Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, September 06, 2017

And You Think You Can Trust The Government With Your Private Health Data?

This appeared last week.

Alan Tudge urged to act following Department of Human Services fraud allegations

Steven Trask
Published: August 31 2017 - 2:45PM
The need for a Senate inquiry into bungled government IT projects has been vindicated following allegations of fraud at the Department of Human Services, the Labor party says.
On Thursday Fairfax Media revealed that as many as 50 IT subcontractors were under investigation in a fraud probe at the government's largest department.
The allegations related to fake invoicing practices and the use of false CVs and qualification records to secure government contracts.
Linda Burney, Labor's human services spokeswoman, and Ed Husic, their digital economy spokesman, said Human Services Minister Alan Tudge must front up.
"The minister that brought us the robo-debt debacle has questions to answer about reports of massive tech contractor fraud that occurred right under his watch," they said in a joint statement.
"It also highlights that Labor was right to push for a Senate inquiry into the management of digital transformation projects under the Turnbull government's watch."
The fraud allegations were proof the government had "lost a grip on managing its ICT projects," they said.
At least one DHS employee is also under suspicion and the department has called in the Australian Federal Police to help with the investigation.
More here:
Related we have this:

My Health patient data will be safe despite Medicare breach, GPs say

RACGP has told a Senate inquiry layers of security will help prevent breaches such as the theft of Medicare numbers that were sold on the darknet. 

Melissa Davey 

Sunday 3 September 2017

The breach of Medicare data that resulted in patient card numbers being sold on the darknet should not have any significant implications for the government rollout of My Health Record, says the peak body for general practitioners.

My Health Record will involve patient’s health information being uploaded to an online database.

In its submission to the Senate inquiry into the Medicare data breach, the Royal Australian College of General Practitioners (RACGP) said a Medicare card number alone would not allow access to a patient’s My Health Record.

“The authentication process for both the consumer and provider portals of the My Health Record are complex and have many layers of security,” the college said. “Individuals can elect to opt out or can set strict privacy controls, enabling full control over third-party access to personal information. A clear and targeted consumer communication strategy will be important during the implementation of the opt-out My Health Record System to allay any fears of identity theft and connection with this recent data breach.”

My Health Record will be in place for every Australian by 2018, and people will have to opt out if they don’t want their information uploaded and shared between doctors, hospitals and other health practitioners.

Lots more here:

https://www.theguardian.com/australia-news/2017/sep/03/my-health-patient-data-will-be-safe-despite-medicare-breach-gps-say

So the Department of Human Services has 50+ contractors under investigation and the RACGP are suddenly experts on IT security of large systems.

Believe that if you will. For me I would keep well away of the myHR.

Your call.

David.

13 comments:

Bernard Robertson-Dunn said...

"or can set strict privacy controls, enabling full control over third-party access to personal information."

So why does the myhealthrecord.gov.au website say:

"My Health Record allows you to limit access to documents within your My Health Record (except for the Shared Health Summary, Personal Health Summary or advance care planning information)"

Anonymous said...

so, is RACGP lying or just plain ignorant? Not a good look for such a so called professional body.

Bernard Robertson-Dunn said...

Re the guardian article, it's worth reading the 116 comments to get an idea what the broader (at least the Guardian's broader) readership thinks of all this. To say they are unimpressed is a bit of an understatement.

Anonymous said...

Reading the comments in the Guardian piece makes me wonder what will happen when the opt-out advertising program begins. If there is this much angst and distrust, it may not be smooth sailing at all. If the RACGP generates such push back when they support myEHR now, who will the authority figure be who sells the public the notion that staying in is a good idea?

Anonymous said...

You can tell it's all derived from the same briefing paper, it is on one hand a little insulting to the general public and on the other hand not exactly the truth. Not sure what planet they live on but it is not exactly the foundation on which to build trust. Even The ADHA CEO comes across like he is daring hackers to have a go at Fort Knox.

As for the article, I would say they are not alone, be good to open up the ADHA books, what has been spent on what, how was procurement run, how much was undertaken without agreements in place, how much was contracted and delivered nothing of value.

Who is receiving a lions share and why?

Anonymous said...

Thanks for pointing out the comments in the Gardian article, makes you wonder if the ADHA surveys where doctored or they simply outed to talk to those saying what they want to hear.

It is interesting none of them have picked up the bloke leading the MyHR happily attempted to release the UK personal health information to anyone who wanted it without regard to convent. If they new that I am sure the switchboard would light up like a Christmas tree.

Out of interest is this true -

If you have concerns about this stuff... don't forget to ask your GP if they have simply 'opted you in' through THEIR choices.
I discovered the other day that mine had... no asking me if I wanted to be.
I asked to be removed - lots of resistance met.

Anonymous said...

8:37 PM, interesting, could it be this opt out is simply a guise because they knew that clinical systems would send everything regardless of consent? Maybe not but this is an alerting issue.

Anonymous said...

The comment in the Guardian article about having an account created by their GPP them without knowing might be from someone at the trial opt-out sites perhaps? If so, it would demonstrate the that people were not actually well informed that they should opt out or otherwise an account will be created. Needs some clarification for sure.

Anonymous said...

Might be an opertunity for the ADHA's current CEO to demonstrate his willingness to engage the public, perhaps the ADHA through the Guardian could sponsor some open discussions, when I say open I mean free of charge, open to everyone and should be advertised leading up to the event.

There is obviously a lot of questions to be answered and trust to be brokered, as others have pointed out the current CEO track record in this made for an interesting choice.

Anonymous said...

Why would the government do anything to make life harder for themselves? They want to keep things as quiet as possible, they don't want people asking awkward questions, they don't want people to realise that there is no good reason why the government should keep a copy of your health data in a gigantic bit bucket in the sky.

They are treating health data just like they did metadata. Make it seem a reasonable thing to do, but in fact it's just a surveillance tool in disguise. Why else would they tell lies about access control, audit logs, and the supposed benefits of the thing that nobody uses?

Anonymous said...

Why would the government do anything to make life harder for themselves? They want to keep things as quiet as possible, they don't want people asking awkward questions

Fair assessment, it does present the question - does the current ADHA CEO present a risk to this? The drive to have open dialogue and transparency may no longer have the value it did?

Anonymous said...

The Government is covering up a lot, just look at the current operating costs for the Accenture/Oracle DB, $78 million just for the licenses for Oracle last year, going Optiut will be $ 400 million per year. The ADHA and DoH can disprove me if they like but they know this is the truth, so much so it's causing panic.

Anonymous said...

The Government might be quiet simply because there is little to talk about. The MyHR concept is not that an interesting subject, it is certainly being out done by efforts at a local and regional level, which people are more inclined to be interested. What does the ADHA do or plan to do that is not already satisfied by other entities?