------
MEDIA RELEASE
Medicare data breach and My Health Records: Inquiry is not enough.
(For immediate release)
While
the government's announced inquiry into a problem with Medicare data
access is to be applauded, fundamental questions remain.
“A
centralised eHealth database accessible over the Internet to over
100,000 legitimate access points, (#1) each of which has access to the
entire database, is fundamentally indefensible,” said eHealth data
consultant and eHealth Privacy Australia principal, Paul Power, as
quoted in the media. (#2)
Unless
a public inquiry urgently investigates the fundamental vulnerability of
the proposed database of the My Health Records system and recommends
appropriate changes, we will be no further forward with either safety or
security.
It
is insufficient to recommend changes that will merely lead to an
improvement in security. There is a need to understand what is
technically possible and how that will allow illegitimate users to
access the database. Changes then need to be made which make such
access virtually impossible.
While
the Guardian exposé of the vulnerability of the Medicare card database
demonstrates what has actually happened, the technical risks of such an
intrusion have always been evident to information technology experts.
The
technical ease of unwanted access to the proposed My Health Records
system is similarly evident. A change to the implementation method,
rather than an “improvement” in security, is necessary to protect the
private health information of every Australian citizen from the Prime
Minister to the newborn child.
The
eHealth Record system currently being deployed in Germany has addressed
these issues, by avoiding a centralised health data repository, with
the master health data of each citizen being held on an encrypted memory
chip in the equivalent of Australia's Medicare card. (#3)
An
investigation of the fundamental security issues, rather than
“recommendations for improvement” is required for our private health
data to be secure.
eHealth
Privacy Australia calls for a Senate Inquiry or Australian National
Audit Office investigation. Anything less will leave the government open
to the accusation that they have "doubled the locks on the front door,
but left the back door wide open."
eHealth
Privacy Australia calls for widening the terms of reference of the
"Independent review of health providers' accessibility to Medicare card
numbers", announced 10 July 2017, to make the findings public and allow
input to the review by organisations representing Australian citizens'
privacy interests and others.
eHealth Privacy Australia
ENDS
CONTACT: eHealthPrivacyAustralia@gmail.com
0408 387 978
(#1)
There are more than 100,000 registered medical practitioners, but over
670,000 are registered to access Medicare numbers, including
pharmacists, allied health practitioners and 14 other class groups.
(#2) 1. Sue Dunlevy, The Daily Telegraph, 3 July 2017, et al.
2. Daryl Manzies, Territory FM, 4 Jul 17,
http://www.territoryfm.com/podcasts/daryl-manzie-talks-paul-power-about-centralising-medical-records
3. Chris Maher, 7 News, 6pm, 4 Jul 17
4. Adam Gartrell, Sydney Morning Herald, 4 Jul 17,
5. Karen Barlow, Huffington Post, 5 Jul 17,
6. Fiona Wiley, ABC, Statewide Drive, 5 Jul 17
----- End Release.
Seems reasonable to allow others the read and react.
David.
No comments:
Post a Comment