This appeared a few
days ago:
Government to crack down on access to patients’ Medicare numbers
Accelerates shift away from PKI for HPOS
Rohan
Pearce (Computerworld) 16 February, 2018 12:44
The government has endorsed the recommendations of a review into
health providers’ access to Medicare card numbers.
The government commissioned the review of the Health Professionals Online Services (HPOS) system after revelations that a Tor-protected service was offering to retrieve the Medicare numbers of individuals.
The ‘Medicare Machine’ service on the now-defunct AlphaBay marketplace site offered access to the data in return for a small fee.
The HPOS review made 14 recommendations and the government said today it agreed or agreed in principle to all of them.
“We are committed to protecting the personal information of the Australian people,” a statement issued by human services minister Michael Keenan said.
“These recommendations will make practical improvements to the security of Medicare numbers, without increasing the administrative burden on health professionals.”
The government said it agreed in principle to a recommendation that HPOS be used as the primary channel to access or confirm Medicare numbers and that telephone channels be phased out over two years except in exceptional circumstances.
However, the government said that further work with the health sector would be required before making changes to telephone channels.
The government said it would accelerate the transition away from Public Key Infrastructure (PKI) for HPOS authentication to use of Provider Digital Access (PRODA) accounts.
.....
The government’s full response is available online.
More here:
There is further
coverage here:
Govt backs Medicare card safety changes
The federal government has accepted 14 recommendations following a review into the reported sale of Medicare card details on the dark web.
Australian
Associated Press February 16, 201812:41pm
An independent review found Medicare cards should be retained as a secondary form of proof of ID despite reports last year some numbers were being sold on the dark web.
But it was suggested the Human Services Department undertake a public awareness campaign encouraging people and organisations to better protect their details.
Human Services Minister Michael Keenan and Health Minister Greg Hunt on Friday accepted 13 of the 14 review recommendations and committed in principle to working with stakeholders on the last.
They include that it is a condition of claiming Medicare benefits on behalf of patients that health professionals are required to take reasonable steps to confirm the identity of their patients.
More here:
The direct link to
the full Government response is here:
What is impressive
here is just how co-operative the Governmnent was in just accepting
pretty much all of what was suggested. I don't recall any other
report which has received such total agreement except - maybe - those
on child abuse and aboriginal disadvantage.
At least some parts
of the system still work!
David.
2 comments:
Re the government's track record on endorsing then implementing recommendations from reviews.
The PCEHR had a Privacy Impact Assessment done on it. It's on their website in their FAQ on security
https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/faq-security-410/$file/Personally%20Controlled%20Electronic%20Health%20Record%20PCEHR%20Privacy%20Impact%20Assessment%20Report.pdf
Paragraph 5.1.14 recommends that the Minister for Health create regulations that define controls over what Call Centre operators can and cannot do.
The Department of Health's response to paragraph 5.11 of the Privacy Impact Assessment, above, was this:
The Department agrees that a clear and robust framework is required for the operation of the PCEHR system Call Centre. The Department considers that this would be achieved in a flexible and responsive way through the use of regulations or rules. This is provided for in the legislation (s109(2) and (3)).
This is the government's full response:
https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/faq-security-410/$file/Departmental%20response%20to%20Personally%20Controlled%20Electronic%20Health%20Record%20PCEHR%20Privacy%20Impact%20Assessment%20Report%202011.pdf
As far as I know, that framework has never been developed or implemented.
I can't see anything that relates to call centres in the current regulations.
https://www.legislation.gov.au/Details/F2016C00607
Amazing what can be done when you turn off power point and remove imperative statements. Simple good old fashion analysis and recommendations. Bland perhaps but Government should be a bit grey, it is what we pay them to be and what they are good at given the opportunity.
Post a Comment