Tuesday, April 11, 2017

The MyHR Seems To Be Way Less Protected And Secure Than Anyone Knew – What A Mess.

This appeared this morning.

Optometrists and dentists will know if you’ve had an abortion or mental illness in health record bungle

Sue Dunlevy, National Health Reporter, News Corp Australia Network
April 10, 2017 10:00pm
THE private health records of Australians can be accessed by more than half a million people under the latest bungle with the $2.2 billion electronic My Health Record.
News Corp Australia has learned that the privacy settings on the government’s computerised My Health Record, which lists every medicine a patient takes and records every medical visit and procedure, are automatically set on “universal access”.
This means every registered health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient specifically requested to opt out.
Occupational therapists working for an employer, doctors working for insurance companies, a dietitian, an optometrist or a dentist or their staff can view the record and see if individuals have a sexually transmitted disease, a mental illness, have had an abortion or is using Viagra.
“Potentially your employer’s occupational therapist can look at your record and get information they really shouldn’t be getting access to, its confidential data,” says former AMA president Dr Mukesh Haikerwal who was a government consultant on the My Health Record.
The bungle came about because the record was originally set up as an opt in system and when people set up their record they were given the option to set a PIN number to protect the information and determine who got to see it.
Nearly four million people set up a My Health Record under the opt in system but doctors weren’t using it because four years after it was established 83 per cent of Australians still did not have one.
Last year the Turnbull Government trialled turning the failed record into an opt out system.
One million people in the Nepean Blue Mountains area of NSW and Northern Queensland were given a record unless they opted out.
News Corp has now learned only 147 of these one million Australians automatically given a record under the trial set up a PIN number to protect their health information.
“147 My Health Records created in the trials have access controls set to restrict which healthcare providers can see the record, or have controls restricting access to certain documents in the record,” the Department said.
“This equates to 0.0151 per cent of My Health Records automatically created in the trials. This is consistent with the rates of access controls set by those who have opted to register for a My Health Record,” a spokeswoman for the department said.
Vastly more here:
There is an editorial here:

Editorial: Prognosis bad in medical record bungle

April 11, 2017 12:30am
Editorial
THE privacy scandal unfolding in the troubled My Health Record electronic medical records system is ample proof why citizens should be vigilant and maintain a healthy scepticism about governments and Big Brother bureaucracies.
As revealed in today’s The Advertiser, your medical records may be an open book to 650,000 registered medical practitioners.
Had a mental illness? Your dentist can view details. A sexually transmitted disease? A bored pharmacist interstate might be curious. At risk of a hereditary disease? Your potential employer or insurance company might be very keen to know, via their in-house medical staff.
Workers in large corporations may never look at their in-house nurse in quite the same way again, knowing he/she may have checked on a medical history which has nothing to do with work performance.
This cavalier approach to sensitive and intensely private information, where people have to “opt out” to safeguard their privacy, is a disgrace. Here in South Australia we have been through the aftermath of the shocking death of then-Crows coach Phil Walsh, when sticky beak clinicians pried into the medical records of his mentally-troubled son, Cy.
The result of that snooping was a stern warning that any SA Health staff making deliberate, unauthorised access of medical records would be sacked – seven have been terminated in the past year as some continued to pry.
Yet we have a national system where any registered medical practitioner can browse records on the My Health Record database.
We live in an era of mega metadata, where everyone from social media giants to intelligence services want all your information, for sales and surveillance.
Medical information must not be part of this exponential invasion of privacy.
The Federal Government must act to ensure a patient’s medical information can only be accessed by clinicians who need specific information for their patient’s treatment.
Here is the link:
My take is that this reveals the myHR to be an utterly insecure unused failure.
What to others think?
David.

14 comments:

Anonymous said...

This is not to be taken lightly, I will be very interested in the response from the Minister, last thing we need is yet another debacle. The government could do so much good, why do they keep failing us?

Bernard Robertson-Dunn said...

This claim " "People have full control over what information is on their record and who can access it," a spokeswoman for the Department of Health said."

I wonder if this spokeswoman actually knows she is lying?

A GP can upload a Shared Health Summary without a patient's knowledge or approval. Not only that, but a SHS cannot have access controls associated with it.

