THE health records of every single Australian, including the Prime Minister, will be vulnerable to a hacking attack from next year, an IT expert has warned.

The private health information of every Australian will be put into a centralised data base when the government automatically creates a digital My Health Record for everyone in 2018 unless they opt out.

The record will reveal whether people have had an abortion, a sexually transmitted disease, a mental illness and other potentially sensitive health information.

Paul Power, who heads Power Associates, a company that has been doing IT consultant work for medical practices for 17 years, says the system is extremely vulnerable to hacking because it centralises information and has so many access points in hospitals and doctors’ surgeries.

“A centralised eHealth database accessible over the internet to over 100,000 legitimate access points, each of which has access to the entire database, is fundamentally indefensible,” Mr Power says about the My Health Record.

Concerns about the vulnerability of health records comes just weeks after Britain’s National Health Service was bought to its knees by the Wannacry ransomware virus.

Mr Power is urging the government to follow Germany and put My Health record on a memory chip in a patient’s Medicare card.

Under this system only one person at a time could be hacked and every time a health practitioner uses the card it would bring the record up to date and keep a copy.

Mr Power fears our centralised system could allow hostile governments to access sensitive health information on key businessmen, military chiefs or politicians in an effort to compromise them.

And he’s written to Health Minister Greg Hunt multiple times to warn him of the danger.

The Department of Health last year released 30 years’ worth of Medicare data to researchers in such a sloppy way it was possible to decode and identify the names of doctors and possibly patients.

It took computing researchers at Melbourne University just three days to reveal the six digit number that identified the doctors linked to the records.

A recent audit report of Telstra Health’s management of the national cancer screening register found its privacy plan had been rejected by the Department of Health last year, privacy settings are still being developed.

Mr Power says it’s likely hackers have already downloaded information linking Medicare numbers to names.

All a hacker would need to access the My Health record system is a NASH certificate, and a PKI certificate.

A NASH and/or PKI certificate is a digital certificate that authenticates an individual provider or organisation whenever they access the My Health Record system.

Thousands of these have been sent to medical practices around the country, some have already been “lost”, Mr Power has warned.

The system is vulnerable because it allows doctors to access a person’s My Health Record without their permission in an emergency.

The government can also access your Mr Health Record for protecting the purse or for use in court.

Hackers could use these pathways to write a software program that mimicked access to the My Health Record, Power says.

The Australian Digital Health Agency responsible for the My Health record “firmly rejects claims that My Health Record has security issues”.

To access a record someone must have must have the name, date of birth and Medicare number of the individual to conduct an Individual Healthcare Identifier (IHI) search, the agency says.

Additionally, they must have My Health Record conformant software which they must be credentialed to log in to, and be uniquely authenticated to an individual provider organisation, the agency says.

Mr Power says this software is distributed to all accredited medical software providers, with instructions on how to integrate it into their products so it’s not secure.

Individual users also have the ability to control access to their health record, and are provided with a log of all instances where their record has been accessed, the agency says.

News Corp has previously reported that fewer than one per cent of the one million Australians who got a My Health Record as part of a trial set up a PIN number to protect their information.