Intelligence and Security Committee of the Australian Parliament declined to recommend passage of Minister for Home Affairs Dutton's identity matching services bill

The Guardian, 24 October 2019:

Mark Dreyfus, as the most senior Labor member on the committee, also commented on the bill: 

The Intelligence and Security Committee of the Parliament is declining to recommend the passage of the identity matching services bill. 

Instead, Labor and Liberal members of the committee are uniting to recommend that the identity matches services bill be completely redrafted and referred back to the Intelligence and Security Committee for further inquiry when it is reintroduced. 

In taking this step, I congratulate all members of the committee for putting the national interest first and sending a strong message about the value of this committee. 

The identity matching services bill purports to facilitate the exchange of identity information pursuant to the objective of an intergovernmental agreement reached by Coag [in] October 2017. 

But it includes none of the limitations or safeguards anticipated by that agreement. 

The bill includes almost no limitations or safeguards at all. 

As explained in the committee’s report, the identity matching services bill would authorise the Department of Home Affairs to create and maintain facilities for the sharing of facial images and other identity information between government agencies and in some cases, non government agencies entities. 

The bill would also authorised the Department of Home Affairs to develop and maintain to centralised facilities for the provision of what are called identity matching services. 

The first of these two facilities would be called an interoperability hub. 

The Hub would act as a router through which government agencies across Australia could request and transmit information as part of an identity matching service. 

The second would be a federated database of information contained in government identity documents. As discussed in the committee’s report, the potential implications of these two new facilities for the privacy of all Australians are profound. 

Those implications do not appear to have even been considered by the Minister for Home Affairs or by his department. 

While a bill provides for six different identity mentioned services, the service that elicited the most concerned from submitters to the committee’s inquiry is the face of identification service. 

That service would enable authorities across Australia to use huge databases of facial images to determine the identity of an unknown person. 

Using that service, a law enforcement agency could submit a facial image for matching against a database of facial images contained in a in government identification documents, such as a database containing every driver licence photo in Australia. 

In return, the agency would receive a small number of matching or near matching facial images from the database. The agency could then access biographical information associated with those images. 

The potential for such a service to be used for mass or blanket surveillance, such as CCTV being used to identify Australians going about their business in real time was raised by numerous submitters to the inquiry......

Mark Dreyfus: Like my colleagues on the committee, I do not believe that the government is proposing to engage in or to facilitate the mass surveillance of Australians. But I do accept that, given the near complete absence of legislated safeguards in the Identity-Matching Services Bill 2019, those concerns cannot simply be ignored. If there is no intention for the proposed identity-matching services to be used to engage in mass surveillance activities, the government should not object to amending the bill to ensure that those services cannot, as a matter of law, be used in that manner. 

Concerns were also raised about the proposed one-to-many identity-matching service being used to identify people who are engaging in protest activity. This does concern me. It was only this month that the Minister for Home Affairs, the minister responsible for this very bill, called for mandatory prison sentences for people who engage in protest activity; called for the same people to have their welfare payments cancelled; and also called for them to be photographed and publicly shamed. As presently drafted, this bill would not prohibit authorities from using the proposed face-matching services to identify individuals in a crowd who are engaging in lawful protest activity. That would be concerning in the best of times; it is particularly concerning in the light of the authoritarian disposition of the Minister for Home Affairs. 

A raft of other concerns was expressed about the Identity-Matching Services Bill, including in relation to this government’s abysmal record on cybersecurity. 

I do not propose to list all of the concerns here today, but I encourage everyone to read about them in the committee’s report. 

I would like to thank my colleagues on the committee, Labor and Liberal, for their work on this important report. It should not escape anyone watching these proceedings today that, by agreeing to the set of recommendations contained in this report, the Liberal members of the committee have placed the national interest first. For that, I would like to pay tribute to Senators Stoker, Fawcett and Abetz, and the members for Canning, Berowra and Goldstein. I would like to pay particular tribute and extend my thanks to the chair of the Intelligence and Security Committee, the member for Canning. I also thank the committee secretariat for their excellent work, both in this parliament and in the last parliament, which underpins this report.

