Exclusive: Leaked document says problem potentially left personal medical information out of date or missing, but agency says safety not compromised

This article is more than 1 year old

This article is more than 1 year old

Government officials were warned a “significant” technical glitch affecting the My Health Record system threatened to leave patient information incomplete or out of date, a leaked briefing shows.

The My Health Record system relies on doctors and medical practices using their own IT systems to upload clinical information about patients, to help ensure continuity of care and improve interactions with healthcare providers.

• Sign up to receive the top stories from Guardian Australia every morning

An internal briefing to the Australian Digital Health Agency’s data integrity group last month, obtained by Guardian Australia, shows that a software bug began to affect the system in early 2016, which prevented some clinical information systems used by medical practices “from uploading clinical documents to the My Health Record system”.

The briefing said the error had the potential to cause “missing clinical information in a consumer’s My Health Record” and “amendments not uploading resulting in out-of-date or incorrect information”.

“When the digital signature issue emerged in 2016, its impact was so significant that it was escalated to the minister for health, and although the issue is being managed it is not completely resolved,” the leaked briefing, dated 18 December 2018, said.

But the agency, in a statement to Guardian Australia, has strongly denied any suggestion the 2016 software bug compromised patient records, saying it affected only a tiny proportion of documents and did not leave My Health Records with missing or out-of-date information.

“The matter you refer to accounts for less than 1% of attempted document uploads from clinicians,” a spokeswoman said. “The agency rejects any statement that the security or safety of the My Health Record system has been compromised.”

Neither the minister, then Sussan Ley, nor the agency publicly announced the error.

My Health Record lets down those who could use it the most | Mike McRae Read more

The agency has also strongly denied any suggestion that the issue is still unresolved, despite what is written in the briefing. It said the bug was quickly dealt with in 2016.

“To be absolutely clear, the agency rejects any assertion that there is any clinical risk to patient safety or long standing problem unresolved since 2016,” a spokeswoman said.

Facebook Twitter Pinterest An excerpt from an official document, dated December 2018, describing the My Health Record problem.

The briefing document suggests that, in some cases, medical practices using older software were oblivious to the errors.

“The detectability of this error depended on the clinical information system and the implementation of error reporting,” the agency’s briefing said. “Some clinical information systems did not display an obvious error message. Therefore some healthcare provider end-users may still be using clinical information software with this issue and not be aware.”

This claim has also been denied by the agency, which says medical practitioners were alerted every time an upload to the My Health Record system failed, regardless of the software they were using.

“All clinical software alerts the organisation if a document fails to upload into the My Health Record,” the spokeswoman said. “Any claim to the contrary is false.”

The agency identified a fix but it relies on third-party software makers and IT workers in hospitals, doctors’ offices and other healthcare locations to implement it.

Last month’s briefing said some doctors were still using the old software.

“Vendors were then advised of the issue and how to resolve it, however many healthcare providers are still using clinical information systems with the issue rather than the corrected versions created by vendors,” the briefing said.

Guardian Australia has confirmed at least one software vendor issued a note to users on how to fix the issue, but not until several months after the bug was first discovered.

Facebook Twitter Pinterest An excerpt from an official document, dated December 2018, describing the My Health Record problem.

The agency said it introduced a tool in November allowing it to find the “small number of clinicians” who were still using the buggy software and advise them of the problem. It said even those providers would receive an alert when their uploads failed.

The revelations have prompted a backlash from critics who say the government should have told the public and took too long to take steps to understand the scale of the problem.

Patients trust their secrets to doctors, not the government or the tax office | Ranjana Srivastava Read more

David Glance, director of the University of Western Australia’s centre for software practice and a frequent critic of the system, said the public should have been told.

“The fact that this wasn’t made public, that GPs weren’t informed that potentially documents weren’t going up there, that hospitals weren’t told that summaries were incomplete ... there’s all sorts of ramifications,” he said.

“This again highlights that the [agency], their standards of transparency, leave a lot to be desired.”

The agency would not say why the issue was not publicly announced to give patients and doctors an opportunity to correct the errors. Ley, the former health minister, was approached for comment.

Robert Merkel, a lecturer in software engineering at Monash University, was most concerned by the agency’s response. He said it appeared to have taken more than two years for the government to take proactive steps to understand the full scale of the problem.

“I think that’s what bothers me most,” he said. “That you had an unknown number of healthcare providers running old software with known serious faults. This was not fixed for over two years. That is troubling.

“Many providers may well have fixed it properly. Many vendors may have fixed it properly. The problem was that there were other healthcare providers out there who were running systems with this fault and they were able to do so for a very long time without any successful action taken to correct it.”

The leaked briefing shows the bug was caused by part of the digital signatures used to help secure and authenticate digital clinical records. Those signatures contain an identifier starting with a randomly generated hexadecimal character – either one of nine numerical characters or a letter from A to F. An average of 62.5% of all records uploaded to the My Health Record system used a number at the start of their digital signature identifier.

The use of numbers at the start of the identifiers became a problem in March 2016 after an update to a Microsoft framework used by the My Health Record system. The update meant that any digital signature identifiers starting with a number caused a “Windows operating system error”.

“This update exposed an issue in the way many clinical information systems created digital signatures preventing the clinical information system from uploading clinical documents to the My Health Record system,” the agency’s briefing said.

The agency said it quickly released its own patch to resolve the bug. But the fix also required updates from software vendors and healthcare providers to their own systems.