This appeared last week:
Victorian government must ensure its proposed healthcare database has iron-clad security and privacy
December 7, 2020 3.59pm AEDT
Author
Emeritus Professor of Law and Criminal Justice, University of South Australia
Last weekend, The Age reported on a Victorian government plan, quietly unveiled three months ago, that would revolutionise the collection of the private medical data of every Victorian who has ever used public hospitals or health services.
Known as clinical information sharing (CIS), the plan allows the Department of Health and Human Services (DHHS) to gather and collate every patient’s medical records. The records will be stored on a government database and made available to clinicians as required. The database will include information such as clinical details, demographics, attendance information, medications, allergies and adverse reactions, discharge summaries and test results.
According to the proposal, CIS will be expanded over time to include information about treatment pathways, family and social history, and lifestyle factors. The department has also flagged extending the initiative to include patient details not only from public sources but also private hospitals, general practitioners, mental health systems and ambulance services.
The need for better sharing of medical data was highlighted in an independent report commissioned by the government in 2015. It followed several potentially preventable baby deaths at the Bacchus Marsh Hospital.
While this all sounds highly meritorious, there is one problem: unlike the federal government’s controversial My Health Record, it is not possible for anyone to opt out. About 10% of people have opted out of My Health Record, which is not unexpected.
Victorians will have no such option. True, they will have access to the data through an electronic portal, but they won’t be able to change anything or delete information.
This creates a dilemma for the government: even with the best motives, when it comes to anything to do with human services, compulsion is always a sticking point. One abandons the requirement of consent at one’s peril.
Let’s examine each side of the argument.
On the one hand, assembling all medical information of all eligible people from a broad range of sources into one database provides public hospitals and health services with an immediate and complete picture of any patient’s history. Health professionals will have quick access to medical images and laboratory results.
Indeed, it is sometimes impractical to obtain the consent of a person in emergency situations when treatment is required to prevent death, serious damage to health, or significant pain or distress. This is especially so when patients are not conscious and are not on record as having given any prior consent.
CIS is also designed to facilitate access to the information in a patient’s My Health Record, including information from other states and territories.
On the other hand, there are concerns.
While sensitive to the need for privacy safeguard mechanisms, the Victorian Healthcare Association strongly recommends there be a two-year pilot scheme before the plan is rolled out. This will help ease concerns the data will simply duplicate a lot of what is contained in the My Health Record system.
Others have been more scathing of the CIS proposal. In a blog on the Australian Health Information Technology site, a medical practitioner comments:
The idea of aggregating locally held clinical data from the private and public sector with the variably complete and timely data held in the #myHR is surely both overly complex and a uniquely difficult data management task – even if the private sector data was accessible. Of course, privacy, consent and data sensitivity issues seem not to even warrant a real mention and the claimed benefits are all pretty nebulous and unproven.
So where do we go from here?
The starting point is that governments must ensure no policy sacrifices our right to keep private what we would prefer to be private in the pursuit of a goal that can be attained by less intrusive methods. This has been the successful mantra of the drive to contain the COVID-19 pandemic.
Certainly, legislative protections are in place in Victoria for health information when it is handled by public and private sector organisations. There are general data privacy rights under the Privacy and Data Protection Act 2014, but this act does not apply to health records. The protections for these data are contained in the Health Records Act 2001, which is overseen by the Health Complaints Commissioner. It is a good system, but data protection is never completely foolproof.
Data leakage is the biggest risk to public confidence. The concern is that there are always risks associated with giving a broad range of service providers ready accessibility to highly sensitive personal records, which in turn might be used to discriminate, or even worse.
This information might include historical data concerning sexually transmitted diseases, pregnancy terminations, mental ill-health episodes, DNA tests and matters to do with family violence and child protection. This material can be highly embarrassing to some people. In the wrong hands (journalists, insurance companies, private investigators, personal opponents), it could be politically and personally damaging.
The CIS is a three-year initiative. The project is in phase one, and the DHHS is seeking feedback. The public will need assurances that CIS will be able to balance appropriately the public interest in the legitimate and essential use of that information with the public interest in protecting the privacy of health information.
If parliament is to amend the Health Records Act and abandon the requirement of consent, it will need to be rock solid behind data security assurances, and emphatic in its list of uses to which the data can be put. The Victorian government cannot afford to get this wrong.
