Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Thursday, December 13, 2018

The Auditor General Is Going To Look In Detail At The #myHealthRecord!

Here is the text:

Due to table: October, 2019
The objective of this audit is to assess the effectiveness of the Australian Digital Health Agency's implementation of the My Health Record system.

Entity: Australian Digital Health Agency

Audit criteria

The ANAO proposes to examine the:

·         implementation of My Health Record expansion to promote achievement of its purposes;

·         appropriateness of My Health Record risk assessment, management and monitoring;

·         effectiveness of monitoring and evaluation arrangements in place for My Health Record.

Here is the link - reference at bottom of page.

Not before time I reckon!



Anonymous said...

October 2019 is a long way off. Still it's a step in the right direction albeit about 3 - 5 years too late, but better late than never.

I see that one can be kept informed by registering for ANAO updates on this audit and also one can contribute when contributions are called for.

Dr Ian Colclough said...

My sincere apologies to all concerned if I am wrong but this Audit seems to be back-to-front, inside-out and upside down.

"The ANAO proposes examining the implementation of My Health Record expansion to promote achievement of its purposes and appropriateness of the My Health Record risk assessment, management and monitoring."

The inference here is that My Health Record is an architecturally and technically sound, secure, functional project and that an audit of those aspects is not required. I would submit that is where the audit should be focussed as a high priority.

One has to assume the government (Department) requested this audit and proposed the scope. Far better politically to distract the ANAO from looking at the underlying real problems and to get it to focus on an area where it can do no 'damage'. If I have misrepresented this in any way would someone please say so.

Bernard Robertson-Dunn said...

"One has to assume the government (Department) requested this audit and proposed the scope"


That is highly unlikely. The ANAO reports to parliament and they are fiercely independent. Way back when the Federal Government was trying to outsource all its IT, the ANAO did an audit that was highly critical of the initiative. A subsequent inquiry (the Humphry Review) slammed the government and the thing was closed down altogether.

The ANAO are very good at turning stones over to find all sorts of nasties crawling under there.

One stone I'll be bringing to their attention is the way they have ignored external criticism.

In May 2011, I commented on the draft Concept of Operations. My main criticism was that they had not fully and properly analysed the information aspects of the system.

The final paragraphs in my comments were:

"The PCEHR Concept of Operations itself is very poor in the way it identifies and discusses issues relating to information – about the PCEHR itself, "health information" and problems associated with managing "health information"

Bad early assumptions and decisions are the hardest to correct. In my opinion, the eHealth initiative has already made some major and significant decisions without properly understanding the information aspects of eHealth.

I would advise that these need to be addressed as soon as possible, or the PCEHR project will suffer a similar fate to that of the (Human Services) Access Card"

There is no evidence that these suggestions were ever adopted.

What goes around, comes around.

Dr Ian Colclough said...

Thanks for that clarification Bernard; most reassuring. However, I am still not clear on what is the actual decision making process that brings the AG to the point of putting an Audit on its work plan. What are the triggers to make this happen?

Anonymous said...

ANAO audit targets are internally flagged by ANAO, at least ostensibly.

What's really interesting about this one is that it was initially a potential audit, limited in scope to the ADHA's management of cybersecurity. Well done to those who pushed on social media for ANAO to not forget about that one - I have little doubt that focus helped ANAO make the decision to broaden their investigation.

Bernard Robertson-Dunn said...


The ANAO is not overly transparent about the decision making process, probably so people cannot game the system and to make sure they are not hamstrung by unnecessary rules and regulations. It's the outcomes that matter.

This is what they have to say about their external audits:

"In performing or exercising their functions or powers, the Independent Auditor must have regard to the audit priorities of the Parliament for audits of the Audit Office, as determined by the Joint Committee of Public Accounts and Audit under paragraph 8(1)(n) of the Public Accounts and Audit Committee Act 1951."


Anonymous said...

@ 9:59 AM surely someone has to request an Audit be undertaken. Could a politician, perhaps a Minister, make a request?

Bernard Robertson-Dunn said...

Many people request an audit. I made one in May 2011. I know other people have made requests. It is in the nature of their independence that the ANAO makes up their own mind.

AFAIK, nobody can insist they conduct an audit. Each request is taken on its merit.

Anonymous said...

The ANAO decides what gets audited and what the scope of the audit is.

What will be interesting with this one is whether they can obtain the documentary evidence they seek - which either way will be testament in itself.

Bernard Robertson-Dunn said...

Correction. I submitted a request for an ANAO review in May 2017.

Anonymous said...

This might be a good perspective for the ANOA to consider


Anonymous said...

@1:35 PM I can relate to that story. For sometime I tried to use the governments attempt to provide digital health tools. The issue my GP and I faced was nothing was ending up in my record. I even sat with her while she posted, all seemed good no return notification of an error. I recorded the time, went home, look at the database. NO file had end up in my record. The help desk was unable to help and had passed it up to some higher order technical team, after 14 months I am yet to receive a response. Fortunately my GP practice uses a third party app which is nice and for emergencies I have the iPhone emergency medical loaded with important specifics. Anything not sent to my GP I have in my private storage and my GP can connect, although these days my GP seems very connected to path and diagnostic and radiology providers.

Bernard Robertson-Dunn said...

Did you know in an emergency you have to provide your Medicare number, surname, DOB so they can find your myhr?

Suppose you are taken to A&E unconscious and have lost your wallet/purse?

You know, when access to medical records would be really useful.

The gap between government spin and reality is amazing.

Anonymous said...

Bernard the system has moved on from GP’s and A&E, the MyHR is a tool for pharmacy’s so that those at the counter can spend a few more minutes discussing if your medication is up to date, informing you of specific brands that pharmacy wants to push, and perhaps offer you a face scrub and jelly beans. While you are there perhaps a MyDNA to compliment your MyHR as advertised of MyDR.

Bernard Robertson-Dunn said...

and the pharmacy guild wants the government to pay them for all that effort.