Text of the Identity-matching Services Bill 2019 can be found here.

Parliamentary Joint Committee on Intelligence and Security, "Advisory report on the Identity-matching Services Bill 2019 and the Australian Passports Amendment (Identity-matching Services) Bill 2019" can be found here.

Do you know exactly who Medicare, your GP, specialist doctor or local area health service are sharing your personal medical information with?

Electronic Frontiers Australia, media release, 26 August 2019: 

Australia, Melbourne — Monday 26 August 2019 — EFA, Future Wise, Digital Rights Watch and APF today call again for a comprehensive review of privacy provisions for healthcare data. 

 Following the HealthEngine scandal in 2018, and the recent use of Pharmaceutical Benefits Scheme (PBS) data to assist recruitment into research on Bipolar disorder, a Twitter user on Friday 23 August shared a SMS message attempting to recruit him into a clinical trial. 

This appears to have occurred through the use of Precedence Healthcare’s InCa (Integrated Care) health platform. Research by members of digital rights organisations today revealed that sensitive patient details—including contact details, demographics and complete medical histories—can be shared with a wide range of partners, including, it appears, private health insurers. 

Dr Trent Yarwood, health spokesperson for Future Wise and a medical specialist, said “Secondary uses like this are a very ethically murky area. People don’t generally expect to have personal details from their healthcare providers made available to anyone, even if well intentioned.” 

The terms and conditions of the application include access to data from myHealthRecord. “While the My Health Records Act includes privacy provisions, once this data is accessed by an external system, these provisions no longer apply,” continued Dr Yarwood. “I’m very concerned that practices making use of this system are not aware of just how widely this data can be shared—and that they are expected to fully inform patients of the nature of the data use,” he concluded. 

“This kind of barely-controlled data sharing is only possible because of how little privacy protection is provided by the current legislation,” said Justin Warren, Electronic Frontiers Australia board member. 

“People have made it clear time and time again that information about their health is extremely personal, private, and they expect it to be kept secure, not shared with all and sundry,” he said. “What people think is happening is quite different to what actually is, and these companies are risking catastrophic damage to patient trust with their lust for data.” 

“If you found out your doctor was sharing your full medical history with private health insurers, or the police, would you keep seeing them?” he added. 

Robust privacy protections are needed for all Australians, such as by finally giving us the right to sue for breach of privacy, requiring explicit consent for each disclosure of medical or health data to a third party, and proper auditing of record-access that is visible to the patient. It is imperative that the risks of health data sharing receive greater attention. [my yellow highlighting]

Australian Health Information Technology, 25 August 2019: 

This Seems To Be A System Of Sharing Personal Health Information That Is Rather Out Of Control. 

I noticed this last week: How does Inca collect and share health information? 

Updated 1 month ago 

Precedence Health Care’s Integrated Care Platform (Inca) is a cloud- based network of digital health and wellness services, including MediTracker mobile application services. 

It is important that all users of Inca services understand how the network collects and shares health information (“personal information”) and are aware of their responsibilities for gaining informed consent from patients. 

To the extent applicable (if at all), the Health Privacy Principles (or equivalent), which operate in some jurisdictions, should guide your actions. In the absence of applicable Health Privacy Principles, you should refer to relevant Commonwealth, State or Territory privacy legislation, and assistance can also be derived by referring to the website of the Office of the Australian Information Commissioner. You should make sure you are familiar with the applicable principles or other relevant guidance, and also with Precedence Health Care’s Privacy Policy. 

Inca collects and shares personal information about patients and other persons under care (also called “consumers”) who consent to this information being stored and shared in the network. This information may come from a variety of sources, including the clinical software systems used by GPs (e.g., Medical Director, Best Practice); other members of the patient’s care team (e.g., allied health professionals, medical specialists); the patient themselves; participating health services and pathology services; and the Commonwealth’s My Health Record. 

