The private medical details of all Australians could potentially be stolen in an Ashley Madison-style hacking scandal if the federal government pushes ahead with plans to put everyone's records online, an expert has warned.
The Australian Privacy Foundation's Bernard Robertson-Dunn, who has developed IT systems for several government departments, says the proposed My Health Record system is full of privacy risks.
He says the recent Ashley Madison adultery website hacking scandal - in which a group of hackers released credit card details, email accounts and home addresses of the website's users - showed hacking was "always a possibility".
Health Minister Sussan Ley announced a reboot of the current e-health system in May, switching it from an opt-in to an opt-out model in order to get more people using it.
The model would contain the health records of every Australian, unless they chose to opt out of it.
Trials of the new system are set to begin in early 2016 in north Queensland and the NSW Blue Mountains region, involving one million Australians.
Dr Robertson-Dunn says having an opt-out model used by everyone makes the system more attractive to hackers.
He says even lawful access of the system could pose a "huge invasion of privacy", allowing anyone employed at a medical institution or organisation to access a person's entire medical record.
"It is possible that somebody working for a medical centre could access somebody's record because they're visiting the GP and gain information about the person which could be useful to pharmaceutical companies, or even hackers," he told AAP on Thursday.
"My concern is a lot of medical people don't actually understand enough about how this system works to understand the risks."
Several submissions to a parliamentary inquiry examining the legislation have raised concerns about the opt-out model, including from the Australian Information Commissioner.
A parliamentary committee on human rights chaired by Liberal MP Philip Ruddock has also raised privacy concerns about the opt-out model and has asked the minister whether there are sufficient safeguards in the legislation.
The Health Department has defended the claims, saying the same range of strong security and privacy protections in the existing model would carry over to the opt-out setting, along with stronger penalties for any misuse.
The Senate inquiry is due to hand down its report on Monday.
Share
