This appeared last week:
Security concerns raised as My Health Record provider works with app developers
By Emma Koehn
May 26, 2020 — 10.00pm
Cybersecurity experts have warned that partnerships between Australia's digital health agency and software startups to speed up improvements to the My Health Record system could create privacy risks for users.
The Australian Digital Health Agency (ADHA) has said it is looking to work with more than 20 developers to connect apps to the My Health Record platform. The focus on new technologies comes as the country's digital health care sector is expected to boom after coronavirus despite concerns of likely security breaches in the months to come.
The Australian Digital Health Agency (ADHA) oversees My Health Record, the electronic health care record platform that Australians are enrolled in unless they opted out by the start of 2019.
There are more than 22 million e-records, according to the agency's website. Users that have provided informed consent are able to view their data in read-only format through third party apps.
There are currently only three apps connected to the platform: Telstra Health's HealthNow product, doctor booking platform HealthEngine, and health tracker app Healthi.
However, the agency says there are two other providers working on testing to integrate their apps with the system, while 20 others are at various stages of the pre-connection process.
Deakin University cyber security expert Damien Manuel said Australia will have to think about how it balances security as government agencies and third parties increasingly cooperate on developing digital products.
"This is kind of a new phenomenon in Australia, and it's something where we'll need to grapple with the pros and cons."
When governments and developers work together, it can make things like digital health care data more useful to the end consumer, he said.
"Working with industry will help the government get speed to market and it gives them greater flexibility," he said.
However, in each case the community will have to weigh up the privacy risks presented in each case, he said.
"The government needs to be very careful about who it introduces into that mix... who are the companies that are going to be given access? Are they companies that are foreign-owned or Australian based? And what are the privacy constraints introduced?"
More here:
The timing of this article is interesting given it was just last week we heard of the attack(s) on the #myHealthRecord.
See here:
ADHA details My Health Record breach attempt
The Australian Digital Health Agency also said it's working with healthcare providers to ensure they are cyber resilient.
In discussing the cybersecurity posture of the nation's healthcare industry, the Australian Digital Health Agency (ADHA) has revealed it was itself the target of an attempted breach.
The ADHA, the system administrator for Australia's My Health Record, discussed two breaches that were worthy of notifying the Office of the Australian Information Commissioner (OAIC).
Speaking with the Joint Committee on Public Accounts and Audit on Tuesday, ADHA national health CIO Ronan O'Connor said the agency notified the OAIC of two potential data breach notifications that occurred in the current financial year.
"The first notification was reported to the OAIC and that was related to a potential compromise to external information technology infrastructures supporting the wider My Health Record system," O'Connor said.
https://www.zdnet.com/article/adha-details-my-health-record-breach-attempt/
Associated with this testimony was the admission that end-point access to the #myHR was not all that secure and needed continual monitoring. In that setting does it make sense to add additional endpoints? This is especially so given, as far as I know, the apps that are available are not all that heavily used. Does anyone have any recent usage stats?
This all has the flavour of desperate relevance seeking behaviour on the part of the ADHA to me….
What do you think?
David.
8 comments:
Couple of comments:
1. Mt Health Record is not new technology and I doubt was included in the thought bubble that states there will be huge demand for digital health after COVID 19.
2. 2 out of the 3 existing apps have been caught red handed harvesting personal data for non medical reasons. The 3rd I am not sure about but I would not truly at Telstra its health strategy team or many involved with its products.
Follow the link and you get an article on Pharmacy players primed for drug home delivery booster shot
So, digital health care is drug home delivery? Oh whoppie doo.
That is amusing, all that over a bit of home delivery and claims it has accelerated things by 5 years. Really so we have moved from eHealth military strength security as simplicity of banking to digital health is like pizza delivery.
On the theme of snail pace digital health, anyone heard much regarding the ADHA innovation challenge? It has been a month since submission closure! Would have thought they might have posted something, even a thank you and no responses received covering xyz of the themes posted.
I do hope they have informed the small ideas driver developer community, a month is a longtime in that world and they may have forgotten, gained seed funding elsewhere or even gone IPO.
June 04, 2020 8:16 AM. They are all part of the same parliamentary, senate and APS system that delivers incentives for home extensions and new builds while ignoring 1.2 million home owners who are facing mortgage collapse. The norm of expanding the gaps between those that do and those that don’t. Seems the health and well-being of our friends and family are nothing more than throw away slogans. How the old norms quickly return.
@for sale personal information
This might put some cheer in you and certainly some fear in those costing up to ADHA and MyHR
A Sydney judge has told an online medical appointment service it should be fined more than $2.9 million for censoring negative reviews and selling patient information.
The country's largest medical booking platform, HealthEngine, is being pursued by the Australian Competition and Consumer Commission in the Federal Court for deceptive and misleading conduct.
@6:33 PM - https://www.9news.com.au/national/health-booking-service-to-cop-big-fine/
They should be shut down IMHO. The Judge is correct the fine must be such that the guilty party does not profit.
This won't help when they do an end-to-end security review. There's more holes than a swiss cheese
“When” is the question. I doubt they will, if they do it will be part of a broad distraction to allow Peter Dutton to further expand the metadata access criteria, scope and use (which he is starting to do).
I worry about Mr Dutton, he has been in that portfolio for to long and I think he is starting to see reds under the beds. Not quite a Bill Barr but he is close. For his wellbeing he should move out from the shadowy world of paranoia and secrets. Mr Hunt should be looking out for his mates.
Post a Comment