Tuesday, February 12, 2019

Commentators and Journalists Weigh In On The MyHR Debate And Related Matters. Lots Of Interesting Perspectives - Week 30.

Note: I have excluded (or marked out) any commentary taking significant  funding from the Agency or the Department of Health on all this to avoid what amounts to paid propaganda. (e.g. CHF, RACGP, AMA, National Rural Health Alliance etc. where they were simply putting the ADHA line – viz. that the myHR is a wonderfully useful clinical development that will save huge numbers of lives at no risk to anyone – which is plainly untrue) (This signifies probable ADHA Propaganda)
-----
Note: I have broadened this section to try to cover all the privacy compromising and impacting announcements in a week – along with the myHR. It never seems to stop!
-----

Why data, not privacy, is the real danger

While it's creepy to imagine companies are listening in to your conversations, it's perhaps more creepy that they can predict what you’re talking about without actually listening.
Feb. 5, 2019, 6:49 AM GMT+11
By Jacob Ward
Facebook and other companies may very well be protecting your privacy — but they don’t need your personal information to determine exactly who you are and what you’ll do next.
Our human sensor array was built to easily and automatically detect small, immediate anomalies such as snakes, fire, or members of an enemy tribe. Our cognitive and perceptual equipment evolved to spot those things right now and right here. Larger, more abstract threats and patterns are mostly beyond our immediate comprehension. This inability to detect the big stuff is one of the great challenges to our ability to understand, say, the worldwide implications of climate change, or the need to fill out a complicated form to enroll in a 401(k). And in the world of privacy and data, it clouds our ability to see the real effects of data collection.
First, understand that privacy and data are separate things. Your privacy — your first and last name, your Social Security number, your online credentials — is the unit of measure we best understand, and most actively protect. When a bug in FaceTime allows strangers to hear and watch us, we get that, in the same visceral way we can imagine a man snooping outside our window. But your data — the abstract portrait of who you are, and, more importantly, of who you are compared to other people — is your real vulnerability when it comes to the companies that make money offering ostensibly free services to millions of people. Not because your data will compromise your personal identity. But because it will compromise your personal autonomy.
-----

Health sector tops latest OAIC breach report, yet again

Hafizah Osman | 08 Feb 2019
The health sector has topped the list of notifiable data breaches for the fourth consecutive quarter, as identified by the Office of the Australian Information Commissioner. 
In its latest Notifiable Data Breaches Quarterly Statistics Report, which captures data notification breaches received between 1 October and 31 December 2018, the Office of the Australian Information Commissioner (OAIC) said the private health service provider sector reported the most data breaches, accounting for 54 of the 262 breach notifications received. 
Of these notifications, 54 per cent were the result of human error, including incidents involving communications sent to the wrong recipient, insecure disposal of personal information, or loss of paperwork or a data storage device.   
Malicious and criminal attacks was the second largest source of data breaches from the health sector, at 46 per cent. Cyber incidents were the most common type of attack, accounting for 44 per cent, while theft of paperwork or data storage device was the second most common type of attack (32 per cent). 
------

In this age of surveillance capitalism, the law is left for dust

By Josh Bornstein
February 9, 2019 — 12.00am
Can the immense power of the world’s largest oligopolies to plunder our privacy and shape our lives be reined in? In recent days, German antitrust authorities struck a modest blow in consumers’ favour. The ruling of the Federal Cartel Office will prohibit Facebook from aggregating personal information it collects from consumers with that collected by its subsidiaries including WhatsApp and Instagram. Facebook has already announced it will appeal the ruling. The stakes are high.
In October last year, Tim Cook, the CEO of technology behemoth Apple, blew the whistle on the destruction of our privacy at the hands of major technology companies. In a speech to the European Parliament, he condemned the “data industrial complex” – a reference to the way we all unwittingly hand over our personal information to companies in exchange for access to the internet. In calling for greater regulation of the online world, Cook argued: “Our own information – from the everyday to the deeply personal – is being weaponised against us …” to such an extent that companies know us better than we do.
The business of watching our every move on the internet, recording that information and then selling it to derive a profit was perfected by the big technology monopolies – Facebook, Google, Amazon and their Silicon Valley followers. By obtaining a valuable asset from us for free (our data) and then selling it to companies seeking to better target advertisements at us, they have become some of the richest and arguably most powerful corporations in the history of capitalism.
-----

