-----
This weekly blog is to explore the larger issues around Digital Health, data security, data privacy and related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board are dated 6 December, 2018! Secrecy unconstrained! This is really the behavior of a federal public agency gone rogue!
-----
Health sector urged to engage with calls for regulatory crackdown on powerful digital platforms
Melissa Sweet on: August 29, 2019
The immense market power of Facebook and Google is creating wide-ranging but poorly understood public health challenges, as outlined in a recent landmark report from the Australian Competition and Consumer Commission (ACCC).
The ACCC’s final report from its Digital Platforms Inquiry, released on 26 July, makes sweeping recommendations for increased regulation of these platforms, including to better protect the privacy and interests of consumers.
It is important reading for public health advocates, some of whom are holding a videoconference meeting this Friday (30 August) to discuss the public health opportunities arising from the report’s 23 recommendations.
The meeting, co-hosted by the Public Health Association of Australia (PHAA) and the Foundation for Alcohol Research and Education (FARE), aims to encourage the sector to engage with the Government’s consultation process, which is seeking views on “practical options for implementation, timing and any impediments or challenges”.
-----
Dispensing disruption: Are pharmacies ready for digital rivals?
By Nassim Khadem & Patrick Hatch
July 7, 2018 — 12.05am
When Amazon announced its purchase last week of online pharmacy PillPack, which packages and delivers pre-sorted doses of prescribed drugs direct to consumers’ homes, major US-based pharmacies from CVS Health to Walgreens saw their share prices fall about 10 per cent.
It was Amazon’s play at a slice of the United States’ booming prescription drug market that in 2016 totalled $US328.6 billion ($443 billion).
It was also, possibly, a crystal ball into Australia’s destiny.
In an age when everything from a box of fresh vegetables to someone who will help assemble your Ikea furniture can arrive on your doorstep within hours after a few taps on a smartphone, how long will people continue to line up in pharmacies waiting for their medicine to be dispensed?
(Old but interesting and topical at present)
-----
Meet the 'anti-vaxxers' of tech fighting Telstra, Optus 5G rollouts
By Jennifer Duke
August 30, 2019 — 11.34pm
Mercy Wolf is worried about a lot of things. But at the moment, the rollout of 5G mobile networks by Telstra and Optus is near the top of the list.
"It's happening really fast ... it seems like all the governments of the world have done the same thing in changing legislation to enable telcos to roll this out, without any obstruction from local or state governments, and that's happening all over the world," Wolf, a 57 year old from Rose Bay in Sydney's Eastern Suburbs, said. "You realise that there's something very strange going on."
The part-time Uber driver and Julian Assange activist, who describes herself as a "truth-seeker" is part of a growing group of Australians who have health and privacy concerns about the next generation of high-speed mobile technology.
But her views on 5G are not supported by mainstream science and are regularly rebutted by local institutions like the Australian Radiation Protection and Nuclear Safety Agency.
-----
Report the ‘first step’ towards nationwide primary care data asset
The massive data collection program should improve patient outcomes while potentially raising the profile and political leverage of general practice.
30 Aug 2019
According to the consultation report released by the Australian Institute of Health and Welfare (AIHW) this week, raising patient awareness and acceptance of the National Primary Health Care Data Asset (Data Asset) will be a specific focus in the second half of 2019.
University of Melbourne academic and member of the RACGP Expert Committee – Research (REC-R), Dr Jo-Anne Manski-Nankervis, told newsGP the consultation represents the ‘first step’ in the Data Asset’s development.
‘Positively, the AIHW has engaged in wide representation of a broad group of stakeholders including general practice and there is acknowledgement that it is important the data collection process should be transparent, profession-led and general practice involved in the interpretation of data,’ she said.
‘The development of the governance structure and mechanisms of data flow are going to be important to consider moving forward, as well as the data that is eventually housed in the asset so that it is of value to shaping health policy, providing data back to general practice and informing the care that is provided in the community.’
-----
-----
30 August 2019
Data key to unlocking value-based healthcare
Moving our healthcare system from a fee-for-service model to one based on patient health outcomes remains the nirvana of one of Australia’s leading health policy experts.
