15th August, 2018, Dr Chee L Khoo
“Trust me, I’m a doctor” is so universally accepted that we don’t even have to say it. Patients know that they can trust us implicitly. What are we asking patients to trust us with though? The current debate or argument about the pros and cons of opt-in or opt-out with MyHealthRecord may endanger the trust patients have in their doctors. Let us dissect and discuss trust in a doctor-patient therapeutic relationship.
Patient trust that we will do our utmost solely for their benefit. “Whatever you think is best for me, doc” is what we commonly hear from patients. We should feel honoured by that statement as it basically says to us that they have trust that we will look after them. Embedded in that trust though, without saying is that they expect us to be on top of our game to make those medical decisions for their good. Patients expect that we stay up to date and the treatment they receive is according to world best standards.
Patients also trust that we keep their medical information private and confidential. It is pretty much accepted by all patients and doctors that what is discussed in the room stays in the room although we still have minors occasionally double checking with “now you won’t tell my parents what I am about to tell you”. Of course, we qualify that privacy and confidential issue with “yes, as long as your life is not in danger”.
Patients’ trust in us to maintain the privacy and confidentiality of their medical records extends to who else get access to their records. The concept of the trusted third party is also fairly well accepted when patients placed their trust in us. Patients put their trust in our judgement as to which third party we can trust to access their medical records. They expect and trust us to do the due diligence before we allow a third party to access the records.
So, where does MyHealthRecord feature in this concept of trust? I remember vividly that maintaining patient’s confidentiality was drummed into us within the first week of medical school (remember those “boring” first few weeks?). As doctors, we all understand the importance of the concept. We are happy to pass on medical records to another fellow colleague (subject to patient’s consent, of course) because we know that he or she feels the same way about this giant issue of privacy and confidentiality.
But can we trust the custodian of MyHealthRecords to share the same level of diligence in the maintenance of privacy and confidentiality of patient information? Can we trust an agency who sees the issue of privacy and confidentiality as an afterthought? We are clearly not on the same page. Many of you who has young children would double check that the family your son or daughter is sleeping over with pass your “100 point check list” before agreeing to leave your child there overnight. That is what you think about before your kid spends the night there and not the next morning.
Criterion C6.3 of the RACGP Standards for general practice, 5th Edition, specifically states that “you must collect personal health information and then safeguard its confidentiality and privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988, long-standing legal and ethical confidentiality obligations and other relevant state or territory laws.”.
The Australian Privacy Principle (APP) has a special category for health information. The Australian Privacy Principle 11 states that if an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:
- from misuse, interference and loss; and
- from unauthorised access, modification or disclosure.
Well, the current level of security with MyHealthRecord doesn’t pass the tests.
Loss of privacy doesn’t just mean leaking of private information. It leads to loss of trust. If patients cannot be assured that their information is safe with their doctors, they will hesitate to confide in their doctors. The entire doctor-patient therapeutic relationship will be severely affected. The phrase “trust me, I’m a doctor” cannot be taken for granted.
Some of you are old enough to remember the grim reaper commercial in the 1980s shortly after Australia recorded its first HIV case in Sydney in 1982. Apart from the advertising blitz, two of the most important “guarantees” we had for patients were that the results of the HIV tests were kept absolutely confidential and that HIV testing can only be performed with patients’ consent. This was to prevent patients with HIV from being outed and ostracised. This was necessary to encourage all patients (especially those at risk) to see their doctors for screening. Trust was a vital component of the campaign. A default opt-in goes against the issue of consent.
We cannot take patients’ trust in us for granted. If patients can’t have faith that their medical records are safe and secure, they may not be able to trust us enough to tell us everything. We cannot be assured who else get access to those records. As it stands, the current custodian of MyHealthRecord has not demonstrated to me that I can trust them.
I am opting out and I have actively encouraged all my patients to opt-out of MyHealthRecord. We are custodians of our patients’ records. Patients trust us to keep them safe and secure. Patients expect us to maintain their privacy and confidentiality at all times without exceptions. I have already forgone the ePIP incentives for not uploading the “required” documents to MyHeallthRecord. I cannot be bought.
If everyone opts in, will the government change the system? How else are we going to get them to listen to our concerns? Slight tinkering of the legislation does not do it. An afterthought is not good enough.
This is my opinion.