Wednesday, April 04, 2018

The Department Of Health Fails To Hide The Evidence Of Its Technological Incompetence.

What a perfect time to put out an adverse and critical press release?  Try the 29th of March just before the Easter long weekend?
What do we see?

Information Commissioner’s Report

The Department of Health welcomes the Information Commissioner’s final report following his investigation into the department’s release of a sample of data from the Medicare Benefits Scheme (MBS) and Pharmaceutical Benefits Scheme (PBS).
Page last updated: 29 March 2018
PDF printable version of Information Commissioner’s Report - PDF 279 KB

29 March 2018

The Department of Health welcomes the Information Commissioner’s final report following his investigation into the department’s release of a sample of data from the Medicare Benefits Scheme
(MBS) and Pharmaceutical Benefits Scheme (PBS).

This action was taken by the department with the intention of supporting medical research and policy development, and with the belief that the privacy of individuals had been protected.

The Commissioner has found the department:
    • did not breach APP6 of the Privacy Act 1988 regarding the personal information of patients;
    • was in breach of APP 6 of the Privacy Act in relation to the personal information of medical providers; and
    • did not comply with APP 1 or APP 11 of the Privacy Act in the course of preparing the dataset for publication.
The Commissioner noted that any non-compliance was unintentional and that the department acted in good faith in the steps it took before release of the dataset to protect the information. The Commissioner also noted that once the department was alerted to the issue the steps it took were quick and comprehensive.

To ensure the department continued to comply with the Australian Privacy Principles as well as other requirements, it offered to the Commissioner an Enforceable Undertaking under section 33E of the Privacy Act. The Commissioner considered the Enforceable Undertaking was an appropriate regulatory outcome for his investigation, and this Undertaking is now in place.

It is important to note that the Department is not aware of any individual or provider having been identified through this release of data.
Here is the link:
Well they failed as by later that day the SMH had this:

Guilty: Health Department breached privacy laws publishing data of 2.5m people

By Esther Han
29 March 2018 — 4:41pm

In numbers

·         Number of Australians affected by the Department of Health data blunder - 2.5 million
·         Lines of data from the MBS and PBS schemes generated for 10% of the population - 3 billion
·         Number of Australian Privacy Principles in the Privacy Act breached by the Department of Health. - 3
The federal Department of Health "unintentionally" breached privacy laws when it published de-identified health records of 2.5 million people online, Australia's Privacy Commissioner has ruled.
About 1½ years ago, the department published de-identified health data of 10 per cent of the population from the Medicare Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS) on the government's open data website for "research purposes".
A month later, researchers at the University of Melbourne sounded the alarm that the data could be re-identified, saying they had pinpointed unique patient records matching seven well-known Australians, including three former or current MPs and an AFL footballer.
After a lengthy investigation, commissioner Timothy Pilgrim has concluded the department had failed to meet the high standard required by the Australian Privacy Principles (APPs), breaching the Privacy Act three times.
"The department breached APP 6 (only in relation to health providers) by disclosing such personal information for a purpose other than that for which it was collected," his report reads.
"It breached APPs 1 and 11 [because] the steps taken ... to confirm personal information was removed from the dataset prior to its publication were inadequate relative to the sensitivity of the information and the context of its release."
But Mr Pilgrim ruled out the notion that personal information of patients had been disclosed.
This particular finding has stumped the researchers - Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague from the university’s School of Computing and Information Systems - who easily re-identified records by cross-referencing the dataset with other sources such as Wikipedia, Facebook and news websites.
Here is the link:
There was also coverage here:
and here:
and here:
among others I am sure!
That they tried to keep the news quiet is one thing but I believe the researchers managed, easily, to locate individual patient records which makes the last paragraph of the press release from the DoH more than a little inaccurate – at best.
To quote:
“It is important to note that the Department is not aware of any individual or provider having been identified through this release of data.”
While the researchers said the opposite:
“This particular finding has stumped the researchers - Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague from the university’s School of Computing and Information Systems - who easily re-identified records by cross-referencing the dataset with other sources such as Wikipedia, Facebook and news websites.
"The real privacy issue here is the 10 per cent of patients whose longitudinal billing records were published online, information that included 'management of second trimester labour', prescriptions for HIV patients, and a lot of other highly sensitive information," said Dr Teague.
"We showed that a person's record could be easily re-identified given a few simple facts about them, such as the dates of childbirths or surgeries."
The department, which offered an enforceable undertaking, would not say whether the seven patients whose records were re-identified had been notified about the blunder.”
So I reckon what we have here is an attempt and concealment and inaccuracy in the release!
Not a very good look for a Government Department that has been found to have broken the law.
If the “daddy” Department behaves like this what can we expect when the “child” (The ADHA) has its inevitable stuff-up. Not much I guess.
As I have said before give the Government (and now social media) only the data you must and no more!
David.

p.s. In the spirit of preventing this happening again I provide the following link(s) from the OAIC.

