-----
This weekly blog is to explore the larger issues around Digital Health, data security, data privacy and related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board are dated 6 December, 2018! Secrecy unconstrained! This is really the behavior of a federal public agency gone rogue!
-----
Why using HIT standards fails to achieve interoperability
I started working in the Health IT area in 1994, on a major European Commission funded project. I attended years of standards meetings at HL7, CEN and occasionally OMG and ISO from 1999 to about 2012. And I’ve observed the constant failure of standards (through inappropriate hopes and expectations) to provide anything like a sustainable solution for interoperability. Here are the lessons I draw from this.
- Premise #1: interoperability is an outcome (i.e. an emergent quality), not a created input. You can’t achieve true (automatic) interoperability by trying to engineer for it. Why? Because interoperability happens at the touchpoints between parts of a system. To achieve it, you have to have a) knowledge of and b) some say in the architecture of those components – only then will you understand how to create interoperability at the interfaces in question.
- Premise #2: de jure standards should not be mistaken for architecture. Today’s HIT standards are attempts to engineer interoperability with no knowledge of the system components – they are essentially various forms of message on the wire. The result is O(10,000) mutually inconsistent interoperability points, not an interoperability-enabled architecture. Bureaucrats routinely mistake standards for architecture, saying things like ‘we must base our system on standards x, y, z’, or ‘we’ll design the system based on standards’. Only do that if you want to repeat the cycle of death.
-----
Government mulls greater role protecting private sector from cyber threats
Prepares for 2020 refresh of cyber security strategy
Rohan Pearce (Computerworld)06 September, 2019 10:21
The government is seeking feedback as to whether its role in fighting cyber crime should change in order to offer “greater assistance to Australian businesses to defend against highly sophisticated malicious actors”.
“State actors target Australian businesses for a range of reasons, including access to intellectual property and espionage. In these situations, it might not be possible for businesses to fully defend themselves given the skills and expertise of those targeting them,” a government discussion paper released today states.
“The Government is most concerned about threats to Australian businesses that provide essential services, such as energy, water, telecommunications and transport.”
-----
Government kicks off AU$15m pilot using data on Australians living with disability
The latest initiative from Minister for Government Services and the NDIS Stuart Robert.
A group representing the interests of Australia's state, territory, and federal governments has agreed to establish a National Disability Data Asset, which will compile data on those in the country living with disability.
The Australian Data and Digital Council, chaired by Minister for Government Services Stuart Robert, on Friday agreed to the initiative as the council believes it can pave the way for a federation-wide view of the lived experience of Australians with disability.
A pilot of the Disability Data Asset will initially compile data from the Commonwealth, New South Wales, Victoria, Queensland, and South Australia.
The pilot will receive up to AU$15 million in federal government funding, with part of the money to be used by government to explain why they think the initiative is a great idea to the people whose data will be used.
-----
Breach notification rules for new government data scheme, but no consent for sharing
Data sharing legislation likely to hit parliament in mid-2020
New legislation that will enable data collected by public sector agencies to be more easily shared is expected to be accompanied by new rules for data breach notifications, a discussion paper released today by the government said.
The government in May 2018 said it would introduce a new data sharing and release framework as part of a package of reforms sparked by the Productivity Commission’s report on the availability and use of data.
The Office of the National Data Commissioner (ONDC), which was established last year by the government, today released a consultation paper on the development of data sharing and release legislation. The paper states that the ONDC is still considering the kind of data breach scheme that is needed for the new framework.
-----
Consent removed from Australia's proposed data-sharing legislation
The National Data Commissioner won't be able to prevent data from being shared, rather they are tasked with capabilities to 'encourage' data custodians and accredited users to 'safely and respectfully share personal information'.
The Australian government has released a discussion paper on Australia's Data Sharing and Release Legislative Reforms, tweaking what it proposed last year by removing a fundamental element of privacy -- consent.
The paper [PDF] proposes the Data Sharing and Release legislation not require consent for the sharing of personal information.
"Instead, we are placing the responsibility on Data Custodians and Accredited Users to safely and respectfully share personal information where reasonably required for a legitimate objective," it says.
