This release arrived today:
Media Release:
For immediate release: 21/1/2019
Hackers can CHANGE My Health Records
Don't care if anyone can see your My Health Record, but do you care if they can change it?
Everyone's My Health Record is due to be kept in a central repository able to be accessed over the internet by hundreds of thousands of health and allied health care workers.
It is impossible to guard against cyber attack with such a large number of access points, any one of which may access the whole My Health Records database.
Even if you do not care that government may see your medical records and even if you do not care that any number of hackers, or those who hire them, may see your information, should you care that hackers may just as easily CHANGE your My Health Record information, rendering it potentially dangerous to you?
How can this be avoided? Opt out before 31 January 2019. Once it's hacked, it is almost impossible to undo the damage.
ENDS
eHealth Privacy Australia
Contact: Paul Power, ppower@powerassociates.com.au
eHealth Privacy Australia (EHPA) is a not-‐for-‐profit registered organisation that comprises a coalition of digital health professionals working to establish a useful and effective Australian eHealth system.
Company principals are Dr Juanita Fernando, FACHI PhD MA BA PG Dip HPE GradCert BusSys, Biomedical & Health Informatics researcher and
Paul Power, BSc (Hons), Computer Science, University of Melbourne, 1975,
IT professional, programmer, systems analyst, IT manager, eHealth specialist since 2000; appeared as a witness and made submissions to the Senate Inquiry into the medicare card data breach and the Senate Inquiry into the My Health Records system.
EHPA has a keen interest in ensuring that eHealth data is private and secure, ensuring the My Health Record is fit for purpose and adequately protects patient confidentiality.
----- End Release.
Food for thought I reckon.
David.
A very real concern David, there are a raft of scenarios once you obtain access. However I am trusting they have security monitoring sorted, but not so much that I stayed in the system.
ReplyDeleteI'm not sure this statement is valid. "Opt out before 31 January 2019. Once it's hacked, it is almost impossible to undo the damage."
ReplyDeleteConsider this: if I don't opt out before 31 January 2019 and My Health Record is 'hacked' a few months later some idiot decides to change some of the content in My Health Record, should I be overly concerned?
Surely I can then opt out and have my record deleted completely. Then a little later I can opt in and create a completely new record and start afresh so that whatever was in my old record (which I deleted) will have no impact on my 'brand new' health record.
If I am wrong and I have misunderstood the current situation would someone please let me and others know. Thanks.
IMHO, it isn't the hacking itself that's the problem, it's knowing what might have happened to the data. If data has been downloaded to other systems and then sent to yet more systems and/or decisions have been made based on the bad data, then correcting things is a challenge.
ReplyDeleteI don't know if ADHA keeps some sort of log of what has been downloaded, by which institution and where to. Even if they do, they would have to go to the institution that did the downloading to find out who did the downloading and what happened to the data - if that is possible.
AFAIK, there is no indication in the audit log a consumer sees that a document has been downloaded, only that there has been an access.
The privacy protections for the whole wealth data ecosystem are a joke and nowhere near as tight as the government makes out.
Dr Ian ColcloughJanuary 22, 2019 2:38 PM
ReplyDeleteYou could delete record, create record, but the second step would not be like rolling back to previous restore point. If what is being indicated is true then delete is full destruction. You might find other than PBS data you would have to reconstruct lost data but by bit. Even then you may not recover everything, consumer notes, random uploads from GPS when you where grey nomading, at a dance party is tassie and needed an ambo, and other random bits of information.
Unless I am wrong and ever CIS pathology system and hospital etc is continuously syncing with tiMHR that data will be lost which might be as unlucky as tamper with data.
The ADHA has not yet implemented a delete feature in the MyHealth system. Legislation requiring such a function may have been passed (or not), but the actual feature is not ready. ADHA have confirmed this to me. So what's the point of hypothesizing about whether the deleted record stays deleted, is restored or recreated, when no such function has been implemented?