“The way to transform the health industry is to realign competition so it’s based on value for patients, not just cost,” said Dr Stephen Duckett, Health Program Director at the Grattan Institute at a recent CEDA event in Sydney. Value for patients was equal to outcomes, divided to cost, he added.
The need for this move is well-established. The current system, while it has served us well to a point, is unsustainable financially and tends to reward volume rather than quality. The system, as it stands, does not promote or allow for the promotion of the best value practices.
Dr Duckett cited the example of an audit of hip prostheses and the rate of revision procedures that had been done with each different brand of prostheses. The audit found that the revision rate between the various prostheses ranged from between 2 and 8 percent. In an ideal world, all orthopaedic surgeons would be using the prosthesis associated with the lowest rate of revision. But this is not the case.
-----
Friday, 30 August 2019 00:26
Email security architecture vulnerability to cybercriminals attacks needs reassessment
Email remains one of the key attack vectors used by cybercriminals, leaving many organisations hugely vulnerable because they don’t have adequate protection in place, according to software company Wavelink, a distributor for security vendor Fortinet
And the latest industry data shows that 94% of malware was delivered by email, demonstrating what Wavelink says is the crucial importance of securing this business-critical function.
In fact, email scams cost Australian businesses more than $60 million in 2018 according to Scamwatch.
Ilan Rubin, managing director, Wavelink, said, “These attacks are both sophisticated and hard to detect, as they rely to a large extent on human error. The more protections organisations can put in place to secure email, the less likely they will be to fall victim to email-related cyberattacks.”
-----
Councils tracking our faces on the sly
Police and councils in Australian cities have begun quietly integrating facial recognition systems with their CCTV camera networks, as other jurisdictions seriously consider introducing the same technology, despite concerns from privacy groups about the data being hacked or misused.
An investigation by The Australian can reveal that police in Melbourne and Perth use facial recognition technology with CCTV vision, and Gold Coast and Hobart authorities are investigating the implementation of the technology that detects and records every individual who passes by a camera with the capability.
The revelations come as experts express concern over a lack of regulation and the risk that private biometric data recorded without the public’s consent could be hacked, warning that the move to roll out the technology was “unleashing something really difficult to pull back from”.
The technology is the same as that used by London CCTV cameras to combat the risk of terror attacks and by China’s social credit surveillance system, which tracks citizens’ movements and behaviour and stores information on a national database.
-----
Surveillance cameras with AI are watching you
Surveillance cameras with artificial intelligence are zooming in on us around the world — and they know exactly who you are.
Higher camera resolutions and more sophisticated computer algorithms can confirm our identities in real time, checking a face against images in government databases, such as passport photos and driver’s licences.
These images and other biometric data increasingly will be used by law enforcement to identity you, and by local government and even private agencies to check if they are dealing with the correct person.
Many will applaud the benefits of facial recognition, such as quickly verifying criminals robbing a convenience store. Banks could confirm they were dealing with the real you after verifying your identity against an image accessed nationally through the Department of Home Affairs.
-----
On the brink of privacy class actions in Australia: All eyes on pending OAIC determination
Most people are likely aware of the March 2018 'Cambridge Analytica' incident which involved alleged unauthorised access to and misuse of personal information of users of the social media giant. Those who have been following this incident will also know that the Office of the Australian Information Commissioner (OAIC) is formally investigating the incident, with a much anticipated decision soon to be handed down by the Commissioner.
To date, there has been a relative shortage of privacy litigation being commenced against companies and government agencies, let alone any successful class action determinations through the Courts. This is a result of various shortcomings in the Australian legal landscape and legislative framework, which in its current form is not sufficiently robust to provide affected individuals with appropriate avenues to easily seek redress following a mishandling or breach of their data.
Against this background, the overall findings, determination and willingness of the Commissioner to award compensation has the potential to fundamentally impact the operation of Australia's privacy regime, particularly as it could provide affected individuals with the ability to claim compensation en masse, when their data is affected by a data breach, or if there is mishandling of their data in contravention of privacy laws and regulations.
-----
Health informatics — more than just data
By Jacqui Jones
Thursday, 29 August, 2019 ADHA Propaganda
Thursday, 29 August, 2019 ADHA Propaganda
Digital platforms provide the healthcare industry with great opportunities to empower the patient.
Health informatics is about more than just data — it’s an opportunity to empower the patient.