Inca uses this information to provide a range of health care and wellness services to the patient and their care team. 

Prior to contributing a patient’s personal information to be stored in or used by Inca, users must obtain informed consent from patients for the collection and sharing of this information. Ensuring that patients are informed about what will happen with the information that is being shared is a fundamental component of best practice in privacy, so it is important that all Inca users and patients know what information is available on Inca and who has access to that information. 

When a patient’s GP or other person authorised by the GP uses Inca to collect personal information from their general practice clinical system, Inca will extract and share the following information: 

· Patient demographics 
· Alcohol consumption and smoking status 
· Allergies and adverse reactions 
· Family and social history 
· Observations and results 
· Current medications 
· Immunisation history 
· Current and past problems 

If the patient or the GP does not wish to share some of this information, the GP’s clinical system should provide a means for declaring such data “confidential” and thereby preventing it being sent to Inca. 

GPs who do not know how to do this should contact the provider of their clinical software. Inca may also collect and share information obtained from other sources. 

These include: 

· Information that the GP or any member of the care team or the patient themselves adds to the patient record or to any notes concerning the patient’s care using Inca services, web sites or mobile devices. This information may include contact information, measurements, care plans, assessments, referrals, progress notes, appointments, and other related personal and health information. 

· Information from participating Health Services, including discharge summaries and emergency department attendance. 

· Information obtained from My Health Record. This information may include some or all of the data stored in the patient’s My Health Record. 

It is the responsibility of the provider of information stored in or used by Inca, or the person who grants access to such information, to inform the patient of the type of personal information that is so provided or made accessible. 

Inca will provide access to a patient’s personal information with the patient’s GP and care team, the patient (or their carer as authorised by the patient), participating Health Services, and some others as necessary to provide the services of Inca. Precedence Health Care may share de-identified data (that is, data from which it is impossible to ascertain who you are) to persons or organisations who are engaged in research, trials and analyses relating to improvements in health and the management of health services. The way Inca shares and protects this information is described in the Precedence Health Care Privacy Policy. 

It is important that patients understand what information is being shared, who it is being shared with, and for what purpose. It is the responsibility of the persons providing this information to ensure that each patient is aware that their personal and health information is being stored on a computer system hosted on a secure site in Australia, as described in the Precedence Health Care Privacy Policy. 

It is also important for all users of Inca to be aware that this information may not be complete, up to date, or accurate. 

In seeking informed consent to participate, patients should be advised that any measurements or notes that they enter into Inca are not continuously monitored and will be available to members of the patient’s care team only when the provider next logs in to Inca. 

Patients who are concerned about any condition should contact their GP or other health care provider using their normal means (e.g., phone) and should not use Inca for this purpose. 

Please contact Precedence Health Care’s Privacy Officer on (03) 9023 0800 or email privacy@precedencehealthcare.com if you have any questions or concerns about our Privacy Policy, or if you wish to suggest improvements. You may also contact your State’s Privacy Commissioner or Ombudsman to get advice about privacy or make a complaint. 

Here is the link: https://phc.zendesk.com/hc/en-us/articles/360021090952-How-does-cdmNet-collect-and-share-health-information- 

For background Precedence Health run a shared patient data base which is accessible to GPs, Specialists and Allied Health Staff for the purpose of care planning and co-ordinating care. Using their system allows GPs to claim a Medicare Item No for this service. They also provide patient access to the data and have services such as reminders etc in an app. 

All that said this system, on its own statements, just sucks information from everywhere (GP systems, health services and the myHR) and pops it into one database. One user, who is now switching it off, revoking consent and getting out has described to me a collection of erroneous and mis-sorted data on their record. 

More they seem to be happy to hand out the data to others claiming it is de-identified – and we all know how in-effective that can be! 