The paper says that following feedback, the government has "nuanced" its position on consent.
-----
6 September 2019
Time may be nigh for some medical software vendors
At the most recent Wild Health Summit in Sydney there were some subtle warnings in play for some of the country’s major healthcare software vendors, and indeed, even some for some of the major global vendors.
The people who pay for healthcare – mainly the government, but in the end, patients as well – aren’t going to tolerate specifying or using systems which do not have future-proofed, open architectures built in.
Until now, healthcare has stubbornly resisted the “open economy” technologies that have driven transformation in other markets. And many have expressed a view that healthcare is different and won’t transform like other markets because it is too complex, regulated, risky and culturally awkward.
But the new open economy is cheaper, safer, more efficient and much more patient friendly. Procurement by big government departments is now driving a change towards open technologies which offer safer and more efficient patient outcomes.
-----
Dutton to warn of evolving cyber threat to transport and power
Power stations, transport systems and industrial plants are likely to be the target of a new and potentially deadly threat from cyber attacks, forcing an overhaul of the nation’s cyber security strategy to repel state-sponsored hackers and criminals.
A surge in the scale and severity of malicious cyber activity — including the “hack and release’’ of sensitive information intended to embarrass targets, influence public opinion and interfere in democratic processes — will be revealed in a consultation paper to be released today by Home Affairs Minister Peter Dutton.
Self-driving cars in the future are also expected to be vulnerable to cyber attacks, with experts warning they could be forced off the road by hackers.
The paper, to kickstart the replacement of Malcolm Turnbull’s strategy drafted only three years ago, says state actors are “growing more organised, confident, and sophisticated in using cyber espionage and interference to promote their national interests”.
-----
Rosie Williams
September 4, 2019
Govt is coming for your data
Data structures: Big changes that you'd hardly know were happening
If you have never heard of the proposed Data Sharing and Release Act you are not alone.
The new legislation, which will over-ride the Privacy Act (where there are conflicts), has been quietly planned for the past year or so, without much fanfare and little media interest.
When it has been subject to reportage, the focus has been on the Consumer Data Right, which will require businesses to give consumers data they hold about us so we can transfer it to competitors for a better deal. The Consumer Data Right will be initially implemented in the banking sector, telecommunications and energy sectors.
But this new right is only one aim of the Data Sharing and Release Act, which has far wider implications and consequences. The new Act creates an entirely new system to govern what both government and private sector organisations will be able to do with the information they hold about us.
Anyone remotely interested in the ramifications of MyHealthRecord need to keep reading because what is being done to your health data is only one small piece of the puzzle when it comes to government plans for sharing our data.
-----
Thursday, 05 September 2019 11:32
Customer loyalty schemes under scrutiny from ACCC for ‘poor disclosure’, sharing consumer data
Australia’s competition regulator the ACCC has raised concerns over customer loyalty schemes including poor disclosure about how consumer data is used and shared, and the selling of insights from the data to other parties without consumer knowledge.
In a new draft report focussing on credit card operators, frequent flyer schemes and supermarket operators, the Australian Competition and Consumer Commission also questions whether consumers receive the benefits advertised by loyalty schemes and unilateral changes by loyalty schemes to their terms and conditions, including poor communication about how their schemes work.
The report also raises concerns about the “opaque terms and conditions of loyalty schemes” preventing consumers from making informed choices that align with their privacy preferences – and that consumers also have limited control over how their personal information and other data could be used by loyalty schemes and who it could be shared with.
“The privacy policies of these schemes are frequently very vague and don’t tell consumers who their data is being shared with or how it is being used, shared or monetised,” ACCC Chair Rod Sims said.
-----
YouTube fined for collecting data on children
· Dow Jones
YouTube has agreed to provide new protection for children on its platform and pay a $US170 million fine, in a settlement that sharpened government debate over how to rein in technology giants.
The US Federal Trade Commission and the New York state Attorney-General announced the penalty for YouTube following a year-long investigation in response to complaints from consumer groups, which said the video platform illegally collected data on children to sell ads for products such as Barbie dolls and Play-Doh. The FTC said YouTube tracked internet activity for children under age 13, with the goal of keeping viewership high.