This is what the government's website says

Buried in the Privacy Statement,
https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/privacy-statement
under

I have or am getting a MyHR or am a representative:

Access Controls

The My Health Record system allows you to:

* limit access to documents within your My Health Record (except for the Shared Health Summary, Personal Health Summary or advance care planning information);

and on "Frequently Asked Questions for Healthcare Providers"

https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/healthcare-providers-faqs?OpenDocument&cat=Using%20My%20Health%20Record

under

How is a SHS created?

The document is a good idea for the healthcare provider to have a conversation with the patient about the type of information the provider will include in the SHS. There is no explicit requirement for the patient to review the SHS before it is uploaded to their My Health Record.

Yes, it actually says "The document is a good idea for the healthcare provider..."

john scott said...

The development and discussion surrounding the MyHR in its various manifestations brings back very vivid memories of a well respected doctor stating, in regard to the original Health Communications Network initiative, that:

"we will be holding hands, singing psalms, and walking into the gas chamber, if this gets up".

It was certainly attention grabbing.

What is clear now is that the respected doctor was simply ahead of his time.
I recon he was more prescient that we have been.


Anonymous said...

From the start, it had security and privacy issues, that was one of the reasons why no one would use it. It was deliberately designed (technically) to be opt-in. You can't flick a switch and make it opt out without a complete redesign and obviously that didn't happen given the observations made about Universal Access. Mistake number 1.

DoH have been trotting out the line about "People have full control over what information is on their record and who can access it" from the beginning as well, still singing off the same songsheet despite the fact that the choir's gone home. It was never really true and Bernard is correct, she is lying.

There should be no exceptions to what documents you can control access for if it is YOUR health record. Particularly something like an ACD. My optometrist and staff don't need to see that and it shouldn't have open access or whatever, I should be able to lock it down how I want.

I do wish they would stop flogging a dead horse. Morrison could have so much money to spend on fixing all their other problems!

Anonymous said...

We appear to have "Hopeless Fatigue". In the past such bungling would have caused outrage, but it seems people just expect it. When you ring Telstra for a phone fault you expect poor service, The pink bats stuff up hardly raised outrage, even though people died and solid companies were put out of Business. The census fail has faded into obscurity and the waste of $2 Billion on Healthconnect/NEHTA/ADHA doesn't appear to be an issue. As a society is there a light at the end of the tunnel, or is it an oncoming train?

Anonymous said...

What is the point if no one can see the record? Is the whole point that the government allows its people to have the best healthcare possible? You people want your priorities sorted out.

Anonymous said...

Well said Mukesh and thank you for providing an honest perspective. It is refreshing to hear form Ann advocate of technology as a healthcare tool, who uses technology and sees the reality from many different perspective and personal experiences, from the drawing board to the coal face. Can anyone at the department or ADOHA say the same?

They may have shackled most but not everyone who has our interest at heart.

john scott said...

At the core of the personal information challenge are two issues.

First is the choice of lens through which we consider this challenge. Right now, we look at the issue through an IT paradigm of Access Control. This might work well for financial and other non-personal information transactions. It certainly does not work with at times highly sensitive personal health information.

We need to use the lens of human communications because only this provides a foundation for the trust-related challenges we face.

Second, we do not have a Trust Architecture. Healthcare operates within a well established culture of Duty of Care. How we evolve this Duty of Care culture in a digital environment is critical to obtaining the gains possible from embracing digital pathways.

Fundamentally, there is no Trust envelope surrounding sensitive personal health information, such as the MyHR. Absent a Trust Architecture with real comportment safeguards we are left with this unintelligible mess.

The really frustrating aspect is the we already know the nature of the challenges and have deployed a variety of strategies quite successfully over the years. So, we don't lack knowledge.

What we lack is an Independent and Trusted mechanism to work through the normative issues starting from the virtue of a clinician having the right information, at the right time and in the right place to enable he or she to delivery the appropriate care.

All of the other interested parties are on-lookers of one sort or another. They need to be catered for within the Trust architecture; something that will require very considered decision-making.

Throwaway lines like 'the individual has complete control over access' assist neither the person nor the health system. It is time to turn back the clock and begin a proper and serious discussion about sharing personal health information and what a Trust Architecture would look like if it was operating the way we want it to.

Garry said...

Why is it so difficult? The Medicare card held by every patient could be used to access the MyHR, which means only the treating clinician in the presence of the patient has access on a temporary basis.
It's not hard.

