Wednesday, December 02, 2015

The Privacy Foundation Is Not Happy With The Health Department. It Goes From Bad To Worse.

ANAO and Human Rights Committee highly critical of Health Department performance.  APF agrees.

1 December was quite a day for the Federal Department of Health. A day it would probably want to forget.
It saw the release of the Australian National Audit Office's (ANAO) audit report on the Department of Health's use of its Records Management System. It doesn't paint a pretty picture of the department's ability to manage its own information, let alone that of all Australians.
"The Department of Health has failed even the most basic test of information management. It is putting the personal information of Australians at risk " said Dr Bernard Robertson-Dunn, member of the Australian Privacy Foundation Board.
On the same day, the Parliamentary Joint Committee on Human Rights (PJCHR) released its report on the eHealth Legislation, which covered the Health minister's response to its concerns about privacy aspects of the opt-out approach to registering for the My Health Record. This was not available before the Senate passed the legislation, some may say in haste. Many in the committee are not happy with the legislation or of the minister's response.
The PJCHR wonders where the evidence is for the claimed benefits from the My Health Record and by implication just how the approach adopted can be justified. Some members of the PJCHR are even recommending amendments even after the eHealth legislation was passed.
"Why the haste and why is the department pushing so hard to spend money on an unproven approach to harvesting and managing Australians' health data?" asks Dr Roberson-Dunn.
The APF strongly suggests that the new Minister and Secretary ask the question: Do we have a cultural problem? On the same day it gets two highly critical reports on the department's behaviour. This is not a coincidence.
The department lost a lot of skilled people and corporate knowledge when it outsourced its IT in December 1999. The problems identified by the ANAO make plain that the Department has been too reliant on external resources who are not focused on the nature and sensitivity of the data that is being managed and has not developed the internal skills or culture to properly manage its own information, let alone the health data on all Australians. The PJCHR report makes it clear that the problems are not restricted to internal information management.
Concerns about the the records management system and the My Health Record system must be addressed as a matter of urgency. A completely fresh look at the way the department approaches its responsibilities and appropriate changes in staff and processes is a necessary first step.
If the concerns regarding the My Health Record system cannot be addressed, and there are some who say it is beyond redemption, then it should be either abandoned or left as opt-in for those few who see value in using it.
Something's not quite right. It's manifesting itself as a lack of trust in the department and a major risk to the privacy of all Australians. Their claim to be trustworthy custodians of intimate health information in the PCEHR looks less and less credible. For a government skeptical of Big Government, the push for this struggling bureaucracy to take control of private medical records from clinicians and patients is surprising and has never been properly justified.
Media Contact
Dr Bernard Robertson-Dunn
Australian Privacy Foundation
Chair Health Committee
Mobile 0411 157 113
Further comments
The ANAO report is an indictment on the Department's operations and its negligent approach to data management.
The audit report states:
"Health's information management strategy and governance arrangements.
8. Health does not currently have an overarching information management framework and has not articulated how its information as a whole is managed.
Similarly, Health is yet to develop an information management strategy which describes the department's current records management environment, its short, medium and long term goals, and outlines the basis for planning to meet organisational records management targets, such as the goals for paper-based records reduction."
What is even more concerning is that the ANAO's comments about an internal system echo those made by many experts about the My Health Record system. The My Health Record system has no short, medium or long term strategy, no goals or metrics relating to health outcomes and no coherent national EHR privacy or security framework which Australians could comprehend or trust.
In our, expert, opinion both systems are disasters waiting to happen. Unfortunately, in the past the department has not been inclined to listen to experts.
Turning to the PJCHR report, here's a quote:
"2.87 However, even assuming that the opt-out model would result in increased use of the My Health Record system by healthcare professionals, and thus reduce healthcare costs, the committee remains concerned that the means to achieve this increased usage may not be proportionate to the objective sought to be achieved.
In particular, no information is provided by the minister as to why the current opt-in model has not succeeded, and whether there are other methods available to ensure more people voluntarily decide to include their health records on the My Health Record system. This is relevant to the question of whether there are other less rights restrictive ways to achieve the same aim."
In other words, the minister is saying "trust us we know what we are doing". This may come as a surprise to the minister but the level of trust in the department, and in NEHTA in the past, is low and getting lower.
ANAO Audit Report on Records Management in the Federal Department of Health
PJCHR Report

No comments: