Tuesday, November 12, 2019

Commentators and Journalists Weigh In On Digital Health And Related Privacy, Safety And Security Matters. Lots Of Interesting Perspectives - November 12, 2019.

-----
This weekly blog is to explore the larger issues around Digital Health, data security, data privacy and related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board are dated 6 December, 2018! Secrecy unconstrained! This is really the behavior of a federal public agency gone rogue – and it just goes on! When you read this is will be 11 months + of radio silence. I wonder how far the ANAO report is away?
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon.
-----

Sharing data safely while preserving privacy

·         Giske Ursin
·         Nea Malila
·         Jenny Chang-Claude
·         Marc Gunter
·         Rudolf Kaaks
·         Ellen Kampman
·         et al.
Published: November 07, 2019DOI:https://doi.org/10.1016/S0140-6736(19)32603-0
Analysing personal data is a privilege requiring researchers to safeguard data and to use data wisely. Safeguarding data means protecting the identity of individuals. Using data wisely means using, reusing, and sharing data to their maximum potential. More researchers should be given safe access to previously collected data from expensive clinical trials and laboratory or epidemiological studies. Journal editors therefore increasingly require a data sharing statement in published articles.
Data sharing must, however, be safe, regulated, and in line with current legislation. Unfortunately, some journals encourage researchers to post their data openly in downloadable files, regardless of whether these are aggregated or individual level data. Such practice is potentially challenging to the privacy of individual participants.
Although sharing biological data such as serum values or RNA expression data in an Excel file on a journal website might seem innocuous, such open sharing requires extreme prudence from researchers and journal editors. Data on other variables might be necessary to replicate the original analyses (eg, age, gender, geographical location, socioeconomic status, lifestyle details, comorbidity, and disease). However, these data pose a potential risk of backwards identification of specific individuals. Increasingly sophisticated web crawler software can find common text or numbers across all published data and domains. The larger the number of variables, the greater the risk with modern technology.
The following is also worth a look on the issue:
-----

When governments have access to DNA databases, you’re right to be scared

We should be wary of what authorities can do with such sensitive genetic information
Last week, at a police convention in the US, a Florida police officer revealed he had obtained a warrant to search the GEDmatch database of a million genetic profiles uploaded by users of the genealogy research site. Legal experts said this appeared to be the first time an American judge had approved such a warrant.
“That’s a huge game-changer,” observed Erin Murphy, a law professor at New York University. “The company made a decision to keep law enforcement out and that’s been overridden by a court. It’s a signal that no genetic information can be safe.”
At the end of the cop’s talk, he was approached by many officers from other jurisdictions asking for a copy of the successful warrant.
Apart from medical records, your DNA profile is the most sensitive and personal data imaginable. In some ways, it’s more revealing, because it can reveal secrets you don’t know you’re keeping, such as siblings (and sometimes parents) of whom you were unaware. It can also contain information about inherited vulnerabilities that might be of great interest to, say, insurance companies. And, of course, your genetic profile contains information about your ethnic antecedents.
-----

Banks, insurers and superannuation funds making basic cyber security errors, says APRA

The Australian Prudential Regulation Authority has received 36 data breach notifications since issuing its latest cybersecurity guidelines in July, with executive board member Geoff Summerhayes warning that local financial services providers were still making basic errors.
While the 36 breaches disclosed were relatively minor, Mr Summerhayes warned that they are just the tip of the iceberg.
“With some cyber-incidents taking years to detect, it’s entirely possible that one of the banks, insurers or super funds has been compromised and we simply don’t know about it,” he said at the CyBSA 2019 Cyber Breach Simulation event in Sydney on Thursday.
 “To date, no APRA-regulated entity has experienced a breach material enough to threaten its viability, but I can assure you it’s not for want of trying.
-----

Australian Christian Lobby thinks NBN or telcos should do age verification

If the government-owned broadband wholesaler begins to collect identity data on all Australians, heaven help us.
By Chris Duckett | November 6, 2019 -- 03:26 GMT (14:26 AEDT) | Topic: Security
Having a hard time getting the National Broadband Network (NBN) to show up on time for an appointment? If you think it's bad now, wait until you need the company that is responsible for the deploying the NBN across Australia to tell a porn site you are a legal adult.
This is a future that the Australian Christian Lobby (ACL) believes in.
In a submission to the House of Representatives Standing Committee on Social Policy and Legal Affairs' inquiry into age verification for online wagering and online pornography launched in September, the ACL put forward its thoughts on how the verification process should occur.
"The details required to prove their age are registered into the site of the third-party age verification provider. The third-party will then pass back either a pass or fail to the first site. Due to the intentional separation of the site and its providers, the site cannot see nor store any of the age verification data," it said.
-----
Denham Sadler
November 8, 2019

