Big data is giving government a lot more oversight over what doctors say and do. What is good and bad about that?
As the era of Big Data allows the Government increasing powers to monitor what doctors say and do, concerns are growing about how it will use its newfound reach.
For Dr David More, it is not so far fetched to picture a future where everything a GP does in his or her consultation room can be monitored by the Government – down to the keystroke.
The retired intensive care specialist and former e-health consultant to the Federal Department of Health and NEHTA says that in the age of Big Data, where digital markers of our lives are constantly being recorded, the potential for surveillance lurks ever present.
He risks coming across as a conspiracy theorist, but revelations this year of the Australian and UK governments’ questionable monitoring of doctors lend him some solid ground.
Late last month, it emerged AHPRA had written to the Federal Attorney-General about getting warrantless access to doctors’ phone and web metadata, to help catch doctors sleeping with their patients.
But it was not a new trick for the regulator. It previously had access to this information – stored by telcos – but lost it late last year when the law changed to require storage of more intrusive personal information to help fight serious crime and terrorism.
AHPRA even disclosed examples of how it had previously used the data. In one investigation, it tracked a patient’s mobile phone location to show they had been spending a lot of time near their practitioner’s home, despite living on the other side of town.
For Dr More, it is a vivid illustration of government reaching into a sensitive database for an unexpected and improper purpose.
“Since when does a GP having an affair constitute a crime? I don’t want to live in a country where if I choose to have an affair I have the government able to watch me.”
Medical indemnity provider Avant shares his views. Head of Advocacy Georgie Haysom says AHPRA should have to seek a warrant or approach the doctor if it wants such sensitive information.
“AHPRA and the Health Care Complaints Commission are healthcare regulators not criminal law enforcement agencies,” she says.
Whether the Office of the Attorney-General grants AHPRA warrantless access remains unknown. The department has refused to give the status of the application.
But it has confirmed it has not yet granted access to any government agency, outside the already approved criminal enforcement bodies.
It has also clarified that, under the current law, AHPRA could only ever be granted warrantless access on a temporary basis, lasting for 40 sitting days of Parliament.
MyHealth Record
There is another dataset of perhaps even greater sensitivity that is also being built by the Government – the MyHealth Record, formerly known as the PCEHR.
If its woeful participation rates improve, it has the potential to connect practitioners together like never before, reducing risks in diagnosis and treatment and improving overall continuity of care.
What concerns Dr More is that it will also allow the Government to build an enormously powerful system for monitoring doctors and patients, especially when linked to current PBS and Medicare databases.
This reality hit GP groups in the England last month, who were outraged to learn its Government would begin monitoring GP certificates issued for a workers’ rehabilitation scheme.
In what the UK’s Family Doctor Association labels “state snooping”, the Government will collect data on the patient’s gender, condition, prognosis and location, which will be linked to each individual GP practice – prompting fears of league tables.
The move comes five years after England introduced shared ehealth summaries, and where currently 96% of the population – almost 55 million people – are signed up.
“This is the sort of the stuff that the English are already doing using their database, so how long before our guys get the same idea?” Dr More says.
“I think doctors are sleep-walking their way into finding their clinical autonomy destroyed by the government.”
At the RACGP, lead eHealth representative Dr Nathan Pinskier sees things differently.
While the college continues to lament what it perceives is the Government’s lack of engagement with general practice in the design and implementation of the MyHealth Record, it is far less concerned about over-reach.
“The risk that the Government will use the tool for a purpose that is not supportive of primary care is always there, but I don’t think that’s the prime intention at the moment,” Dr Pinskier says.
For one thing, he says, the Government can already monitor doctors through the MBS and PBS databases.
For another, the potential for a high-quality shared ehealth record is too valuable to give up on.
“It’s not a bad thing if it’s useful clinical information. That’s a good thing,” he says.
Even the fact that only the patient – and not the doctor – has control over who can access the electronic record is a worthwhile potential downside, he says.
“A lot more eyes may be looking at the same information in the future. Which hopefully is a good thing, but may expose certain patterns of behaviour or healthcare service delivery.
“Yes, there is a risk you will be exposed. If you’re practicing good quality medicine, then that should be less of an issue.”
Secondary use
The biggest risk, as e-security expert David Vaile sees it, is that there is no way of knowing at the moment how securely the Government will treat its ehealth data.
Mr Vaile, a lawyer who co-convenes UNSW’s Cyberspace Law and Policy Community, says that in the age of Big Data personal information has enormous commercial value.
Look no further than Facebook or Google, he says.
“One of the risks is there’s money in them thar hills. Data is the new goldmine.”
He characterises the Government’s public statements on the security of the MyHealth Record so far as “slippery” and “obtuse”, at a time when heightened scrutiny is required.
One of his main areas of research is into how the proliferation of large datasets – public and private, legal and illegal – is making it possible to re-identify seemingly anonymous data.
“It’s very unlikely that anyone can promise that they can safely de-identify any data set on its own, particularly when viewed into the future.”
Mr Vaile would like to see more transparency in who the Government intends to provide the data to, and how it will protect the identities of patients and doctors. Nothing short of a gamut of checks and balances will do.
The Federal Department of Health, for its part, flatly denies it has any intention to sell de-identified data from the MyHealth Record system.
However, current laws do allow it to provide de-identified data for public health and research purposes.
A spokeswoman for the department says it is currently developing a framework for the secondary use of MyHealth Record information, and will begin public consultation in the second half of 2016, according to a spokeswoman.
“Until this framework is in place, there will be no secondary use of the data provided by the department,” she says.
