-----
This weekly blog is to explore the larger issues around Digital Health, data security, data privacy, AI and related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board are dated 6 December, 2018! Secrecy unconstrained! This is really the behavior of a federal public agency gone rogue – and it just goes on! When you read this is will be near 12 months of radio silence.
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon.
-----
Australian Defence Force aims to integrate robotic war strategies
The Australian Defence Force is devising a strategy to develop hi-tech soldiers and weaponised robots under a new program to “modernise levels of protection and lethality” for frontline troops.
As China and other nations aggressively expand modern warfare technology, defence chiefs have adopted an “accelerated” plan, focusing on Human Machine Teaming to combine robotic systems and soldier capacity to “achieve tactical advantage”.
The defence strategy, outlined in AusTender documents lodged by the Defence Department, aims to integrate soldiers, robotics, artificial intelligence, sensors and data to boost frontline combat strike power.
Major General Mick Ryan, who has championed new technologies, has predicted that by the middle of the 21st century, military forces will contain tens of thousands of robots and that decisions of human commanders will be informed and shaped by artificial intelligence.
-----
My Health Record Guide Developed to help emergency care staff
Nathan Eddy | 28 Nov 2019 ADHA Propaganda
The Australian Commission on Safety and Quality in Health Care has partnered with the Australasian College for Emergency Medicine to provide more support for frontline emergency care staff through the use of patients' My Health Record.
The suite of clinical tools and resources includes include a guide for emergency department clinicians with practical information on accessing up-to-date My Health Record data for people requiring emergency care.
The guide explains the ins and outs of My Health Record to ED clinicians and where it can fit into their current practice, and describes the types of clinical documents that may be included in a patient's My Health Record and the origin of that information.
-----
Australian National Audit Office (ANAO) Report on the Implementation of the My Health Record System – Frequently asked questions
What were the main findings of the report?
ADHA Propaganda
The ANAO undertook this investigation to determine the effectiveness of the implementation of the My Health Record system under the opt-out model.
In doing so, they considered whether the risks of the system are being appropriately assessed, managed and monitored and the arrangements that are in place to monitor and evaluate My Health Record as more and more Australians begin to use and rely on the system.
The ANAO’s Implementation of the My Health Record System found that the:
- Implementation of My Health Record has been largely effective.
- Implementation, planning and execution of My Health Record was appropriate and was supported by appropriate governance arrangements.
- Communication activities were appropriate to inform healthcare recipients and providers about the system.
- My Health Record is an example of a program with many shared risks, not only between different Commonwealth agencies, but between different governments, the healthcare sector, clinical software vendors and the community at large. Good risk management is not just about managing risks for Commonwealth agencies – but also include the groups of people to whom they are delivering services.
- The Agency has robust controls in place to manage cyber security risks to the core infrastructure of the My Health Record system, however needs to work closer with healthcare providers and software providers to ensure cybersecurity risks are appropriately managed at every stage of the healthcare system.
-----
Care about your privacy? Use these web services instead.
By Krishan Sharma
November 29, 2019 — 3.26pm
Google and Facebook so dominate online life that for many people it's easy to forget that their business models revolve around collecting as much personal data as possible, and using it to sell targeted ads. They are advertising companies first and foremost. We are the product they sell, and the business is very lucrative.
Out of the $US75 billion in revenue Google raked in over the first half of 2019, a staggering 84 per cent came from advertising. It made up 98 per cent of Facebook's total revenue in 2018.
More personal data means more targeted ads and ultimately more revenue. However, with some high profile revelations about how tech giants use and abuse our data, people are seeking alternatives.
With this in mind, here are some secure alternatives to popular Google and Facebook services that are just as convenient and free to use, without having to give up any of your personal data.
-----
OAIC Releases Health Sector Privacy Guidelines
The newly released ‘Guide to Health Privacy’ from the Office of the Australia Information Commissioner (OAIC) provides welcome clarity on a number of health data related obligations set out in the Privacy Act 1988 (Cth) (the Privacy Act), including the concept of consent, how and when health data is collected, stored and used, and of course who has access to it.
Earlier this year we reported on statistics coming out of the Notifiable Data Breach Scheme, one year on from its enactment. A key finding of the report highlighted particular vulnerabilities in the Health Services sector, ranking number one for notifiable data breaches by industry. On top of this, the health sector also ranks consistently in the top 3 sources of privacy complaints by individuals. With health data among an individual’s most sensitive personal information, the OAIC release of the Guide to Health Privacy could not be more timely.
Key takeaways
The Guide, written primarily for health professionals and practice staff, aims to provide practical and actionable advice on health information handling for those in the industry, providing industry specific examples on a number of important topics. It helpfully provides a number of examples specifics to medical practices which practitioners may find enlightening.