That’s the view of industry specialist Alexandra Ehrlich, who says health care would do well to follow the lead of the retail and banking sectors when it comes to embracing digital platforms.
Australia was already taking a step in the right direction with the national digital health My Health Record system, she said.
-----
Evaluating the Contextual Integrity of Australia’s My Health Record
Authors Timothy Kariotis, Megan Prictor, Shanton Chang, Kathleen Gray
Pages 213 - 218
DOI 10.3233/SHTI190166
Category Research Article
Abstract
My Health Record (MyHR) is Australia’s national personally-controlled electronic health record. Initially established in 2012, it moved from an opt-in to an opt-out system in 2018. This paper considers the privacy aspects of MyHR shared health summary. Drawing on Nissenbaum’s theory of privacy as contextual integrity, we argue that the shift in the event-specific nature of information sharing leads to MyHR breaching contextual integrity. As per Nissenbaum’s decision heuristic for contextual integrity, we evaluate this breach through a reflection on the changing nature of health care, including patient empowerment, and the greater complexity of care. It is evident that more needs to be known about the benefits of shared health summaries, as well as the actual use of MyHR by clinicians and patients. Though we focus on MyHR, this evaluation has broader applicability to other national electronic health records and electronic shared health summaries.
My Health Record (MyHR) is Australia’s national personally-controlled electronic health record. Initially established in 2012, it moved from an opt-in to an opt-out system in 2018. This paper considers the privacy aspects of MyHR shared health summary. Drawing on Nissenbaum’s theory of privacy as contextual integrity, we argue that the shift in the event-specific nature of information sharing leads to MyHR breaching contextual integrity. As per Nissenbaum’s decision heuristic for contextual integrity, we evaluate this breach through a reflection on the changing nature of health care, including patient empowerment, and the greater complexity of care. It is evident that more needs to be known about the benefits of shared health summaries, as well as the actual use of MyHR by clinicians and patients. Though we focus on MyHR, this evaluation has broader applicability to other national electronic health records and electronic shared health summaries.
-----
The My Health Record System: Potential to Undermine the Paradigm of Patient Confidentiality?
Author
Gabrielle Wolf and Danuta Mendelson
Australia’s national electronic health records system – known as the ‘My Health Record (‘MHR’) system’ – may threaten to undermine the traditional paradigm of patient confidentiality within the therapeutic relationship. Historically, patients have felt comfortable imparting sensitive information to their health practitioners on the understanding that such disclosures are necessary and will be relied on principally for the purpose of treating them. The MHR system potentially facilitates access to patients’ health information by individuals and entities beyond the practitioners who are directly providing them with healthcare and, in some circumstances, without the patients’ consent. It may also enable patients’ health practitioners and their employees to read records that those practitioners did not create or receive in the course of treating the patients and that are irrelevant to their treatment of them. The MHR system could have harmful consequences for individual and public health if patients become unwilling to disclose information to their healthcare providers because they fear it will not remain confidential. In addition to examining the risks of breaches of patient confidentiality in the MHR system, this article considers how the potential benefits of an electronic health records system might be achieved while maintaining patient confidentiality to a significant extent.
-----
Wednesday, 28 August 2019 12:06
Malicious, criminal attacks dominate data breaches in Australia
Malicious or criminal attacks were the largest source of data breaches in Australia in the three months to the end of June this year, accounting for 62% of all data breaches, according to a new report.
Of these 151 data breaches, 69.5% involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, or compromised or stolen credentials.
The Notifiable Data Breaches report from the Federal Government’s Office of the Australian Information Commissioner (OAIC) released on Wednesday, also reveals that while malicious or criminal attacks dominated data breaches, human error – the second largest source of breaches - accounted for 84 data breaches and system faults for 10 breaches.
Human error breaches involved breaches such as sending personal information to the wrong recipient via email (35%), unauthorised disclosure through the unintended release or publication of personal information (18%), as well as the loss of paperwork or data storage device (12%).
-----
'Human element' major factor behind most data breaches: OAIC
By Jenny Noyes
August 27, 2019 — 5.53pm
Mistakes by staff and customers of organisations that handle sensitive personal information are a key factor in both accidental and malicious data breaches, according to new national figures that reveal the health and finance sectors remain responsible for the most breaches.
