Monday, October 01, 2018

Weekly Australian Health IT Links – 1st October, 2018.

Here are a few I have come across the last week or so. Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

Still lots of digesting of the now over 100 Submissions to the Senate myHR Inquiry and all sorts of issues in a few State systems.

Enjoy the browse.
------

"Risks not taken seriously enough": Scathing audit of WA Health’s digital patient record system reveals concerns

Lynne Minion | 26 Sep 2018
WA Health’s management of its electronic medical record system has received a scathing appraisal by the state’s Auditor General, with data security vulnerabilities, storage gluts and clinical staff manually working around the digital system among the problems identified.
The Information Systems Audit Report 2018 assessed key business applications at five West Australian government agencies, including the patient medical record system at the Department of Health, and found management was to blame for a litany issues.
“Common weaknesses across all our information systems audits indicate agencies are not taking risks to information systems seriously enough. Most of the issues raised can be easily addressed and it appears that risks are simply not properly understood. They are certainly not being effectively managed.”
-----

SA Health review: EPAS must be overhauled or scrapped

Adam Langenberg, Political reporter, The Advertiser
September 26, 2018 6:56pm
Subscriber only
THE health system’s trouble-plagued electronic patient record system will be overhauled or scrapped altogether, after an SA Health review “confirmed” concerns about its operation.
Three health experts will determine if issues with the electronic patient administration system (EPAS) can be “addressed adequately” after a review found it couldn’t proceed in its current form.
SA Health chief executive Chris McGowan said the panel would also consider whether the problems were so significant that EPAS needs to be scrapped entirely.
-----

SA Health may scrap over-budget health app

By Justin Hendry on Sep 27, 2018 3:03PM

Extra funds aren't turning around sick EPAS patient admin system.

South Australia’s troubled electronic patient administration system (EPAS) is set to be overhauled or discontinued altogether after an independent review confirmed longstanding concerns with the rollout.
In an update on the review into the system that kicked off in June, SA Health revealed that continuing the current implementation approach had been “ruled out” by the review panel.
Chief executive Chris McGowan said the review's diagnostic phase had confirmed concerns with the rollout of the system, which remains accessible by only 25 percent of the state's hospital beds.
-----

EPAS: SA clinicians welcome decision to scrap current system, but wary of costs

Adam Langenberg, Political reporter, The Advertiser
September 27, 2018 11:09pm
SOUTH Australia must avoid another health budget black hole as a result of overhauling the state’s trouble-plagued electronic patient record system, a medical union says.
SA Salaried Medical Officers Association president Laura Willington supported an overhaul of the “clunky” electronic patient assessment system (EPAS), but questioned how it could be done without a significant funding injection.
“The issue (with EPAS) is there’s so much that needs to be overhauled and there’s already been so much money spent on it,” Dr Willington said. “At some point, you’ve got to stop spending good money after bad.”
-----

Telstra Health’s $50m cancer screening delay

  • 12:00AM September 24, 2018
Telstra Health is set to lose $50 million of its $220m government contract to build and operate a national cancer screening register because the project is running two years behind and has to be supported by public servants.
When the federal government controversially outsourced the new register in 2016, the telco’s health arm was expected to have it ready the following year. Telstra Health was to pull together nine cancer-screening registers, giving patients a single record.
However, the project has been beset by delays. The cervical cancer component, due to start in May last year, came online only at the end of June this year. That delayed work on the bowel cancer component, which is not likely to be ready until the end of next year.
-----

Microsoft explores AI’s potential to tackle humanitarian crises

Announced today ‘AI for Humanitarian Action’ is the third program in Microsoft’s AI for Good initiative
Rohan Pearce (Computerworld) 24 September, 2018 23:00
Microsoft has launched a program aimed at leveraging artificial intelligence (AI) technologies to aid humanitarian causes.
AI for Humanitarian Action is the third program in the company’s US$115 million AI for Good initiative to launch over the past 18 months.
Frank X. Shaw, the company’s corporate vice president, communications, told a media briefing that new $40 million, five-year AI for Humanitarian Action program is aimed at harnessing the power of AI in four areas: Disaster response, the needs of children, refugees and displaced people, and promoting human rights.
“We’ll do this by working with specific NGOs and humanitarian organisations through financial grants, technology investments, and partnerships that combine our AI and data science know-how with these groups’ core expertise,” Shaw said.
-----

SA govt outsourcing in $48m blowout

By Justin Hendry on Sep 24, 2018 8:30AM

Ten-year desktop deal not delivering on savings, jobs ... or anything, really.

The South Australian government’s desktop outsourcing deal has blown out by almost $50 million and faces the prospect of further exceeding its budget.
The consumption-based managed service arrangement with IT services company DXC – formerly CSC – was signed early last year by the former Weatherill Labor government.
The deal's genesis was an open call for “innovative” IT pitches to improve services issued in July 2015 and funded to the tune of $100 million.
-----
28 September 2018

Hello Health, goodbye more RACGP credibility?