‘Dramatic rise’ in email fraud with banking Trojans biggest threat

Fraud attacks on emails continue to grow dramatically, with the number of attacks against targeted companies increased 226% between Q3 2018 and Q4 2018, and a whopping 476% when comparing Q4 2017 and Q4 2018, according to a new global security threat report.
“Email fraud has seen explosive growth and it’s clear that today’s cybercriminals are relentlessly targeting people, rather than infrastructure,” said Tim Bentley, vice president of Asia-Pacific and Japan for cybersecurity and compliance company Proofpoint.
“As these threats continue to grow in volume and sophistication, it is imperative that Australian organisations implement a people-centric security approach that includes a comprehensive email fraud defence and security awareness training. Ultimately, Australians must consider the individual risk each user represents, and understand how they are targeted, in order to better protect them.”
-----

Cisco wants privacy to be a fundamental human right

By Juha Saarinen on Feb 8, 2019 9:48AM

New laws needed to protect people.

The company that pioneered internetworking, Cisco, is now calling for fresh legislation to protect people around the world from the privacy-invading effects of the technology it helped to popularise.
Protecting people whose data is monetised and solving complex privacy of a world with tens of billions of internet-connected devices requires United States' legislative regimes to be interoperable with those of other nations, Cisco said.
This means US law needs to work with for instance the European Union's General Data Protection Regulation (GDPR).
Not being interoperable with privacy protection regimes in other nations will make it difficult for US companies to do business globally, Cisco believes.
-----

Working towards implementing systems for My Health Record

07 February 2019 ADHA Propaganda

My Health Record

My Health Record is the name of the national digital health record system. It is sometimes referred to as an e-health record (EHR). Any patient with a Medicare number can register to have one. My Health Record was previously known as the Personally Controlled Patient Record (PCEHR). It does not replace existing medical records but provides an additional, secure online summary.

What are the benefits?

Every year, the average Australian has 22 interactions with the health care system, including visits to GPs, hospitals and specialists. My Health Record can enable your clinicians to access information about your care and treatment, quickly and securely. This can include important details such as allergies, medical conditions, medication details, test results and organ donation decisions.
  • It allows people to take more control of their own health and wellbeing, manage their children’s health, and upload key documents, like emergency contacts and advanced care plan wishes.
  • Accessing this information can help prevent doctors ordering unnecessary repeat investigations. It also allows our clinicians to see details of your treatment outside SVHM, providing you with the best possible care quickly.
  • Enabling other health professionals you authorise to see your key health summary so you don't have to repeat it or worry about forgetting important information, like medications.
  • Helping you and your healthcare providers to better manage complex or chronic conditions
  • You can customise access to your My Health Record by setting access controls including restricting who can see your information, or cancel your record, at any time
  • You can also look up these details from anywhere with internet access.
-----

Facial recognition is about to end your privacy. How do you feel about that?

By Mark White
Feb 8, 2019 — 9.45am
Entering Alibaba's new Flyzoo Hotel in Huangzhou brings one thought: where are all the staff? The decor is a mixture of art gallery and moon base. Check-in for the 290 rooms is a waist-high podium with a glowing base that reflects on the marble floor. Calling a lift to get to your room is a matter of peering into a camera which recognises your face and takes you to the right floor. Another face scan opens your room. You can sink onto your bed without speaking to a single person.
Elsewhere in the world, our features are already being used for a multitude of purposes. In Los Angeles, pop star Taylor Swift deployed facial recognition secretly at a concert to detect stalkers. And in New Delhi, almost 3000 missing children were found, living in children's homes, in a four-day period last year – hopefully now reunited with their families. Increasingly, our features are how we will access services, pay for things and secure our most precious possessions.
More widely, object recognition and analytics can count the number of people in areas for safety or logistical reasons, detect criminal behaviour, trespassers and vandals, and spot accidents, speeding, jaywalkers, flytipping, loitering, the homeless, and more. Its use in multibillion-dollar "smart cities" projects enable stretched budgets to stretch that much further by, essentially, creating obedient, ever-alert electric people who'll watch out for something to happen, and raise the alarm when it does.
-----