De-identification and the Privacy Act


https://www.oaic.gov.au/agencies-and-organisations/guides/de-identification-and-the-privacy-act

I am sure the DOH will find some useful reading here. As I am sure they will find this interesting!

Guide to Data Analytics and the Australian Privacy Principles


https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-data-analytics-and-the-australian-privacy-principles


D.

17 comments:

  1. Looks a lot like ball tampering by the department. As for the ADHA, but the sounds of it they struggle with a local IT setup, not sure they should go anywhere near this sort of thing.

    ReplyDelete
  2. Talking about technical (in)competence....

    This is an interesting page:

    Compatible browsers
    https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/compatibility-browsers

    It has this wonderful statement:
    "It is recommended that users take reasonable steps to monitor and maintain their security online. This includes keeping your operating system and web browser software up-to-date."

    The page was last updated 06 December 2016 but it does also say "Other operating systems, web browsers and combinations may work when accessing the Consumer Portal, although only those listed above have been thoroughly tested (as 15 June 2017)."

    Tested Windows browsers for the Consumer Portal include Firefox 52 and 53 (the latest is 59) and Chrome 57 and 58 (the latest is 65)

    They may have tested later browsers and it may only be the website that is out of date, but IMHO, it isn't a good look. Not if they really "take your privacy and security seriously".

    ReplyDelete
  3. Trust is earned with difficulty and lost with ease. The Department is not exactly engendering trust.

    ReplyDelete
  4. @5:13, either way it is a clear sign things are broken and it is evident that perhaps clinically, security, privacy, technically and politically this is not a good thing to conscript every citizen up to.

    ReplyDelete
  5. This is what happens when you dismantle one organisation and all its little obligations and purpose and replace it with a new one that is focused on marketing and the like. We head into opt out with obviously no system engineering capability. I wonder if the Timmy crew even know what a browser is let along a portal. I think this should be looked at rather quickly minister before you sign off on operational readiness

    ReplyDelete
  6. In isolation this seems trivial. However, there is a pattern emerging consisting of lots of 'cracks' appearing, be it poorly treated and disgruntled staff, senior staff leaving at a critical moment, systems failing, information not being maintained, the list goes on. Put these together, it does appear to be a significant risk emerging.

    It was a big ask of the ADHA to discover its purpose and deliver some pretty significant outputs, against a potential catastrophic privacy breech, I see no shame in delaying opt out till after the election.

    ReplyDelete
  7. Something a little less trivial.

    Centrelink robo-debt program accused of enforcing 'illegal' debts
    https://www.theguardian.com/australia-news/2018/apr/04/centrelink-robo-debt-program-accused-of-enforcing-illegal-debts

    "The Turnbull government’s robo-debt program involves enforcement of “illegal” debts that in some cases are inflated or nonexistent, a former member of the Administrative Appeals Tribunal has said."

    Centrelinkk used an algorithm to incorrectly calculate a person's debt and then went chasing it.

    Current eHealth legislation has this sub-clause:

    "13A System Operator may arrange for use of computer programs to make decisions

    (1) The System Operator may arrange for the use, under the System Operator’s control, of computer programs for any purposes for which the System Operator may make decisions under this Act.

    (2) A decision made by the operation of a computer program under an arrangement made under subsection (1) is taken to be a decision made by the System Operator."

    The system operator being ADHA. If that doesn't scare the heck out of you, it should.

    This is what section 70 has:

    "70 Disclosure for law enforcement purposes, etc.

    (1) The System Operator is authorised to use or disclose health information included in a healthcare recipient’s My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:

    (a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

    (b) the enforcement of laws relating to the confiscation of the proceeds of crime;

    (c) the protection of the public revenue;"

    Note that "enforcement body" can be a whole range of agencies, potentially both federal and state and b) IANAL.

    What could possibly go wrong?

    ReplyDelete
  8. Meanwhile, back to the trivial:

    Another month, another non-delivery of the myhealthrecord.gov.au website redevelopment.

    https://aushealthit.blogspot.com.au/2018/02/it-looks-like-telstra-health-developed.html?showComment=1519628280780#c600411810537646386

    Two months late on a three month contract.

    ReplyDelete
  9. And almost a year in the interoperability strategy, we will be opening hospitals on Mars before ADHA delivers. It is a good job Nehta left Tim so many ‘in-progress’ projects otherwise all we would have is a lot of travel expenses.

    ReplyDelete
  10. Re the redevelopment of the myhealthrecord.gov.au portal, here are a few guesses (nobody has told me anything)

    The technical side is probably all up and working, the problem is with the content.

