Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Tuesday, October 04, 2016

The Government Attempts To Hide The Fact It Has Been Hopelessly Irresponsible. Inevitably They Were Sprung.

This appeared a few days ago:

Health pulls Medicare dataset after breach of doctor details

By Paris Cowan on Sep 29, 2016 11:27AM

Insists no personal data was lost.

The Department of Health has removed a research dataset based on Medicare and PBS claims from its open data portal after a team of Melbourne researchers pointed out that practitioner details could be decrypted.
The government today advised that the data was withdrawn yesterday following “an alert made in the public interest” by researcher Dr Vanessa Teague from Melbourne University.
Teague told the department that she and her colleagues had analysed 10 percent of the linked dataset and found it was possible to decrypt some of the service provider ID numbers attached to doctors.
“As a result of the potential to extract some doctor and other service provider ID numbers, the Department of Health immediately removed the dataset from the website to ensure the security and integrity of the data is maintained,” the agency said in a statement.
Health made the dataset available in August for the benefit of health and policy researchers looking at patterns of demand in the medical products and services consumed by Australians.
More here:
There was also some extra detail here:

Service provider IDs unmasked in open health data, investigation underway

The Department of Health has removed a set of Pharmaceutical Benefits Scheme and Medicare data from the federal open portal after computer security experts were able to decrypt the health service provider identification numbers it contained.
Information commissioner Timothy Pilgrim has been informed and is investigating the matter as well as “providing independent oversight” says the department, which announced the decision this morning. While it is not confirmed what kind of mistakes were made when the data set was uploaded, the agency has taken the right steps by moving swiftly to remove the information and make a public disclosure.
Health reports it is also “undertaking a full, independent audit of the process of compiling, reviewing and publishing” the dataset, which will only be restored when the privacy concerns are resolved. But it added that personal information about patients and service providers was not involved:
“The dataset does not include names or addresses of service providers and no patient information was identified. However, as a result of the potential to extract some doctor and other service provider ID numbers, the Department of Health immediately removed the dataset from the website to ensure the security and integrity of the data is maintained.
“No patient information has been compromised, and no information about the health service providers has been publicly identified or released.”
Much more here
And here:
  • September 29 2016 - 3:29PM

Privacy watchdog called after Health Department data breach

·         Rania Spooner and Noel Towell
The government has rushed through a new privacy crime and Health Minister Sussan Ley has apologised to doctors over the accidental leaking of sensitive Medicare data.
The federal privacy watchdog will assess Health Department claims that no patients' medical information has been released after sensitive information on the Pharmaceutical Benefits and Medicare Benefits schemes was accidentally leaked by the department.
The de-identified data was uploaded onto the internet months ago but it wasn't until a University of Melbourne researcher contacted the department about the "vulnerability" on September 8 that it was removed, Ms Lay said.
She apologised for the breach at a gathering of doctors in Perth on Thursday afternoon and said no patient information had been compromised.
Rather, some doctor and other health service provider numbers could be decrypted, she said. This means that doctors and potentially what they were prescribing could be identified.

"The department immediately removed the data set, advised the privacy commissioner, and after thorough consultation with government security experts have advised me that there was no release of confidential information in the public arena," Ms Ley told thousands of doctors at the Royal Australian College of General Practitioners meeting.
"There were no provider names in the data set and no patient information has been compromised.  
More here:
So what we have is the release of a couple of data sets by Government and it taking just a few weeks for some academics to find some private data that could be extracted.
Seems the Government might have asked a few experts in advance…..
At the same time we also get this from Senator Brandis.

Govt will make it a crime to re-identify anonymised data

By Allie Coyne on Sep 28, 2016 5:33PM

Changes to Privacy Act coming.

Proposed changes to the national Privacy Act would make it a criminal offence to re-identify government data that has been stripped of identifying markers.
Attorney-General George Brandis today said he intended to introduce the amendments to the privacy legislation in the current spring sitting of parliament, which runs until December 1.
The changes would also make it an offence to "counsel, procure, facilitate, or encourage anyone" to re-identify anonymised data.
Publishing or communicating "any re-identified dataset" would similarly be considered a criminal offence.
Brandis said the amendments were intended to "improve protections of anonymised
datasets that are published by the Commonwealth government".
"The publication of major datasets is an important part of 21st century government, providing a great benefit to the community," he said in a statement.
"It enables the government, policymakers, researchers, and other interested persons to take full advantage of the opportunities that new technology creates to improve research and policy outcomes."
More here:
There is some commentary here:

Will Privacy Act changes have a chilling effect on cyber security research?

