Your Private Medical Condition Exposed?!
A $20 solution!

Did you know the Government will pay cash to your GP for your personal medical records without having to ask you?! This is now legal. Your local GP could lose up to $50,000 each year if they do not comply. Did you know over 60 Government agencies want access to your medical records without a search warrant?  How do you feel about this? We have a simple solution. Would you pay a small fee to stop Government access to your medical records?

Would you pay to not have your medical records shared with the Government?

The Federal Governments E-health record has few fans see

They are also considering allowing the over 60 agencies to search your medical records without a search warrant is concerning see Here’s Every Australian Government Agency That Wants Your Data ,Gizmodo,18th January 2016

You may or may not be aware that the Federal Government is asking practices to upload your private medical information so it can be shared in a secure Government IT system. This is called My Health Record. Many significant privacy concerns remain see Significant privacy concerns’ over myHealth Record system SMH October 2015.

Our primary concern is patient consent. Are practices being urgently coerced to upload your private medical records without fully considering the medico-legal and financial implications of doing so? Practices risk losing up to $50,000 in a Government grant each year if they do not comply by uploading a certain number of records to My Health. For patients, this means that you may be forced to pay more next time you see the doctor.

What you may not realise is that laws have just been passed in November 2015 where you need to opt out in order to protect your medical records from being uploaded to My Health Record. This means you may automatically have already been opted in and therefore the Government has access to your medical records. Are you happy with this?

In this edition, we explore this issue so you can start to make an informed decision about how your medical records are handled by your medical practitioner.

A real life scenario: What would you do? A MAJOR legal and ethical dilemma!

This is based on a true story. One Friday night, at Health and Life we took a call from a doctor at his practice. He was desperately looking for advice on what to write on his patient record.

He had just seen a patient who did not want their identity to be written on his medical record. Why? The patient had been drinking and went home with a person that was not their married partner. The patient had contracted a sexually transmitted disease that night. The patient did not want the spouse to find out.


The doctor was asked not write down the patient’s name and the patient wanted some details modified on the record. Medicare would have not paid him for not keeping appropriate records. To the contrary, recording the patient’s name would have breached the patient’s privacy and the doctor risked being sued. The patient feared if this information got into the wrong hands it would result in a divorce.

We believe it is always better to ask the right questions than seek the right answers. Maybe the following questions you could put in writing or share (you have our permission) to your doctor, insurer, employer, lawyer, patient, Local MP or the Government for a written response. Let us know how you go!

What would you do?


  • Do you deny the patient care?
  • Would you allow them to continue to reinfect other people?
  • Do you do what the patient requests and just not get paid? Is this realistic if you are running a sexual health clinic?
  • Do you mask the record to protect everyone so the person will continue to trust their doctor and seek treatment?
  • What is the risk that another doctor may misunderstand the clinical notes?
  • Is this worth the risk of running foul with Medicare?
  • What do you do if someone demands this information such as a spouse, a lawyer, an insurance company or the Government?
  • How do you protect the patient and the practice from legal claims?
  • How do you continue to practice without fear?
  • Is it worth the risk, given you cannot undo a privacy breach?
  • Does sharing electronic medical records do more harm than good?
  • Is there a better way? (Hint: we believe that there is, see the bottom of this article)

The sharing of medical records without patient consent has huge implications, especially if it stops people wanting to visit their doctor and share their most intimate details so that they get the right care at the right time.

As you can tell, Ashley Madison breach aside, this is more than just an IT hacking issue. The complexity of the problem is compounded by how practitioners keep “meaningful” and detailed medical records, which have contextual meaning.

Sharing medical records with anyone without patient consent and due process is fraught with danger, no matter who you are. As you will see, it only takes one moment to make a decision with lasting consequences for the lives of your patients.

However, the greatest damage of all is a loss of trust and complete lack of confidence in the healthcare system and in you, their healthcare advisor. Regaining trust is a fallacy, lost trust is never gained back.

The sharing of medical records without patient consent has huge implications, especially if it stops people wanting to visit their doctor and share their most intimate details so that they get the right care at the right time.

