‘Each application would be assessed on its own merits,’ senators told

This article is more than 2 years old

This article is more than 2 years old

Pharmaceutical companies will be allowed to apply for data from the controversial My Health Record system, a Senate committee hearing has been told.

Caroline Edwards, the deputy secretary of the Department of Health, told the committee third-party access arrangements would allow medical and public health researchers access to de-identified data.

The Labor senator Murray Watt asked Edwards whether pharmaceutical companies could access data. Edwards said the system could not be used for commercial purposes – but pharmaceutical companies were not precluded from applying.

“If they’re researchers for a private company, they would need to put in a submission explaining what the purpose of their research was … and each application would be assessed on its own merits, but it wouldn’t be able to be used for commercial purposes.

Play Video 1:44 What is My Health Record? – video explainer

“They’re not precluded as an applicant, so long as it’s for public health research purposes. But that does not mean they get the data … there’s a very rigorous process.”

Tim Kelsey, the chief executive officer of the digital health agency, told the Senate standing committee on community affairs that research showed 59% of people were aware the system would create a record if they did not opt out. Kelsey accepted the suggestion of the Greens leader, Richard Di Natale, that the figure meant 41% of people “aren’t aware they’re having a record created for them”.

My Health Record has been in operation on an opt-in basis since 2012. The system will create a record for everyone who does not actively opt out by 15 November. Kelsey said about 900,000 people had opted out. That figure did not include paper applications.

“That’s about 3% … this is significantly lower than the initial forecast we anticipated and in line with other international examples.”

In addition, 136,000 people had requested to receive a notification whenever their record was accessed.

The expansion of the record database is designed to improve health outcomes, but privacy and cybersecurity concerns have led to calls for people to avoid the system.

The hearing was told that safeguards in place included the ability for people to generate a security code, which could apply to their entire file or to specific entries, and which could allow patients to choose who had access to their data.

Edwards said legislation to address privacy concerns would restrict third parties, such as law enforcement agencies, from accessing records without a court order. “My Health Record can only be accessed for the purpose of providing healthcare,” she said.