Medicare data plan a privacy risk

Greg Hunt: Has said government sought to strike a balance on privacy
The government’s proposed Medicare data-sharing scheme will put the privacy of all Australians at “serious risk”, a data privacy expert has said.
The Coalition unveiled draft legislation for the Health Amendment (Data-matching) Bill 2019, which would facilitate data-matching on health information between departments and agencies for the purpose of cracking down on fraudulent Medicare claims, in September.
The Bill greatly expands the data-matching scope to include data from the Medical Benefits Scheme, Pharmaceutical Benefits Scheme, Veteran Affairs, Home Affairs, the Australian Health practitioner Regulation Agency and the Therapeutic Goods Administration, with private insurers also potentially involved.
The government ran consultations on the new scheme and accepted submissions until 11 October. Just two weeks later, the legislation was introduced to Parliament.
-----

Labor leadership devoid of tech talent: ALP autopsy

By Julian Bajkowski on Nov 8, 2019 1:26PM

Bemoans “lack of digital literacy within Labor’s senior ranks.”

“Few, if any, Party officials have genuine expertise in how digital platforms work and how progressive organisations can make the most of the opportunities they offer.”
“Labor employs very few digital specialists and often the default position is to define digital as the responsibility for managing some social media accounts and to allocate this to relatively junior staff and officials.”
Those are just two of the brutal observations made in the Australian Labor Party’s election loss autopsy that found multiple causes of electoral death – and no detectable digital pulse at a time when campaign technology and online communications have become politically weaponised.
In an excoriating take-down of the progressive party’s organisational structure and leadership competencies, the review by Craig Emerson and Jay Wetherill says “Labor’s reluctance to embrace ‘digital-first’ campaigning left it flat-footed and falling behind its opponents.”
-----

'If in doubt, say no': why phone apps want permission to use your personal data

Apps are a gateway to your personal data. Are they spying on you? How do you outsmart your smartphone?

November 8, 2019
Smartphones are incredibly useful tools and entertainment devices.  They are also a gateway to a massive amount of our personal data. They can find out where we are, listen to us and see us, know who we talk to and what's on our schedule. And, through apps, as downloaded to your phone through Apple or Google's store, companies can leverage this information to provide us with services and them with valuable data.
Both Apple's iOS and Google's Android systems have evolved to contain very robust data permission regimes and, in general, apps ask your permission to access your data because they need it for one function or another.
But some apps do get out of hand, as was seen recently with a NSW government digital ID app that was supposed to replace plastic driver licences but instead appeared to ask for everything from location data to camera access.
It's easy to see how the constant, seemingly intrusive data requests can play into the general user's suspicions that their phone is spying on them.
-----

Public caring for My Health Record

ADHA Propaganda
The Australian Digital Health Agency has reported that its My Health Record scheme has reached a 90 per cent take up by the Australian public.
In its annual report, the Agency says 523 million health record documents were uploaded to the system between February and June this year.
Chief Executive of the Agency, Tim Kelsey said the report showed “significant progress toward the key priorities set out in the National Digital Health Strategy, endorsed by all State and Territory Governments through the Council of Australian Government (COAG) Health Council”.
Mr Kelsey said the report also showed the Agency had developed a national framework and new interoperability standards to ensure health professionals could securely and quickly send patient information to one another.
-----

Doctors often 'deeply conflicted' over end-of-life wishes

Futile treatments and out-of-date plans test doctors resolve to abide by advanced care directives: Aussie study
7th November 2019
Doctors can be “deeply conflicted” and sometimes struggle to comply with a patient’s end-of-life plans, especially if they feel the condition is treatable or they doubt the directive’s validity, an Australian study shows. 
The Victorian researchers say that hospital specialists are motivated most by a patient’s best interests, ahead of respecting their autonomy, when making medical decisions based on advance care directives (ACDs).
“Doctors tended to rely on their own clinical judgement to make treatment decisions, sometimes overriding the ACD on the basis that the treatments requested were ‘unreasonable’, ‘futile’ or that the patients’ condition was potentially ‘reversible’,” they wrote in the BMJ Open. 
-----

Treatable conditions, family tensions can see advance care directives overruled

Directives are meant to enshrine patient autonomy near the end of life, but doctors may be inclined to act in what they consider the patient’s best interest, new research has found.
07 Nov 2019
A new study has found that many doctors experience internal conflict when carrying out a patient’s legally binding wishes, particularly when the directives are vague or not current, or when the medical condition seems reversible.