The rather loose way consent rules for disclosure appear to be enforced is also a worry. 

They even have the legendary myHR disclaimer that “It is also important for all users of Inca to be aware that this information may not be complete, up to date, or accurate.” Doh! 

You can see the Privacy Policy here if you wish! https://phc.zendesk.com/hc/en-us/articles/360021091012-Privacy-Policy- 

Don’t know about you but none of my information would go anywhere near this if I could help it! It looks like a serious unthought through shambles to me. 

What do you think? 

David.  [my yellow highlighting]

The Abbott-Turnbull-Morrison Federal Government still hasn't made personal health data secure

Since about 2014 it has been known that the personal details of Medicare cardholders has been for sale on the dark web.

Despite an April 2014 report by the Australian National Audit Office that the Consumer Directory - which contains all Medicare customer records - was not secure and that cardholder details were for sale, the federal Liberal-Nationals Coalition Government does not appear to have comprehensively acted act on the issue of database security.

It was not unknown that Medicare cardholder details were being used fraudulently.

In 2016-17 Twenty notifications, involving 123 separate breaches, resulted from findings under the Medicare compliance program. In these instances, certain Medicare claims made in the name of a healthcare recipient but not by that healthcare recipient were uploaded to their My Health Record.

When contacted by the mainstream media in July 2017 the Liberal MP for Aston and then Minister for Human Services Alan Tudge denied any prior knowledge of cardholder details being offered for sale.

It was not reported that at the time if he was asked about instances of Medicare cardholder details being used to commit fraud or identity theft.

In August 2017 eHealth Privacy Australia was telling the Senate Finance and Public Administration Committee that:

• There are fundamental weaknesses in both the HPOS (Medicare card data) and My Health Records systems, which make them vulnerable to illegal access.

• Those weaknesses mean that fraudulent users of the systems can assume the identity of legitimate users to gain illegal access.

• It is not sufficient to mitigate these weaknesses in the My Health Records system.

By 1 January 2019 IT News was reporting that Medicare cardholder details fraudulently obtained had been used to access an individual’s My Health Record:

The number of data breaches involving the My Health Record system rose from 35 to 42 in the past financial year, new figures show.

The Australian Digital Health Agency (ADHA) said in its annual report [pdf] that “42 data breaches (in 28 notifications) were reported to the Office of the Australian Information Commissioner” in 2017-18.

As with previous years, the agency said that “no purposeful or malicious attacks compromising the integrity or security of the My Health Record system” were reported in the period.

Of the 42 breaches, one was the result of “unauthorised access to a My Health Record as a result of an incorrect Parental Authorised Representative being assigned to a child”, the agency reported.

A further two breaches were from “suspected fraud against the Medicare program where the incorrect records appearing in the My Health Record of the affected individual were also viewed without authority by the individual undertaking the suspected fraudulent activity”, ADHA said.

In addition, 17 breaches were the result of “data integrity activity initiated by the Department of Human Services to identify intertwined Medicare records (that is, where a single Medicare record has been used interchangeably between two or more individuals)”, the agency said. [my yellow highlighting]

Despite this knowledge the Abbott-Turnbull-Morrison Government has still not grasped the nettle, because on 16 May 2019 The Guardian reported:

Australians’ Medicare details are still being illegally offered for sale on the darknet, almost two years after Guardian Australia revealed the serious privacy breach.

Screenshots of the Empire Market, provided to Guardian Australia, show the vendor Medicare Machine has rebranded as Medicare Madness, offering Medicare details for $US21.

Other vendors charge up to $US340 by offering fake Medicare cards alongside other fake forms of identification – such as a New South Wales licence.

The Medicare Madness listing suggests the Medicare details “of any living Australian citizen” have been available since September 2018.

Guardian Australia first reported patient details were on sale in July 2017, verifying the listing by requesting the data of a Guardian staff member and warning that Medicare card numbers could be used for identity theft and fraud.

