My Health Record is scrambling to put tough new restrictions on mobile phone apps that use its sensitive patient data, including an option to cancel if the companies damage the system's reputation.

Companies Telstra, HealthEngine, Tyde and Healthi already have access to My Health Record information such as Medicare records, test results, scans and prescriptions, for their app users to view on mobile phones.

The Australian Digital Health Agency (DHA), which is facing a crisis of confidence over its ability to safely store sensitive health data in My Health Record, has sent out a heavily amended agreement to the four app companies.

The new agreement, obtained by the ABC, will mean that companies' contracts would be terminated if they damage My Health Record's reputation and will give the chief executive Tim Kelsey a five-day cancellation option if he "forms the view that this agreement … may be contrary to the public interest".

Data privacy law expert Katharine Kemp said even the public interest cancellation clause did not go far enough.

"I think it's a good idea to have a public interest ground for termination, but I'm not sure why you'd allow a health app to operate for five extra business days if you'd formed the view this was contrary to the public interest," she said.

There are also much tighter clauses on how the companies report data breaches and collect information and consent from app users.

"Especially in the case of our sensitive health information, the Government must ensure that health apps use the highest standards of consent," Dr Kemp said.

"This agreement does not do that."

Got a confidential news tip? Email ABC Investigations at investigations@abc.net.au For more sensitive information: Text message using the Signal phone app +61 436 369 072 No system is 100 per cent secure, but the Signal app uses end-to-end encryption and can protect your identity. Please read the terms and conditions.

Mr Kelsey was unavailable for an interview.

A spokesperson for the DHA said it was "best practice" to regularly review contracts with suppliers and partners and the app providers had undergone "strict assessment".

'Premature' to count, 10 per cent could opt-out

The agency's contractual fix comes after the ABC reported on June 24 that one of the partner apps HealthEngine was passing on client information to personal injury lawyers and boasting to advertisers it could tailor advertising to patient's illnesses.

The Federal Health Minister Greg Hunt ordered the DHA conduct an "urgent review" of its relationship with HealthEngine on the same day.

My Health Record is a government-run service which holds Australians' medical information.

Australians have three months to opt out of My Health Record and thousands have because of concerns over privacy and the risk of data breaches.

The Health Minister said the system had the "strongest protections" and there would be no personal data released without consent from each person.

"It will be up to individuals whether they will choose to make it available. That's a guarantee under law," Mr Hunt said.

The DHA would not be drawn on exact figures of how many Australians had chosen to opt out of My Health Record so far.

"It is premature to forecast Australians' choice about having a My Health Record created during the opt out period," the DHA spokesperson said.

"However, based on the two trial sites where opt-out has already occurred and the initial responses in the first week, it is expected that more than 90 per cent of Australians will have a My Health Record by the end of year."

The agency spokesperson said My Health Record had "the highest level of security and meets the strictest cyber security standards".

Agency 'tightening up control'

A Telstra spokesman confirmed the company had received the amended contract for its use of My Health Record data in health apps, but declined an interview, saying the agency was best placed to comment on the fairness of the changes.

Tyde and HealthEngine declined to comment on the new agreement.

After the ABC's reporting on its use of patient data in June, HealthEngine announced it would stop sharing users' data and remove advertising from its website.

HealthEngine said My Health Record data had not been accessed for marketing purposes, nor had it been shared with third parties.

Healthi app director Geoff Rohrsheim said his start-up would accept the contract changes.

"It doesn't affect us," he said. "We're not manipulating any of the data, we're not trying to share it with anyone else."

Mr Rohrsheim said media reports about other apps connected to My Health Record could have played a part in the agency's contract updates.

"Based on a few incidents that have happened in recent times I think the agency is just tightening up … their control over any of the applications that are connecting to My Health Record," he said.

"Should [the third-party apps] be doing anything that is untoward then the agency has the ability to shut that down, and I think that's appropriate."

Major changes to the contract

The old agreement had privacy clauses but did not contain time limits on disclosure of breaches to the agency.

The new portal operator agreement shows companies will be given three days to notify the agency if they have had any My Health Record data breach.

In addition to the chief executive being able to cancel an app's access to My Health Record on "public interest" grounds, the new agreement waives the agency's responsibility for any losses the mobile app companies would incur.

The new contract also builds in the ability to terminate immediately if the company or associates "engage in any other conduct that we consider, in our absolute discretion, could adversely affect our reputation or the reputation of the My Health Record system or the Commonwealth of Australia or any of its agencies".

There are also new clauses which specify which ways app users must consent or opt-in to data use.

Dr Kemp said the amendments to the consent clause were "very unimpressive".

"It is not enough to say a health app 'must minimise any use of any bundled or general consents'," Dr Kemp said.

"Bundled or general consents are completely unacceptable in the context of health information."

Loading...