Friday, November 03, 2017

Remember This When You Are Repeatedly Told That The myHR Is Secure And Has Not Been Breached!

This appeared a few days ago.

My Health Record data breaches caused by “fraudulent behaviour or human error”

Lynne Minion | 25 Oct 2017
Fraudulent behaviour or human error were responsible for My Health Record data breaches, the Australian Digital Health Agency has confirmed, following the release of the Australian privacy commissioner’s annual report containing details of the security failures.
"This year we received six data breach notifications from the My Health Record System Operator,” the Office of the Australian Information Commissioner’s annual report says.
“These notifications related to unauthorised My Health Record access by a third party.”
The annual report also confirmed 29 breach notifications had been received from the Chief Executive of Medicare, including reports of “intertwined” records.
“Nine of these notifications involved separate breaches related to intertwined Medicare records of individuals with similar demographic information. This resulted in Medicare providing data to the incorrect individual’s My Health Record.”
Further cases saw Medicare claims information loaded into the wrong My Health Records.
“Twenty notifications, involving 123 separate breaches, resulted from findings under the Medicare compliance program. In these circumstances, certain Medicare claims made in the name of a healthcare recipient but not by that healthcare recipient were uploaded to their My Health Record.”
According to the Australian Digital Health Agency, the breaches were caused by fraudulent behaviour or human error.
“In each instance the access has been limited to Medicare information related to fraudulent behaviour, or isolated human processing errors,” an Australian Digital Health Agency spokesperson said in a statement to Healthcare IT News Australia.
“No clinical incidents have resulted from these matters. All privacy breaches has been investigated and resolved, and the affected parties have been notified of the situation.”
More discussion and commentary here:
Would be nice to know just who was committing these frauds, when they had been charged and what the outcome of the enforcement actions were if any had happened.
The Government is keen to expose other fraudsters so why not now I wonder? Is there further news to come?
David.

3 comments:

Anonymous said...

“No clinical incidents have resulted from these matters."
YET.
If Medicare is "providing data to the incorrect individual's MyHr" how can there not eventually be an "incident".

Anonymous said...

Those involved would have to be in Australia to be charged, perhaps it is a case that this information is being accessed from operations overseas. Again secrecy breeds theory in the absence of transparency and honesty.

How anyone can believe much coming from ADHA or DoH is beyond me.

Anonymous said...

11:40 PM and 6:18 AM. Hard to argue with you. It does leave the question. Exactly what are these organisations up to and what are they really going to do with my information. I see little evidence the CEO of ADHA has purely clinical use of this data and most likely will enable complete access to it for commercial purposes and in the majority of cases will have little to do with a benefit to Australian citizens.

It is a shame but Andrew and Grahame I think you both are being taken for a ride. Secure messaging will fizzle out and HL7 Aus will be used to set ADHA standards to suit only the ADHA agenda by by proxy Tim Kelsey agenda