As Oracle and Palantir weave their systems into Australias digital health network, the promise of de-identified data begins to look more like a dangerous illusion of privacy, writesJemma Nott.

FOR SOME TIME NOW,Oracle Healthhas been expanding not just through the American health system but across Australian state medical systems.

In 2018,Queensland Health, for example, began a tender process for a Patient Administration System, which Cerner PAS (now Oracle Health)successfully won. The tender process proceeded despite allegations at the time that the Chief Information Officer of Queensland had aninappropriate relationshipwith someone in the procurement process. Oracle now supplies the integrated electronic messaging system to all Queensland hospitals, which in 2023 led to a crash of all patient records systems.

At the national level, the Australian Digital Health Agency (ADHA) manages theMy Health Recordsystem, which aggregates information from hospitals, GPs, pharmacies and pathology providers. Through itsinteroperability architecture, Oracle Health effectively enables the secure exchange of clinical data between Queenslands public-hospital network and the national digital health system.

In other words, they facilitate transferring information about treatments and care received in a hospital, and then what is stored for your personal use later on. However,Larry Ellison, the chairman of Oracle and holder of the worlds second-largest fortune, has much grander ambitions for the use of healthcare data on the international stage.

As funding cuts take hold, the NDIS is drifting further from its founding promise, leaving those with the greatest needs at the greatest risk.

When Oracle founder Larry Ellison announced that his company would build aunified national health databasewhere all American citizens health records [are] anonymised, secured and analysed in real time, it sounded like a leap toward medical progress. But beneath the optimism lies a technical and ethical fault line: the health data systems being rolled out by Oracle and other vendors do not truly anonymise information they pseudonymise it.

Running alongside Oracles push isPeter ThielsPalantir Technologies, which built the U.S. Department of HealthsHHS Protectsystem, the NIHs National COVID Cohort Collaborative (N3C), and the UKNHS Federated Data Platform. Each usesde-identifieddata, but not in the irreversible sense.

In large-scale health analytics, de-identified rarely means anonymous.

To make data useful for longitudinal studies, direct identifiers such as names orMedicarenumbers are stripped out, but replaced withencrypted tokensor keys so that records from the same patient can be re-linked across systems. That process pseudonymisation preserves analytic value but keeps re-identification technically possible.

A concrete, documented example is the U.S. National Institutes of Healths NationalCOVID Cohort Collaborative(N3C), built with privacy-preserving record linkage (PPRL). Each institution generates hashed tokens; a trusted broker matches them to create a single patient identifier. The data are de-identified for most users but deliberately linkable for authorised analysts.

Research repeatedly shows that supposedly anonymous health records can be traced back to individuals when combined with other information.

AUniversity of Melbourne study, for example, demonstrated that people in Australias de-identified Medicare Benefits Scheme (MBS) and Pharmaceutical Benefits Scheme (PBS) datasets could be re-identified using basic demographics and service dates.

Under thePrivacy Act, this pseudonymised data may still be considered personal information if re-identification is reasonably possible.

COVIDexposed howlaws around medicinecan prioritise profit over patients isit time to rethink access to medicine as a human right?

Since 2012, My Health Record has been operated by Accenture, but in June 2025, the Australian Digital Health Agencyopened a new requestfor tender to consolidate MHR support and the information gateway. Accenturewon an extensionon the contract for now, but the Government was clearly signalling for whoever took this tender to oversee some big changes in how My Health Record is hosted and used.

The ADHAs2018 Framework for the Secondary Use of MHRdata permits de-identified data to be used for research and system improvement but seemingly assumes effective, irreversible anonymisation. While they havent built the governance framework for secondary data from MHR to be shared yet, as international vendors push pseudonymised, cloud-based analytics models, that assumption no longer holds.

Under the secondary data use framework, the Government settled onan opt-outapproach for the release of de-identified health data from My Health Record for research and public health purposes. However, as of February 2020, only63,504 Australiansor 0.28 per cent with a My Health Record had opted not to share de-identified data, suggesting most individuals are in the dark about the controls.

Telstra Health, whichwon a contractto modernise and transform the My Health Record system, has a stated vision of moving to enable seamless, secure data exchange and real-time insights across Australias healthcare system.

Similarly,Deloitte, which won the contract tohost the API gatewayof My Health Record, while not as publicly bold in its statements, share the same technical vision as Ellison. It markets HealthTech Interoperability Platforms andConnected Health Analytics.

There are several examples where this de-identified data is already in practical use in Australia, such as theNational Health Data Hub. TheNHDHbrings together de-identified health and welfare datasets as hospital admissions, emergency departments, outpatient services, pharmacies and aged care, for research and policy tasks.

Another example is theCardiacAI data repositoryin NSW, which uses de-identified data from two local health districts for cardiovascular research. Every single time My Health Record is put back up to tender, the question continuously arises: What is the long-term plan for this data?

As global players like Oracle and Palantir attempt to redefine how governments interact with their health systems, the Australian Government has put into place all of the necessary steps for My Health Record to become a source of continuously mined data that we are told is for early prediction, but that can easily funnel through discrimination, research bias or even denial of insurance claims.

If the Government allows pseudonymised health data to flow through global clouds, which the U.S. Government can potentially compel under theU.S. Cloud Act, Australia risks losing sovereignty over its populations medical information. The policy question is not just about privacy, but who ultimately profits from predictive health data public systems or private platforms.

Jemma Nottis a Political Economy post-graduate student at the University of Sydney and a freelance writer.