The last quarter of 2018 saw more Australian data breaches than ever

Years of investment in security have failed to stem the number of data breaches affecting Australian companies, with new figures bringing to 812 the number of compromises reported since the notifiable data breaches (NDB) scheme went into effect nearly a year ago.
The latest quarterly figures from the Office of the Australian Information Commissioner (OAIC) revealed that 262 data breaches – over 87 per month, on average – were reported to the data-governance watchdog in the final calendar quarter of 2018.
The breaches involved the compromise of at least 1.63m records, up from more than 1.19m records in the first full-quarter report last July.
Contact information was breached in 223 incidents, with financial details compromised in 123 breaches – well up from the 102 breaches of financial information noted in the July report.
-----

Accidental personal info disclosure hit Australians 260,000 times last quarter

85 cases of human error resulted in 269,621 instances of Australians having their personal information disclosed accidentally.
By Asha McLean | February 7, 2019 -- 01:00 GMT (12:00 AEDT) | Topic: Security
The latest quarterly report on Australia's Notifiable Data Breaches (NDB) scheme has revealed around 269,621 separate cases of individuals having their personal information impacted as a result of a human error.
The report [PDF] says that during the period covering October 1, through to December 31, 2018, 262 notifications of data breaches were received by the Office of the Australian Information Commissioner (OAIC), with 85 being put down to human error.
Data breaches involving human error, that resulted in the unintended release or publication of personal information, was uncovered in 15 cases. For these cases, there was an average of 17,746 individuals affected.
-----

Over 59,000 data breaches stretch GDPR watchdogs

By Juha Saarinen on Feb 7, 2019 12:19PM

Only 91 fines imposed under strict new privacy regulation so far.

The European Union's General Data Protection Regulation (GDPR) has led to tens of thousands of data breaches being reported in the first eight months since the strict privacy laws came into effect, causing a large backlog of work for regulators.
Global law firm DLA Piper says in its analysis [pdf] of the effects of GDPR across Europe, that over 59,000 data breaches were reported to EU regulators since May last year.
They range from minor incidents such as email messages being sent to wrong recipients, to major hacks that affect millions of individuals.
As a result of the mandatory reports, DLA Piper says "regulators are stretched and have a large backlog of notified breaches in their inboxes."
-----

Artificial intelligence could help - if only we knew how it worked

'Digital doctors' can detect cancer with great accuracy, but as their self-taught algorithms are incomprehensible to humans, the question arises: Should we trust them?
Antony Scholefield
7th February 2019
Another week, another way that artificial intelligence (AI) can supposedly outdo doctors.
According to a study in the Journal of the National Cancer Institute, AI can identify cancer from images of cervixes with greater accuracy than cytology.
But before radiologists plug in the machine and await obsolescence, the study has an accompanying editorial questioning parts of the AI revolution.
“Before AI models can make the transition from proof-of-concept to clinically useful algorithms, we must learn how to make the models more generalisable and understandable,” say the authors, from the University of California, Los Angeles, US.
-----

Millions are on the move in China, and Big Data is watching

More than 5 million people in China have now been banned from buying a high-speed rail ticket and 17 million stopped from buying air tickets because they appear on a social credit system black list.

