Tuesday, May 16, 2017

Here Is A Salutary Tale For Those Who Are Confident In The Privacy And Security Of The myHR.

This appeared a few days ago.

Former job centre worker charged with illegally accessing ex-lover's phone number

Shannon Tonkin
Published: May 13 2017 - 10:52AM
A former job centre employee upset her co-worker had ended their extra-marital affair is accused of illegally accessing his new mobile phone number in order to harass and threaten him
Brooke Holmes, who now runs F45 Training at Shellharbour, is accused of repeatedly ringing the man after he ended their 12-month relationship in 2014 and threatening to divulge their affair to her husband.
Ms Holmes also allegedly phoned the man's new girlfriend, telling her they were still sleeping together and that he was the father of her unborn child.
Documents presented to Wollongong Local Court on Friday said Ms Holmes was working for ORS Group at the time in a role that gave her access to the restricted Employee Services System, which contained personal information including addresses and contact details for job seekers.
The court heard Holmes and the victim, who also worked for ORS Group, had an affair between mid-2013 and mid-2014. He left the company in February 2015, saying he was forced to repeatedly change his mobile phone number to avoid calls from Ms Holmes.
He told police he only disclosed the new numbers to a few people and organisations, including his job service provider, MBC Employment Solutions. 
More here:
As every security specialist will tell you the weakest link in all these systems is the people with access to privileged information.
I wonder how many staff are involved in the myHR, have pretty complete access to the system and have some family ructions going on at any one time? I am sure the number is not zero!
A word to the wise – keep your private health information to your self – as this blogger advises.

Govt's electronic health record plan is a data breach waiting to happen

And you should opt out of it as soon as you can, freelancer Asher Wolf writes.
I love me my internets. Love ’em. Datalove, cyber-hippies, instant-data-transfers, crowdsourced decision-making, OpenGov, making shiny cyber-societies of transhuman wealth and immortality, and all that shit. Share your selfies, encrypt your hearts! Etc, etc, etc.
But every so often in the government’s search for INNOVATION! and CYBER! a shitty proposal rears its head that’s so utterly noxious that I feel the need to wave my wooden spoon around: Bad government! Bad!
As some of you may have noticed, the 2017 federal budget contains a proposal to roll-out e-health to all Australian citizens.
Let me just pop on my mask and robe and take the form of prophetess of digital doom for a moment …
We know the Australian government has one of the worst records of data breaches in the world. So naturally, rather than addressing their incompetencies, the Australian government has decided to roll out an e-health record for every Australian citizen. And it’s opt-out only.
Yes, you heard right. The Australian government plans to create an e-health profile for every Australian citizen and upload sensitive health data for inter-departmental sharing via the internet.
(Side note: My Health Record, the name of the scheme in question, was formerly known as the PCEHR, but it’s been renamed because everyone pretty much hated on the PCEHR, and the government thought they’d better rebrand before attempting to roll it out again.)
Of course, unlike everyone else, the Australian government thinks their e-health framework is a great idea, because if ignorance were bliss, they’d be the happiest bunch of pricks on Earth.
There’s absolutely no way this e-health proposal could go wrong, right? Centralising all sensitive data, placing it in the hands of government … because this government would never share the confidential data of a private citizen who threatens their stance, like, say when Minister for Human Services Alan Tudge released the Centrelink data of Andie Fox last month when she criticised faulty data-matching robo-debts?
Yes sir-eee, what could go wrong?
Lots more here:
Now don’t say you have not been warned!
David.

11 comments:

Anonymous said...

I am very concerned by the numerous articles pointing to the deficiencies in the MyHR. Try as I may to give the benefit of the doubt to the merits, security and functionality, of the MyHR system I have been unable to find any mitigating points in its favour. I do have a MyHR registered to me. My doctor can access it whenever I see him. When I look at it I find it is of no value to me. When my doctor calls it up if I ask him to he shows me why it is of no value to him!

