Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Thursday, February 20, 2020

It Seems That The Government Can’t Quite Work Out What To Do #myHealthRecord Data.

This appeared last week.

My Health Record de-identified data sharing plans pushed back

By Justin Hendry on Feb 14, 2020 7:03AM

Basic governance not in place after two years

Controversial plans to share de-identified My Health Record data by default for research and public health purposes have been quietly pushed back, with basic arrangements necessary for the release of data not yet in place.
iTnews can reveal the Department of Health has delayed the release of the first de-identified datasets sourced from the federal government’s $2 billion digital health record system until next year.
Under the secondary data use framework, de-identified data sourced from the My Health Record was to be automatically shared for public health and research purposes from 2020, unless individuals opted out through the My Health Record access controls.
The framework stipulates that de-identified data can be released for a variety of purposes, including the development or improvement of health services, the development of new or improved health care products or services and the development of government health policy.

Legislation passed in 2018 to add new safeguards to My Health Record explicitly rules out the release of de-identified data from the digital health record to any insurers.
A spokesperson told iTnews that despite the secondary data use framework stipulating that data would be released this year, the department was now “not anticipating any data will be released under the framework before 2021”.
The delay appears to be down to problems establishing the critical governance and privacy principles that the secondary data use framework deems necessary for the release of data to occur.
“All critical governance, security, privacy and technical arrangements will need to be in place before data will be released under the framework,” the spokesperson said almost two years after the framework was originally released.
This includes the Data Governance Board, a critical feature of the secondary data use framework tasked with assessing applications for access to de-identified My Health Record data and deciding on what data should be released by assessing risks.
The board will comprise of members from the Australian Digital Health Agency (ADHA) and the Australian Institute of Health and Welfare (AIHW), as well as a range of independent experts across the fields of epidemiology, research, service delivery, data science and privacy.
“Neither the Data Governance Board, nor the process to apply to use My Health Record system data, have been established,” the spokesperson said, adding that no applications for secondary data use had yet been submitted.
The implementation plan for the release of data, as well as the development of the “rule that will impose requirements on persons handling My Health Record information for research and public health purposes”, is also yet to be introduced, according to the department.
Technical infrastructure require to support the data custodian and board receive and assess request for access to My Health Record data, including the public register for publishing outcomes, is similarly yet to be developed.
Lots more here:
I have to say I simply do not believe what the government is saying here.
The reasons for not releasing de-identified data are I believe:
Firstly that if data were to be released it would be apparent to all who looked closely at it what a poor source of complete, trustworthy and useful information it is. Specific components of the data – which are actually held elsewhere (e.g. PBS, MBS and Immunisation Register data maybe) maybe useful – but these already have regulated access regimes. The rest of the data is found in so few records and is of such variable quality I suspect strongly it would be near to useless. We need to also remember that this data is potentially up to six or seven years old.
Secondly the idea of releasing data (rather than providing controlled access) is known to be fraught with issues of preserving privacy and security – the Commonwealth has been caught messing this up often enough for us to know they are not very good it at! Hence we are seeing ‘bureaucratic caution’ on data release!
Bottom line it is poor data that it is unclear if it can be protected!
What do you think?
David.

2 comments:

Bernard Robertson-Dunn said...

Maybe the delay is because they are realising that de-identification is a bit harder than they thought.

Researchers Find 'Anonymized' Data Is Even Less Anonymous Than We Thought

https://www.vice.com/en_us/article/dygy8k/researchers-find-anonymized-data-is-even-less-anonymous-than-we-thought

Corporations love to pretend that 'anonymization' of the data they collect protects consumers. Studies keep showing that’s not really true.
by Karl Bode

Feb 4 2020

...

In one 2019 UK study, researchers were able to develop a machine learning model capable of correctly identifying 99.98 percent of Americans in any anonymized dataset using just 15 characteristics. A different MIT study of anonymized credit card data found that users could be identified 90 percent of the time using just four relatively vague points of information.

Another German study looking at anonymized user vehicle data found that that 15 minutes’ worth of data from brake pedal use could let them identify the right driver, out of 15 options, roughly 90 percent of the time. Another 2017 Stanford and Princeton study showed that deanonymizing user social networking data was also relatively simple.

Anonymous said...

I do not think it is that scientific Bernard. Simple case of hopelessness.