Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Sunday, August 05, 2018

I Think It Is Useful To Do A Little Stock-Take As We Move Into Week Four Of Opt-Out.

Well it has been amazing and I have to say trying to keep up has made me feel rather like being as busy as a one-armed paper hanger!
I see this short note as trying to put together an impressionistic ‘first draft of history’
The main things I have noticed have been:
1. The public reaction has been more intense and more rapid than any-one would really have imagined. It seems that the lack of preparatory public information has been a major mistake on the part of the ADHA has been a mistake.
2. The Profession (AMA, RACGP) has rather been caught on the hop as far as their wholehearted backing being offered for years and then a few days later having to come out a few days later saying they support change as the Minister attempted damage control.
The current president of the AMA is clearly not suited for the role he has found himself in. He has little technical understanding and is basically just mouthing the talking points from the ADHA.
The former AMA presidents – especially Prof. Kerryn Phelps – have totally undermined his efforts and rather made him look like a goose.
3. The Digital Health Professional Groups (HISA, ACHI, HIMAA) have equally fallen into the same trap and have been guilty of not looking hard enough as the possible holes in the Government’s plans. Equally, and wisely, some key digital strategists have been pretty critical of what has been done for years.
4. The mainstream media have taken to the issues raised with considerable gusto with News Ltd. The Guardian, Fairfax and The ABC all running very significant coverage. There is a sense of emerging campaigns from both the ABC and NewsCorp.
5. The technical sites have, of balance, been pretty scathing and have been winding up their criticism lately (ZDNet especially).
6. The discussion of what is a breach and what is not has spun out of the spinners control and the ADHA is now looking pretty shifty. Additionally we have seen all sorts of paper and electronic health data breaches in just the last few days.
7. The ADHA Twitter account has been a model of irrelevance tweeting about tiny meetings happening in Perth while all hell breaks loose elsewhere.
8. ADHA media has been denialist and not prepared to even consider that there might be some downsides for some in having and using a myHR.
9. There has been a studied non-discussion of all those Australians who might be on the wrong side of the digital, health, intellectual or financial divide, and how they are to be dealt with in the world of the myHR.
10. It seems clear that trust in Government and Digital Technology is at a low ebb (Census Fail, Cambridge Analytica.)
All in all I reckon it has been an appalling mess which has damaged most it has touched. Both my polls and those of Pulse+IT see some pretty major damage having been done to trust and confidence in the myHR Program.
Stilgherrian gets it right I hear from Friday.

My Health Record: Canberra is still missing the point

No, Minister. It's not just about law enforcement access to digital health records. The Australian government needs to address all the concerns. A media circus in a playground won't help.

By | | Topic: Security


"There's a lot of interest around the My Health Record system," said Anthony Kitzelmann, chief information security officer at the Australian Digital Health Agency (ADHA). Such understatement! But fears about the security of ADHA's IT systems shouldn't top our list.
The My Health Record systems achieved "96.7 percent compliance" with the Australian government's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) at the protected level for health data, Kitzelmann told the SINET61 cybersecurity innovation conference in Melbourne on Wednesday.
ADHA is "always keeping in mind that this isn't our data. It belongs to our citizens, and it has to be held to the highest standards," he said. While developing its security controls, ADHA consulted with organisations such as the Australian Medical Association (AMA), the Royal Australian College of General Practitioners (RACGP), and, allegedly, consumers.
While your writer did use the recent Singapore medical data breach to highlight the possibilities for misuse, no system can be perfect. There's currently no reason to believe that ADHA hasn't secured their systems to the best of their ability.
The real concerns were, and still are, the vast potential for misuse by the 900,000 healthcare workers who can access the system, ill-thought privacy controls, complex access control that will be difficult for ordinary humans to operate, the as-yet-unspecified "secondary use" of the data, and of course the extensive warrantless access by enforcement bodies.
Health Minister Greg Hunt has finally emerged from his state of denial, kinda. But apart from adding the ability to properly delete your record, his supposed backdown on Tuesday night really only addressed the last of those concerns.
Worryingly for Hunt, recent appearances have shown the minister thinks the privacy issues transmogrified a fortnight ago, when the medico associations raised their concerns."We've responded very quickly to the AMA and the College of GPs. They have spoken to us over the last couple of weeks, and therefore we have responded within a two-week period," Hunt told journalists earlier this week. 

More here:


The last 2 paragraphs typify the whole ugly mess:
"BREAKING: The Australian Digital Health Agency has invited the media to a Sydney playground to film three generations of the one family who have a My Health Record," tweeted journalist Greg Dyett on Thursday morning.
Yeah, sure, that'll most definitely fix it."
What is your view? Have I roughly got it?
David.

15 comments:

Anonymous said...

Two things jump to mind

Parlimentary Libray attack and censorship

The unions - police and electrical I think there were a few more but this shambles has created a lot of debate a vast majority asking the Minister to snap out of his daydream.

Bernard Robertson-Dunn said...

Just one thing to add David. The consequences of Minister Hunt agreeing to the full deletion of records, especially from back-ups has received some attention.

"My Health Record: Deleting personal information from databases is harder than it sounds"

https://theconversation.com/my-health-record-deleting-personal-information-from-databases-is-harder-than-it-sounds-100962

"Time required to work through the details

In my view, more information on the deletion process, and any legislative provisions surrounding deleted records, needs to be made public. This will allow individuals to make an informed choice on whether they are comfortable with the amended security and privacy provisions.

Getting this right will take time and extensive expert and public consultation. It is very difficult to imagine how this could take place within the opt-out period, even taking into account the one-month extension just announced by the minister."

IMHO, this has a way to go yet. There is chance that the Minister might end up looking very foolish in that what he has promised can't be easily delivered.

