Friday, May 12, 2017

If You Think The myHR is Safe and Secure Think Again. There Are Some Weaknesses.

This appeared late last week.

Your private health information is online and you don’t even know it

Sue Dunlevy, National Health Reporter, News Corp Australia Network
May 5, 2017 10:00pm
IT’S the $2 billion online health record you don’t even know you have and it could be putting your health privacy at risk.
Millions of Australians are unaware they have an online My Health Record set up by the government that can reveal if they have a mental illness, sexually transmitted disease, an abortion or other embarrassing health problem.
It can be accessed by 650,000 health professionals including dentists, dietitians, optometrists, podiatrists as well as doctors.
The record has cost taxpayers $2 billion but is not routinely being used by doctors.
And Australians are unaware that under legislation even if you opt out of the record it is never deleted and can still be accessed by the government, it will be held for 130 years and can be revealed to law enforcement agencies and insurers.
Originally Australians had to agree to set up the online record but last year the government trialled automatically creating a My Health Record for one million Australians and now it wants to give every Australian one.
The government wants to make the my Health Record opt out.
A new evaluation of trials of the opt out My Health Record shows only 41 per cent of Australians in the trial knew they had been given a My Health Record.
The record can be viewed by 650,000 optometrists, dentists, dietitians and their staff as well as doctors unless patients protect the information with a PIN number.
And News Corp has revealed fewer than one per cent of people issued the records automatically have set up a PIN number to protect their privacy.
“Most individuals in the trial sites remain largely unaware of the My Health Record system and its features and benefits,” a review of the opt out trial found.
Despite this the government report recommends that every Australian be automatically given a My Health Record.
Opt out is the “only sustainable and scalable approach,” the report says.
And it recommends the government force doctors to start using the record by tying government payments such as Medicare rebates to the use of the record.
And Health Minister Greg Hunt is expected to fund the full roll out in next Tuesday’s budget.
Lots more here:
This also appeared last week showing a few weaknesses.

Can you really spy on patients via the My Health Record?

4 May 2017
If you believe a recent media report, and some doctors, My Health Records are so badly secured that more than half a million people could potentially spy on individual patients’ medical records.
The News Corp article described the setup as a “bungle”.
But if you believe other doctors — or the Department of Health — this idea is ridiculous.
The argument is yet another controversy for the much-maligned national e-health records system, which has cost the government $2 billion and counting.
Opposition health spokesperson Catherine King seized upon the claims to slam the government’s approach to health IT security.
But was it really a bungle?
To access a My Health Record, health practitioners need to enter an individual patient’s basic details and Medicare number into their computer.
The system then automatically spits out the Individual Healthcare Identifier for that patient, which the practitioner uses to login to the patient’s My Health Record.
In theory, any health practitioner can access a patient’s record if they have the right details. In practice, if a practitioner has never seen a patient, they’re unlikely to have the patient’s Medicare number to hand, so to that extent, the issue isn’t much of a worry.
But if you believe Medicare numbers are easy to come by, you might worry a bit more.
The system does mean that a patient’s dentist can view their mental health history, but not if the patient has restricted access to that history.
More here:
Reading these two articles carefully will make sure you want to opt-out of the myHR is you have even the littlest piece of health information you want to keep private.
Think carefully as once the information is out it may be hard to lock up again!
David.

5 comments:

Dr Ian Colclough said...

These should be very real concerns for the coalition government, the Health Department and the ADHA. These perceptions cannot be turned around by slick marketing spin. Indeed, they will be greatly reinforced by such action, and used against the My Health Record [MyHR] by those parties with genuine grievances about the way the system has been developed and the huge sums expended to date(estimated at almost $2.0 billion).

In this post-budget climate the banks are looking for compelling arguments when putting their case to customers and shareholders as they take their fight against the $6.0 billion bank levy up to the government. It will not go unnoticed by the banks that expenditure on the MyHR to-date equates to one third of the bank levy! This too will not have gone unnoticed by the Opposition!

There has always been a better way to develop a Personal Health Record but every attempt to discuss that with the Department, NEHTA and now the ADHA, has been to no avail.

Anonymous said...

Yes Ian they should be concerns and looked to be resolved, this has been the case since 2010, I cannot see anything being done though, just like this weeks poll, you can bet that the direction that will be taken will be to force practitioners to use the system, I can see in 1-2 years the SMD market being taken over by Government as well, and the messaging Vendors and MSiA will sleep walk right into it.

Andrew McIntyre said...

Great, I hope they do because there is a lot of other fun stuff we could do if there was universal free government maintained quality messaging, but alas I don't think there is enough $ available in the whole budget to get that off the ground. We could add #messagingFail to #censusFail. I would love them to try. The system actually functions on real messaging and would crumble without practical solutions that work. I am sick of being threatened with that, go on make my day ADHA.

Anonymous said...

I can't believe they are throwing even more millions at this white elephant. Nobody knows about it anyway and of those that do, they think it is a failure, so they could just let It die and do themselves a budget favour!
But, it seems that the only thing that will wake these people up is when (Not if) there is a data breach and people's health and identity information is unfortunately leaked. They would not listen years ago when the thing was hacked, security around it is a joke. Flicking a switch from opt-in to opt-out without a complete redesign is asking for trouble - you only have to look at the fact that they don't seem to have considered even revisiting the rules & regulations & have made it hard to opt-out means they haven't got much of a clue.

Anonymous said...

Suggest they have a look at the NHS news this morning. The Government has just signed up to a huge reputation all risk, will make all other #fails look like minor issues