The revelation prompted a review lead by former secretary of the Department of Prime Minister and Cabinet Peter Shergold.

The report did not identify the source of the Medicare data leak but suggested that people could use publicly available information about healthcare providers – including their provider number and practice location – to pass security checks and obtain a Medicare card number through the Department of Human Services provider hotline.

The review panel warned the “current security check for release of Medicare card information provides a much lower level of confidence than the security requirements” for Health Professional Online Services, the portal that allows providers to make rebate claims.

An IT industry source, who refused to be named, said the re-emergence of the data breach brings into question government assurances around the privacy of medical data “when those responsible cannot even manage the security of Medicare cards”.

The source said there is a “concerted effort at the moment by law enforcement to curtail darknet market activity”.

“In reality the darknet markets, while disrupted momentarily when their sites are brought down, easily relocate and continue business.”

Darknet markets can simply private message existing clients with a new link to resume business elsewhere. [my yellow highlighting]

Thus far the federal government has failed to recognise where Medicare cardholder details may be being accessed unlawfully, as this 2 August 2018 ABC online article indicates:

Privacy experts have warned that the system opens up health records to more people than ever before, thereby increasing the threat surface — the number of vulnerabilities in a system — dramatically.

Dr Bernard Robertson Dunn, who chairs the health committee at the foundation, says once the data is downloaded into the health system, the My Health record system cannot guarantee privacy.

"Once the data has been downloaded to, for instance, a hospital system, the protections of the hospital system apply, and then the audit logs apply to the hospital system — not to My Health record.

"So there is no way the Government would know who has accessed that data, and it is untraceable and untrackable that that access has occurred."

The relentless drive by Australian federal and state governments to create unsafe data collection and retention systems continues unabated

The Sydney Morning Herald, 26 January 2019:

More than 1 million Australians have had their name and address added to the electoral roll and then automatically passed to global marketing giants without their knowledge.

Direct enrolment laws passed by Parliament in 2012 meant Australians no longer had to register on the electoral roll to have their details entered, with information of workers and school students scanned from drivers licences, Centrelink and records from the Board of Studies in each state.

The electoral roll has since been handed over to credit-check operators for identification purposes designed to help financial services firms such as banks, Afterpay and Zip, to run fraud, anti-money laundering and anti-terrorism checks, but four of those identity firms are now running global marketing operations using data analytics.

No government body has been able to advise if anyone is monitoring the companies for breaches of the electoral act, which carries fines for using the data in commercial operations, or if they are monitoring the separation of data between the companies' identification and marketing arms.

The Sydney Morning Herald and The Age revealed this week that AXCIOM, Experian, Global Data and illion (formerly known as debt collectors Dun & Bradstreet) all have access to the electoral roll as "prescribed authorities". In their secondary businesses, each boasts of their ability to provide marketing data analytics on millions of Australians to their clients but maintain they are in full compliance with the privacy act and do not use the data for marketing purposes.

AXCIOM and Global Data have not responded to multiple requests for comment. An auto-reply email from AXCIOM said "data monetisation awaits!"

The only non-marketing firm among the group, US credit check giant Equifax, had the records of 145.5 million hacked in a breach in 2017 was fined $3.5 million by the Federal Court last year for misleading, deceptive and unconscionable conduct…..

….database that contains information on 16 million Australians. More than 1.5 million Australians who were eligible to vote - but not on the electoral roll - are likely to have been added since the laws passed.

School students as young as 16 have been caught up in the data transfer, with more than 18,846 people aged 16 and 17 provisionally on the electoral roll as of December 31.

Yet other digital privacy betrayals

The global situation......

The Guardian, 14 November 2018:

Google has been accused of breaking promises to patients, after the company announced it would be moving a healthcare-focused subsidiary, DeepMind Health, into the main arm of the organisation.

