Tuesday, February 16, 2016

Here Is What Can Happen When You Allow Your Personal Information To Be Held On Government Databases.

This appeared last week:

Nurse allegedly assaulted after watchdog employee used database to find her

Exclusive: Breach at Australia’s health practitioner regulator reveals flaws in handling of personal data and ‘shakes confidence’ in medical complaints system
Medical professionals are raising concerns after a series of data breaches at the Australian Health Practitioner Regulation Agency. Photograph: Andres Rodriguez/Alamy
A nurse was allegedly assaulted by an employee of Australia’s health practitioner regulator, who used his credentials to access the agency’s database and track down her home address and phone number.
The security breach is one of several Guardian Australia has uncovered at the Australian Health Practitioner Regulation Agency (Ahpra), the body responsible for protecting the public by investigating complaints against healthcare practitioners.
The investigation has uncovered serious flaws that could be placing medical practitioners at risk of further assaults, fraud and unauthorised access to their personal data. The agency is set to face scrutiny from a Senate inquiry into medical complaints handling initiated by the independent senators Nick Xenophon and John Madigan.
Xenophon told Guardian Australia the allegations were “extraordinary” and called on Ahpra to provide a full explanation.
“This calls into question the very foundation of our medical complaint system in this country,” he said. “These allegations have shaken my confidence in Ahpra. If this has happened what else is going wrong that compromises our system of medical complaints? Ahpra has a very heavy obligation to make a full and prompt response to these most serious allegations.”
The Ahpra employee allegedly accessed the nurse’s personal records in September 2015 in order to track her down over a personal matter.
Ahpra, which regulates 14 health professions, including doctors and nurses, became aware of the alleged assault and the unauthorised access of its database only when the nurse lodged a complaint with the organisation. The nurse contacted New South Wales police following her assault, and the employee was suspended by Ahpra.
In a separate incident, an Ahpra employee who was also a midwife used her access to medical records to look up details of a complaint that had been made against her in July 2014. The complainant had separately launched civil proceedings against the woman in Victoria.
The Ahpra employee then used the information as evidence in her own civil court case. It is not known whether the incident was ever disclosed to the woman who made the complaint.
The incidents are just two of a number of serious data breaches that have occurred within the organisation, but have never before been disclosed.
Lots more here:
There is nothing to be said about all this other than to suggest that everyone thinks very carefully before making personal information available for storage in any (private or public) database unless you have no choice.
A pretty bad look.


Anonymous said...

A common risks for medical record security is the situation in which a patient is admitted to hospital, at which all clinicians have log in access to their electronic record, irrespective of whether they are involved in care or not. There are classic cases where relatives or others work at the hospital and log on to discover issues the patient would have preferred to be private, and the patient then suffers negative consequences. Can anyone clarify what happens when a patient is admitted to a hospital for the myhealhtrecord? Am I right in understanding that anyone working at the hospital can log in to it and look? If that is the case, then how do we avoid breaches like the ones I describe?

Anonymous said...

And if a security or privacy breech does occur the minister will not be able to play the 'Labour installed system' or the 'well there has been no breech in 4 years' cards, through changing to opt-out and press ganging citizens into the system the minister has changed the game and in effect reset the clock. Still rural regions are less close nit than cities and less likely to have patterns of relations wanting to peep. One wonders of late if Minister Lye is set to move to new portfolio, the enthusiasm once shinning seems to have waned of late, but she keeps my vote

Bernard Robertson-Dunn said...

re " Am I right in understanding that anyone working at the hospital can log in to it and look? If that is the case, then how do we avoid breaches like the ones I describe?"

Access controls work at the organisation level. So do audit logs. A patient will see that a hospital or medical practice or dentist has accessed their record. They will not know the individual.

This is one of the government's big lies. Their claim that "you can control who sees your record" is false.

But wait, there's more.

If the hospital downloads a patient's complete record, then even the useless logs will not show when their record has been accessed. Not only that, but the criminal and civil liabilities in the eHealth legislation will not apply because the data will not have been accessed through the mHR.

And the risk isn't just to person-in-the-street patients. Patients who are staff at the hospital would also be at risk of having their health records viewed/downloaded.

The only way I can think of managing the risk is to sign up for an mHR and emptying it out.

Terry Hannan said...

Thanks David. This posting reminds me of work done in informatics from the 1990s.
Also similar themes can be applied to "hacking". If you read the hacking stories closely nearly all cases have been by former employees within the organisation that was hacked.
“ By one estimate, 85 percent of all computer security problems involve employees
in the organization.” R.L.Simpson, 1996. Security threats are usually An inside job. Nursing management 27(December);43

"The major vulnerabilities are related to inappropriate use of patient-specific information by health workers who have access to those data as part of their regular work. Such risks are greater when data are stored in paper charts.” (The evolution of health-care records in the era of the Internet.EH Shortliffe. Semi-Plenary. MEDINFO Seoul, August 1998)

Anonymous said...

I have (and continue to have) discussions with vendors and potential vendors around access controls and audit log management. Their responses demonstrate a less than sophisticated understanding of the issues.
These days there are many, many algorithms using pattern analysis that could be used to automatically and proactively scan audit logs to signal things such as random browsing through electronic records. Not a single vendor indicates awareness of these, let alone demonstrating a working implementation.
Very disappointing.

And, BTW, isn't AHPRA one of the groups that wants unrestricted access to communications metadata?

Dr David More MB PhD FACHI said...

"And, BTW, isn't AHPRA one of the groups that wants unrestricted access to communications metadata?"



Anonymous said...

And a declining economy (the term 'recovery' is pure propaganda) with many financially stressed Organizations and public/private sector staff on $20-$30 something an hour locally (or even less abroad). I wonder when they will be desperate (or opportunistic) to sell off the collected data legally or otherwise? The corporates are already doing it overtly as part of their business plan, like Google, Facebook, etc. The privacy 'principles' are a joke, as is the commission. Consider the convergence of multiple sources of data together! Next time when one gets a rejected application or proposal, we are going to wonder increasingly why...