1.0 You, the Patient – Some things to seriously consider:

1.1 Why does the Government urgently want this?

Improves Healthcare Services and Reduces Waste


Like all good well intended ideas, they are great but the devil is in the detail. How you engage people makes the difference.
The holy grail for a patient, the provider and the Government is a centralised medical records system that is timely, accurate and accessible to all of your healthcare providers at an instant. Ideally, this is the cornerstone of an efficient and effective healthcare system. It would save billions for you, the tax payer, by reducing waste and avoiding duplication and unnecessary services and processes. A centralised system would be more open and transparent.

This means that the system would be more accountable to everyone who uses it, including the patient. Ultimately, predictions are that this will dramatically improve your health outcomes.


Ideally, you could enjoy elimination of the need to repeat yourself next time you are at the doctor, whether it is your usual GP or a different doctor or healthcare professional.

In reality, this is unlikely. Why? People’s circumstances change daily, and the doctor and the practice will need to continue to revalidate this information, albeit to a lesser extent i.e. it would reduce the re-keying of basic data about you. The system would also save on duplication and errors. We note that there is merit in the concept. However, the reality is that records are only as good as the authors who keep them up to date. Building trust in the system will take a long time.

Over the last 11 years, the Government has spent 2 billion dollars on the My Health Record system, and it is yet to be nationally rolled out. Furthermore, healthcare costs Australians 160 billion dollars a year. It grows by 10 billion dollars a year. It is clear that our economy can not sustain such an annual increase in costs. There is enormous pressure on the Government to decrease healthcare spending, as well as improve the quality and access to care – or they may lose the next election on a very emotive election issue.

Ultimately, we need to have a sustainable healthcare system. This requires openness, transparency and accountability. This is a big undertaking.

The My Health Record project is seen as key tool to solving this problem.

1.2 “Trust Me” – If the White House Security cannot get it right, who and what systems can you trust?

“Trust me” glossy statements or advertising without accountability and responsibility can be bad for your health and wealth.

Besides being of benefit for lawyers, you cannot insure for a loss of reputation once trust is broken. At the end of the day, it is the Practice’s fault and you cannot blame anyone else, especially if you read the Government Disclaimer:

When you have one new and big system that many people do not understand, it is a baby elephant and a juicy target for hackers and identity thieves. As a very senior health bureaucrat once told us “Where there is confusion, there is always opportunity”. Medical records are a gold mine for hackers and blackmailers. No organisation is immune to rogue employees despite the fines and jail terms on offer, the payoffs may be perceived to be greater than the penalties.

There are multiple examples of Government staff who have had unauthorised access to people’s records and hackers who have successfully hacked the White House in the last year. There is no super safe system. Even our Tax Office, after many decades, has not got it right. Can we believe that after 5 years, the Health Department has?

It will take a lot more public consultation and education before we all hit the “trust me” button.


If the White House cannot get it right who can you trust? For more information about how serious this issue really is, see the following articles:


If the White House cannot get it right who can you trust? For more information about how serious this issue really is, see the following articles:

It is still early in the development process. We remain supportive of an electronic medical record health system, despite these highlighted challenges, that to our knowledge no country to date has fully overcome.

1.3 Ah Sorry: You need my permission (or get used to paying more to see a GP!)

This new Government policy for practices to meet “upload targets” is causing enormous financial pressure on doctors and practices to meet these targets. Recent national media announcements reveal these Government sanctioned upload targets.


1. GPs must upload PCEHR Summaries , Australian Doctor, 13th January 2016


2. New EPIP Rules ripe for Gaming ,Medical Observer, 15th January 2016


What we find most disturbing is a Government spokesman stating in the media


Source: New EPIP Rules ripe for Gaming Medical Observer 15th January 2016

With the above suggestion, as lay people, we are not sure how a Practice can ensure consent, as well as complying with the “meaningful uploads” quota. This would be in breach of the new Government grants (e-Pip ) rules and do more harm than good. It would be easy for the Government to ask practices to pay the money back via a Medicare Audit. It would probably be an automated process, which would be easy to dispute, open to interpretation and embarrassing to argue. There are no clear, generally accepted, professional body endorsed National Medical Health Research (NHMRC) reviewed guidelines on what constitutes meaningfulness in a medical record. Therefore, this is yet another subjective exercise. For our solution on how such a challenge could be overcome, see Doctors are set up to fail – The evidence so far.