Anonymous said...

The point bernard raises is a significant change. It fundamentally changes what we are being ask to optout of or remain part of. There is now a chance that in an emergency my record has been mistakenly deleted due to some system or human error, this deletion may result in a serious medical misadventure. Worse still my child may die as I am told that without a government health record that is exactly the risk I am exposing my children to. Because I have been convinced this is a safe and secure system I am unlikely to check to make sure my child’s record is upto date and available every morning.

Greg Twyford said...

The My HR articles and commentaries of the last few weeks' led me to review my collection of old PCEHR documents and discussion. What struck me is that the previous acronym began "Personally Controlled".

This implies a high-level engagement by persons in their own records. This is essential if citizens are to overview and correct information, add missing information, or control access to particular providers or individuals, which has been a cornerstone of the concept from the outset.

Surely the absence of informational efforts to engage the population, the legislation's allowing wide agency access without the individual's knowledge, and finally the opt-out process itself, will ensure that the vast majority of Australia's citizens won't engage with their "Not My Health Record"?

Not to mention those on the wrong side of the 'digital divide'.

I have not seen information regarding individuals' engagements with their own records in the government's 'uptake' statements.

Do we know how many of the alleged 6 million existing records show evidence of these sorts of engagement?

Anonymous said...

Do we know how many of the alleged 6 million existing records show evidence of these sorts of engagement?

I know of no public available insights. However it would be simple enough for the ADHA to produce and publish, all system by their very nature monitor activity within the system. Even the security would require analysis to identify suspicious activity. Such information would certainly cast a more positive light on the minister and perhaps reach this promise of transparency.

5:03 PM. The play on parents emotions and maternal instincts may just blow up in ADHA face. It is a strange and disturbing tactic.

Anonymous said...

The other key issue is that Australians are being asked to enter into a binding agreement whete the terms of that agreement are not yet finalised. I am sure the Minister is a man of his word, but should the public be advised to enter into an agreement based on non-binding promises that to a large extent have not yet be proven to be achievable let alone legally binding.

Bernard Robertson-Dunn said...

It does not matter what this government promises or does, a future government can do something else. Do we really trust future, unknown governments to respect our privacy?

Anonymous said...

Oh and here is another little bit of information that seems to have not made it into the messaging

https://www.smh.com.au/healthcare/my-health-record-can-store-genomic-data-but-critics-say-it-s-not-ready-20180801-p4zuxz.html

Wonder what other little ‘value-adds’ exist we are not be told about?

Anonymous said...

Oh good another PDF to add to the mountain. Why are we not just getting messaging exchange for pathology, diagnostics meds working and then consumers can overlay a virtual health record, or at a minimal enable the care team to look you up across a number of upto date maintained information sources. The MyHR business and clinical model has been lost and simply added more and more stuff might sound fun but is it adding any clinical value to me or my care
Team ( as they change as I do?)

Trevor3130 said...

On the bright(er) side, Latrobe Uni is looking for someone to fill a Chair of Digital Health.

(Mr Hunt just talking to ABC 774 on MyHR, said those 6 million are already using MyHR. Would be interesting to view the access logs, but I reckon Hunt's definition of 'using' is somewhat elastic.)

Bernard Robertson-Dunn said...

ADHA told News Corp about 6 months ago that 1.2 million myhr had a SHS. That's about 20%

i.e. about 80% are effectively empty

Bernard Robertson-Dunn said...

And if you are looking for a little light reading:

Privacy, Trust and My Health Record, or The Spy in The Consulting Room

My article in the current Journal of iappANZ.

A direct link:
https://privacy.org.au/privacy-trust-and-my-health-record/

The full journal is available here:

https://gallery.mailchimp.com/3e9414f2c1f6070d011172186/files/e2da0c5e-36f4-437e-aa64-1cc055ab6b95/iappANZ_Privacy_Unbound_Edition_85.02.pdf

Greg Twyford said...


Bernard Robertson-Dunn said...

ADHA told News Corp about 6 months ago that 1.2 million myhr had a SHS. That's about 20%

Not too put too fine a point on it, the presence of an SHS means that a GP has uploaded one, presumably with a patient's consent. This doesn't mean that the patient has viewed the SHS, or any other content of their MyHR.

This implies a passive consumer involvement that still sounds a long way short of "Personally Controlled" to me. Especially when lots of other documents seem to be simply 'dumped' into the MyHR, without advice to the record's "owner".

Even Centrelink advises its customers if they've put a new document in the individual's MyGov record.

The ADHA website has lots of training resources for health professionals, but for consumers only enrolment spriuking, the "grand plan", plus a security guide which briefly outlines what you can do, and the "opt out" page. Nothing I could see like step-by-step demos on "How to use/view/modify your MyHR", similar to what's been provided to health professionals to upload an SHS, etc.

Not much to encourage and facilitate active consumer use there. Maybe not really wanted?

Anonymous said...

I would not take to much of what comes out of ADHA. I did time there, it is not that they are probably fibbing it is more they don’t have a clue. The bullied anyone who was not from the ‘new we know best crowd’. Ridiculed anyone who questioned and sent round this eccentric culture office to rebrand people. The ADHA general manager for IT HR and change management was a fish out of water and made a complete shambles of important organisational areas. It is no surprise to learn the optout has not run smoothly despite some best efforts. To change the MyHR for the better there needs to be significant change to ADHA. The confusion and chaos is simply a reflection of that arganisationsnconflicted ineffective and inefficient environment.

Anonymous said...

@9:13. Agree 100%. As someone who still for now is doing ‘time’ at ADHA things are still well below standard. The group you mention is getting larger and more entrenched. Sooner that changes the better the MyHR will be.