Its My Health Record system report features the following recommendations, which I discussed in an ABC interview last night.
R1 - 5.12 The committee recommends that record access codes should be applied to each My Health Record as a default and that individuals should be required to choose to remove the code. The committee further recommends that the ability to override access codes in the case of an emergency should only be available to registered healthcare providers for use in extraordinary and urgent situations.
R2 - 5.15 The committee recommends that the Australian Government amend the My Health Records Act 2012 to protect the privacy of children aged 14 to 17 years unless they expressly request that a parent be a nominated representative.
R3 - 5.16 The committee recommends that the Minister for Health amend the My Health Record Rule 2016 to extend the period for which a My Health Record can be suspended in the case of serious risk to the healthcare recipient, such as in a domestic violence incident.
R4 - 5.19 The committee recommends that data which is likely to be identifiable from an individual's My Health Record not be made available for secondary use without the individual's explicit consent.
R5 - 5.21 The committee recommends that the current prohibition on secondary access to My Health Record data for commercial purposes be strengthened to ensure that My Health Record data cannot be used for commercial purposes.
R6 - 5.23 The committee recommends that no third-party access to an individual's My Health Record be permissible, without the explicit permission of the patient, except to maintain accurate contact information.
R7 - 5.25 The committee recommends that the Australian Government amend the My Health Records Act 2012 and the Healthcare Identifiers Act 2010 to ensure that it is clear that an individual's My Health Record cannot be accessed for employment or insurance purposes.
R8 - 5.26 The committee recommends that access to My Health Records for the purposes of data matching between government departments be explicitly limited only to a person's name, address, date of birth and contact information, and that no other information contained in a person's My Health Record be made available.
R9 - 5.28 The committee recommends that the legislation be amended to make explicit that a request for record deletion is to be interpreted as a right to be unlisted, and as such, that every record is protected from third-party access even after it is deleted, and that no cached or back-up version of a record can be accessed after a patient has requested its destruction.
R10 - 5.32 The committee recommends that the Australian Digital Health Agency revise its media strategy to provide more targeted comprehensive education about My Health Record.
R11 - 5.36 The committee recommends that the Australian Digital Health Agency identify, engage with and provide additional support to vulnerable groups to ensure that they have the means to decide whether to opt out, whether to adjust the access controls within their My Health Record and how to do this.
R12 - 5.37 The committee recommends that the Australian Government commit additional funding for a broad-based education campaign regarding My Health Record, with particular regard to communicating with vulnerable and hard to reach communities.
R13 - 5.38 The committee recommends that the Australian Government extend the opt-out period for the My Health Record system for a further twelve months.
R14 - 5.45 The committee recommends that the My Health Record system's operator, or operators, report regularly and comprehensively to Parliament on the management of the My Health Record system.