Victoria’s peak medical body has sought to quell privacy concerns over a bid to centralise all medical records across the state’s public health systems, saying the benefits outweigh the risks “99 to 1%”.
Civil liberty groups have argued the centralised database – which would come with no ability to opt out – removes people’s autonomy over their health information, while the stalking survivor Di McDonald pointed to data breaches at Medibank and Optus as examples of how hackers might access personal details.
The Australian Medical Association Victorian president, Roderick McRae, said the system aligns with existing schemes in New South Wales and Queensland, and the benefits would vastly outweigh the risks.
“If someone is in the intensive care unit you may have no idea what type of medication they’re on. It’s in [their] health interest that it’s known,” he said.
The proposed system would complement the federal My Health Record, which contains summary information and is not designed to be a comprehensive record of day-to-day clinical care. My Health Record has an opt-out feature, which 10% of Victorians have selected.
The Victorian scheme would include information such as a patient’s health conditions, allergies, medication and medical images and laboratory results.
The Liberal Democrats MP David Limbrick on Thursday tabled a petition in parliament with more than 10,000 signatures calling for the government’s bill to be amended to ensure patient consent.
Limbrick – who wants the system to be opt-in – attended parliament alongside McDonald, who was stalked by a man for five years, and said she was “horrified” there would be no way to opt out.
“Where are our human rights here to have control over our private information?” she said.
“They may have all these safeguards in place but we have learned from Optus and Medibank – it’s very easy to get hacked.”
McDonald said she feared her stalker would be able to access her through contacts in the medical sector.
The premier, Daniel Andrews, said it was “unlikely” data would be accessed in this way and stressed the legislation would “strengthen the framework around data sharing”.
“[Health] information is already shared and held and these provisions are about strengthening that,” he said.
However, the Liberty Victoria president, Michael Stanton, said he had several concerns about the bill, including that the database could become a “major target for exploitation by hackers and organised crime”.
“In its current form, the bill unjustifiably erodes privacy rights. It is no answer that other states might take the same or a similar approach,” he said. “In Victoria we should aim for best practice and due protection of the right to privacy.”
Under the proposed laws, only clinicians involved in a patient’s care can access the medical information and only for the purpose of providing care, with penalties of up to two years’ imprisonment for unauthorised access.
McRae argued creating an opt-out provision would make the system “pointless” because patients who would benefit the most from centralised medical information would miss out on the improved safety.
“The most sensitive privacy issues are around reproductive and mental health. For example, there are some very potent psychoactive medications that patients are prescribed and it’s in their interest that treating practitioners know they are on them,” he said.
The bill passed Victoria’s lower house on Thursday although the government may be forced to negotiate with the crossbench in the upper house to get it passed.
The Law Institute of Victoria has also raised concerns about the scheme being exempt from freedom of information.
“This is troubling as it means patients will be unable to determine details regarding their record being accessed, including who has accessed it, when it has been accessed, or for what purpose,” its president, Tania Wolff, said.
The creation of the database was recommended in an independent report on a cluster of baby deaths at Bacchus Marsh hospital in 2015.