ReplyDeleteIt makes you think, if they can't code a delete function within 6 months, then my trust in this particular agency to maintain my personal health record is very, very low indeed. Apart from the fact that storing PDF documents with free text writings from your doctor is in no way useful to other health practitioners, this makes MyHealth a solution without a problem.
Interoperability with medical director and other clinical systems was not even thought of in the business requirements. MyHealth is a standalone system, designed by non-medical staff, unable to talk to other systems doctors may be using. I'll pass.
AFAIK, an individual cannot upload a clinical document, only a personal health summary and some advanced care documents.
ReplyDeleteHow you upload your own history (e.g. images, test results etc) is a mystery to me.
Can someone enlighten me please?
@Doc. With only 9 days until it is supposed to be available I hope your are posting that is jest. I am sure it has gone through rigours testing, clinical impact assessments, privacy and data management review to ensure the Oder visuals reflect odd is sanitised from the system. The ADHA is claiming it will be ready
ReplyDeleteA #MyHealthRecord will be created for every Australian who wants one after 31 January 2019. If you decide you don’t want one, you can opt out by 31 January, or permanently delete it at any time in your life. It’s your choice. Learn more
PS. I do not doubt @ Doc is correct.
The PCEHR was designed to never delete any record or part of a record. That simplified the design. A record or part record would be flagged "hidden" so only the display function had to deal with it.
ReplyDeleteChanging such a fundamental aspect of the system so that a record can be deleted is not a simple task and I can well believe that it hasn't yet happened. Deleting a record from backups is even harder.
I wonder if Dr Phelps will ask about this when parliament next sits.
ADHA has finally published another of its weekly statistics - 4 weeks since the last set.
ReplyDeleteMakes interesting reading.
In the 28 days between 17 December 2017 and 14 January 2018 the daily rate of uploads of SHS was 1925
A year later, after a 17.8% growth in registrations, in the 28 days between 16 December 2018 and 13 January 2019, the daily rate of uploads of SHS was 1888, a reduction of 1.9%
In the past year 970,050 SHS were uploaded, that's 15% of the 6,450,277 registrations (as of 13 Jan 2019). Some of those uploads may well be updates, so the number of records with a SHS uploaded last year is probably lower. I would think that anything older than that is suspect.
A reasonable conclusion is that 85% of records are either empty or so old as to be unreliable at best and useless/dangerous at worst.
Not a great set of figures, I would suggest, especially with all the publicity surrounding opt-out.
Our glass is never half empty and we like it that way. As you know, practices receive and incentive payment if we meet the criteria for SHS upload targets.
ReplyDeleteWe ensure we meet the required target in order to receive our incentive payment. It's no big deal for us. It doesn't matter what 'information' is included in the SHS as long as the MHR system receives a SHS document containing patient ID info. If no clinical data is included, so what, the MHR wouldn't have a clue, the patient doesn't know or care, and as our doctors don't use the system for clinical care it doesn't matter a jot to us what's in the system (as long as we get paid for meeting our upload target).
It's a little surprising more practices aren't doing this, but that's probably because they think it might be fraudulent; which it isn't.
An empty SHS document is an empty SHS document, all that matters is that it's been uploaded. Our glass is always half full and we like it that way.
@ Bernard 11:16 PM said "A reasonable conclusion is that 85% of records are either empty or so old as to be unreliable at best and useless/dangerous at worst."
ReplyDeleteIt is might be reasonable to conclude that 85% of records are empty, perhaps somewhat akin to 10:11 AMs comment.
If the records are empty they cannot be described as unreliable or even dangerous, but they can be described as being useless.
A random, independent, clinically-informed, objective, audit would be more than a little illuminating; something the ANAO should probably be undertaking in the course of its current audit of the My Health Record.
Looks like ADHA has managed to get Accenture to develop the Delete. HARD function according to pulseIt
ReplyDeleteThe Australian Digital Health Agency (ADHA) will tomorrow activate a function within the My Health Record system to let consumers permanently delete their record. ( that was posted 15 hours ago)
The Minister now has his big beautiful button we can all know sleep safe in our beds.