The restructure, critics argue, breaks a pledge DeepMind made when it started working with the NHS that “data will never be connected to Google accounts or services”. The change has also resulted in the dismantling of an independent review board, created to oversee the company’s work with the healthcare sector, with Google arguing that the board was too focused on Britain to provide effective oversight for a newly global body.

Google says the restructure is necessary to allow DeepMind’s flagship health app, Streams, to scale up globally. The app, which was created to help doctors and nurses monitor patients for AKI, a severe form of kidney injury, has since grown to offer a full digital dashboard for patient records.

“Our vision is for Streams to now become an AI-powered assistant for nurses and doctors everywhere – combining the best algorithms with intuitive design, all backed up by rigorous evidence,” DeepMind said, announcing the transfer. “The team working within Google, alongside brilliant colleagues from across the organisation, will help make this vision a reality.”

DeepMind Health was previously part of the AI-focused research group DeepMind, which is officially a sibling to Google, with both divisions being owned by the organisation’s holding company Alphabet.

But the transfer and vision for Streams looks hard to reconcile with DeepMind’s previous comments about the app. In July 2016, following criticism that the company’s data-sharing agreement with the NHS was overly broad, co-founder Mustafa Suleyman wrote: “We’ve been clear from the outset that at no stage will patient data ever be linked or associated with Google accounts, products or services.”

Now that Streams is a Google product itself, that promise appears to have been broken, says privacy researcher Julia Powles: “Making this about semantics is a sleight of hand. DeepMind said it would never connect Streams with Google. The whole Streams app is now a Google product. That is an atrocious breach of trust, for an already beleaguered product.”......

Here in Australia......

Canberra Times, 15 November 2018, p.8:

The chairman of the agency responsible for the bungled My Health Record rollout has been privately advising a global healthcare outsourcing company. Fairfax Media discovered the relationship between the UK-based company Serco and the Australian Digital Health Agency (ADHA) chairman Jim Birch after obtaining a number of internal documents.

The revelation comes as Health Minister Greg Hunt was forced to extend the My Health Record opt- out period after a compromise deal with the Senate crossbench and a last-minute meltdown of the website left thousands of Australians struggling to meet the original deadline. 

Since April 2016, Mr Birch has been ADHA chairman with oversight of My HealthRecord, the online summary of key health information of millions of Australians. Documents from the ADHA, released under freedom of information laws, show Mr Birch registered his work for Serco in November 2017, but the relationship was never publicly declared.

After Fairfax Media submitted questions last week on whether the relationship posed a conflict of interest, Mr Birch quit the advisory role.

Serco has won a number of multibillion-dollar government contracts to privately run - and in some cases deliver healthcare in - some of Australia's prisons, hospitals and detention centres.

The ability of Serco to navigate the controversial area of digital health records would be invaluable to any future expansion plans.

A spokeswoman for federal Health Minister Greg Hunt said all board members had declared their interests.

"Board members do not have access to system operations, and board members cannot be present while a matter is being considered at a board meeting in which the member has an interest," she said.

Lisa Parker, a public health ethics expert at University of Sydney, said the public had been asked to trust the agency is acting in its best interests. She said they should make public any information relevant to that trust…..

The register also shows Mr Birch knows the chief executive of start-up Personify Care, Ken Saman, and has been giving him advice since August last year. The software company recently released "Personify Connect", a product that provides hospitals with "seamless integration" of its original patient monitoring platform with My Health Record.

Despite being scheduled to speak at a "Personify Care breakfast seminar" later this year, Mr Birch has never publicly declared this interest. Mr Birch is also chairman of another start-up called Clevertar that allows businesses to create "virtual agents" and offer "personalised healthcare support, delivered at scale". This relationship is on the public record. 

Public sector ethics expert Richard Mulgan, from Australian National University, said the chairman should submit to a higher standard than ordinary board members and distance himself from anything suggesting a conflict of interest.