Get used to paying more to see a GP!

Currently, there is a Government-sanctioned 4 year Medicare Freeze . This is also putting extreme financial pressure on doctors and Practices to upload your private medical records.


Can you imagine if you were not going to get a pay increase in 4 years while the cost of petrol and food keeps increasing? I can understand how my GP is feeling!

At your local GP, wage and other practice costs are going up far in excess of the Medicare rebate. Your GP cannot keep squeezing in more patients in a day to cover this shortfall whilst maintaining a high quality of care. Ultimately, such a strategy could result in your GP making a mistake on your health or burning out and quitting the profession. Ultimately, something will have to give, and solutions will need to be implemented to prevent these scenarios occurring.

One clear solution is that you will have to start paying more to see your doctor. You will have to make you health a priority and budget for it like you do for food, petrol, alcohol and cigarettes.



In the meantime, do not be surprised if your medical records have been uploaded by your doctor without them formally seeking your written consent. Many practices are not aware of the issues raised in this edition because the Government has told them it is law and it is OK to trust them. The majority of GPs and Practices are not naïve, but it is not clear what they should do next.


So bring this edition to their attention.


So bring this edition to their attention.


If you want to see if your information has been uploaded, check the Government’s My Health Record website for more information or ask your GP.


Consent is King

On the 22nd November 2015, the Federal Parliament passed a bill that allowed for automatic opting in of your medical records so the Government could have access to your records without requiring your consent:


To the contrary, we believe your written consent is king. At the very least, awareness of the scope of information that is being kept and how that information will be used should be communicated to you before such an action is undertaken. Remember, this program is new to the nation. There will be trials and errors, as they are inevitable. The Government accepts this.

How will your data be handled?

We believe that the Privacy and Security section at is mandatory reading for all patients, providers and Practices. If you are satisfied with the Privacy and Security statement on then you will be in the position to make a more informed decision on if you should opt in or out of the Government’s My Health program. We recommend you write or email your GP/Practice whether you opt in or out as a precautionary measure.


This should be a personal choice. You should feel free to choose without any undue coercion or bias.

Legally your Permission is not needed to provide your data to certain third parties

Source: Willy Wonka


In an “emergency” an authorised person can have “temporary access”. We are not sure what that means or involves.


As a side note, from the last time we read the Practice data contracts with the Government, there was nothing stopping your medical data being copyrighted, on sold or used in a manner that required your consent. There are many good reasons for doing this for research, teaching and quality assurance purposes. Some commentators have said the contracts read more like a terms and conditions of use by Facebook or Google, all care but no responsibility. Legal experts have claimed this can expose the practice to liability claims.

It is also important to be mindful your information can end up elsewhere for unknown reasons. So be careful about what information you allow to be entered on the website. This is the best and only way to protect yourself if you are unsure.

2.0 Doctor and the Practice – Some things to seriously consider

General Practice Liability and Viability

There are four key things that Practices need to consider:

1. Can you protect yourself from liability and Medicare audits
2. Loss of patient trust and respect
3. Loss of E-PIP: up to $50,000 pa
4. A simple solution is to let your patient decide: offer a $20 annual non-upload privacy fee?!


1. Can you protect yourself from liability and Medicare audits

The simple answer is no. If you are unsure, simply put in writing the issues that we have raised to your lawyer or malpractice insurance company and you will find that there will be many disclaimers and qualifications. This means there will be loopholes in any policies and or advice. This change is unprecedented. It will not pass the sleep well test. Our best advice is to protect your personal assets like the family home, the practice and investments. Hint: 9/10th of the law is possession. It is a legal system and not a justice system that is reliant on deep pockets. There are ways to legally protect your assets and the Practice assets. Contact your adviser or us and get it right.

Expect doctor’s insurance companies to sue their Practices for any breaches. This environment is set up for a blame game. So ensure your service and contractor agreements are up to date. Practices can purchase templates from us.