ReplyDeleteAn extract from a printout found in the lunchroom. I only have a scanned copy passed on a friend at ADHA but this is a word for word replica. This might help explain the SHS numbers and how they really do not reflect the true level of engagement. Hopefully this will quiet everyone down.
ReplyDeleteA clinical document must be digitally signed before it can be uploaded to the My Health Record system. Some clinical information systems cannot reliably create a digital signature and without that they cannot attempt to upload the clinical document to the My Health Record system, potentially resulting in: a) Missing clinical information in a consumer’s My Health Record resulting in incomplete information. b) Changes to documents in My Health Record including amendments not uploading resulting in out-of-date or incorrect clinical information.
- Unexplained cases of missing information or incorrect information in a My Health Record where a healthcare provider believed they had fulfilled the correct upload workflow.
- Healthcare providers failing to obtain their Practice Incentive Payment as Shared Health Summaries they thought they created are not sent to the My Health Record system. My Health Record Release 9.4.2 deployed 5 November 2018, introduced information monitoring to help the Agency identify any healthcare provider organisations and clinical information systems failing to digitally sign and upload, on average, 62.5% of clinical documents. Previously, the My Health Record system recorded information about transactions between healthcare providers’ clinical information systems and the My Health Record system, although no information was recorded about transactions that failed to occur due to this specific issue.
Anonymous January 24, 2019 8:10 AM said...
ReplyDelete"Hopefully this will quiet everyone down."
You must be joking. This means the My Health Record system is even more unreliable than we thought, and we thought it was bad enough.
@8:10 AM, I don’t follow, surely by identifying the issue and putting in place a monitoring tool we have done the right thing and delivered an outcome to the Minister and Mitigated the issue first reported to the minister 18 months ago. I do not believe until sometime after opt out we can judge this as a production ready product it is still in dev and subscribers are proving great user feedback loops.
ReplyDeleteGuess some are never happy or just don’t get large scale software dev work?
Someone should ask all the state public hospital systems if their clinical software will upload any information for under 18s, if they can stop individual items going up at patients request while allowing others, or can view Advance Care Plans or Allergy information.
ReplyDeleteTo save them some time, the answer in almost if not all cases is no, and it will be years before they can.
Anon January 24, 2019 8:10 AM
ReplyDelete"My Health Record Release 9.4.2 deployed 5 November 2018, introduced information monitoring to help the Agency identify any healthcare provider organisations and clinical information systems failing to digitally sign and upload, on average, 62.5% of clinical documents."
Are you saying that on average, 62.5% of clinical documents do not make it into myhr?
After six and a half years?
Detecting the problem is one thing, fixing it is another, much harder, problem.
@10:08 AM you have stated the blatnatly obvious ..... that the My Health Record is not a production ready product.
ReplyDeleteThat being the case there can be no justification for forcing the Australian public into an Opt-out system under the false pretences it does everything the ADHA claims it does when it doesn't.
As it is not a production ready product the only conclusion one can make is that a huge fraud is being perpetrated on every Australian based on a tissue of lies and false claims.
failing to digitally sign and upload, on average, 62.5%
ReplyDeleteYou can smell the fear in this, whoever raised this must be bold. The truth is that it is not they are failing to digitally sign, it is that the digital signature is alpha-numerically incorrect.
I recall in the firing days of NEHTA a Microsoft patch created this problem by informing the agreed standard format. ADHA has owned and known of this issue there entire existence and have place clinical safety issues on everyone signed up and exposed healthcare professionals to medico-legal and professional reputations risks if ever they have used the system. The clinical folks at ADHA from Dr Hambilton and Merideth all the way down are negligent in their duties and Tim and Ronan should be on the next flight back to the UK
Does anyone have the actual document as this is serious, David perhaps you could let certain people aware and see if this can be publicly made avalaible
I read the 62.5% as the threshold they're using to identify problems with ePIP receiving practices, ie if you get ePIP, and less than 62.5% of the documents you try to send to MHR are actually going up onto MHR, then they'll investigate.
ReplyDeleteDidn't know they had the staff capacity to do that effectively...