Security through obscurity doesn’t work, Melbourne Uni researchers note
Rohan Pearce (Computerworld) 29 September, 2016 13:24
Attorney-General George Brandis has yet to reveal the details of amendments he will seek to make to the Privacy Act that will criminalise the re-identification of datasets released by government departments and agencies.
Brandis announced yesterday that the government would make it an offence “to counsel, procure, facilitate, or encourage anyone to do this, and to publish or communicate any re-identified dataset.”
His announcement came ahead of the Department of Health revealing today that elements of some datasets it released last month could potentially be re-identified.
The 1 August release included Medicare data from 1984 and PBS data from 2003 to 2014. In total, it included data relating to some 3 million Australians and services provided by doctors, pathologists, diagnostic imaging and allied health professionals as well as details of subsidised scripts.
A team of Melbourne University researchers successfully re-identified service provider ID numbers.
The researchers notified the department on 12 September. The department immediately pulled the dataset from the data.gov.au portal and launched an investigation into the incident, including engaging with the researchers in an attempt to understand the flaws in the de-identification process. The researchers have praised the department for its response.
More here:
What the Government has done looks like a panicked over-reaction.
Two things will happen I reckon.
1. Research will be constrained to assist in protecting against future breaches.
2. Those who crack data will not tell anyone and just go and  exploit the data if they can.
What an ill-considered mess!
David.

Monday, October 03, 2016

Weekly Australian Health IT Links – 3rd October, 2016.

Here are a few I have come across the last week or so.
Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

What an amazing week with the Government moving to make it illegal to re-identify information after it released a huge amount to health data and some Uni of Melb academics were able to identify some provider. A major goof one might say.
At the same time we had all the discussion of Telstra Health and the cancer registry.
Lots to browse!
-----

Govt will make it a crime to re-identify anonymised data

By Allie Coyne on Sep 28, 2016 5:33PM

Changes to Privacy Act coming.

Proposed changes to the national Privacy Act would make it a criminal offence to re-identify government data that has been stripped of identifying markers.
Attorney-General George Brandis today said he intended to introduce the amendments to the privacy legislation in the current spring sitting of parliament, which runs until December 1.
The changes would also make it an offence to "counsel, procure, facilitate, or encourage anyone" to re-identify anonymised data.
Publishing or communicating "any re-identified dataset" would similarly be considered a criminal offence.
-----

Health pulls Medicare dataset after breach of doctor details

By Paris Cowan on Sep 29, 2016 11:27AM

Insists no personal data was lost.

The Department of Health has removed a research dataset based on Medicare and PBS claims from its open data portal after a team of Melbourne researchers pointed out that practitioner details could be decrypted.
The government today advised that the data was withdrawn yesterday following “an alert made in the public interest” by researcher Dr Vanessa Teague from Melbourne University.
Teague told the department that she and her colleagues had analysed 10 percent of the linked dataset and found it was possible to decrypt some of the service provider ID numbers attached to doctors.
-----
29 Sep 2016 - 2:28pm

Health records accidentally made public

The federal health department has admitted data it published about the private medical records of Australians can be identified.
Source:
AAP 29 Sep 2016 - 2:28 PM  UPDATED 39 MINS AGO
The private medical records of Australians may have unwittingly been made public by the federal health department.
Health Minister Sussan Ley has apologised for the breach after the department admitted de-identified medical data it released in August was able to be decoded.
The department was alerted to the breach by Melbourne University researchers who were able to decrypt some of the information.
Ms Ley told the Royal Australian College of General Practitioners annual conference in Perth on Thursday that no patient information had been compromised.
-----

Data update

Researchers relying on information in a sample of data extracted from Australia’s Pharmaceutical Benefits and Medicare Benefits schemes that was withdrawn recently from the data.gov.au website are advised that work is continuing to restore the dataset as soon as possible.
Page last updated: 29 September 2016
29 September 2016
Researchers relying on information in a sample of data extracted from Australia’s Pharmaceutical Benefits and Medicare Benefits schemes that was withdrawn recently from the data.gov.au website are advised that work is continuing to restore the dataset as soon as possible.
The Australian Government Department of Health makes the high-value datasets it holds publicly available to enable researchers, the not-for-profit sector and health industries to extract the most value from government data. This is helping to improve health outcomes for all Australians and is popular in the university, research and health-related communities.
-----