Please do not believe empty insurance policy promises. Everybody is going to try and sell you something. Read the fine print. Relying on verbal advice is a waste of time. If anything, encourage your children to become an electronic medical record lawyer or expert. Without clearer mandates and roles and responsibilities, this will become a boom industry.


Medicare Audits

.Remember, once the Government has access to any information, this provides them with evidence for a Medicare investigation. Medicare investigations can and usually occur when there is evidence. You automatically waive your right to self incrimination once you bill Medicare. Medicare cannot review your work from a clinical point of view. They can only look at the administrative component of the records. However, they can refer any concerns to the Australian Health Practitioner Regulation Agency (AHPRA). This agency can prosecute and/or de-register a practitioner without evidence. A poorly documented medical record can easily trigger such an outcome.

For more information, read our article Doctors are set up to fail – The evidence so far.

We have, over the last two and a half decades expressed concern about how intimidating a Medicare audit is and have questioned how they will data mine Practice databases. See this 10 minute video

We are happy to be challenged on any of these points. A simpler and better solution is forming a strategic view on how to handle this issue.

2. Loss of patient trust and respect

Despite the warm and fuzzy reassurances of professional associations, the Government and anyone else who is being paid to encourage a doctor or a Practice to use e-health, ultimately you are liable to your patient. None of these people have this responsibility and nor can this be avoided. There may a case for contributory negligence. The sobering reality is it is not fun getting sued. It hurts when somebody says you are not competent. You may then second guess yourself.


People suing a Practice extends beyond clinical mistakes. Administrative mistakes can also kill a person. A privacy breach may lead to a patient suicide.

Being sued destroys staff morale and clinical confidence. If it hits the media, patient numbers will decrease and your existing patients may start to second guess you. This is a horrible way to work as nobody sleeps well at night. Most importantly, it is next to impossible to win back the trust and respect of your patient. The patient will tell their friends and portray that you are unprofessional. It takes decades to build a great reputation. It takes seconds to destroy it. Can you afford to risk your reputation?

It is important to take each patient along with you for this journey and never assume they gave you permission. You cannot undo a breach of trust and it starts by asking them.

3. Loss of E-PIP up to $50,000 per annum

A GP Practice could lose up to $50,000 p.a. if it does not upload a set number of patient records to the new My Health Government patient electronic health record system.

If your practice does not comply, then you may be forced to charge larger patient gaps as practice overheads continue to increase and Government support for your Practice continues to decline.


From 1 May, General Practices will be required to upload a Shared Health Summary (SHS) to the My Health Record system for 0.5% of the practice’s standardised whole patient equivalent (SWPE) to be eligible for their payment. This contribution equates to about five shared health summaries per full-time equivalent GP per quarter.

The new payment structure based on SWPE will take effect from the May-July 2016 reference period for the August 2016 payment quarter.

This equates to about five shared health summaries per full-time equivalent GP per quarter, or for a practice with five full-time equivalent GPs, it would equate to 25 uploads per quarter at $500 per record.

This proposal is subject to further consultation with the general practice community.


The practice has to seriously consider charging a larger gap. We have been running successful trials of a membership-fee style system to counteract this fall in income. Practices with high service standards will see an increase in income and will experience little patient resistance.

For larger practices, the loss of the E-PIP component is not significant compared to the costs and risks associated with compliance. We are not convinced yet that the E-PIP is worth the risk and investment when easier alternatives exist.

3. A Simple Solution – Let your patient decide – offer a $20 annual non-upload privacy fee?!

Now for some good news! A possible solution. So far we have been receiving great feedback from practices



It is urgent that by May this year the practice agrees on a clear strategy as to whether they take the E-PIP or not. You could have your cake and eat it, too!


f patients chose to opt out, assuming the average GP has 1,100 patients, this would generate $20,000 p.a. Clearly, in a group practice of 5 full time doctors, this is greater than $50,000 p.a. You may find yourself better off than you think if you do the numbers and then you can continue to bulk bill disadvantaged patients. The key is about communicating this information to your patients on a timely basis.