Using it for ePIP??, so are you saying that the Minister down does not see anything concerning about a system rejecting a majority of clinical records.
ReplyDeleteIf one lost fax cusses a death and a shit storm, what should we be burning we tens of thousands of CDA uploads don’t arrive at an intended destination?
If ever there was a stain reason to stop the MHR and have the ACS review it head to toe.
Yes this is a serious issue on many fronts. What will be done? Absolutely bugger all! To many fingers will get burned.
ReplyDelete@6:55 PM. You are mostl likely on the money. That said this does require further explanation especially if the claim this is on the Ministers desk and has been for over 2 years.
ReplyDeleteWe are about to see a large portion of the population dumped into a system that is broken even by government standards
For those who think health is like banking- how would you feel if the banks failed 65% of all online transactions? Would you stick your money in them? Would you trust an ATM?
ReplyDeleteIt is a nice last ditched attempt to stop the MHR Dreadnought but in reality no-one in parliament cares anymore they have ticked their ass -covering boxes. There is no real evidence of such an issue, has any practice or consumer raised an issue of this nature? No one in the press has raised an eyebrow, and FOI is void of any requests of this nature.
ReplyDeleteTim has successful built a big beautiful wall of PDF records of your health.
12:56 - someone has fulfilled your wish it seems https://www.theguardian.com/australia-news/2019/jan/25/my-health-record-government-warned-of-significant-patient-data-glitch
ReplyDeleteOh my that is a bit of an issue, the ADHA statement does not help, where do they get 1% from?
ReplyDeleteMy guess is they sat 65% of one type of document equates to x number then cast that number against the million and millions of pbs pbs files collected over the past 7 years.
ReplyDeleteThis really is a shambles I can’t find a reason to stay in.
Well that certainly exposes a very confused and conflicted ( if not stupid) Digital Health Agency. Might be worth sending the CEO and COO to this integrity group, I get a sense they have a complete lack of it.
ReplyDeleteA coroner’s report has critiqued the medical profession's reliance on "antiquated and unreliable” MyHR and called for national review of the ADHA systems operations and issues resolution standards after a patient’s test results were sent to the the MyHR and failed to be imported by the system and he died alone in a hotel room.
ReplyDeleteNow if that had been a single fax transmission lost ( out of millions) there were be a national outpouring from the AMA, CHF, minister and ever other “look at me” poser.
So why the silence when potentially large numbers of “claimed” critical clinical documents have been rejected by the MyHR? And have been known to have been for so long by ADHA and the Minister??
Is this a glimpse of what is to come “our thoughts are with the many families and we apologise that our system failed them time and time again” but it is our system so we can only extend you hollow excuses.
Malfeasance, nothing less
ReplyDelete"A coroner’s report has critiqued the medical profession's reliance on "antiquated and unreliable” MyHR and called for national review of the ADHA systems operations and issues resolution standards after a patient’s test results were sent to the the MyHR and failed to be imported by the system and he died alone in a hotel room.
ReplyDeleteI am not sure this comment is correct - I would need to see a link to confirm it is accurate.
David.
David I think it is an attempt to recast an actual event blamed on a lost fax - https://www.healthcareit.com.au/article/victorian-man-dies-alone-after-test-results-faxed-wrong-number-–-coroner-slams-use-
ReplyDeleteA fair point regarding the complacency shown by ADHA in what is the latest debacle in a long list of debacles. Perhaps not delivered with the best of clarity but a valid comparison IMHO
I am not clear how the ADHA comes to the 1% figure but the lost of 106,672.73 clinical documents is not tribal. The spoke-person for ADHA must surely have the communications experience to realise that messaging portrays the Agency, the Department and the Minister as incompetent uncaring and ......
ReplyDeleteAs someone previously summed it up - Malfeasance
Wonder who and what advocacy group, colleges, peak bodies and other organisation will remain silent? Surely ADHA must have co-designed a fix with MSIA and non-members? Surely
Not exactly the best way to position your organisation and the government s a reliable and trusted interoperability partner.
ReplyDelete