If you read the legislation that is being approved by the Senate to fix the #myHealtRecord you find this:
"At the end of section 17 Add:
Destruction of records after cancellation on request
(3) If the System Operator is required to cancel the registration of the healthcare recipient under subsection 51(1) (cancellation on request), the System Operator must destroy any record that includes health information that is included in the My Health Record of the healthcare recipient, other than the following information:
(a) the name and healthcare identifier of the healthcare recipient;
(b) the name and healthcare identifier of the person who requested
the cancellation, if different from the healthcare recipient;
the cancellation, if different from the healthcare recipient;
(c) the day the cancellation decision takes effect under subsection 51(7).
(4) The System Operator must comply with subsection (3):
(a) as soon as practicable after the cancellation decision takes effect
under subsection 51(7); or
under subsection 51(7); or
(b) if any of the following requirements apply before the records
are destroyed under paragraph (a)—as soon as practicable after the conclusion of the matter to which the requirement relates:
are destroyed under paragraph (a)—as soon as practicable after the conclusion of the matter to which the requirement relates:
(i) a court order requires the System Operator not to destroy records of the healthcare recipient;
(ii) the System Operator is required to disclose records of the healthcare recipient under section 69 or 69A;
(iii) the System Operator is required to disclose records of the healthcare recipient under a law covered by subsection 65(3)."
------
------
Just how can this work with the regular backups etc. and audit trail records having been taken and stored. The legislation says the data will be 'destroyed' which implies all copies etc. Does that mean all copies found, taken out the back and nuked or what?
With the technology base on which the myHR is built is this possible or are we being sold a pup?
Clever technical views welcome!
David.
How long do you need to keep backups of databases? Until the next backup is complete?
ReplyDeleteHow long do you have to keep interface audit logs? By this stage, the support team will certainly be able to produce numbers about how far back they've looked in the logs, and there'll be a way to choose a duration of retention that gives 99/1 hit rate on the logs and also means that they can say something like '2 weeks to withdraw all information'
That is all good - but what about the usual practice of aged backups and being able to handle disaster type situations. Surely need more than one backup etc?
ReplyDeleteDavid.
> usual practice of aged backups and being able to handle disaster type situations
ReplyDeletesure. there's a place for aged backups, but mainly for troubleshooting. Of course you need some redundancy in backups, but there's some technically viable period that's also politically viable. This seems like a solvable problem. unlike some of the others.
I agree it looks solvable on the surface, however the system is a records keeping system, it will have specific aspects built for the preservation of records and not the destruction of records. That said under its original intent it had retention period set, so therefore would come with disposal methods. The MyHR should have a records authority of some sort appointed by the National Archives. The Agency as the system operator would hold this function in place somewhere. That would answer the question of how records are disposed of.
ReplyDeleteThis again highlights how dangerous the MyHR is becoming, they are twisting and distorting it’s design and function which never ends well.