Sunday, July 29, 2018

AusHealthIT Poll Number 433 – Results – 29th July, 2018.

Here are the results of the poll.

Does The Huge Singapore Health Data Breach (Of A System Technically Similar To The myHR) Doom The Australian Opt-Out Initiative?


Yes 86% (175)

No 9% (19)

I Have No Idea 4% (9)

Total votes: 203

Basically most think that the huge Singapore Breach was a game changer! With all that has gone on since last Sunday (disappearing documents, political noise etc.) it will be hard to know overall but I am sure it has had a major impact.

Any insights welcome as a comment, as usual.

A really, great turnout of votes!

It must have been a slightly harder question as 9/203 readers were not sure what the appropriate answer was.

Again, many, many thanks to all those that voted!

David.

15 comments:

Anonymous said...

This was published yesterday - https://www.myhealthrecord.gov.au/news-and-media/my-health-record-stories/your-privacy-protected

There are a few statements that are probably a little misleading and certainly questionable under the current climate. Still what would Parlimentary Services or the Legal community know about Government legislation.

Anonymous said...

9:08 AM. Do you mean like this one -

Other health IT systems like the one in Singapore have been hacked, so this will too.

My Health Record is not like other computer network databases, it’s a national electronic summary record which has to be accessed through secure and conformant software. It is not susceptible to attacks like SingHealth.

I cannot speak for other systems but are they saying other systems are useful clinical utilities?

Or is this one more to your point -

The police, Centrelink and the ATO will be able to access my record.

The System Operator will not give your health information to the police, or any other government department unless it is required to by a court or similar order. Our primary role is to protect your health information.

As it is clear there is nothing in legislation to ensure this I am not sure which pub lawyer they are getting advice from. Or as you say, do the police and legal bodies not understand the legislation?


Or perhaps -
Any healthcare workers can easily access my record.

False. Only registered clinicians directly caring for you can access your record.

Unauthorised access your record is a criminal offence, which can result in penalties including up to 2 years in jail.

Still the ADHA is not bound by the same accuracy expectations as others

Bernard Robertson-Dunn said...

"Only registered clinicians directly caring for you can access your record."

This is incorrect. People working in a health care facility who need access to your record can be authorised to access it "as part of their duties". No mention in teh legislation they need to be "registered clinicians"

The legislation says so and ADHA has been training Practice Managers and Receptionists to do so. Or maybe I've got it wrong and ADHA has been training people to break the law.

The myhr website used to say exactly that but in the makeover that bit mysteriously never made the cut. One wonders why.

Oh, yes, I remember, it proves the CEO was lying. Fortunately he removed the whinging letter he sent to News Corp. Things very rarely disappear from the internet though.

Anonymous said...

The way the identifier service has been implemented and adopted for use does question the public statements accuracy and is a bit ambiguous which pretty much rules out what the ADHA presumably is trying to clear up.

The government is not building a platform for trust here, perhaps someone should step in before something regrettable happens.

Anonymous said...

It is a new week, elections are over and no big speeches planned. Will this just fade away? Or will government actually deal with this problem?

Anonymous said...

There is a COAG meeting coming up. I am sure COAG cannot be pleased, this has made them look less than effective. I recall the MyHR approvals were little more than a footnote in the minutes. Perhaps COAG should have been a little more diligent.

My fear is that the Phillies still see the MyHR as some sort of holy grail and the some tweaks to legislation is all that is needed, not that the system is no longer a fit for modern healthcare and does not support the patient care team models.

There is also the question over leadership, something that has been missing for sometime

Bernard Robertson-Dunn said...

Tony Bartone and Greg Hunt have a meeting this week. They will either come up with some firm proposals to "strengthen" the privacy protections/reduce the "ambiguity" or announce a project to come up with them.

If there are no firm changes generated in the short term, then there will be calls to lengthen the opt-out period (what Labor has already done)

Whatever they come up with will be met with questions such as - "how do we know that governments in the future will not weaken these protections?"

Labor will be happy after the by-elections and may well continue to wedge the LNP.

And of course, the media will continue publishing articles, reports, opinions etc.

Anonymous said...

@ 8:14 AM "There is a COAG meeting coming up."

Now is the time, BEFORE the COAG Meeting, for mainstream media, ABC, Privacy Foundation and others, to ensure that there is sufficient coverage of the disgraceful incompetence that has led to a useless My Health Record to be exposed in its entirety. Both Liberal and Labor Politicians have been responsible and neither have heeded the advise that many experts have given. Every time they have chosen to do nothing and duck for cover turning a deaf ear and a blind eye.

Anonymous said...

COAG have a pretty clear set of decisions and discussion points.