So the solution is simple: let your patients decide. Empower them to make the decision about their medical records. The last thing a doctor or a Practice wants to be blamed for is the unintended consequences of a breach of privacy or trust with their patient. Putting this solution in place will help doctors dodge a legal and ethical dilemma and assist in providing affordable services.

Are you not better off offering patients a choice? After all is it not the patient’s decision? They will respect this.

The answer is to offer patients a choice. Ensure you have full, informed consent and ask them to make their election in writing. This activity takes staff time and more paperwork.


The practice could start offering patients the freedom of choice to opt out of the system. A fee could be charged to stay out of the system.


To compensate and protect practices, the practice could engage in a patient education program. They could be offered a choice to participate or not to participate. An annual fee could be charged to each patient who elected not to participate.

1. At the front desk or online, each patient should be asked in writing, using a standard form, if they wish to stay in the My Health program. They should be adequately informed of any risks and benefits of participation. Use your messages on hold, waiting room wall posters and staff prompting at the time of the appointment to ask this question. Direct them to your website as to the Practice’s policy; alternatively

2. Offer to charge each patient $20 p.a. plus GST not to upload their medical record.
Where to from here?

Where to from here?

1. More public consultation is required – encourage patients need to speak up!

Electronic health records are possible, but appropriate, broad consultation is required to overcome many of the issues described above. We note that political expediency due to budget and election-related pressures can undermine even the best intended project. Any great idea needs to be developed with caution, especially when it affects all of us.


What is done can not be undone. Encourage patients to speak up – send them this article and ask them to share it with their friends and politicians. There has been no public awareness campaign or debate on this issue. We need to start a grass roots dialogue.

Everybody must engage on this critical issue. It is not just for the doctor to solve. Patients must be at the front and centre of this engagement process. It is easy to underestimate those with less information than ourselves. Ultimately, patients will make an informed choice as long as they are empowered to choose by being provided with the information required to make that decision, in language that they understand.

2. Consent is King! – Patient written consent is necessary

Trust me, without accountability and responsibility, the process is not properly implemented. Do not accept any answer as a good answer from your doctor, your practice or your Government unless you trust and verify any concerns you may have in writing. The same applies to doctors and Practices contemplating using the system.


For Practices, this is not about the money but about losing your reputation, which you cannot get back. It only takes one bad incident to hit the national media. Follow the correct process. Just because it is law, this does not make it right not to ask your Patient’s permission;

3. Consider alternatives? Plan now!

Consult your staff on a practice strategy like adopting ideas like offer a small fee not to upload a patients record as suggested in this article. Please consult your adviser before acting on them. Implement as soon as possible. Note the Government is currently running trials and will seek further consultation. Keep up to date on this issue by following us on Linked In and the local media, or simply contact us if you have any concerns at


Is there a better way?


Consider using a snap chat virtual medical record. I will leave that to our budding entrepreneurs. 🙂

There are more opportunities than problems in improving our precious healthcare system.


We all need to continue to work together to develop these well-intentioned ideas for the benefit of a more sustainable and socially responsible healthcare system. Contact us for more information at

For more insights visit our blog.

About me: David Dahm BA (Acc.), CA., FCPA, CTA, FFin, CPM, FAAPM, FAIM, FGLF.

Chartered Accountant, Chartered Tax Adviser, Registered Tax Agent, Former AGPAL Surveyor 10 years of service

David Dahm is CEO and founder of the national medical and healthcare chartered accounting firm Health and Life and global Founder and CEO of the not for profit project the International Healthcare Standards and Ethics Board (

After a serious work related car accident in 1989, and nine operations later I continue to be a patient and provider advocate. I enter my third decade as a national Chartered Accountant for Medical and Healthcare practices in Australia. I am a former 10-year Australian General Practice Accreditation surveyor. I come from a medico family. I have served on the AAPM national Board and was the inaugural national Chair of the Certified Practice Manager CPM post nominal. I continue to provide accounting tax and practice management advice to many practices all over Australia.

You know who you are and I thank you for this real honour and privilege to serve you and your community through you. Note, I am not a lawyer please seek appropriate legal and accounting advice. This information is for general information and discussion only.

Recommended Posts

No comment yet, add your voice below!

Add a Comment

Your email address will not be published. Required fields are marked *