Brandis re-identification law proposal slammed

While Health Minister Sussan Ley has apologised for the breach in de-identified medical data, Australia's Attorney-General has come under fire for 'rushing' through legislation.
By Asha McLean | September 30, 2016 -- 04:26 GMT (14:26 AEST) | Topic: Security
The Royal Australian College of General Practitioners (RACGP) has said retrospective legislative changes to the Privacy Act, announced by Australian Attorney-General George Brandis on Wednesday, will do nothing to retrieve sensitive information already made public.
Speaking at the RACGP annual conference in Perth, Dr Nathan Pinskier, chair of the RACGP's expert committee of e-health, expressed his concern about the potential for medical data to be decoded and exposed.
Pinskier's comments come after the Department of Health said it had pulled a public dataset from data.gov.au after it was revealed that certain information regarding the Medicare Benefits Schedule and Pharmaceutical Benefits Scheme was not encrypted properly.
-----

The Clinical Terminology September v20160930 release is now available for download

Created on Friday, 30 September 2016
The Clinical Terminology September v20160930 release is now available for download from the Agency website.
-----

Will Privacy Act changes have a chilling effect on cyber security research?

Security through obscurity doesn’t work, Melbourne Uni researchers note
Rohan Pearce (Computerworld) 29 September, 2016 13:24
Attorney-General George Brandis has yet to reveal the details of amendments he will seek to make to the Privacy Act that will criminalise the re-identification of datasets released by government departments and agencies.
Brandis announced yesterday that the government would make it an offence “to counsel, procure, facilitate, or encourage anyone to do this, and to publish or communicate any re-identified dataset.”
His announcement came ahead of the Department of Health revealing today that elements of some datasets it released last month could potentially be re-identified.
-----

E-Health reprieve means practices will retain payments

29 September 2016
GPs have been given a welcome e-health reprieve with the government deciding to extend the deadline for practices to comply with new rules around digital health incentive payments.
The decision means many general practices will retain, for now, incentive payments that can total more than $20,000 a year.
New targets introduced earlier this year meant practices had to upload shared health summaries for at least 0.5% of their patients per quarter in order to claim their incentive cash.
Some 1500 practices have failed to meet the new targets, the AMA said earlier this month, and a further 69 had withdrawn altogether.
-----

Can this man take doctors beyond the fax?

27 September 2016
AS POISONED chalices go, the one handed to Tim Kelsey could be said to contain a cocktail worthy of a toxicologist’s worst nightmare.
The new CEO of the Australian Digital Health Agency (ADHA) has been given the job of bringing vision and direction to a process which has been beset by problems in this country and around the world.
In a recent speech to the Committee for Economic Development of Australia (CEDA), Mr Kelsey described the opportunities for improved healthcare outcomes for patients as “the single most important public policy agenda”.
His CV and track record suggest he has the tools to right the wrongs of the $1.2 billion attempt to implement the Personally Controlled Electronic Health Record (PCEHR).
-----
23 September, 2016

GPs to gain access to hospital records

Posted by julie lambert
GPs in Queensland will be able to view their patients’ hospital records under amended privacy laws permitting access to a restricted Queensland Health clinical information system.
Dr Richard Kidd, chair of the AMA Council of General Practice, said the reform would make a huge difference to the integrity and authenticity of patient information available to referring GPs.
“It will be (intended) for referring GPs. Finer details need to be worked out, but it might also be for GPs where a patient has been discharged,” Dr Kidd told The Medical Republic.
Work was under way on security protocols for GPs to enter the system, called The Viewer, which is currently restricted to Queensland Health employees, and on how GPs would identify they had a patient’s permission to view their information, he said.
-----

Pilgrim permanently appointed Information Commissioner

By Paris Cowan on Sep 28, 2016 5:45PM

Will also keep privacy role.

The government has formally appointed Timothy Pilgrim as its statutory Information Commissioner after a sequence of temporary stints.
Former OAIC boss John McMillan left the agency during the rollercoaster period between the 2014 budget when the government announced it intended to dismantle the agency, and its subsequent backdown in the 2016 budget.
Since July 2015, the agency has been headed by Privacy Commissioner Timothy Pilgrim in a rolling sequence of three-month statutory re-appointments to the top job.
Pilgrim was the last man standing after FOI boss James Popple also left the OAIC in 2014.
-----

Committee wants heads to roll over WA Health contracts saga

By Paris Cowan on Sep 23, 2016 2:32PM

Probes disciplinary action.

