This blog is totally independent and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Thursday, October 13, 2016
It Rather Looks That The Government Needs To Fundamentally Re-Think The Open- Data Release Program.
Last week we heard all about this issue which was covered superbly in the Saturday Paper a few days ago:
The government’s negotiations with doctors over the Medicare rebate is not helped by a breach of privacy on apparently anonymised health data.
When she addressed the annual conference of the Royal Australian College of General Practitioners in Perth last week, Health Minister Sussan Ley was already in a hostile environment.
Doctors are angry at cost-saving measures that are putting pressure on their fees. They believe the government has broken promises, used them as a collective cash cow and left them to pass on higher costs to their patients.
Standing at the podium, Ley surprised the GPs by apologising for something else entirely.
Ley revealed that the health department had inadvertently committed a potentially serious breach of the Privacy Act by deliberately publishing supposedly anonymous Medicare and pharmaceutical claims data involving GPs and three million of their patients.
To help health researchers provide better analysis and contribute to health policy, the department had made public “de-identified” records of claims under the Medicare Benefits Schedule and Pharmaceutical Benefits Scheme for a randomly selected sample of 10 per cent of the Australian population.
But it had also included just enough information about its encryption algorithms to enable a competent code-breaker to unravel the jumbled numbers that replaced doctors’ provider numbers and potentially identify them.
Ley did not explain why, when doctors who discover a privacy breach are obliged to alert those affected immediately, the government waited 16 days.
It took analysts at the University of Melbourne’s Department of Computing and Information Systems just a few days to do it.
“Yes, there will always be risks, no matter how slight, around the release of any de-identified data,” Ley told the conference last Thursday morning, as she segued to a nothing-to-see-here confession, five minutes into a half-hour speech. “It’s how we manage these risks when they arise that is important.”
Her department’s risk management is now the subject of considerable discussion across government about how the release of information on the Department of Prime Minister and Cabinet’s data.gov.au website could have been so badly handled.
Ley revealed that the University of Melbourne researchers had notified her department of “a vulnerability” in the encrypted data on September 8 – the researchers say it was actually September 12 – and “that individual healthcare providers could possibly be re-identified”.
Ley assured doctors there were “no provider names in the dataset” and no patient information had been “compromised”.
A second data breach within the federal government in a week has seen a dataset involving 96,000 public servants pulled from public view over privacy concerns.
Fairfax Media reported yesterday that the Australian Public Service Commission had decided to pull the dataset from the government's open data portal data.gov.au over concerns the information could be used to identify individual officers.
The APSC performs a massive yearly employee census to collect attitudinal data that tracks the views of staffers about management and workplace conditions.
While the data collected from the 96,000 public servants does not involve names or contact details, the APSC told iTnews that tweaks to this year's dataset had raised privacy concerns.
For the first time since it started collecting the census in 2003, the APSC this year added a numeric code for each government agency to an individual's responses.
It said agencies were not named and "at no time did the APSC publish individual identifiable information in the public domain".
But it decided to pull the dataset and review the information over concerns matching agency codes to individual responses would make it relatively easy to identify the public service worker who filled out the census.
The federal government is caught up in a second data privacy scare, this time involving a massive data-set on more than 96,000 of its public servants amid fears their confidential information might not be secure.
In the second potentially serious Commonwealth data breach to become public in less than a week, the public service's workplace authority has confirmed that it has withdrawn the data gathered in its massive annual employee census from public view.
It is feared that identification codes for departments and agencies could be used to identify the individual public servants who filled in the census, the largest workplace survey undertaken in Australia, on condition of anonymity.
The data has been taken down from official websites to be washed of any features that could be used to breach the privacy of government officials.
But the Australian Public Service Commission has confirmed the data-set was downloaded nearly 60 times before the take-down, meaning the raw information is in circulation with no way to control how it is used or distributed further.
One really wonders what is going on here and how many other IT academics are working to access more of the information the government is / has released.
What is needed here is for the Government to close all the releases down and then publish a proper draft framework for how it is going to move forward and have it fully critiqued by experts here and overseas.
If they don’t I suspect the drip, drip of mistakes will just grow.