Of particular impact will be the recommended key steps to “embedding privacy in your health practice”, which include, amongst other things, developing and implementing a privacy management plan, developing clear lines of accountability for privacy management, and of course, developing a data breach response plan.
-----
Patient Data: Access, Privacy & Ownership
Perspectives from the patient and provider were shared about the complexities of access and use of patient data at a panel discussion at the HIMSS Australia Digital Health Summit.
By Dean Koh
November 28, 2019 02:39 AM
While patient data offers a trove of information that can be used for further research or population health studies from a government or policy perspective, a key concern still remains – do patients themselves know or approve of how of their health information is used?
At the HIMSS Australia Digital Health Summit on 21 November, a patient advocate from Australia and officials from the public health sector from Singapore and Australia sat down for an extended discussion on the complexities of the ownership, access and secondary use of patient data.
Who owns the data?
The reality is that providers, patients and HIT vendors all have some justifiable proprietorship over patient information/data to a certain extent but that reality can be quite complex. A/Prof Low Cheng Ooi, Chief Medical Informatics Officer (CMIO) of Ministry of Health (MOH), Singapore, explained that it is accurate that all the data belongs to the patient - things like vital signs, imaging and laboratory results all belong to the patient.
-----
Sex, lies, video and elections in the fake news era
Australians need to be equipped with the tools and skills to be discerning consumers in today’s digital media environment.
Social media and artificial intelligence will derail our democratic elections in the 2020s if left unabated.
New technologies are becoming available that amplify the misinformation and confusion that social media already unleashes.
We’ve seen fake news and state-sponsored sites designed to spread misinformation. Now we are dealing with fake videos that show politicians and celebrities mouthing words they never said.
Malevolent countries soon will be able to saturate the web and social media with false stories written by machines. This technology is in the wings. The number of countries involved in the organised production of fake news is spreading beyond Russia and China to states such as Iran.
Back home, there’s the increasing capability of all sides of politics to finetune online misinformation campaigns that target just a few hundred voters — campaigns with lies that can damage political opponents who may never hear about it and therefore can’t rebut.
-----
The Australian PCEHR or My Health Record: The Journey Around a Large-Scale Nationwide Digital Health Solution
·
·
First Online: 28 November 2019
Part of the Healthcare Delivery in the Information Age book series (Healthcare Delivery Inform. Age)
Abstract
This case study attempts to document key events and milestones in the development of Australia’s nationwide digital health solution the My Health Record (formerly known as the PCEHR). This is done by presenting an overview of the Australian healthcare system and in particular highlighting unique features about this system into which the My Health Record was implemented. This journey has only just begun, and in the next decades, it is expected that the My Health Record will change and evolve further; hence, the case study concludes with questions for the reader to consider rather than provide final statements. Ultimately, the success of such a solution can only be judged in the fullness of time; however, we note that this was a massive undertaking that has had far-reaching implications for healthcare delivery throughout Australia and impacts all stakeholders including patients, providers, payers, the regulator and healthcare organizations.
Discussion Point : Is the My Health Record really that relevant? (DM)
-----
Medicare bill ‘puts every Australian at risk’
A new Medicare anti-fraud bill would put the privacy of every Australian at risk and create a 'honey pot' for hackers, experts are warning.
The federal government has proposed laws to crack down on Medicare fraud that would see departments sharing information with Medicare.
The legislation introduces a new data matching scheme for the Department of Health to access and share health information for Medicare compliance purposes. Sensitive Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) data would be freely available to the department, while other agencies could have some access to it in order to "assist them in performing their functions."
The bill was read a second and third time on Wednesday and will now go to the senate.
-----
Science & Medical | 27/11/2019 3:24:51 PM
The Pharmaceutical Society of Australia ADHA Propaganda
My Health Record a key to medicine safety
The Pharmaceutical Society of Australia believes the My Health Record system can significantly contribute to improved medicine safety in Australia and welcomes the Commonwealth’s commitment to continually improving this important digital health program.
This week the Digital Health Agency agreed to all five recommendations made by the Australian National Audit Office in its report Implementation of the My Health Record System.
“Overall, the report found implementation has been largely effective. Its recommendations focus on privacy and security of health information and the Digital Health Agency has undertaken to work with stakeholders to raise standards in health information management,” Pharmaceutical Society of Australia National President, Associate Professor Chris Freeman said.
“Uptake and participation are vital to the success of My Health Record. Therefore, ensuring both providers and patients are confident information is safe is essential.”
-----
MHR effective, says report
The My Health Record system can significantly contribute to improved medicine safety in Australia, says the PSA
It said it welcomes the Commonwealth’s commitment to continually improving the digital health program.
This week the Digital Health Agency agreed to all five recommendations made by the Australian National Audit Office in its report Implementation of the My Health Record System.