The BMJ Open study led by Advance Care Planning Australia researchers gave 21 doctors at a Victorian hospital real-life scenarios to uncover how doctors use advance care directives in challenging circumstances.

The study found family opposition or a lack of access to the directives to be other reasons for overriding advance care directives.
-----

Queensland Health’s history of software mishaps is proof of how hard e-health can be

November 7, 2019 3.20pm AEDT

Author

Robert Merkel
Lecturer in Software Engineering, Monash University
A directive ordering Queensland Health staff to avoid upgrades to the state’s hospital electronic medical record system during parliamentary sitting weeks was recently reversed. After the email containing the directive was leaked, the state’s health minister Steven Miles revoked the directive. He said the timing of upgrades should be based on “what’s best for clinical care”.
Queensland’s integrated electronic medical record system (ieMR) is designed to provide information about patients in the state’s health system. The ieMR was built by Cerner, a global provider of electronic medical record software. Like any IT project of this scale, it’s extensively customised for Queensland Health and individual hospitals.
The directive to refrain from ieMR upgrades during sitting weeks seems to be connected to 38 system outages earlier this year. Most of these happened following upgrades performed by Cerner. On at least one occasion, upgrades didn’t go smoothly, and led to system outages that required clinicians to revert to paper-based methods.
The rollout of the ieMR system to new hospitals, which began back in 2011, was put on hold earlier this year.
-----

The eight step plan to better health privacy

Organisations in the health sector are handling sensitive health information on a daily basis, which is why it’s so important that these organisations clearly understand their privacy obligations, effectively manage health information and proactively implement privacy and data breach policies.
It is not just doctors who are defined as “health service providers”, privacy obligations apply to a broad range of providers from aged care through to childcare.
As we reported in the Health Insights, back in August 2018, the health sector is particularly vulnerable to notifiable data breaches. This has become very apparent since mandatory reporting under the scheme began in February 2018.
In the Office of the Australian Information Commissioner’s (OAIC) most recent 2019 Notifiable Data Breaches Statistics Report, health sector providers reported the most notifiable data breaches during the quarter, just above the financial sector.
-----

Your right to know: The battle to access your own personal information

By Debbie Cuthbertson
November 4, 2019 — 2.35pm
You want to see your own medical files. It should be as simple as asking for them, you think. You'd be wrong.
You ask your surgeon, who knocks you back. So does the hospital and then the health network it is managed by.
You submit a freedom of information request on your own behalf and at your own cost to view the documents they have on your own case.
But your request is rejected or, if it is partially approved, much of the information you seek is redacted.
-----

Telstra, NAB and CBA sign up for artificial intelligence ethics trials

Paul Smith Technology Editor
Nov 7, 2019 — 12.00am
Commonwealth Bank of Australia, Telstra and National Australia Bank are among five companies to have signed on to trial a new set of principles governing the development of systems using artificial intelligence, following a government consultation period for a national ethical framework.
The companies, along with Microsoft and ASX-listed Flamingo AI, have agreed to a trial period during which decisions taken on developing systems using AI will be referenced against a checklist of principles, to try to avoid creating unintended harmful consequences.
Technology companies such as Microsoft have previously published rules that govern their development and use of AI, but this trial is part of Minister for Industry, Science and Technology Karen Andrews’ broader remit to create an AI ethics framework and aims to involve companies from all sectors.
The checklist comprises principles that must be considered during AI development.
Human, social and environmental wellbeing must be assessed along with systems having human-centred values that respect human rights, diversity, and the autonomy of individuals.
-----

GPs urged to tell patients before sharing their deidentified data

Practices should also avoid sharing data for 'inappropriate purposes', RACGP says
6th November 2019
Practices should post signs in their waiting rooms informing patients they plan to share anonymised data and explaining how to opt out, the RACGP says.
The college has told practices to make patients aware of how they collect, store and use their records, including whether they provide any de-identified data to third parties.
The warnings should be displayed publicly as part of a privacy policy pinned up in the waiting room or on the practice’s website, the college suggested in guidelines released last week.
“While individual patient consent for sharing de-identified data is not a legal requirement, most data-extraction tools have functionality that enables individual patients to be removed from the extraction process,” it said.
“A practice may, therefore, wish to put a procedure in place to manage requests from patients who do not want their data to be used for secondary purposes.”
-----
Wednesday, 06 November 2019 12:40