YouTube neither admitted nor denied wrongdoing as part of the settlement. No executives at YouTube or its parent, Google, were penalised. Democratic commissioners on the FTC, including the outspoken Rohit Chopra, voted against the action, losing in a 3-2 vote.
YouTube chief executive Susan Wojcicki said YouTube would make changes to its platform, including switching off comments on children’s videos and cutting off data collection on videos aimed at kids. These changes, YouTube said Wednesday, would take effect in January to give video creators time to adjust.
-----
Wednesday, 04 September 2019 11:08
Smart devices raise fear of privacy invasion for Australians
Australians are concerned about their privacy with smart devices listening in on their conversations, and allowing organisations to extract personal information from their digital footprints.
According to a report from Unisys, 41% of Australian smart device owners say they started receiving social media posts and ads about a topic they had recently talked about aloud - and almost two-thirds of them say it concerns them.
And just over a quarter (28%) report that, while they were talking aloud, the virtual assistant in their smartphone or smart watch had asked them for more information or to repeat themselves even though they had not turned it on.
Similarly, 26% say that, while they were talking aloud, a voice-activated smart speaker had asked them for more information or to repeat themselves even though they had not turned it on.
-----
Government set to reform data-sharing policies
Sep 3, 2019 — 12.01am
The Coalition is endeavouring to tackle a "labyrinth" of more than 500 separate privacy and secrecy provisions that have prevented it from sharing data between departments, as it tries to keep pace with international standards.
Government Services Minister Stuart Robert will announce the launch of a discussion paper on Tuesday, with the government seeking submissions from the community on how to streamline its data-sharing protocols while maintaining appropriate privacy and safety provisions.
Mr Robert told The Australian Financial Review the government wanted to be able to get to a point where citizens could go to one website or one app for all of their needs.
"If you go to your Telstra app you can login biometrically, move to their CRM system and see all of the services that you have with Telstra and you can do everything from one place ... Citizens are saying where is the one app for government?" he said.
-----
National framework needed for ethical AI
Sassoon Grigorian
It’s timely a new study by the Australian Council of Learned Academies has shown that 79 per cent of Australians surveyed want artificial intelligence to be programmed to be ethical.
The report posed pertinent questions from some of Australia’s top scientists: “what kind of future society do we want to be?”, and “how prepared are we to harness and regulate AI?”
Trust and ethical AI go hand in hand and that’s why we believe now is the time to put in place Australia’s first framework for ethical AI.
The recent first step by the Australian government to consult with industry and experts earlier this year is a welcome one. However, more can be done to create a national framework.
-----
Porter’s office in privacy breach
Who knew the one thing that could unite Australia’s diverse multicultural leaders was a privacy breach by the Attorney-General’s office? Christian Porter gathered religious leaders and journalists at The Great Synagogue in Sydney’s CBD last Thursday to read his draft religious discrimination bill. Not all attended — the Catholic Church and Australian Christian Lobby boycotted the event and other faith groups were told to avoid being used for a photo opp with Porter. As the Attorney-General gave his 11-page speech, an email was sent at 11:31am with a link to the draft bill. But Porter’s office forgot to hide the more than 100 recipients, exposing the private emails of some of the most senior members of Australia’s religious, faith, legal and human rights communities. Including: the Grand Mufti of Australia, Ibrahim Abu Mohammed; Anglican Archbishop of Sydney Glenn Davies; Sydney’s Catholic Archbishop, Anthony Fisher; the executive council of Australian Jewry co-CEOs Peter Wertheim and Alex Ryvchin; Justice Stephen Rothman SC; Australian National Imams Council spokesman Bilal Rauf; NSW Liberal president Philip Ruddock; and Scott Morrison’s legal adviser Daniel Ward. “It just looked really sloppy, and a bit odd, given this was all about protecting religious communities,” one religious leader who received the email tells Strewth. “It took me about five seconds to see everyone on the list there. It’s bizarre because the invitation to the event that was sent beforehand BCC’d everyone. The vibe I got from that email was that it was poorly handled, especially as it was sent out midway through his speech.” After we alerted Porter’s office to the mistake, they issued an apology to those caught up by the “administrative error”.