According to the latest Notifiable Data Breaches (NDB) scheme statistics report from the Office of the Australian Information Commissioner (OAIC), about one in three data breaches from April 1 to June 30 were caused by compromised login credentials.
Clicking on phishing emails or reusing passwords across multiple services were common culprits, particularly when it came to large-scale malicious and criminal breaches – which accounted for 62 per cent of the 245 data breaches identified last quarter.
Of the 151 malicious breaches, almost 70 per cent involved cyber incidents – most which (46) were the result of phishing – which is when an email or text message posing as a legitimate organisation is sent with the purpose of tricking its targets into giving away personal details such as passwords.
Brute-force attacks, where automated software is used to generate a large number of potential login credentials, accounted for five breaches. Another 32 were the result of compromised credentials where the method for obtaining the login details was unknown.
-----
Use of My Health Record in Acute Settings: For Hospital Pharmacy
This webinar will provide an overview of the My Health Record system and contextualise its use in acute settings, highlighting how My Health Record may assist hospital pharmacists in their delivery of care. It will also describe the range of clinical information available through My Health Record and outline hospital pharmacy staff’s role and responsibilities in the context of My Health Record.
There will be an opportunity for Q&A during this session.
Venue: Webinar
Date/Time: Part day | Tue 15 Oct 2019, 1:00 pm - 2:00 pm (1hr)
Event Organiser: Australian Digital Health Agency
Email: Click here
-----
Leveraging My Health Record to Improve Workflow – A Session for Practice Managers
This webinar is intended for practice managers and will provide an overview of the My Health Record system, highlighting the benefits for the practice, the providers and the patient. Content will cover strategies on how to embed My Health Record to improve practice workflow and increase efficiencies.
There will be an opportunity for Q&A during this session.
Venue: Webinar
Date/Time: Part day | Wed 9 Oct 2019, 1:00 pm - 2:00 pm (1hr)
Event Organiser: Australian Digital Health Agency
Email: Click here
-----
Our sector has duty to protect first responders
Con Balaskas
When was the last time you stopped to think about the mental and physical health and wellbeing of first responders because of the work they do?
According to Australian mental health organisation Beyond Blue, nearly 40 per cent of emergency service workers are diagnosed with a mental health condition, compared with the 20 per cent of all adults in Australia.
Emergency services personnel must be ready to respond at a moment’s notice, but the complex nature of their work means they are exposed to increasingly challenging environments. Natural disasters in Australia are growing more intense, leading our federal government to appoint a Bureau of Meteorology-led expert team to predict the dangers of our deadliest heatwaves. Public safety personnel are also being exposed to more extreme events in the field and online, such as the Christchurch mosque attacks and graphic online video content that came from that event.
-----
Is Apple's credit card better for privacy? We tested it.
Geoffrey Fowler
Aug 27, 2019 — 8.33am
Washington | I recently used my credit card to buy a banana. Then I tried to figure out how my credit card let companies buy me.
You might think my 29-cent swipe at Target would be just between me and my bank. Heavens, no. My banana generated data that's likely worth more than it is. It ended up with marketers, Target, Amazon, Google and hedge funds, to name a few.
Oh, the places a banana will go in the sprawling card-data economy. Despite a federal privacy law covering cards, I found six types of businesses could mine and share elements of my purchase, multiplied untold times by other companies they might have passed it to. Credit cards are a spy in your wallet - and it's time we add privacy, alongside rewards and rates, to how we evaluate them.
-----
Tuesday, 27 August 2019 03:46
Government-mandated encryption backdoors weaken election infrastructure: Venafi survey
Machine identity protection provider Venafi has found that a survey of government-mandated encryption backdoors show that 80% of the respondents say countries with government-mandated encryption backdoors are more vulnerable to cyberattacks targeting election infrastructure.
The survey evaluated the opinions of 384 IT security professionals attending Black Hat USA 2019 and also found that 74% of the respondents say countries with government-mandated encryption backdoors are more susceptible to nation-state attacks.
Additional findings included:
- 72% believe laws that allow governments to access encrypted personal data will not make us safer from terrorists.
- 70% believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace.
· 84% would never knowingly use a device or program from a company that agreed to install a backdoor.