Anonymous said...

Garry said "It's not that hard". Oh you make it all sound so easy. Yet, such a simplistic view of a hugely complex and wicked problem (which has remained unsolved and eluded experts from around the globe for decades) is the reason why over $1.5 billion has been expended in Australia with nothing to show for it. It's not about the Medicare card, nor about access to the MyHR Garry. It's about having a useful, functional, trusted system for recording relevant, timely, accurate clinical information available for health providers to share when caring for, treating and managing their patients health.

Bernard Robertson-Dunn said...

It is hard. The Medicare card is very unreliable. The Human Services Access Card that the government unsuccessfully tried to introduce in 2006/7 was designed to replace the Medicare Card for exactly that reason. It wasn't replaced and still has many problems.

BTW, in researching the Access Card I came across this link back to David's blog on February 25 2007
https://aushealthit.blogspot.com.au/2007/02/

It's worth browsing just to put the current mess into perspective. eg:

"Health Minister Tony Abbott has put federal health IT bureaucrats on notice saying he expects tangible results within a year, specifically functioning electronic health records and accompanying smartcard system - or heads would start to roll.

"I am sick of trials and studies and working groups," Abbott said.

"I want patients to see a difference in 12 months. If patients do not see a difference, we will have failed," Abbot said, adding he was not prepared to be "held hostage" by a never-ending chase for the latest and greatest IT solutions."

Looking at what ADHA keeps saying about getting the fundamentals right it looks to me as though the progress we have made is hardly distinguishable from zero. And it's cost $2b and a huge loss of opportunity.


Garry said...

Well said. Back to the future, perhaps? As an identifying tool with security, the medicare card might work if it was improved. Understanding the problem is the issue..... yesterday the article; "My Health Record: the resuscitation of e-health, or a data placebo?" contained the following...
"PCEHR failed to make a significant impact on digital health due to poor uptake by both consumers and the medical professions."
Really?



Dr Ian Colclough said...

Dr Ian Colclough said...

@ Garry 11.02 AM April 12,2017 "Really" is a huge understatement, the truth of the matter is - The failure to make a significant impact on digital health is predominantly due to a lack of functionality in very many areas, thus rendering it unacceptable to both consumers and the medical professions, thereby leading to poor uptake.

Garry has illuminated what has been a long standing common practice which many consultants, spin merchants, bureaucrats, politicians and others employ to distort the truth when attempting to promote a failed case.

In troubled political environments (like Digital Health) such untruths rapidly take on a life of their own and the more they are repeated the more they are believed.

Consider the Sept 2014 Deloitte Report with the ‘impressively’ convoluted title – “Report to the Commonwealth Department of Health on the public consultation into the implementation of the recommendations of the Review of the Personally Controlled Electronic Health Record”.

Quote –
1. The PCEHR provides a platform for the secure sharing of key health information across the continuum of care. [True or False?]

2. With the implementation of a national electronic health record, Australia has become one of the few countries in the world to achieve a nationally interoperable eHealth capability of this scale. [True or False?]

Correcting these statements to more accurately reflect the situation as at Sept 2014 (and indeed today 3 years later) involves inserting a few more words to read -

1. It is anticipated the PCEHR will provide a platform for ……

2. Following successful implementation of the ………..... Australia will become one of the few countries in the world to achieve ......
April 13, 2017 1:41 PM

Dr Ian Colclough said...

The significance of my previous comment [2:51 PM] is exquisitely exemplified by Barnett, Greenes and Grossman:

“Readers of any discussion of the application of computers to patient care need to be aware of certain grammatical aberrations that tend to occur in such papers. For example, projects frequently are described in great detail except for a striking lack of differentiation of verb tense. In particular, the distinction in meaning between the present and future tense is most often obscured. Because of this confusion, it is often difficult, if not impossible, to separate what the author believes to exist from what he visualizes as a potential for the future.

Another manifestation, which is especially confusing, involves the use of the verb – ‘can’. In presentations involving computers, the reader is usually not given adequate information to know when to modify the statements appropriately with ‘if’ and ‘when’ qualifiers. One must therefore be particularly suspicious of any statement that begins with the phrase: ‘the computer can ….’.”

Barnett, G.O., Greenes, R.A., Grossman, J.H. Methods of Info. In Med., Oct. 1969, 8:177-182