By Kirsty Needham
February 6, 2019 — 11.30am
Beijing: At Beijing's high-speed railway station, there is confusion as city workers heading home for Spring Festival encounter a new machine where humans once checked tickets.
Hat off, scarf off, eyes ahead – despite the bitter winter chill, China's facial recognition system 2.0 requires a clear image for its records. Passengers also put their national identity card in the machine.
Dubbed the world's biggest human migration, Lunar New Year sees 400 million people across China travelling between January 21 and March 1.
Dai Shanshan, deputy director of the Beijing Station, told the Beijing Evening News that a system in which multiple cameras simultaneously watch a face has improved the speed and accuracy of Facial Recognition 2.0, a major upgrade installed for the railway's peak season.
-----

How to radically renovate My Health Record

By Paul Shetler and Catherine Thompson
04 Feb 2019 — 2:00 PM
We have both opted out of My Health Record, the Australian government's personal health record system. Privacy and data integrity are the baseline considerations that have determined whether we – both as professionals in the field of digital transformation and as consumers – see MHR as a system that we'd trust.
The appropriateness and adequacy of the system's current privacy safeguards have been in the public eye in recent months. And in the last few weeks, concerns have also surfaced about whether the data being stored in the system is what users believe they have entered.
Yet we're passionate supporters of the push towards a national health record system. We believe it could provide both a fundamental social benefit and an enhancement to the lives of individuals. We think these benefits potentially far outstrip the ones that have been most emphasised in DHA's pitch to the public. And we think that time and technology have moved on to offer alternative approaches to delivery that could better support the health of individuals.
-----

Privacy Compliance for Medical Practices

Description
Ensuring compliance with privacy law is not just a matter of respecting patient confidentiality. Legal requirements include mandatory data breach notification, compliance with privacy legislation and penalties for breaches of the Australian Privacy Act 1988, which can include not having a proactive compliance program or the appropriate policies and procedures.

In addition to the legal compliance risks, medical practices face reputational risks from any data breaches, because patients have high expectations about privacy protection, particularly in the context of eHealth systems. This practical self-paced online module provides an overview of your privacy obligations, and the steps needed to implement a compliant privacy management program for your practice.
 Learning Outcomes
  1. Scope your privacy compliance obligations, working within the medical profession
  2. Recognise the typical risk areas found within a medical practice
  3. Map the practical steps needed to build a privacy compliance program for your practice
  4. Respond to privacy related requests to minimise risk of non-compliance.
Type
1 hour Online Learning
-----

My Health Record ‘in need of overhaul’

  • 12:00AM February 5, 2019
The federal government’s $2 billion My Health Record platform is in need of a fundamental overhaul, with experts warning the system remains a privacy landmine.
With the deadline to opt out of the MHR having passed on January 31, Elizabeth Sigston, one of Australia’s leading head and neck surgeons, said the MHR was still riddled with complexity.
“The system has made sharing of critical patient data more complicated and the proposed Data Sharing and Release Act, which overrides the existing privacy regulation, makes things even more dangerous,” she said.
The new data sharing law, proposed by the Coalition government last August, aims to help the government use public data more efficiently, raising concerns that it effectively overrides the existing Privacy Act
-----

Australians accept government surveillance, for now

February 5, 2019 6.20am AEDT

Authors

Senior Lecturer, Curtin Law School, Curtin University
Senior Lecturer, Curtin University
Australians tend to accept government surveillance, particularly if they think it necessary or trust the government, according to a recent study.
But they’re only lukewarm about it. So if such surveillance continues to increase, people might reach a turning point and adopt some basic measures to “hide” themselves.
Australians are subject to ever-increasing levels of government surveillance. It is generally justified as necessary to protect us from criminal or terrorist activities.
Under certain circumstances, various intelligence agencies, as well as federal and state police, can request access to your telephone and internet records. This can reveal information about your location and who you talked to, emailed or messaged.
-----

All hands on deck in Townsville

Pharmacists and other health professionals are pitching in together to help their patients, as Townsville remains cut off from the rest of the country due to flooding

Paul Willis, general manager of the three Cate’s Chemist pharmacies – Garbutt, Hyde Park and TAIHS – says that the disastrous flooding in the Townsville region has actually brought out “great community spirit”.
Only one of the three Cate’s Chemist pharmacies, owned by North Queensland district bearer for the state’s branch of the Pharmacy Guild Cate Whalan, is open, with one of the others closed and the third evacuated.
Mr Willis praised the quality of the local disaster coordination, which has fully recognised the importance of pharmacists and their role in medicines supply.
-----