“Last month, the US Senate Intelligence Committee reported that election systems in all 50 states were targeted by Russia during the 2016 election,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
-----
ABS re-examines how long it keeps Census names, addresses
By Justin Hendry on Aug 26, 2019 12:33PM
Independent privacy assessment to inform decision.
The Australian Bureau of Statistics could reconsider its controversial decision to retain names and addresses collected as part of the Census for four years in time for the next national survey.
The agency in charge of Australia’s largest peace time operation on Friday said privacy consultancy Galaxia had been brought in to assess how long names and addresses should be kept after the next Census slated for 2021.
The work will form part of an independent privacy impact assessment (PIA) of the upcoming survey, which will look at potential privacy issues or risks and recommend way to minimise or manage these.
-----
26 Aug 2019
Media Release: Doctors, Lawyers, and Privacy Experts Denounce Sharing Patient Health Data for Secondary Use
Posted by Lyndsey Jackson
Australia, Melbourne — Monday 26 August 2019 — EFA, Future Wise, Digital Rights Watch and APF today call again for a comprehensive review of privacy provisions for healthcare data.
Following the HealthEngine scandal in 2018, and the recent use of Pharmaceutical Benefits Scheme (PBS) data to assist recruitment into research on Bipolar disorder, a Twitter user on Friday 23 August shared a SMS message attempting to recruit him into a clinical trial.
This appears to have occurred through the use of Precedence Healthcare’s InCa (Integrated Care) health platform. Research by members of digital rights organisations today revealed that sensitive patient details—including contact details, demographics and complete medical histories—can be shared with a wide range of partners, including, it appears, private health insurers.
-----
The digital human: the cyber version of humanity’s quest for immortality
August 26, 2019 5.53am AEST
PhD Researcher in Virtual Reality, Auckland University of Technology
Some people have gone as far as cryogenic freezing after death in the hope that one day science will have advanced enough to resurrect them. Others believe the route to immortality lies in the digital realm.
The theory that humans can be digitised and live on within the digital confines of a computer-based existence has been the subject of debate. But until recently, no one had taken the idea much beyond research and discussion.
Last year, a consortium of unidentified individuals launched Virternity with the stated goal of a digital life for all. A world that would be owned not by any government but by the people.
-----
Comments more than welcome!
David.
7 comments:
re: "Health sector urged to engage with calls for regulatory crackdown on powerful digital platforms"
https://croakey.org/health-sector-urged-to-engage-with-calls-for-regulatory-crackdown-on-powerful-digital-platforms/
The term "Digital platforms" is defined as "Digital search engines, social media platforms and other digital content aggregation platforms"
myhr looks a lot like a "digital content aggregation platform", so I assume everything they come up with that applies to Google, Facebook etc will apply to myhr.
Re the Data Sharing and Release Legislative Reforms, Discussion Paper
https://www.datacommissioner.gov.au/sites/default/files/2019-09/Data%20Sharing%20and%20Release%20Legislative%20Reforms%20Discussion%20Paper%20-%20Accessibility.pdf
"The Data Sharing and Release legislation will not allow public sector data to be shared if it is considered too sensitive, for example, because it would threaten Australia’s national security or because the Australian community does not support it. There are two main classes of information that will likely be exempted from the scope of the legislation:
• information collected or held by the National Intelligence Community
• information provided under the My Health Record scheme."
a) It is a good thing that myhr data will probably not fall under the Data Sharing and Release legislation.
b) It is not clear if other arrangements can be made to permit agencies to share myhr data.
c) However, once myhr data move out of the myhr system, all sorts of data sharing can and will happen, after all that's why myhr was built - to improve access to patient data.
A bit of a conundrum.
I don't understand. Why have they specifically singled out My Health Record?
"Why have they specifically singled out My Health Record?"
"because the Australian community does not support it."
As I said, we do not know what other arrangements could be made to shared health record data.
And unless Tim Kelsey has had a 180 degree change in direction, he is in full support of the government having access to and sharing our healthcare data.
Long live the database state
Smarter use of public service statistics can save lives as well as money. But anxious civil libertarians want to stop the state sharing our personal records. They must not succeed
by Tim Kelsey
July 29, 2009
https://www.prospectmagazine.co.uk/magazine/longlivethedatabasestate
myhr looks a lot like a "digital content aggregation platform", could be right Bernard.