“Overall, the report found implementation has been largely effective. Its recommendations focus on privacy and security of health information and the Digital Health Agency has undertaken to work with stakeholders to raise standards in health information management,” Pharmaceutical Society of Australia National President, Associate Professor Chris Freeman said.
“Uptake and participation are vital to the success of My Health Record. Therefore, ensuring both providers and patients are confident information is safe is essential.”
-----
27 November 2019
MHR audit clearance is a giant red herring
Posted by Jeremy Knibbs
If you’re seeing headlines about the National Office of Audit’s (NOA) review of the My Health Record (MHR) and are comforted a little by commentary that this controversial project is somehow effective and on track to save the healthcare system billions of dollars, don’t be. Not yet, anyway.
The NOA spent more than $600,000 measuring the effectiveness of the “implementation” of the MHR by the Australian Digital Health Agency (ADHA), not the actual effectiveness of the electronic record. It’s like giving NASA a tick of approval for how they built a rocket to get to the moon, but failing to check whether it had any chance of actually getting there.
The MHR is an extremely expensive, complex, fund-sucking, attention-distracting venture, and by not providing any meaningful reporting on how much traction it is actually getting in the healthcare community, and how effective it is so far and is likely to be into the future, we are wasting our time and money. What is the government thinking here?
The most misleading thing the NOA report does (perhaps not deliberately) is to claim that because it assesses the “implementation” as effective, therefore the MHR is on track to save our healthcare system $14.6 billion by 2027. That is ignoring entirely whether the MHR is actually taking hold in the manner it has been promised to.
-----
Australian values can shape the internet of the future
JOEL KAPLAN
The internet has reached a point of maturity. We have lived with it for long enough to understand the great, liberalising benefits it brings – the ability to communicate, share knowledge, support causes, build communities and grow successful businesses in ways that were unimaginable just a few years ago.
But we are also aware of the harm that can be done online too. From individual privacy, to the integrity of elections and the sharing of harmful content, the internet has brought new challenges. With this knowledge, it is incumbent upon internet companies like Facebook to recognise the responsibilities we have for the impact we can have on society. And we do.
Facebook has changed a great deal in recent years. We’ve tripled the number of people working to take down bad content so you don’t have to see it. We’ve removed millions of fake accounts and made political ads more transparent so you know if someone is trying to influence your vote. We now automatically detect 99 per cent of the terrorist content we take down before anyone sees it. And we’ve updated our privacy settings and built better tools so you can control your information.
-----
What jobs are affected by AI?
Better-paid, better-educated workers face the most exposure
20 Nov 2019
Description
Artificial intelligence (AI) has generated increasing interest in “future of work” discussions in recent years as the technology has achieved superhuman performance in a range of valuable tasks, ranging from manufacturing to radiology to legal contracts. With that said, though, it has been difficult to get a specific read on AI’s implications on the labor market.
In part because the technologies have not yet been widely adopted, previous analyses have had to rely either on case studies or subjective assessments by experts to determine which occupations might be susceptible to a takeover by AI algorithms. What’s more, most research has concentrated on an undifferentiated array of “automation” technologies including robotics, software, and AI all at once. The result has been a lot of discussion—but not a lot of clarity—about AI, with prognostications that range from the utopian to the apocalyptic.
Given that, the analysis presented here demonstrates a new way to identify the kinds of tasks and occupations likely to be affected by AI’s machine learning capabilities, rather than automation’s robotics and software impacts on the economy. By employing a novel technique developed by Stanford University Ph.D. candidate, Michael Webb, this report establishes job exposure levels by analyzing the overlap between AI-related patents and job descriptions. In this way, the following paper homes in on the impacts of AI specifically and does it by studying empirical statistical associations as opposed to expert forecasting.
-----
26 Nov 2019
EFA and Future Wise Urge Seriousness From Government On Health Data Security
Posted by Lyndsey Jackson
Digital rights groups Electronic Frontiers Australia and Future Wise today expressed their disappointment in the management of privacy and security of the My Health Record system, as highlighted by the Australian National Audit Office (ANAO)’s report released on Monday 25 November 2019. They called on the Australian government to engage seriously with the complex issues of data privacy and security.
The ANAO report, Implementation of the My Health Record System, validates the concerns that civil society shared during the My Health Record opt-out saga. The government had to be forced, by widespread outcry, to tighten the security of the system, yet the ANAO’s report shows that the Australian Digital Health Agency (ADHA) has been unable to take the security of Australians’ health data seriously.
In 2018, the private health service provider sector reported the most notifiable data breaches of any industry sector and yet ANAO found that ADHA’s management of shared cyber security risks “was not appropriate”. It is astounding that this should be the case after over seven years of production use of the My Health Record system. It raises serious questions about ADHA’s commitment to cyber security of the My Health Record system.