‘Collection #1’ dwarfed by Collection #2-5

Security firm unearths creator of Collection #1 password mega-dump
Rohan Pearce (Computerworld) 04 February, 2019 10:09
US security firm Recorded Future says that it believes that an individual known on a popular hacking forum as C0rpz is responsible for an 87GB dump of passwords and user names.
Have I Been Pwned operator Troy Hunt last month revealed details of the dump, found on file-sharing service MEGA, dubbed ‘Collection 1’.
Collection #1 comprises more than 12,000 files from assorted data breaches, and includes 1,160,253,228 unique combinations of email addresses and passwords, Hunt revealed.
-----

Poll

My Health Record: staying in or opting out?
  • Opting out (73%, 405 Votes)
  • Staying in (27%, 153 Votes)
Total Voters: 558
Poll as of 5th Feb, 2019


Start Date: August 6, 2018 @ 12:05 am
End Date: No Expiry
-----

Permanently deleting your record

I don’t want a My Health Record anymore, can I permanently delete it?

In November 2018, new laws were made to provide even more privacy protections for people using My Health Record – this includes the ability to permanently delete your record at any time.
When you delete a My Health Record, all information in the record, including any backups, will be permanently deleted from the system. Deleted information cannot be recovered. Your health information will no longer be available to you and your healthcare providers, including in an emergency. How to permanently delete a record.

I didn’t opt out but I don’t want a My Health Record. What can I do?

The last day to opt out of having a My Health record was 31 January 2019.
If you have now decided that you don’t want a My Health Record, call us on 1800 723 471 and we will cancel it. This means it will be permanently deleted.
-----

Cancelling your My Health Record

This page contains information on:

How do I cancel My Health Record?

The following steps outline the process to cancel your My Health Record:
  1. Open your My Health Record.
  2. Click on ‘Profile’ from the ‘Profile and Settings’ page.
  3. Scroll to the end of the page until you see the ‘How do I cancel my registration in the My Health Record system?’ section and click on ‘Cancel My Health Record’. This will display the ‘Cancel Registration with the My Health Record system’ screen. 
  4. To cancel your My Health Record, you must agree to remove your consent from the My Health Record system by selecting the checkbox at the bottom of the screen.
  5. Select the ‘yes’ button to continue and cancel your record or the ‘no’ button to return to the ‘Profile’ page.
-----

As My Health Record opt-out ends, security concerns continue

Experts call for security education as confidential medical data faces potential exposure
Concerns about the security of medical records have re-emerged in the wake of the 31 January conclusion of the My Health Record (MHR) opt-out period.
All Australians who did not opted out will now be given a MHR, consolidating their electronic medical history into a single record that is accessible by healthcare practitioners within a range of service-delivery contexts.
The need to protect that data has been an ongoing concern for privacy bodies and others, who have lobbied the government for watertight restrictions about who can access the records and under what circumstances.
-----

Industry calls for more caution over MHR system

Hafizah Osman | 31 Jan 2019
As the Federal Government today pushes the button to create My Health Records for every Australian who wants one, the industry has stepped out asking for more transparency around security and secondary use of the records to enable people to make more informed decisions about it. 
The industry has also voiced out about data de- and re-identification, a global approach to cybersecurity issues as healthcare digitises, information security requirements of the future and blockchain as a way to alleviate some of the challenges associated with the My Health Record system.  
On 26 November 2018, the Federal Parliament passed legislation to strengthen privacy protections in My Health Records Act 2012 without debate or division.
The new legislation means that Australians can opt in or opt out of My Health Record at any time in their lives. Records will be created for every Australian who wants one after 31 January and after then, they have a choice to delete their record permanently at any time.
-----
Comments welcome!
David.

3 comments:

  1. Happy 70th birthday, David! Congratulations on reaching such a momentous milestone! May you have many more years of rabble rousing to come. The very best of birthday wishes from me, and I imagine the community of people who come here to enjoy your feisty dispatches :)

    ReplyDelete
  2. Dear David,
    Have a good one...
    May 70 be a cracking year for pot stirring and keeping the govt accountable in your own way!!
    Best wishes

    ReplyDelete
  3. Best wishes on your birthday David.

    ReplyDelete