This is where the APS may find themselves in a pickle. Can they serve the interest of the community or are they now at conflict and unable to make legitimate and fair legislation?
There is also the question if the information in the myhr is now commonwealth records and subject to an appointed records authority.are theyaleto simy delete this information from a commonwealth system of record?
And what of all that personal information collected as part of opt out? That would be quite separate from any rules in myhr legislation and through theArcbjves Act the privacy principles are irrelevant
Re the Data Sharing and Release Legislative Reforms
The Federal government collects large amounts of data as part of providing public services - welfare data, tax data, health payments data (MBS/PBS, aged care data etc.)
The data sharing legislation has two parts 1. the use of this data in order to improve public services. This is a fair argument, if done appropriately (whatever that might mean) and 2. the release of some of this data for use by non-government bodies.
Census data is a special case in that it is gathered purely to inform decision making, both governmental and private sector. In the past the ABS has done a good job of collecting, analysing and releasing data-sets. They are starting to run into a few problems with their MADIP (Multi-agency Data Integration Project) IMHO, because of a lack of transparency and the general increasing mistrust of Federal governments of both colours.
MyHR is an even more special case. The government does not deliver health care service (it pays for a lot, but does not deliver any - AFAIK), It is responsible for health policy and regulation, so having access to population level healthcare/delivery data is both justifiable and necessary but not data on the delivery of care to individuals.
The Department of Health believes that in time myhr will provide a longitudinal data set on a very large number of Australians that shows all the major lifetime healthcare events. In this they are ignorant of the realities of myhr. The data is and always will be incomplete, coarse grained and lacks context (which can only be improved by linking with other data sets). As a source of research data for medical and policy analysis purposes it is dubious at best and dangerous at worst.
The message the ADHA is putting out about the worth of myhr data is exaggerated and does not stand up to scrutiny. The problem the Health Department has is that they do not have the expertise to understand the details of the data in myhr and how it fits into the broader health information ecosystem. Mind you, I don't think the ADHA does either.
One thing that puzzles the Department of Health is the lack of engagement the public has with their healthcare data, especially the myhr. The department cannot understand why people are not happy to share their data.,
The reality is that people are quite comfortable sharing their health data if they see a clear benefit combined with a trust in the people with whom they share it.
It has not sunk in to the department that they and their offshoots (NEHTA/ADHA) have made a right royal mess of engaging with the public. Combined with a long track record of stuff-ups (The Australia Card, The Human Service Access Card, RoboDebt to mention a few) the government is steadily digging themselves a bigger hole from which they will find it ever more difficult to emerge.
What appears to be the latest strategies - let's redesign myhr to make it fit for purpose for the future, let's grab more patient data straight from GPs and call it QI ePIP, let's share data we've collected, let's not fix RoboDebt - will not, IMHO, do anything to correct the downward slide in trust.
Having a CEO of ADHA who has expressed the opinion that the government has the right to extract patient data from healthcare systems does nothing to allay the fear many people have regarding their data. IMHO, it's not privacy or the data people are worried about, it's the government.
And if you think I'm alone in my fears, read this:
Govt is coming for your data
Rosie Williams
September 4, 2019
https://www.innovationaus.com/2019/09/Govt-is-coming-for-your-data
"Until the Data Sharing and Release Act comes into effect, it is a breach of the Privacy Act and the Australian Privacy Principles, upon which it is based, for agencies to use our administrative data for secondary purposes not directly related to providing us service. Re-using our administrative data to create research products and services is one such secondary purpose forbidden by the Privacy Principles.
With the exception of "health data" – for which there is a carve-out – the Privacy Act requires that data can be collected by the government (and all entities subject to the Act) only where absolutely necessary and only to be used for the purpose for which it was provided.
The guidelines for secondary use of MyHealthRecord data stipulate that (due to the aforementioned exception), MHR data can already be integrated with other datasets:
'6.1 The Board can permit the linkage of MHR system data with other data sources once the applicant’s use is assessed to be of public benefit.'
The government would now like to expand this privilege across all your administrative data and override the Privacy Act where conflicts arise so that government and other organisations can share your data under the new framework put in place by the Data Sharing and Release Act."
Post a Comment