-----
'Orwellian police state': London's top cop warns of dangers of policing in digital age
By Lucy Cormack
September 3, 2019 — 6.00am
The UK’s most senior police officer says modern law enforcement must grasp the ethical dilemmas of data, robotics and artificial intelligence or risk sleepwalking "into a ghastly, Orwellian, omniscient police state.”
Commissioner of London’s Metropolitan Police Service, Cressida Dick made the comments in an address to the Lowy Institute in Sydney on Monday evening, where she described data as vital “kit”, but only to enable humans “to make better decisions.”
“We’re now tiptoeing into a world of robotics, AI and machine learning ... the next step might be predictive policing,” she said.
“People are starting to get worried about that ... particularly because of the potential for bias in the data or the algorithm, [like] live facial recognition software."
-----
Secret penetration tests, fines for banks under PayID security crackdown
NPP deploys ‘unilateral’ protections to harden network.
Australian banks and credit unions will have their transactional systems secretly penetration tested to arrest deficiencies and stop fraud and abuse of institutional infrastructure plugged into to the New Payments Platform after two PayID look-up attacks.
The NPP on Monday confirmed it was quickly taking its own steps to look for security holes among participants, a move bolstered by looming designation of particular security settings, like PayID address query limits, under its scheme rules.
The designations, which will go before the NPP board within a fortnight, can attract fines of $500,000 for non-compliant institutions.
-----
Is a mobile phone a computer? The Federal Court says no
The Federal Court of Australia recently found in Luppino v Fisher that a mobile phone should not be treated as a “computer” or a “data storage device”. This had the effect of invalidating an earlier order made under s3LA of the Crimes Act 1914 (Cth) requiring the plaintiff to assist police to access data stored on a mobile phone, on the basis that the mobile phone was not a computer. The Australian Federal Police (AFP) has appealed this finding, with the appeal to be heard at a date to be determined.
Background
The case concerned an order made in October 2018 under s3LA of the Crimes Act requiring the plaintiff in the case to provide to the AFP information (specifically, a password) to enable the AFP to access data held on a Samsung mobile phone.
Notwithstanding the October order, the plaintiff continued to refuse to provide the password to the AFP and commenced proceedings alleging that the order had been made erroneously.
-----
Employment and privacy: can employees be made to divulge personal information?
In the digital world, data is an asset. It can be one of the most important assets an organisation has because it defines each organisation's uniqueness. This can of course include employee data. There are, however, detailed rules regulating the collection of employees' personal data. The Full Bench of the Fair Work Commission in Jeremy Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 (the "Lee Case") recently delivered a decision which highlights that employers need to be careful when handling employee data, particularly if an employee's refusal to provide information is used as a grounds for dismissal.
This update will first discuss the privacy rules most relevant in an employment context and then explore how these principles were applied in the Lee Case, before giving some key takeaways.
Privacy principles in an employment context – a summary:
The collection, use and disclosure of data in Australia is governed by the Privacy Act 1988 (the "Act") and by the Australian Privacy Principles (APPs) which are contained in the Act. In relation to private-sector employers, the APPs only apply to "APP Entities", (as defined in section 6 of the Act). This definition includes most organisations that are not classified as "Small Business Operators". "Small Business Operators" are generally businesses that have an annual turnover of $3,000,000 or less.
-----
Machine learning in clinical practice: prospects and pitfalls
Ian A Scott, David Cook, Enrico W Coiera and Brent Richards
Med J Aust 2019; 211 (5): . || doi: 10.5694/mja2.50294
Published online: 2 September 2019
Published online: 2 September 2019
Machine learning has huge potential to enhance clinical decision making, but there are still many limitations
Machine learning (ML), a subdiscipline of artificial intelligence, encompasses a family of computerised (machine) methods that identify (learn) patterns in large (training) datasets not detectable to humans (Box 1). Identified patterns are then encoded in a computer model or algorithm which is then tested and validated on new data. Three basic ML types exist (Box 2), with supervised and reinforcement learning being used most frequently.
-----
Comments more than welcome!
David.
No comments:
Post a Comment