Data breach risk from lag in adoption of cloud security

The use of cloud applications has grown extensively over the past 12 months, with Salesforce and Slack increasing by 55% and 44%, respectively, according to new research which also reveals a “significant” gap between the adoption of cloud-based tools and cloud security technologies, increasing the risk of potential data breaches.
According to enterprise mobile security vendor Bitglass - which conducted research with more than 138,000 companies worldwide - companies are at risk of suffering a data breach, and cautions that as more companies deploy cloud applications and modernise the way their employees perform their work, they must also implement effective security tools and strategies tailored to a cloud-first environment.
“Cloud adoption has grown at a staggering rate, allowing organisations to evolve and keep pace with the market’s ever-growing productivity and flexibility demands,” said Rich Campagna, CMO, Bitglass.
“The significant gap between the adoption of cloud-based tools and cloud security technologies indicates that most companies are at serious risk of suffering a data breach. Enterprises must understand that operating in the cloud is fundamentally different from the traditional way of conducting business, and that on-premises methods of protecting data are no longer sufficient.”
-----

Don’t stop there, Ministers: PSA

Australia’s health ministers have agreed to make QUM and medicines safety a National Health Priority Area

At last week’s meeting in Perth, the COAG Health Council discussed a number of national health issues, one of which was the Quality Use of Medicines.
The Council’s resulting communique highlights that medicines are the most common intervention in health care and can contribute to significant health gains – but can also be associated with harm.
“Half of all medication related harm is preventable and a coordinated national approach that identifies and promotes best practice models and measures progress towards reducing medication related harm has the potential to improve the health of Australians and create savings across the health care system,” it notes.
At the meeting, the Health Ministers agreed to make the Quality Use of Medicines and Medicines Safety the 10th National Health Priority Area.
-----

Is the ACCC becoming a second privacy regulator?

Australia October 31 2019
The ACCC has issued proceedings against Google for allegedly misleading consumers about the collection and use of location data.
Key takeouts
The ACCC has issued proceedings against Google for allegedly misleading consumers about the collection and use of location data.
This proceeding is further evidence of the ACCC's increased interest in privacy-related regulatory issues, as foreshadowed in its Digital Platforms Inquiry Final Report.
This case has potentially broader impacts for organisations' privacy compliance arrangements, in particular, representations (including by omission) made in privacy policies and notices, as well as the overall impression created by organisations with respect to their use and handling of data.
-----

Call of duty: Is there a game plan for e-sport addiction?

Kemal is a reporter at Australian Doctor Group covering clinical and medicopolitical news.
5th November 2019
A few months ago, 16-year-old professional gamer Kyle Giersdorf, known online as Bugha, took home $US3 million ($4.3 million) after winning the inaugural Fortnite World Cup.
For those unfamiliar with Fortnite, it’s an online, multiplayer video game where players fight it out in a post­apocalyptic battlefield, with the last one standing declared the winner.
Since its 2017 release, Fortnite has reached some 250 million players worldwide and reportedly generated billions of dollars for its developer, Epic Games.
But the game has also generated controversy amid concerns children as young as nine are becoming addicted to gaming; concerns perhaps vindicated by the addition of ‘gaming disorder’ to the latest edition of the WHO International Classification of Diseases (ICD-11) last year.
-----

4 pitfalls to GP burnout - and how to avoid them

Dr Duvefelt, aka 'A Country Doctor', is a family physician in the US.
5th November 2019
I looked at a free book chapter from Harvard Business Review today and saw a striking graph illustrating what we’re up against in primary care today.
Some things we do — some challenges we overcome — energise us or even feed our souls because of how they resonate with our true selves.
Think of mastering something like a challenging hobby. We feel how each success or step forward gives us more energy.
Other things we do are more like rescuing a situation that was starting to fall apart and making a heroic effort to set things right.
-----

New rules on IP rights and e-commerce to be set under RCEP free trade agreement

Australia is one of 15 Indo-Pacific countries committed to signing the Regional Comprehensive Economic Partnership (RCEP) agreement next year.
By Aimee Chanthadavong | November 5, 2019 -- 01:53 GMT (12:53 AEDT) | Topic: Tech Industry
A common set of rules on intellectual property (IP) and e-commerce and a new scope of trade for telecommunication services are among some of the expected benefits that will arise from the Regional Comprehensive Economic Partnership (RCEP) agreement when it is signed next year.
The Australian government has announced that Australia is one of 15 Indo-Pacific countries currently committed to signing the RCEP regional free trade agreement in 2020, after it agreed to all 20 chapters of the agreement during the ASEAN Summit in Bangkok on Tuesday.
Minister for Trade Simon Birmingham said the RCEP agreement would deliver new trade and investment opportunities for Australia.
-----

