I have to say I could not have made up just how the first few days of all this have unfolded!
As reported over the weekend there was a July 1 update on the www.ehealth.gov.au site late in the afternoon that provided a link to application forms. There was nothing provided that could be described as an on-line registration application.
Here is the link to that blog.
Then out of the blue we had a claim from a blogger (who is sponsored by NEHTA) that there was an on-line registration process via www.australia.gov.au.
You can read about this from this link.
Interestingly this route of access to the PCEHR System now seems to have been closed down - having been open for only a few hours.
Then, this morning we have had the following reports.
The federal government's e-health platform hacked at birth
- by: Fran Foo
- From: The Australian
- July 03, 2012
THE federal government's e-health platform was hacked while being developed but the incident went undetected for several months.
The revelation comes after Accenture, the main contractor for the personally controlled e-health record program, delayed delivery, resulting in only 40 per cent of the system being ready by its July 1 launch date.
The hacking incident raises issues of reliability and security of the system as people start to register for an e-health record that would contain their personal details and health information such as medications, allergies and immunisation details.
The PCEHR is intended to be a secure electronic summary of people's medical history that is stored and shared in a "network of connected systems".
According to sources close to the Department of Health and Ageing, the hacking incident occurred while the PCEHR system was being built late last year, but Accenture discovered it only four months ago. The sources declined to be named.
Lots more details here:
and this report:
Answers to identity verification questions not sufficiently secure
- by: Sue Dunlevy
- From: The Australian
- July 03, 2012
THE security of the government's e-health records are under question a day after they were launched because those registering have to provide only a Medicare card number and names and birth dates of family members to verify their identity.
Security experts say answers to the identity verification questions are so widely known it would allow a person to set up an e-health record for someone else by telephone if they wanted to access that individual's health details, such as medication or medical procedures.
"My advice is not to join until the security issues have been resolved," said Graham Ingram, general manager of AUSCERT, Australia's emergency response team for computer security incidents.
More details here:
What is also interesting is that in the Application Guide On-Line Registration is an option provided.
eHealth registration guidebook
A guidebook is available to help you understand the eHealth record registration process. The document explains the terms used, your eHealth privacy safeguards, details about how your information is handled, and where and how you can apply for an eHealth record.
See page 10. Clearly it is not present on the site yet:
See here:
Even worse - consider this section of the written Application Form found here:
(Page 2)
Privacy
The System Operator, who is the Secretary of the Department of Health and Ageing, is collecting the information in this form to work out if it can register you and/or your dependant(s) for an eHealth record, and for managing your and/or your dependant(s) eHealth record if your application is accepted.
If applicable, the information will also be used to work out whether you are an authorised representative for your dependant(s).
If you are registered, the System Operator will collect other personal and health information about you and/or your dependant(s) when that information is uploaded by healthcare providers or by you, or where permitted by law.
This is authorised under the PCEHR Act and the Healthcare Identifiers Act 2010 (HI Act).
The System Operator usually gives some or all of this information to the following as part of the normal day-to-day operations of the eHealth record system:
- registered healthcare providers involved in your and/or your dependant(s) care where this is consistent with any access controls you set, or in the case of a serious threat to an individual’s life, health or safety or to public health or safety
- your nominated representatives, if you choose to have any, consistent with any access controls you set
- repository operators, portal operators and contracted service providers that are registered to participate in the eHealth record system
- the Chief Executive Medicare as the service operator under the HI Act, and
- the Australian Government Department of Human Services and, if applicable, the Department of Veterans’ Affairs.
Your and/or your dependants’ information may be given to some other entities but only where this is required or authorised by or under law. Where information is given to other entities, those other entities may collect, use and disclose that information as required or authorised under the PCEHR Act, the HI Act and other laws.
The information provided in response to parts of this form is collected by the System Operator on behalf of the Chief Executive Medicare (within the Australian Government Department of Human Services) or the Australian Government Department of Veterans’ Affairs. The collection of this information is authorised by the PCEHR Act and is for the purpose of the Chief Executive Medicare carrying out functions as a registered repository operator under the PCEHR Act.
The Chief Executive Medicare (as the service operator under the HI Act and, separately, the holder of Medicare and PBS records) may disclose information to the System Operator about you and your dependants to help the System Operator to make decisions about registration and authorised representatives. These disclosures are authorised by the HI Act and the PCEHR Act.
Further information about how personal information is handled in the eHealth record system is described in the Registration Booklet and Privacy Statement. The Privacy Statement can be accessed by you at www.ehealth.gov.au or you can request a copy by calling 1800 723 471.
----- End Extract.
If you go here to check the understand-ability of the above:
you get the following:
Indication of the number of years of formal education that a person requires in order to easily understand the text on the first reading
Gunning Fog index : 20.52
i.e. 6 years post high-school - i.e. 2 degrees or so!
So what we have so far is failed delivery on undertakings, irregular access routes to the PCHER system being made public and incomprehensible documentation needed for application.
And all this in just 3 days. I can’t wait for the next exciting instalment.
David.
http://www.theaustralian.com.au/australian-it/government/pcehr-system-goes-offline/story-fn4htb9o-1226415914068
ReplyDeleteSomeone should ask NEHTA/Accenture what sort of development/test/acceptance environment they have provided in order to develop and support the NEHRS.
ReplyDeleteBest practice dictates that there should be at least the following environments:
Unit development/test
System development/test
Integration test
Performance/stress test
Acceptance
None of which should be connected to any live system (only other test systems) or be visible to anyone outside the project team or without appropriate security measures.
The expression "a bunch of amateurs" springs to mind. Hubris also seems to be an appropriate word.