Posted by Jeremy Knibbs
The news that the RACGP had struck a deal to “support” a previously unknown, foreign software vendor, Hello Health, to build a completely new patient management system (PMS) for Australian GPs, sounded initially like fake news.
Certainly, Australian GPs are constantly wanting more out of their PMS software vendors, and it would be rare for you to find a GP that didn’t have some issue with their PMS. But the market is already served by about seven local vendors. It is highly competitive, evolving fast with new mobile and cloud players and dominated by two very longstanding and well-respected brands, Best Practice and MedicalDirector.
Between MedicalDirector and Best Practice, the amount of money spent on sponsoring and supporting the RACGP through events, publications and advertising over their collective 25 years in the market would be into the several hundreds of thousands of dollars. So, in a sense, the industry has supported the RACGP and its members in more ways than just supplying their key technology over the years.
-----

Hospital staff slam 'malfunctioning' medical error reporting system



6 comments:

  1. 30+ federal govt agencies' security in disarray

    It would be beneficial if the ADHA could demonstrate it has meet the ASD requirements. One would expect this as a basic requirement to be overseeing a government record of our health interactions. Of course if they claim that is confidential or refuse to provide evidence that would be an indication they are far from conformant and are not compliant with this and many other government policies.

    ReplyDelete
  2. @10:23 PM. An excellent suggestion. I agree if ADHA cannot demonstrate that it meets these basic eight requirements then they should not be progressing with conscription. With clear evidence that poor corporate security practices lead to catastrophic breaches this is a critical component to support informed choice and more importantly trust in the MyHR and the system operator (ADHA).

    I am sure the ADHA will be more than happy to provide the necessary evidence as military strength security lead by a world leading cyber security centre would have had this sorted a long-time ago.

    ReplyDelete
  3. re ASD requirements etc.

    Health data does not merit a national security classification. It falls under the classification of Unclassified, OFFICIAL: sensitive, defined as:

    "Low to medium business impact

    Limited damage to an individual, organisation or government generally if compromised."

    https://www.protectivesecurity.gov.au/information/sensitive-classified-information/Pages/default.aspx

    The controls that apply are known as UD, which is defined here:

    "UD: Baseline controls advised for Australian government systems holding information which requires some level of protection. Applicable to unclassified government systems containing unclassified but sensitive or official information not intended for public release, such as Unclassified Dissemination Limiting Marker (DLM) information. Please note that Unclassified (DLM) is not a classification under the Australian Government Security Classification System, as mandated by the Attorney-General’s Department"

    Dissemination Limiting Marker (DLM) classification is defined as

    "A protective marker that indicates access to the information should be limited. It is applied to official/sensitive information that has a low to medium business impact from compromise of confidentiality—that is, the level of harm does not require a security classification—and should not be made public without review, or there may be a legislative reason for limiting access. For example, Dissemination Limiting Markers include For Official Use only and Sensitive."

    https://acsc.gov.au/publications/Information_Security_Manual_2017_Controls.pdf

    In other words, OFFICIAL: Sensitive is just about the lowest classification you can get with government held data. It most certainly is not a national security classification.

    It's also worth noting a few extracts from this document:

    "Because an agency’s risk owner (the agency head or their formal delegate) is accountable for an information or cyber security incident, they need to be made aware of any residual security risks to their information and systems through a formal approval process. Agency risk profiles will change over time as the threat environment, technology an d agency business needs evolve, so it is important that any residual security risks are monitored"

    and

    "In most circumstances, the accreditation authority is the agency head or their formal delegate."

    This means that the person responsible for accrediting the IT systems and accepting the security risks is the CEO - Tim Kelsey.

    And just because ADHA has complied with the ASD ISM does not mean it has military strength security.

    ReplyDelete
  4. Still would be of public vale to know if the Agency overseeing the GovHR has met the essential 8. Their ability to practice security best practice would be a reflection of the level of care they have in regards to safeguarding personal information of the public. The ADHA corporate networks are not the MyHR but should both be treated with the highest regard.

    ReplyDelete
  5. @October 03 1:35 PM. It has taken me a few days to stop laughing enough to reply. In simple terms the ADHA is woefully non-compliant. So much so that as a long-term advocate for the My Health Record I have chosen to optout until I see evidence the system can be managed by a fit-for-purpose organisation. The ADHA is broken and in chaos, it is built on lies, personal agendas and leaderless.

    ReplyDelete
  6. That is not good if it is true. There is a clear theme spanning the timeline the ADHA has been in existence. This theme indicates that the CEO and COO are not taking their corporate duties seriously or unable to execute their duties. I really believe the senate needs to open the ADHA up and have a good look at its ability to operate.

    I am sure the CEO and COO are able to stand in front of a crowd and sell the MHR, but it seems they are unable to steer an organisation. Would appear they are an obstacle

    ReplyDelete