Anti-encryption laws open a door for cybercriminals

Rafael Lourenco
The latest Right to Know campaign may have caught most of Australia by surprise. But not the tech industry.
Thanks to the rollout and ramp-up of anti-encryption laws — designed to allow Australian police to compel technology companies to create backdoors in their security or encryption software — this push to prevent the Australian government from becoming a black hole of information is something we saw coming.
When the new laws were announced, it actually made us think twice of launching our cybersecurity practice here. Our reasoning: while the rest of the world frantically develops new ways to keep hackers out of emerging technologies, the Australian government is bizarrely letting them in.
Just like the police, we are preoccupied with detecting and eradicating cybercriminals. So we understand and respect the need for law enforcement to protect their citizens against abhorrent behaviour, both online and off.
-----

Privacy: Protect your information, reputation and staff: recent privacy breach cases and human error

Recent cases and the latest statistics from the regulator demonstrate that human error continues to be a key issue in data breaches, including where these human errors open up opportunity for hacking and other types of cyber-breaches.
Those in Not-for-Profits often suffer some financial impact, but also the issue of damaged reputations.
Victorian hospitals, Commonwealth Superannuation Corporation, online gaming company Zynga, online ticket company Get, PayID and food delivery company DoorDash – there has been no shortage of recent data breaches which have recently affected a wide range of organisations.
These high profile data breaches demonstrate the variety of different types of data breaches, from malicious activity to human error. They also demonstrate that data breaches can be operationally, reputationally and financially damaging.
-----

New regulations for e-prescribing and their impact on patent litigation in Australia

Australia October 30 2019
We provide an update on changes to electronic prescribing of medicines in Australia, and how this might impact on patent disputes.
Key takeouts
New regulations come into effect on 31 October 2019 that affect electronic prescribing for PBS-listed medicines. The changes do not apply to handwritten prescriptions and certain other types of prescriptions.
The key change is that the active ingredient of the medicine must be named on an electronic PBS prescription, instead of the current practice of stating the brand name only. This is part of the Federal Government's initiatives directed at increasing the uptake of generic and biosimilar medicines.
In future patent litigation it will be important to consider whether these have affected the likelihood of generic and biosimilar medicines being dispensed to patients in place of their branded equivalents.
-----

Big Tech has moved from offering utopia to selling dystopia

After 40 years of the private sector in ascendancy, the public realm is closing in on dominant companies, writes the FT's Rana Foroohar.
Rana Foroohar Columnist
Updated Nov 4, 2019 — 11.24am, first published at 11.18am
The tide has finally turned against Big Tech.
Last week, Twitter banned political advertising; EU antitrust chief Margrethe Vestager said she was considering much tougher monopoly standards; the city of Toronto pushed back on Google’s Sidewalk project; Australia sued the search giant over alleged misuse of location data; and US presidential candidate Elizabeth Warren called out Facebook’s political lobbying as she declared she would end the revolving door between business and policy if she wins the White House.
It has been a long time coming. Over the past 20 years, Silicon Valley’s largest companies have traced a narrative arc from utopia to dystopia. They have moved from being scrappy, garage-based innovators to surveillance capitalists who profit from personal data and have the power to swing elections and squash even large competitors.
-----

Healthcare is in danger of becoming humanless

Professor Leeder is an emeritus professor of public health and community medicine at the Menzies Centre for Health Policy and School of Public Health, University of Sydney.
4th November 2019
Two communication challenges that have hit the media recently should act as a warning for the increasing automation of communication for GPs.
First, there’s the mandatory new rules for referring patients to public hospital clinics in Victoria; and second, the ineffective management of patients supported by the National Disability Insurance Scheme (NDIS), which sees GPs’ involvement relegated to a form-filling exercise.
Australian Doctor reported last month that Victoria Health had introduced more formality in GPs’ referrals to specialist clinics, including vascular surgery, urology and adult ENT. Patients referred without ‘complete’ information — and the information required is extensive — will no longer be accepted, nor will patients whose referrals do not satisfy specific criteria.
For example, a patient referred for an aortic aneurysm requires radiological evidence that it is at least 4cm in diameter or is growing more than 1cm a year. And a patient for prostate cancer assessment must have a PSA level according to certain age criteria, a palpable prostatic abnormality or bone pain.
-----
Comments more than welcome!
David.

No comments:

Post a Comment