Personal health records offer the convenience of accessing medical history and personal health information, but also raise a range of privacy concerns which affect their adoption. In 2018, the Australian nationwide personal health record, My Health Record (MHR), was changed to an opt-out model, meaning that users are automatically enrolled unless they opt out. This significant change sparked wide-ranging and vociferous discussions of the privacy concerns of MHR on Twitter thus provided a lens into people's concerns. This lesson offers useful insights for improving MHR and better implementing future large-scale health records. By using qualitative coding and topic modeling on Twitter data, we categorized the stakeholders who participated in the discussions and the privacy concerns expressed. We have identified 10 categories of stakeholders and 9 types of privacy concerns in the discussions, and our analysis finds that these stakeholder groups focused on different privacy aspects of MHR. This work implies that, for future provisions of similar systems, it is important to involve these stakeholders in the design and address their privacy concerns early, as they are interested in providing input and their strong opinions may influence the uptake of such systems. Based on the lesson gleaned from this case, we propose that system owners can proactively communicate the privacy and the security aspects of their PHRs with different parties on social media. We also highlight some suggestions for improving the consent model and third-party access to personal health records in this paper.
19 August 2020
'Privacy concerns of the Australian My Health Record: Implications for other large-scale opt-out personal health records' by Patrick Cheong-Iao Pang, Dana McKay, Shanton Chang, Qingyu Chen, Xiuzhen Zhang and Lishan Cui in (2020) Information Processing and Management comments