Someone might also demand the system be immediately disconnected from any live system until a review has been conducted and proper, professional practices put in place.
NEHTA and Accenture should also be reminded that they are dealing with people's lives, both literally and wrt privacy here and that this is the highest priority, not contractual deadlines or business profits.
B&*(^*&#
ReplyDeleteI have a record now and can't get to it.
Yesterday I found this on the eHealth.gov.au site:
"australia.gov.au
The Australian Government’s australia.gov.au website provides secure access to a range of government services. An australia.gov.au account is required before you can apply for, or access an eHealth record online.."
When I went there, because I had already set up a link from Australia.gov.au to my Medicare Australia online service account, it was a pretty simple process to set up a link to my health record. Then I set up my record online, and said YES to bringing my medicare data across into my health record.
Then I hopped out and came back in again. But the Medicare data on my health record did not match what I could see in Medicare Australia's site - Medicare said I was a registered organ donor, but my health record said it didn't know anything about that. Oh well, perhaps it will synchronise over night, I thought...I'll give it the benefit of the doubt. But today - I can't even get into my record - all access is gone. I can't even go in an switch it all off! EEEEEEEEK what have I done? It's my record and I'll cry if I want to.....
I simply don't buy the line that they made a live system available temporarily for testing purposes. No one does that at this level of the game. I'm guessing that there was a perceived problem and the system was pulled. The 'only testing folks' is DOHA spin.
ReplyDeleteOh please please please.. i so want to hear the trails and tribulations of fellow taxpayers interactions.. i do..because the more we all share the more - the reality distortion field of those that have had their noses in the trough weakens. And the shear folly and hubris, and self interest at the expense of us all becomes self evident.
ReplyDeleteI dont think those involved within NEHTA or DOHA or the big consulting houses realise that by going live they have also make transparent their value - which is next to nothing.
Anonymous said "B&*(^*&#". I also created a link from autralia.gov.au to NEHR which worked yesterday, but fails today. As he/she says "It's my record and I'll cry if I want to.....". Perhaps we should cry together. :-)
ReplyDeleteTo Anonymous at 7:29 - sorry but if you have read this site even once, you were warned!
ReplyDeleteIt will no doubt be there in the washup - why don't you try ringing and complaining and trying out the complaint process - supposedly there is one according to everything we've heard!
Forecasting this slow moving train wreck is and was a trifle.
ReplyDeleteThis BLOG and its often mostly illuminating posts foresaw this debacle from May 2010 when the initial budget was announced, and the chickens are now well and making themselves right at home.
The next steps, accountability avoidance manoeuvres and insufferable spin will be a most intriguing spectacle. Forecast count of heads to roll: Zero.
Only certainty from it all, is that Tax Payers will continue to be shafted to the tune of many millions of dollars, as the QLD Health Payroll debacle profoundly illustrates.
I’m from the Government, and I’m here to help! RUN
David, as your BLOG is persisted in the National Archives, you should keep a record and timeline of the countdown, play by play and blow by blow launch of the PCEHR as a National Record and Treasure for how Government excels at large scale IT project management for posterity’s sake, in the hope our descendants are more fortunate, free and liberated from consistent and inevitable government incompetence!
DOHA and NEHTA will thank you kindly to do so, but make sure they don't know where you live.
So it would seem wise to be an early adopter - claim your identity before someone else does.
ReplyDeleteHas anyone asked if Minister Plibisek, PM Gillard or anyone senior from NeHTA or DoHA has signed up yet - perhaps it is time the pressure was put on at the top! again, anyone smell pink batts or a school hall burning?
ReplyDeleteIf blame is to be apportioned, it is to the people who set an absurd timetable, politically imposed contradictory or expensive or impractical specifications, pegged the budget and interfered in the technical process that they knew nothing about.
ReplyDeleteI actually have some sympathy for those asked to execute this - NEHTA, Accenture and the consultancy houses. DOHA should reconsider its position and sack itself. Although for the consultancy houses, it must have been clear how broken the brief was early on, maybe even before the tenders were signed, so they accepted the $ hoping it would somehow all work out in the wash. Not much glory to go around.
If a soft launch was intended to build confidence, this is not so far going to plan.
You may be right about DOHA being sacked, however Peter Fleming and Andrew Howard were brought on to drive implementation of NEHTA products, clearly they have failed and Gonski if he is still chairman I would hope is drafting their resignations.
ReplyDeleteThe rest of the executives should also be mindful of their actions or inactions that allowed this to happen.
This might sound harsh but it is no different to what they have done over the years to talented employees at NEHTA simply to cover their behinds.
Accenture has simply done what they do well, played fools for every penny and then some
Interesting... would be curious to know if "NFI" - No Fleming Insight is true.
ReplyDeleteWhere is Peter Fleming?
ReplyDeleteMaybe Mr Fleming is on vacation with the Hon. Plibersek?
ReplyDeleteWhere is Jane Halton?
Maybe doing the gardening, dishes and laundry for Ms Plibersek and Mr Fleming while they’re on their vacation?
(Knock knock) Hello? Hello? Anyone home? Mr Nehta? Ms DoHA? Are you in there? Hello? Hello! I've just popped over for a cup of spin? Sorry to bother you. Hmm .... are you hiding behind the couch? You are! I can see your feet! Open the door!! Oh for goodness sake.
ReplyDeletehttp://www.theaustralian.com.au/australian-it/government/e-health-registrations-cant-handle-names-with-hyphens-and-apostrophes/story-fn4htb9o-1226417295203
ReplyDeleteE health registration site won't accept surnames with hyphens or apostrophes - weel thought out system guys and girls!