Implementation of the $1.5bn My Health Record system failed to appropriately manage cybersecurity risks, a review by the national audit office has found.
The review found implementation was “largely effective”, but revealed the government agency could not guarantee that all “emergency access” requests to view an individual’s record were legitimate, and that four privacy reviews funded since it became an “opt-out” system were never finished.
The Australian National Audit Office review said the cybersecurity and privacy risks were not properly managed or considered by the Australian Digital Health Agency, which oversees the national electronic heath records.
The database, which relies on doctors and medical practices to upload clinical information about patients, seeks to ensure continuity of care for patients with all medical information centralised. It was opt-in from 2012, but converted to opt-out this year.
Despite widespread privacy concerns and some revelations of software bugs, 90% of Australians now have a My Health record.
Less than a quarter of Australia’s healthcare provider organisations are using the system.
The audit office review, commissioned to…