He said perception was just as important as reality and the public, not the people involved, was the best judge of whether there was a problem.

"The personal interests register must be published," he said.

"The fact they haven't can only lead to the perception there are conflicts of which they are ashamed."

Mr Birch, Personify Care and Clevertar did not respond to Fairfax Media's questions.

A Serco spokesman confirmed the company met with Mr Birch "occasionally ... over the past 12 months regarding business management", but did not answer whether it paid him.......

The Courier Mail, 15 November 2018, p.4:

Your dietitian, dentist, podiatrist, occupational therapist or optometrist will be able to see if have a sexually transmitted disease or an addiction unless you set access controls to My Health ­Record.

Major new privacy concerns emerged after the Federal Government was yesterday forced into an embarrassing call to delay the rollout.

People trying to access the controversial My Health Record hotline and computer portal experienced major delays during a rush to opt out before the system was rolled out tomorrow.

Health Minister Greg Hunt was forced to delay the opt out period until January 31 after pressure from health groups and crossbench senators.

The Australian Medical Ass­ociation was the only major health group not calling for a delay.

The vast majority of groups were concerned the record would come into ­effect before key privacy and secu­rity upgrades had been passed by ­Parliament. AMA president Dr Tony Bartone denied its position was related to his need to keep the Health Minister onside while he negotiated key reforms to general practice care.

And the warnings continue about My Health Record.....

Financial Review, 13 August 2018:

One of the world's leading experts in cyber security policy has warned the manipulation of health data is one of his biggest concerns facing society, as debate continues to rage about the long-term viability of the government's controversial opt-out My Health Record.

Former Pentagon chief strategy officer for cyber policy and newly appointed head of cyber security strategy for data centre security company Illumio, Jonathan Reiber, told The Australian Financial Review the health data of MPs and business leaders would be of particular interest to cyber criminals.

"If I'm a malicious actor wanting to cause discontent, I would be interested in that," he said.

"If you get access to the health information of key leaders, you can understand what they like, who they are and what their problems are. [Cyber criminals] would want to look at a segment of 50 to 100 key leaders in the country, figure out data for intelligence purposes and then manipulate the data for the negative."

Earlier this month Health Minister Greg Hunt announced that the government would redraft the legislation surrounding My Health Record to restrict police access and allow records to be deleted permanently. 

He had previously copped criticism for saying the digital health database had "military-grade security", despite not having two-factor authentication protocols.

The Sydney Morning Herald, 14 August 2018:

Labor's health spokeswoman Catherine King said the government's decision to switch to an opt-out model, which Labor originally supported, gave rise to "a whole range of significant privacy and security issues that we don't think were thought of in the original enabling legislation".

"Are they then able to opt-out when they become adults? What's happening in terms of survivors of domestic violence and the capacity through the creation of a record by an abusing partner, of a record for their children or agreement to a record for their children, what security is in place to ensure that they are not traced?"

Legal experts have warned that the system provides a loophole for a violent person to create a record for their child without their ex-partner's consent, potentially allowing them to track down their estranged family's location, as revealed by Fairfax Media last month.

Ms King also highlighted concerns raised about access to medical records by health insurers, including in relation to worker’s compensation claims, which the government has said will not occur.

"We want to make sure that's not the case and we want to make sure that's not the case under the law," she said.

Australian Privacy Foundation:

Some people may find their My Health Record places them at risk of stigma and discrimination or may cause safety issues.

You may wish to carefully consider whether you want your health records held or shared if you:

* have a criminal record or are affected by the criminal justice system

* use or have used drugs

* live with a lifelong transmissible condition such as HIV or hepatitis B

* have or had hepatitis C

* are not on treatment after it was recommended

* are sexually active and test regularly for STIs

* are or have been a sex worker

* are transgender or intersex

* are bisexual, lesbian or gay

* have lived with mental health issues

* have been pregnant or terminated a pregnancy

* are a health care worker.