Consent and MyHR

'The European Union General Data Protection Regulation (EU 2016/679) and the Australian My Health Record Scheme – A Comparative Study of Consent to Data Processing Provisions' by Danuta Mendelson states

This study compares the concept, elements, and function of consent under the General Data Protection Regulation (EU 2016/679) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [GDPR] in the context of European Union [EU] national electronic health records schemes and the Australian national health record scheme called My Health Record [MHR]. The GDPR, which, as the name suggests, governs processing of data in any form, including data contained in the national electronic health systems, is binding on all 27 EU member countries. The analysis concentrates on consent as critical element in protecting individual patients’ rights with respect to the processing of their personal health data under GDPR and under the Australian MHR legislative scheme. The study does not examine individual EU member states’ national electronic health systems because, subject to derogation in limited circumstances, the GDPR governs all of them. Australia is a non-EU jurisdiction, and does not have the European Commission’s certificate of adequate level of data protection (GDPR Art 45 empowers the European Commission to determine whether a country outside the EU offers an adequate level of data protection, either by its domestic legislation or because of the international commitments it has entered into). One of the reasons for the absence of the certificate might be the less than impressive Australian notion of consent under the MHR scheme, and the virtual disregard for consent in its framework of protections for patients’ rights in relation to health and clinical data processing.