I love me my internets. Love ’em. Datalove, cyber-hippies, instant-data-transfers, crowdsourced decision-making, opengov, making shiny cyber-societies of transhuman wealth and immortality, and all that shit. Share your selfies, encrypt your hearts! Etc, etc, etc.
But every so often in the government’s search for INNOVATION! and CYBER! a shitty proposal rears its head that’s so utterly noxious that I feel the need to wave my wooden spoon around: Bad government! Bad!
As some of you may have noticed, the 2017 Federal Budget contains a proposal to roll-out e-health to all Australian citizens.
Let me just pop on my mask and robe and take the form of prophetess of digital doom for a moment:
We know the Australian government has one of the worst record of data breaches in the world. So naturally, rather than addressing their incompetencies, the Australian government has decided to roll out an e-health record for every Australian citizen. And it’s opt-out only.
Yes you heard right. The Australian government plans to create an e-health profile for every Australian citizen and upload sensitive health data for inter-departmental sharing via the internet.
[Side-note: MyHealthRecord was formerly known as the PCEHR, but it’s been renamed because everyone pretty much hated on the PCEHR, and the government thought they better rebrand before attempting to roll it out again.]
Of course, unlike everyone else, the Australian government thinks their e-health framework is a great idea, because if ignorance was bliss they’d be the happiest bunch of pricks on earth.
There’s absolutely no way this e-health proposal could go wrong, right? Centralising all sensitive data, placing it in the hands of government… because this government would NEVER share the confidential data of a private citizen who threatens their stance, like, say when MP Tudge released the Centrelink data of Ms Andy Fox last month when she criticised faulty data-matching robo-debts?
Yes sir-eee, what could go wrong?
I mean, it’s been only a few months since the Department of Health had to yank an open dataset offline after researchers found service provider numbers could be reverse engineered (the dataset contained data from 10% of all Medicare patients between 1984–2014.)
And *I* remember finding the details of every asylum seeker in detention sitting out on the Department of Immigration’s website only a few years back (yes, I would remember, because the government sent me a letter asking for their data back after THEY left it online.)
And let’s not forget, someone in the public service accidentally uploaded the private phone numbers of so many politicians not that long ago.
Of course, the Australian government will say they plan to do things securely. Properly. With due diligence. And we all saw how much procedural justice the government afforded Centrelink recipients under it’s robo-debt data-matching scheme. So much procedural justice people started killing themselves.
And it’s not as if other countries’ experiences suggest they’ve been able to protect the data they’ve collected either. Look at the experiences of Aadhar cards in India, where millions of people’s details have leaked online, or data sharing under the NHS in the U.K., where data has been on-sold to private companies and insurance agencies.
Of course, the Australian government will argue people can simply opt-out of the MyHealthRecord: frankly, this isn’t good enough. The system should only ever be opt-in. Creating e-health profiles for people who may wish to opt-out isn’t acceptable. In the UK, people who opted out of e-health data sharing still had their data shared without consent.
Sure, hackers are a worry. But human error is a far bigger concern. Incompetence is rife in APS digital data sharing. And the government has no problem with outsourcing data storage to third parties in foreign countries, whose employees frankly probably couldn’t give a shit about Australian National Privacy Principles.
So really it’s a matter of time from when e-health records are set up, until a few million health records end up breached and leaked and sold.
And when the data from e-health records are shared with other government departments like Centrelink or the tax office, or leak or are on-sold? Imagine that data in the hands of a prospective employer? An insurer? A selective entry education program? Your personal nemesis? Your conservative family? An abusive ex-partner?
So you’re clean as a whistle, nothing to hide, right? Who cares if your health data is shared (or on-sold.)
But that time your doctor prescribed you a laxative, an SSRI for a depressive episode, an anti-fungal topical cream for candidia, recommended a lap-banding specialist, an anti-smoking medication, a referral to a family counsellor… it’ll all be on your e-health record.
And even if your doctor never prescribes you a single med, they might still have put a note on your file:
“History of self-harm?”
“Potential child abuse/domestic violence?”
“Check for suicidal ideation at next appointment.”
How much will you self-censor next time you visit the doctor? And how much will that hurt your health and the well-being of your family, because you can’t freely discuss what you need to talk about confidentially with your medical practitioner?
The time for nice words about inclusive e-policy-making is over. I’d have loved to be invited to the government’s stake-holder sessions on e-health, and have paid my own airfare and associated costs to visit Canberra.
And although it would have been interesting to try to see things eye-to-eye with whoever is crafting Australian data-sharing policy — I’ve come to the conclusion there’s simply no way for me to shove my own head that far up my ass.
Look, I don’t wanna get all “SKYNET!” on you, but MyHealthRecord is all the bad. It’s the Terminator of OpenGov come to fuck up your life.
This is a government of poor data ethics. Hand-waving at risks associated with sloppy data-architecture. Self-congratulatory culture of applause over a mediocre to disastrous experience of digital governance. Vindictive and retributory exploitation and commodification of citizen data.
The Australian government isn’t a fit and proper data custodian. Tell them to take their hands off your medical files. Opt-out of the MyHealthRecord, or better yet, ring your MP and tell them to cancel the nation-wide roll-out of the MyHealthRecord initiative.
Share your selfies, encrypt your hearts – but don’t trust your governments to keep your medical e-files confidential.