There was more follow-up on the data issues and leaks with the myHR this week.
First we had:
Medicare claims data sent to the wrong health records
By Paris Cowan on Nov 14, 2016 2:55PM
Human Services admits privacy breach.
The Department of Human Services has admitted it uploaded sensitive Medicare claims records to the wrong recipient’s electronic health records 86 times in the 12 months to 30 June 2016.
DHS, which is responsible for the operation of the Medicare medical rebate scheme, is obliged under law to report any data breaches related to the national My Health Record system to Privacy Commissioner Timothy Pilgrim.
It said it identified the privacy breaches during data-based checks on Medicare compliance.
The Medicare mix-ups form the bulk of the 94 individual health record breaches, affecting 103 people, that were reported to Pilgrim and the Office of the Australian Information Commissioner in 2015-16.
The count has jumped dramatically on past years - reported numbers typically sit in the single digits - in the 12 months the federal government started trialling its shift to opt-out registration for e-health records.
In 2014-15, the OAIC received seven mandatory data breach reports, and in 2013-14 it received just two. However, in neither of these years did the regulator specify how many individuals were affected by each reported incident.
The health department is in the midst of two trials of the opt-out process that will see more than one million residents in northern Queensland and the Blue Mountains region of NSW automatically signed up for a record unless they proactively refuse.
However, a spokesperson for the DHS told iTnews the rate of breaches still only accounts for a tiny fraction of health record users.
“These types of cases are quite rare – with more than 4 million people registered at this time for a My Health Record, data breaches represent around 0.004 percent," the spokesperson said.
More here:
Also there was reporting here:
MyHealth bungle: Dozens of patient records mixed up
Antony Scholefield | 15 November, 2016 |
Federal bureaucrats have inadvertently filled the MyHealth Records of almost 100 people with Medicare data from other patients, it has emerged.
These included five patients whose newly-created My Health Records were populated with somebody else’s MBS and PBS history because the other person had similar identifying details, such as the same name or birthdate.
Another 86 patients had somebody else’s Medicare claims added to their record.
Mistakes by the Department of Human Services affected 96 patients in the last financial year, compared with only 12 patients in the year before, according to a new report from the Office of the Australian Information Commissioner.
The information commissioner is still conducting five investigations into MyHealth Record data breaches, all related to the Department of Human Services.
The bungles follow the release of MBS data by the federal Department of Health last month which could potentially be used to track doctors' MBS claiming habits.
More here:
http://www.australiandoctor.com.au/news/latest-news/my-health-bungle-dozens-of-patient-records-mixed
and here:
16 November, 2016
Medicare has revealed multiple cases of patients’ claims data being uploaded to the wrong My Health Records because of mix-ups over individuals with similar identifying information.
In the year to last June, Medicare discovered five cases of “intertwined” customer records arising from confusion over patient identity, a Department of Human Services spokesperson said.
“Intertwined Medicare records can occur as a result of human error. However, it is important to highlight that when considering the number of Medicare records that exist (in excess of 23 million), the occurrence of this error is very rare.”
The errors came to light in the annual report of the Office of the Australian Information Commissioner, which is responsible for mandatory data breach notifications.
During the year, the OAIC received another eight notifications involving fraudulent Medicare claims which had resulted in wrong data being uploaded to Medicare records and then flowing to My Health Records.
The eight notifications involved 86 separate data breaches, the OAIC said.
More here:
As far as I can tell no one really seems to understand just what has gone on here and whether the problems have been remedied. Some improved clarity would not go astray!
David.
The TMR article is most correct. The DHS clarified days after the fact that the 86 uploads to the wrong record were the result of fraud - something that's being going on for decades but now affects My Health Record as well. The OAIC report read like the DHS was responsible for those 86 mistakes. Hence my report and the report from IT News. But the DHS did eventually clarify the situation. Antony Scholefield (Australian Doctor)
ReplyDeleteThe TMR article is most correct. The DHS clarified days after the fact that the 86 uploads to the wrong record were the result of fraud - nothing unique to My Health Record. The OAIC report read like the DHS was responsible for those 86 uploads - hence my report and the IT News report. But the DHS clarified the situation later. Antony Scholefield (Australian Doctor)
ReplyDelete