-----
Wednesday, 27 November 2019 11:09
Rights groups alarmed over lax security for Australians' health data
Two digital rights groups — Electronic Frontiers Australia and Future Wise — have urged the government to take the privacy and security of the My Health Record system seriously after an Australian National Audit Office report indicated that this was not happening.
A statement from the two groups said the ANAO report showed the Australian Digital Health Agency was not overly concerned about the security of health data.
The two organisations pointed out that the number of data breaches in 2018 showed the health industry was the worst offender.
"t is astounding that this should be the case after over seven years of production use of the My Health Record system. It raises serious questions about ADHA’s commitment to cyber security of the My Health Record system," they said.
-----
Audit of My Health Record reveals cyber failings, privacy risks
The government agency implementing My Health Record failed to appropriately manage cybersecurity risks or complete any of its four planned privacy assessments, according to a performance review by the Australian National Audit Office, which also found emergency access to patient records was routinely misused.
While the implementation has been “largely effective” overall, the national auditor found the $1.5 billion e-health scheme which now includes 90 per cent of Australians needs better management of shared cybersecurity risks and better controls over the “emergency access” to patients’ records which was being used as intended in less than one in 10 cases.
The Australian Digital Health Agency (ADHA), responsible for My Health record, has agreed to complete an end-to-end privacy risk assessment in response to the auditor’s findings but declined to explain why the existing privacy assessments had not been completed.
Privacy advocates say they are concerned with the auditor’s findings as well as the lack of response to the review by the government and medical groups which “seems to be hoping that it will go away if they just ignore it”.
-----
#nationalcybersecuritymonth | Third party minimum cyber compliance for My Health Record skipped: Audit Office
The Australian National Audit Office (ANAO) has pointed out a number of security issues concerning the Australian Digital Health Agency’s (ADHA) My Health Record implementation, among a report that widely gave ADHA the tick as “largely effective”.
In its report released on Monday, ANAO pointed out that in a 2016 end-to-end security review, ADHA decided against accrediting those that provide services to healthcare providers.
“ADHA rejected this recommendation on the basis that it ‘presents several challenges’ including the additional burden to vendors and potential for reputational damage,” ANAO said.
A year later, an assessment by the Information Security Registered Assessors Programme (IRAP) said compliance with the Australian government’s Information Security Manual (ISM) should be the minimum acceptable standard for using My Health Record. This assessment applied to software used by healthcare providers, including mobile apps.
However, ADHA did not do this, despite it being required by the Australian Government Protective Security Policy Framework, and instead allowed vendors to sign a declaration form.
-----
Tech giants have become the new 'too big to fail'
By James Titcomb
November 26, 2019 — 10.18am
For years, the big internet companies have employed a simple argument to brush off fears that their growing influence and position in our daily lives amount to monopoly. Because their services are online and provided for free, they say, their dominant market shares cannot be compared to those enjoyed by railroad or oil giants of decades past. Unlike tycoons such as John Rockefeller or Andrew Carnegie, the new barons - Mark Zuckerberg, Jeff Bezos and Larry Page - are successful not because there are no alternatives, but merely because consumers choose them over the many alternatives.
Google's defence of its near-total control over the market for search engines has long been that "competition is just a click away". Nine in 10 searches may take place on its search engine, but there is nothing stopping consumers from using Bing, Yahoo or a number of smaller competitors.
There are no shortages of social alternatives to Facebook, or online marketplaces to rival Amazon. There is nothing stopping internet users leaving; they stay because they like it.
It is a simple argument, and one that has worked for a long time, especially in America, where competition regulators generally focus on whether monopoly positions result in consumer harm (in Europe, where watchdogs look at other factors such as how vibrant and competitive a market is, tech firms have been less successful in evading scrutiny). But even in the US, it is a line of reasoning that is starting to lose its potency.
-----
Implementation of the My Health Record system
25 Nov 2019
My Health Record is an online electronic summary of a person’s health information. The Australian Government invested $1.15 billion in the development of the system and other digital health infrastructure between 2012 and 2016. In the 2017–18 Budget, the government allocated a further $374.2 million to continue operating the system and expand its use by making it an opt-out model. Nine out of every ten Australians now has a My Health Record.
The Department of Health established the My Health Record system in 2012, and administers the My Health Records Act 2012 on behalf of the Minister for Health. In July 2016, the Australian Digital Health Agency (ADHA) was prescribed as the System Operator for My Health Record.
My Health Record potentially impacts all Australians as it collates electronic summaries of individuals’ health information so it can be accessed by different healthcare professionals involved in a person’s care (as well as by the individual themselves). The system is intended to generate personal benefits for individuals and economic benefits for the health system, but achieving this requires a balance between increasing access to information and managing privacy and cyber security risks. The system has also generated parliamentary and public interest in relation to privacy and cyber security risks.
-----
Comments more than welcome!
David.
No comments:
Post a Comment