He then goes on to explain to me that if it had been designed differently it might possibly be of some value. But he also points out that it should have been an opt-in system (he says it was but the Government changed it to a compulsory Opt out model) which he and I would first need to agree is of value to us both before I registered for it and give him permission to use it. That that choice has been taken away from me makes me angry. He sent me a copy of an article in The Medical Republic today which helped explain my concerns. If anything makes me really angry it is the exorbitant amounts of money spent on the system which no-one wants to use.

Anonymous said...

And so you should be, normally this does not get much of a mention, with everything else going on for this to make the news there is something very wrong

Bernard Robertson-Dunn said...

Anon 6:44pm, did you tell your GP that the government's website says:

"When creating the SHS, the nominated healthcare provider needs to ensure that all aspects of it have been completed and verify the accuracy of the information it contains. In assessing its content, the nominated healthcare provider should take into account other relevant information on the patient’s My Health Record."

This would seem to imply that the nominated healthcare provider (usually but not necessarily your GP) is responsible for the contents of the SHS and must make sure that the SHS is consistent with any and all information in the MyHR.

Uploading an SHS isn't as simple as pressing a button; the GP has to read everything that's in a MyHR and it appears that they may be held legally responsible if they don't and harm comes to the patient.

Do you suppose that the AMA and individual GPs are aware of this? Yours doesn't seem to be.

Of course IANAL and I could be completely off the mark, but the lack of clarity should be of major concern to those uploading SHSs.

Anonymous said...

There is no value in me having a My Health Record if my doctor says it has no value to him.

Anonymous said...

Yes there is a benefit to you and your GP, that RACGP and AMA along with others like MSIA sign a conpact purely so as not to disadvantage them and the money sharing table. There is no risk to those running these organisations.

The lure of money and a need to be invited to speak at events is to delicious, so delicious most principles take a back seat.

We have been conned by the pact made with the money dealer.

Anonymous said...

7:59am. Simply look at the language from AMA and RACGP, it is non committal it is about encouraging and supporting, the com in compact is compromise. All they are bound by is not to make negative noises. MSIA, well my quests is they are simply a showboat of little relevance to GovHR or Accenture.

Anonymous said...

7:59 AM, 8:34 AM you mean it's all about perpetrating and perpetuating a huge confidence trick and fraud on the taxpayer, John and Judy Citizen.

Anonymous said...

My 81 year old Mother described it as an Invasion of Privacy, without any prompting from me. It is an invasion of privacy and just seems to be failing to show up on the radar of the general population

Anonymous said...

9:50 yes that sums it up pretty well, I challenge someone to point out the open, transparent and honesty in any off this. Trump would be proud, perhaps that is what he meant in his remarks regarding out health system?

Emma Hossack President MSIA said...

For the record the MSIA is not a party to any compacts nor a "showboat".

The Medical Software Industry Association exists to assist its members with the huge amount of information and technical requirements from Government and other stakeholders. It also promotes the value of our members software to Australia's healthcare, efficiency and innovation. We do this daily and it is why our members represent the vast majority of all health software providers in Australia.

Before the Budget we met with the Minister's office and the Minister and were able to get an assurance that there would be no negative impacts on our members.

This is the kind of thing we do all the time without compacts or "delicious" speaking engagements - of which we can recall none.
We typically invite Government representatives and Ministers to speak at members events where they are questioned and which members find useful - it doesn't go the other way around!

The MSIA Board and Board before it has a solid record of achievement. All the Directors are voluntary doing their best for industry. If you want to know the facts rather than speculating about how our Association may work, get in touch. All details are public on our website.

Anonymous said...

Sadly however, the MSIA is somewhat, albeit reluctantly, beholden to the bureaucracy like putty or a marionette. It lacks power and political leverage - were that not so the diabolically disgraceful NEHTA-PCEHR-ADHA-MyHR mess and the hundreds of millions of dollars wasted would never have been allowed to happen. That is not to say the MSIA didn't try; it did. But it wasn't heard because it had no power to make itself heard and it didn't have the skills to do so, and it still doesn't. We've been there before with NEHTA and we are there all over again,. The more things change the more they stay the same.