    Nobody at ADHA knows enough about how the myhr works to change or add to the content.

    They don't yet know how the opt-out process is going to work.

    I've finished guessing. Back to reality

    Look at this:

    The virtual assistant that could help Australians with e-health records

    https://www.itnews.com.au/news/the-virtual-assistant-that-could-help-australians-with-e-health-records-488137

    "iTnews can reveal the Australian Digital Health Agency is in the early stages of developing the virtual assistant to help users navigate the My Health Record website."

    They are at the proof of concept stage.

    Here is some more background on the government's push for "virtual assistants":

    https://www.themandarin.com.au/90719-new-dhs-citizen-experience-chief-automation-will-lead-to-more-human-services/

    FYI, I know far more about automation than I do about health care. I have a Master of Engineering degree and a PhD from the Department of Automation and Control Engineering, Sheffield University, UK and have worked in automation and computerisation since I came to Australia in 1972.

    Mukul Agrawal, the Chief Citizen Experience Officer at DHS, who seems to be fronting this stuff, has a Bachelor of Commerce (Honours) in Accounting and Finance and an MBA in Finance, General.
    https://www.linkedin.com/in/mukul-agrawal-753756b/

    You can draw your own conclusions, but I sense a train wreck on the way, even if it is only the timing of all these initiatives.

    ReplyDelete
  11. I wonder what gender the assistant will be? Or will it be a paper clip? And more importantly - why

    ReplyDelete
  12. 'Automating Inequality': Algorithms In Public Services Often Fail The Most Vulnerable

    https://www.npr.org/sections/alltechconsidered/2018/02/19/586387119/automating-inequality-algorithms-in-public-services-often-fail-the-most-vulnerab

    ...automated systems used by the government to deliver public services often fall short for the very people who need it most

    ReplyDelete
  13. What a great idea to have a virtual assistant/avatar to help navigate the My Health Record!
    If she is female, perhaps her name can be called MYRA (My Record Assistant).
    If he is male, well, what better role model than a tiny version of The Incredible Man (TinyTIM).

    TinyTIM: Hi there, can I help you?
    Consumer: Why doesn't my record have my medications listed in it? It looks like I am not taking anything.
    TinyTIM: Oh well sorry, but after paying for digital me, there wasn't much money left in the budget for anything else. But look, you can change my suit colour or add a hat or a ukulele.
    Consumer: Why doesn't my delete key work?

    ReplyDelete
  14. The spokesperson said the ADHA's solution would respond to questions in real-time using natural language, and would be hosted on ADHA’s infrastructure or within an Australian data centre.

    Don't expect it to be available or reliable much of the time then, ADHA can't keep its infrastructure working long enough to be of use.

    ReplyDelete
  15. If we are already having to invest in this technology through the NDIS, why then are we now having to fund the same exploring work through ADHA? If NDIS can get it working then it should be relatively simple to then train the technology to learn the GovHR needs. However where the NDIS has a defensible business case do to the expected number of public interactions, I think the ADHA might find not many really care about their little PDF store.

    ReplyDelete
  16. Maybe they are just trying to make opt-out more difficult. They won't be doing a mass publicity campaign and it could be possible that this virtual assistant stunt makes things hard and cumbersome to opt-out.

    The idea could be that people would be less inclined to opt-out from what looks like a scheme for the government to grab as much data as they can to link with ATO and Centrelink data in their MADIP scheme.

    There may well be unintended consequences in that the virtual assistant is so bad it attracts media attention (both social and traditional). They would have to fall back on human call centre people, something they are obviously trying to avoid, and which would probably be Centrelink - and we know how good they are, especially if millions of extra calls are the result.

    This could all have the sort of political consequences the government would rather not have.

    ADHA have got so many things wrong, this is quite a possibility.

    ReplyDelete
  17. Getting back to the less trivial.

    Remember the legislation, section "70 Disclosure for law enforcement purposes, etc.

    (1) The System Operator is authorised to use or disclose health information included in a healthcare recipient’s My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:

    (a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

    (b) the enforcement of laws relating to the confiscation of the proceeds of crime;

    (c) the protection of the public revenue;"

    IANAL but my guess is that the ATO can request data from myhr in pursuit of anyone or any institution, including small business (e.g GPs, medical practices etc) as well as individuals, with no oversight or limit on their powers or actions.

    “How could they do this?”: the tax office call that sent Kathryn broke

    https://www.smh.com.au/money/tax/ato-abn-outscribe-tax-office-four-corners-20180404-p4z7rf.html

    AFAIK, the ATO can ask anyone about anything to do with tax, so they can probably always get at the data if they really want to but myhr would make it oh, so much easier.

    Conceptually, Facebook/Cambridge Analytica is exactly the same as myhr/ATO - except with the ATO it is totally legal.

    ReplyDelete