Thursday, March 15, 2012

The PCEHR Proponents Will Get a Big Fright When They Discover How Poor The Understanding of The Elderly Is Of Computer Security and Use.

The following appeared today:

Calls for better e-health safeguards

  • by: Karen Dearne
  • From: Australian IT
  • March 15, 2012 12:15AM
THE Consumers Health Forum has called for a better complaints mechanism, greater investigative resources and additional safeguards against misuse of patient information for the personally controlled e-health record system due to launch on July 1.
The peak consumer body has turned to the Joint Select committee inquiry into Cyber-Safety for Senior Australians to raise additional concerns, including clarification around notification of data breaches on PCEHR records.
A Senate inquiry into the PECHR Bills and related matters is due to report its findings today.
"The complaints mechanism for the PCEHR will be crucial to ensuring the safety and security of consumer health information, and will be of particular interest to older Australians who are likely to be high end-users of the health system," the CHF said in its submission.
"Consumers have emphasised the importance of ensuring there is a single, clear avenue for making complaints.
"We recommend that the committee explore the management of the PCEHR complaints mechanism, and the possibility of a review of Medicare's role as the complaints body.
"We also recommend the allocation of additional resources to the Office of the Australian Information Commissioner to ensure it has the capacity to conduct investigations on behalf of consumers."
The CHF said older Australians, particularly those who lack computer and online health literacy skills, may be particularly vulnerable to misuse of information by third parties.
"We recommend the committee (considers) safeguards to prevent the misuse of PCEHR information by third parties, such as employers or insurers," it said.
The CHF notes that under the proposed enabling legislation, the system will provide an audit trail showing the organisations that have accessed their records, but not the healthcare professionals responsible for a breach.
"Consumers considered this would make it extremely difficult to identify any unauthorised viewings of their PCEHR, and will significantly undermine the safety of their record," it said.
Lots more here:
The story sent me off to have a look at the submissions.
They can be found on this page:
It is not often you find a collection of submissions from the likes of the Australian Crime Commission along with those of NEHTA and DoHA.
First it is clear the Consumer Health Forum - in the politest possible way says the PCEHR is open to all sorts of potential abuse with low levels of authentication etc.
Secondly it is clear NEHTA and DoHA are really lacking any way to properly authenticate consumer PCEHR users that would be considered robust. (They hope to authenticate providers at some stage but consumers, well, there are just too many of them.)
Third many of the submissions point out just how ill-equipped many of the older consumers are to handle the complexities of PC security, system updates, the cost of it all and so on.
Fourth reading the comments from both NEHTA and DoHA it is clear the real world of elder computer use has passed them by.
In that regard the first submission says it all:
Talk about the real world and fantasy colliding.
Given the older Australians are a target for the PCEHR, NEHTA and DoHA seem woefully behind the curve - offering as a solution simple brochures and a help line!
Oh dear.

No comments: