tag:blogger.com,1999:blog-23447705.post7833465665406747393..comments2024-03-29T09:18:22.495+11:00Comments on Australian Health Information Technology: Does Anyone Know Just How Secure Our Electronic Patient Records Are? Anyone Have Some Numbers?Dr David G More MB PhDhttp://www.blogger.com/profile/06902724829795199526noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-23447705.post-30506600528874682122012-11-15T16:37:53.660+11:002012-11-15T16:37:53.660+11:00Terry, those numbers were correct in the late nigh...Terry, those numbers were correct in the late nighties, early 2000's but nowadays most threats come from organised crime, other states and hacktivists. Apparently organised crime is interested in personal data e.g. medicare data (name, address, medicare no. etc) to support identity theft. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-29373877449854619812012-11-15T11:17:16.620+11:002012-11-15T11:17:16.620+11:00Isn't it amazing we hear immense histrionics a...Isn't it amazing we hear immense histrionics around security and privacy in healthcare, our government writes legislation after legislation to address this space and yet we've yet to see any "facts" published here on "How Big is this Problem in Australia"?<br /><br />Looks like the legislators and administrators may need to get a grip before they continue to operate inAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-73348858296385679362012-11-15T10:33:33.642+11:002012-11-15T10:33:33.642+11:00@Terry, I agree that the major risk is from within...@Terry, I agree that the major risk is from within - either deliberate or accidental - users having their log in details etc on a post-it tagged on the screen for example - is that deliberate or accidental? In the eyes of the new legislation, the organisation will be held accountable for this behaviour - in either scenario. Clinicians, especially, have to take responsibility for the security ofPaul Fitzgeraldnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-65794407162099237742012-11-15T10:30:29.059+11:002012-11-15T10:30:29.059+11:00Consumers will make judgments on Privacy from what...Consumers will make judgments on Privacy from what they see. The local Centrelink seems pretty good, from the little I've had to do with it.<br />On the other hand, the common desk at a community pharmacy could remind of that supermarket scene in 'Me, Myself & Irene' - "Price check on Vagiclean, aisle five."<br />We try to be discrete. There is no need for anyone else inTrevor3130https://www.blogger.com/profile/08148555743063226957noreply@blogger.comtag:blogger.com,1999:blog-23447705.post-71832093852651117142012-11-15T09:57:22.700+11:002012-11-15T09:57:22.700+11:00@Terry,
A question re the EMR systems you have wo...@Terry,<br /><br />A question re the EMR systems you have worked on.<br /><br />Are the system access controls on an individual or institution basis?<br /><br />AFAIK Centrelink systems have an access control system closely linked to an individual user. If the user walks away from their computer, the screen is locked. Thus there is a close relationship between the logged on user, what they use Bernard Robertson-Dunnhttp://www.problemsfirst.comnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-54915727212099362012-11-15T08:45:08.273+11:002012-11-15T08:45:08.273+11:00I have worked with EMR systems that have > 3 mi...I have worked with EMR systems that have > 3 million patients across multiple institutions since the 1990s! Do we not think that these implementers have NOT addressed security? These are covered in the full issue of International Journal of Medical Informatics 54 (1999) <br />Also some 'measured' quotes on security.<br />“By one estimate, 85 percent of all computer security problems Terry Hannanhttps://www.blogger.com/profile/04068727812313410493noreply@blogger.comtag:blogger.com,1999:blog-23447705.post-40013184750257061872012-11-15T08:02:16.716+11:002012-11-15T08:02:16.716+11:00Australia has introduced new legislation in regard...Australia has introduced new legislation in regards Privacy and a variety of amendments are currently before parliament and various committees for comment and eventually enactment including breach notifications. Some specific information can be found about eHealth can be found <br /><br />http://oaic.gov.au/publications/privacy_fact_sheets/privacy_fact_sheet14_healthcare_ID_eHealth.html... <br />Privacy Paulnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-50335400613686665982012-11-15T06:15:54.594+11:002012-11-15T06:15:54.594+11:00Earl, I agree we should all take responsibility fo...Earl, I agree we should all take responsibility for our "privacy" - for example, many of those squawking about privacy etc are still quite happy to hand over their credit card to a complete stranger in a restaurant, who then disappears with it for 15 minutes!<br />The problem as I see it, is that with the new legislation before the parliament, any breach can attract a fine of up to $Paul Fitzgeraldnoreply@blogger.comtag:blogger.com,1999:blog-23447705.post-71367394696614812812012-11-14T20:13:45.318+11:002012-11-14T20:13:45.318+11:00It's a good question, David, but I wonder if t...It's a good question, David, but I wonder if the answer needs to be balanced off against another. How secure are our own (personal) records and transactions?<br />I mean, if users don't know what steps they need to take, themselves, it's a bit much to expect them to appreciate what it takes to keep records safe at a corporate level.<br />Forbes has <a href="http://www.forbes.com/Trevor3130https://www.blogger.com/profile/08148555743063226957noreply@blogger.com