What could possibly go wrong? Privacy & government databases

In the last few weeks the Federal Government has faced community backlash to another of their ‘big-data’ plans. This time the brilliant idea to create My Health Record. A central repository for all the health data any health practitioner, and the government agency, may have collected on any individual.

On the surface, the idea of providing health professionals with a central point of information on patients sounds like a good idea, for the health professional, arguably even for the patient, should they find themselves dealing with a new doctor, in emergency situations, or not able to keep track of medical treatments. But, the flaw in the plan was almost immediately obvious to anyone who had even the slightest concern about the security of a central database of such personal information. A concern not made any better by the initial intention to allow access to that information by law enforcement agencies, without a Court Order.

The ensuing media hubbub and resulting public concern about the scheme was, to all but the Minister’s office and the Health Department, entirely predictable.

In the resulting back-down, by Minister Hunt on July 31, agreeing to amend the enacting legislation to require Court Order for any access by law enforcement or government agencies, and to extend the three month opt-out period. No matter how much spin attached, it was an embarrassing admission of a failed initial communication and a lack of understanding of the public mood.

It may appear odd that millions of people are willing to volunteer personal information on social media platforms but are concerned about a health record site. However, the fundamental difference is in, at least the appearance of, choice. Even then, Facebook has encountered enormous push-back when it became clear that they were commercialising user information without users’ knowledge.

Public trust of big-government is, increasingly and around the world, at an extremely low level. For the Federal Government to foist a centralised health database on all Australians, with limited public engagement and no understanding of the likely resistance, only feeds public perception of a cavalier attitude to individual privacy. The endless litany of database breaches, from airlines, to tax offices, to banks to … well you name it, only feeds a deep-seated scepticism.  As one online security expert put it – ‘there are only two types of database, those that have been hacked and those that don’t know they’ve been hacked’.

It is no surprise that more than 10% of eligible patients have opted out of My Health Record. A number that runs into the millions and that continues to grow.

The lesson is clear. In an increasingly interconnected world, the issue of data-privacy is coming to the fore, perhaps a bit too late, but the public concern is now live. Failure to recognise that fact and to communicate effectively will result in the sort of push-back the Health Department and its Minister have endured.