Last week I went to Net Hui and supported Sebastian Morgan-Lynch from the Privacy Commissioner’s Office in a session about privacy protocols around shared care records.

Net Hui is an unusual gathering with a strong emphasis on being somewhat unstructured – a feature that in my humble opinion is a strength but also a weakness. A strength because it means the agenda is what the attendees want to talk about, but a weakness because it’s difficult to distil any meaningful outcomes.

Our session comprised Sebastian outlining the Commission's draft paper “Electronic Shared Care Records - Elements of Trust “after which he asked me to contribute a “devil’s advocate role.” General discussion followed.

So "devil's advocate" I was. I began with three caveats – a disclosure that I do some work for the Health IT Board, assurance that I am a very strong advocate for shared care records, and affirmation that the draft paper has much to commend it.

But then I picked two holes that I consider very, very, very important.

First, the assumption that it is ok for every entity that holds shared care data from the increasingly common pool to establish its own privacy protocols. Sure, the paper gives some high quality advice about the constraints within which these should be crafted. But I don’t think that goes far enough. Over time the data that gets put into any health database (e.g. a GP practice in Bluff) will be accessible from any other (e.g. by a practice manager in Kaitaia or a pharmacist in Plimmerton.) The current proposal effectively means its privacy will be determined by a raft of DHBs, Primary Health Organisations, professional health groupings, and even individual practitioners. That leaves the consumer exposed to the weakest link in the chain.

I don’t think that’s good enough. Remember, once this data goes into the pool it becomes almost impossible to recover. Think how hard it is to get stuff taken off Facebook - and they're not even run by a government!

The solution seems ridiculously simple to me. We need a common set of documents. They should include a declaration that every user must sign to get access whether they be a doctor, nurse, administrator, auditor, researcher, or pharmacist. Common penalties. Common training about the importance of confidentiality. And a legal provision that maintains protection for personal health information the same as tax information is protected under the Crimes Act.

Why can’t we just do that? We’re a tiny country.

Apart from the privacy risks involved in the fragmented approach, why should our taxes be deployed to funding a zillion bureaucrats creating a different set of access rules for every hamlet?

The second missing element is partial opt-out rights for patients. Sebastian’s paper specifies that people will be able to opt out of shared care records in their entirety, but I don’t see provision to opt out for a specific consultation or condition. There are many reasons for people to single out a specific condition as especially confidential. Mental health and sexual health are oft-quoted examples, but some people may be sensitive or embarrassed about other conditions too. And its their right to stipulate that these remain between themselves and the doctor they choose to confide in.

I’d pick that if partial opt-out is not enabled, then the number of total opt-outs will be exponentially higher. That will greatly reduce the utility of the Records which would be a tragedy.

I’ve worked with Sebastian and the Privacy Commissioner’s team. I have a lot of confidence in them. Here’s hoping for a re-think on these two sticking points, which in my opinion are mission-critical to the very valuable and important shared care project.