Where they told everything?
Was what they were told the truth the whole truth and nothing but the truth?
Why even with their oversight and commitment have we ended up in such a mess?
Can a simple legislative change make a difference without a change to the technology, security and privacy models?
Who needs to be held accountable for this disaster, is it COAG? The ADHA board, the CEO and COO of ADHA? The CEO and presidents of the Colleges, peak bodies and advocacy group, the PHN’s, the like of Steve Hambleton? Or all of them?
Who and how many need to admit they failed and fall on their swords to protect others as protocols demand

Anonymous said...

8:03 AM, I would lean towards a group effort, they are all equally to blame, although their crimes may be different. They signed up to do-design, so they are all co-conspirators.

I have read many fine insights over the past weeks, it is clear many skilled and knowledgeable people are excluded from co-design. Many who are in the ‘camp’ perhaps need a break so fresh ideas can be explored, intrenched bias removed, and issues kicked under the carpet can be honestly revisited transparency with true leadership.

Reports coming out this morning -
The backlash against an all-but-compulsory My Health Record comes 16 months after the commonwealth told the states of the “reach and relative simplicity of national communications, education and readiness” to move to an opt-out model.

Leaked documents suggest the Turnbull government may have underestimated the level of privacy and security concerns over electronic records.

Trials of an opt-out model prompted consultants to recommend, in November 2016, the government adopt such an approach, subject to some refinements and a comprehensive communications campaign to ­address security and privacy ­concerns. A paper prepared for a March 2017 meeting of the COAG Health Council reveals the commonwealth was inclined to make My Health Record opt-out sooner rather than later, instead of having a staggered NDIS-style rollout.

“If opt-out participation ­arrangements were decided, a single national approach to the rollout would optimise the reach and relative simplicity of national communications, education and readiness, but there are risks associated with logistics and delivery across the consumer base and all jurisdictions at the same time,” the commonwealth paper states.

Documents suggest Mr Hunt went into the meeting without the commonwealth having decided participation arrangements, but somehow emerged with the states’ backing for a ­national move to opt out.

Anonymous said...

Has the CEO delivered? For over a million dollars and heavens knows how much in travel allowances, it is a pretty poor effort. Still I am sure they ADHA was following the Departments advice and direction.

I do agree with 8:16 AM, protocol demands sacrifice

Bernard Robertson-Dunn said...

IMHO, the problem was a classic example of gov't IT gone wrong.

Best practice is to have two phases when developing a large scale Information System

1. Identify the problem to be addressed; think it through from all angles with all stakeholders and all issues. Come up with a high level description of what it is and a strategy for developing it.

2. Design, develop and implement the various parts as defined, including the non-technical parts identified in #1.

They didn't do step 1 and it is coming back to bite them in the bum. There were a couple of non-technical issues they didn't identify and think about, hence everything in step 2 has been wrong.

There is no other way out than to scrap myhr and either start again or just stop pretending that gov't can play in this space. Bits of the infrastructure might be re-useable, but if the re-platforming exercise currently going on doesn't do step 1, then, guess what? the same result will inevitably occur.

From what I hear, ADHA and its pet consultancy is trying to find someone who can show them how to solve their problem. In effect they have realised that myhr is totally stuffed and are having to start again. They are even asking about Interoperability.

However, their starting point is with "high level solution requirements" for which they are seeking suggestions and proposals.

Which, without defining the problem, is an impossible task. The only real criteria is to keep the myhr name, probably to save face.

So while the test bed projects are going on, they are looking to totally redo the myhr system. They are digging themselves a bigger hole while there is chaos and mayhem at the political level raging above their heads.

$2billion spent, 80% of current myhr empty (ADHA's figures) 80% GPs rejecting it, an opt-out initiative meeting public resistance (which ADHA didn't expect. Duh!), that is shinning high powered spotlights on the system and they want to start again?

It's almost as though they are living in a parallel universe with no connection with reality. Well, that's Gov't IT for you. SNAFU.

Anonymous said...

I thought the MyHR whisperer was the solution to a nice but dim idea

Anonymous said...

Tim's REALLY embarrassed his minister and the government.

Health Minister backs down on My Health Record
https://www.smh.com.au/politics/federal/health-minister-backs-down-on-my-health-record-20180731-p4zuqo.html

Anonymous said...

Not only has Tim Kelsey and his cohorts embarrassed the Minister, they have embarrassed the country, they have embarrassed just about every health related organisation. There are many out there that backed optout based on what Tim and this Bettina (COO) have been telling them, in many cases funding them.

I find it hard to believe or trust the ADHA, CHF, RACGP, AMA, PHN’s, the Department of Health, COAG and those on the so called advisory panels.

Hopefully the pressure remains and optout is cancelled and legislation changed along with the system itself as I am sure it is unable to support the minister commitment to the Australian people