Wednesday, April 20, 2016

I Suspect That The Department Is Getting Worried About The Public Level Of Trust In The myHR.

This popped up a few days ago:

Setting the record straight!

Published 12 April 2016
There are a number of positive and negative assertions circulating the media, so each month we will be ‘setting the record straight’ and highlighting which My Health Record rumours are facts and which are not, so you can be confident when dealing with your customers. This month we set the record straight on privacy.
Here are some of the misrepresentations, along with the actual facts:
Assertion: Individuals cannot control who sees their My Health Record
Not true. Individuals can ask their healthcare provider not to upload certain information to their My Health Record and can also choose to be notified when their My Health Record is accessed. They can also set controls to restrict access to certain information in their My Health Record or to prevent certain healthcare provider organisations from seeing anything in their My Health Record. For example, individuals may want to restrict access or ask a provider not to upload their sensitive health information, such as sexual or mental health issues accessible by all healthcare providers.
Assertion: Government agencies will be able to access people’s personal data
There are very limited circumstances where anyone, including the Government, may access someone’s My Health Record. Those circumstances are narrower than under existing laws like the Privacy Act 1988, so My Health Record actually provides more protection of sensitive health information than exists for health records outside of the system. Limited circumstances include:
  • For the purpose of providing healthcare to an individual, including in an emergency;
  • For law enforcement purposes – in line with current powers under the Privacy Act, enforcement bodies may access information for particular investigations;
  • For the purpose of a healthcare provider’s indemnity cover – for example as part of a provider’s defence (or that of their medical indemnity insurer, acting on their behalf) in proceedings of negligence. This reflects longstanding rights of providers to use health information in records they hold in their own systems as part of proceedings.
Assertion: Personal information won’t be safe - the My Health Record system is a gold mine for hackers and blackmailers
The privacy of people’s personal information is taken extremely seriously. A range of legislative and technical mechanisms work together to ensure the privacy and security of people’s information in the My Health Record system.
My Health Record uses bank-strength security including strong encryption and firewalls, secure logins and audit trails. It meets Australian Government Security Standards and is regularly tested for security compliance and vulnerability. These standards are regularly updated to address emerging cyber-threats. The staff who operate and maintain the My Health Record system are vetted and undergo police checks, consistent with government standards.
Further, the unauthorised collection, use or disclosure of information in the My Health Record system, is subject to both civil and criminal penalties where an action is deliberate or reckless. These penalties do not apply where a mistake has been made – for example, if a healthcare provider inadvertently or accidently accesses an individual’s My Health Record. The penalty for not complying with the My Health Records Rules is $18,000 for individuals and $90,000 for bodies corporate.
Further information about the My Health Record system’s privacy and security policies can be found on the My Health Record website
Here is the link:
All good? Well no actually.
On the first Assertion we need to remember that myHR cannot know which staff member is using the Practice Credentials to access the myHR. With that being the case the patient essentially has no control to who locally will have access and who might make changes and so on.
Equally the patient has to be very well informed to know just what might be deduced from what is uploaded in a health summary. For example, having a history of use of all sorts of types of legal drugs can provide rich information the patient may not understand they are making available.

For Assertion 2 the Government makes it clear all sorts of people in Government may be able to access the myHR records.  It will be interesting to see when we get richer details of just what Government ins doing with the data - as there is just no way the clinical benefits of the current myHR are remotely worth the billions being spent.
Equally Assertion 3 is just begging us to all wait for the first data breach. Sadly it is inevitable and it is just a matter of time - especially if the use of the system expands.
For anyone who wants to understand the full details and risks associated with the myHR can I recommend the following detailed information. It has been carefully researched and provides detailed references for all the points made.


Bernard Robertson-Dunn said...

Here's heartwarming story about Ray & Lorraine and the warm and fuzzy feelings they have about their MyHRs.

Looking at the cold hard economics gives a different story:

If in each of the next ten years, 10% of Australians travel the way Ray and Lorraine do and 10% of that number have the same sort of health problems (any worse and they probably wouldn't risk travelling) and 10% of that number have a need to see a doctor when they are away, that's 1 in 1000 per year or 10,000 total.

If the cost of the MyHR is $2 billion spent by Federal government (by the time they've burned through the latest $485 million), and the rest of the Australian health industry has spent $500 million attaching to it over a ten year period, the total cost will be well in excess of $2.5 Billion.

That's $250,000 per patient to access a health record they couldn't be bothered getting their GP to print out or put on a thumb-drive before they left*.

Even if this is only one of five use-cases of the MyHR, that's still $50,000 per patient. Is it likely that each intervention will cost $250,000 less than it would have without the MyHR? $50,000?

Don't they have envelopes they could scribble on the back of in Canberra?

*The thumb-drive idea isn't mine and it isn't new.

Anonymous said...

It has been said repeatedly that there is no viable business model to support the project. There are business plans prepared by NEHTA and the Department full of unsubstantiated motherhood presented as the basis of a viable business model.

Were they understood by the politicians who authorized budgeting for the project?


Anonymous said...

The Department's got some good reasons to be getting worried. It would be best all round if the mainstream media keep their noses out of it. One can imagine what stories they might come up with as we get closer to the election. Your readers are a goldmine of potent material for a budding journalist. The department needs to get some good news stories out fast, if there are any.

john scott said...

The real question that lies at the heart of the PCEHR is: Would a doctor trust the data in the PCEHR as a basis for action? The reality is NO. There has been so little emphasis placed on meaningful, accurate and trustworthy data, especially for patients with chronic conditions, that it is hard to see how this system does not pose a risk to those who may rely on it.

It would be more beneficial to re-target NEHTA to the technology domain, introduce a more appropriate reform narrative centered on improving health care communications, and design and establish an e-health governance that is fit-for-purpose for an Australian health system that is purposefully a mix of public and private, Federal and State/Territory and multi-disciplinary.

This type of narrative would at least enable all of us who depend upon the health system to engage productively in the conversation about how we ensure that the right information is at the right place in the right time to inform action. This, to adopt an expression from the Canadian Medical Association, would deliver 'apparent value' at the point of care. Value that is apparent to all stakeholders, particularly clinicians, patients and carers.

Plan B is an emergent urgency--before or immediately after the election.

Bernard Robertson-Dunn said...

re "Would a doctor trust the data in the PCEHR as a basis for action?"

on* the government says:

“Clinical information you find within your patient’s My Health Record should be interpreted in much the same way as other sources of health information. It is safest to assume the information in a patient’s My Health Record is not a complete record of a patient’s clinical history, so information should be verified from other sources and ideally, with the patient.”

I interpret that to mean that it can't be trusted, especially if you take "not a compete record" to mean it could be wrong.


Bernard Robertson-Dunn said...

Re: "The Department's got some good reasons to be getting worried."

I may be wrong but the "Setting the Record Straight on Privacy" web page looks to me suspiciously like the department trying to refute many of the claims I have been making on Twitter. #ozmyhrprivacy

The webpage looks to have been put together in a hurry. In places it is somewhat garbled:

"For example, individuals may want to restrict access or ask a provider not to upload their sensitive health information, such as sexual or mental health issues accessible by all healthcare providers."

I don't understand what "sexual or mental health issues accessible by all healthcare providers" means.

They repeat an assertion "Government agencies will be able to access people’s personal data" but then promptly agree with it.

And then assert "the My Health Record system is a gold mine for hackers and blackmailers" and don't deny it.

To cap it off they have an email campaign that leads to this:

with the remarkable claim that the MyHR will enable them to:
"...detect emergencies before they happen."