You can view the original article here:
First thanks Prof. Sarre for mentioning the blog and second can I say that I fear you are being a tad technologically naïve to believe a data-base of this sort can be fully protected from hacking and data leak. The health sector is notoriously leaky and insecure!
There is also this article:
Vic govt health database plan is a problem
Denham Sadler
Senior Reporter
8 December 2020
The Victorian government is yet to consult with its own privacy office on a plan to store the health data of individuals in a database and share it with clinicians without consent, a proposal labelled “deeply disturbing” by digital rights advocates.
In September, the state government quietly released a discussion paper on the creation of the Clinical Information Sharing (CIS) platform, which will store the private medical data of Victorians from public hospitals and health services in a database, and share this across various health services.
The CIS solution was a recommendation from a 2015 independent report on the elimination of avoidable harm and deaths. The plan is now in the first phase of a three-year project to introduce the database, and there has been little public discussion on the proposal until a report in The Age on the weekend.
A spokesperson for the Department of Health said the CIS platform would help clinicians provide better care to Victorians.
“A consolidated picture of a patient’s medical and health history is essential to the provision of the best treatment and care in our public hospitals. A patient’s care journey takes them to different hospitals over the course of an illness, trauma or procedure,” the spokesperson told InnovationAus.
“Sharing of information and records between public hospitals and health services ensures that they have a more complete picture of a patient’s history. It reduces the risk of missing important medicines information and allergies and lets doctors and nurses see important medical images and laboratory results, to more safely manage the patient.”
The spokesperson emphasised that the proposal is currently just a discussion paper, and feedback will be sought on “safeguarding privacy and security”.
The state government also said that feedback has already been sought from the health sector, legal sector, consumers and patients, and privacy bodies and peak clinical and industrial bodies.
But the Victorian government has not yet consulted with its own Office of the Victorian Information Commissioner (OVIC) on the proposal, which will have significant privacy implications, and has also yet to seek feedback from prominent civil and digital rights organisations.
More here:
https://www.innovationaus.com/vic-govt-health-database-plan-is-a-problem/
This article makes it clear that the security and privacy discussions are still pending and I suspect they will be very ‘interesting’ as will be a feasibility study of a more detailed design / architecture.
We await developments!
David.
This issue is more than just security and privacy. The big question is: who owns my health?
ReplyDeleteThat question hides a number of other questions, including this one:
Am I free to behave in a manner that is detrimental to my health?
If not, who can tell me how to behave? If someone else tells me how to behave, are they responsible for the outcomes and costs of remediating any health problems that may occur?
If someone else tells me how to behave, is the primary reason for them having access to my health data so that they can monitor my behaviour and insist I behave according to their wishes and demands? What happens if don't
If someone else tells me how to behave, that strongly suggests that I am not free to chose who I consult regarding my health and what I tell them.
If the answer to the question: Am I free to behave in a manner that is detrimental to my health is yes, then I should be free to decide who knows how I behave.
At its most fundamental, the question is this: do we live in an authoritarian state or a democracy?
The Victorian government probably think this system is all about digital health health. It's never about technology its always about what you do with technology that really matters. The Victorian government is stumbling along a path founded on ignorance; one they really need to think it through. Unfortunately that's not something governments or any persuasion are very good at.
Somewhat related to the issues confronting CIS, but in the immediate pandemic context, is a remarkable initiative being undertaken in Canada, as here described by one of the principals, Joshua Gans, in his substack https://joshuagans.substack.com/p/big-news-the-rapid-screen-pilots
ReplyDeleteWe are now in Phase 3 of the RSC plan which is to make screens a daily part of life in 18 sites across Canada. The idea will be that workers and visitors to those sites will be screened frequently (1 - 2 times per week) with rapid antigen tests.
I'd like to know how the RSC plan is storing the data on each of the employees as they have their (multiple) specimens taken, and how the vaccination data will be included as it comes along. No doubt their data engineers are looking over their shoulders as the SolarWinds catastrophe unfolds. I'll be disappointed if we learn that RSC is *not* using a biometric method for logging each event. Anyway, maybe someone can ask them. Australia may have to step up to rapid & frequent testing.
Informed consent is being trampled; this must not continue. Transparency would be helpful too, people are not objects and we have the right to self determination, not patronising political implementations that attempt to control us. I'm aghast!
ReplyDelete100% with you on that Juanita
ReplyDelete