoid adverse drug events;
- enhanced patient self-management;
- improvements in patient outcomes;
- reduce time gathering information;
- avoided duplication of services.
Despite this, shooters had additional concerns that over-zealous regulators might use the information to suspend, cancel or restrict licences for particular shooters who might, for example, be treated for some condition that does not present an immediate danger to anyone.
So we decided to submit an FOI application to find out. We were interested in two things – first of all whether police were able to access our information, and secondly whether any police force had done so.
In mid-February, we put our FOI request into the Australian Digital Health Agency seeking records or data identifying what if any access any police force in Australia had to My Health Record, specifically as it relations to:
- applications for firearms licences,
- registration of firearms; or
- any matter relating to licensed firearm owners.
The date of this request was from the start of the My Health Record system to the date of the request.
The ADHA referred part of our request to the Department of Health, which handed responsibility for My Health Records to the agency in mid-2016. The result is that we received responses from both agencies in a well-coordinated (and presumably well-practiced) manner.
The Department of Health’s response (which you will recall applies up until mid-2016) is extensive, but summarised with:
“… the documents [and information] referred in your request are not in existence in the Department”
The ADHA’s response covering the period since mid-2016 is:
The Australian Digital Health Agency (the Agency) can confirm that no access [to police] to My Health Records has been given for the purposes of:
- ‘applications for firearms licences,
- registration of firearms; or
- any matter relating to licensed firearm owners.’
Further, the ADHA’s website states:
The Australian Digital Health Agency has had a few enquiries regarding other government departments and law enforcement accessing My Health Record.
The Australia Digital Health Agency has not and will not release any documents without a court/coronial or similar order.
No documents have been released in the last six years and none will be released in the future without a court order/coronial or similar order.
Additionally, no other Government agencies have direct access to the My Health Record system, other than the system operator.
So, unless you have done the wrong thing, it seems you’re safe.
Even if this information turns out to be incorrect, which is unlikely, the legislative barrier to access means that any information that was gained would most probably be inadmissible in evidence. This means information that has been obtained illegally would most probably not be allowed to be used – and give rise to a civil suit!
From our own prior experience in our police services (including the Australian Federal Police), we seriously doubt that this happened: surreptitious data collection is the province of our spy agencies – and movies.
A final word
However, like many in the community, many shooters we know opted out of My Health Records a fair while ago.
Not because of our registries, but because of the horror stories about data leaks over the past few years – but that’s another story.