WA’s education and health committee has demanded to know if any public servants or agency bosses will face sanctions over the $81 million mismanagement of one of the state health department’s biggest IT contracts.
The West Australian auditor-general, Colin Murphy, revealed in February that WA Health’s data centre deal with Fujitsu had blown out by as much as $81.4 million over the years - with much of the increase blamed on unapproved contract variations that appeared to slip through management and probity gaps.
The state’s Crime and Corruption Commission declined to investigate, but the matter was later taken up by the state parliament’s standing committee on education and health, which is chaired by government MLA Graham Jacobs.
-----

Simple Google search approach to public health

Authored by  Balaji Bikshandi
THERE may be a powerful epidemiological tool at our fingertips, available anywhere, any time. Most of us have used the popular internet search engine Google for many of our queries. It is also known to many of us that the Google search engine has a built-in dictionary.
But, unlike a conventional dictionary, when you ask for the meaning of a word, the engine automatically generates an intriguing graph named “usage over time” when we click on the down arrow of the box containing the meaning.
For instance, just typing “obesity meaning” in the Google search engine, we are presented with a graph like the one below. This tells us that the usage of the term obesity has been on a steady increase from somewhere around 1930 and there is a sharp increase around the year 2010.
-----

Telstra offers assurances on cancer register security

Calls for swift passage of legislation establishing the National Cancer Screening Register
Rohan Pearce (Computerworld) 28 September, 2016 12:26
Telstra has said it is “well placed” to establish the government’s National Cancer Screening Register and that it will deliver a platform that meets the government’s privacy and security requirements.
The Department of Health announced earlier this year it had awarded the $220 million contract to establish and operate the register to Telstra. The register will replace nine existing registers including the states’ cervical cancer registers.
Although the register has bipartisan support, the decision to award the contract to a for-profit provider has been a subject of controversy, with Labor’s shadow health minister, Catherine King, claiming that Telstra has a “questionable record of privacy breaches”.
-----
  • September 28 2016 - 6:29PM

Concerns over $220 million Telstra Health contract's 'lack of transparency'

Amy Remeikis
The nation's peak medical lobby group has raised concerns over a "lack of transparency" around the awarding of a $220 million government contract to Telstra to manage sensitive medical records.
The register, which will combine the data of nine existing ones, is due to go live in May next year.
Writing to the Senate inquiry examining the bill, the Australian Medical Association's senior policy adviser, Jodette Kotz, said that while the AMA did not oppose outsourcing clinical registries "in principle", it noted there had been " a lack of transparency around the process for awarding this contract, in particular the timing of the announcement".
"The awarding of such a contract to an entity that has hitherto had no direct role in establishing or operating a register of this kind sets a challenging and potentially troublesome precedent," Ms Kotz wrote.
"The AMA, therefore, would welcome a detailed explanation and assurance from the Department of Health, as well as independent privacy and data experts, that the entity awarded the contract has the capacity to deliver it as contracted, and that every assurance can be given as to how sensitive health and medical data will be stored, how any potential breaches will be addressed, and what arrangements are to be put in place to manage the transition of nine separate cancer screening registers into a single National Cancer Screening Register.
-----

Telstra on defensive as reverse-engineering of Medicare data highlights healthcare-security risks

Submissions caution against putting private healthcare data into hands of profit-minded outsourcer
The security of Australians' healthcare information came under the spotlight after the federal Department of Health pulled massive dataset of Medicare-related information and Telstra faced concerns it lacks the cybersecurity credentials to support a major contract it was awarded earlier this year.
A massive deidentified data set was released earlier this year to give data researchers fodder to analyse prescribing and service consumption patterns through the Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Scheme (MBS) programs, which are administered by the department on behalf of every Australian citizen.
Patient and provider ID numbers were encrypted using original PIN and ID numbers as the seeds, but a University of Melbourne research team – featuring cryptography experts Dr Vanessa Teague, Dr Christopher Culnane, and Dr Benjamin Rubinstein of the university's Department of Computing and Information Systems – raised the alarm this week after working through 10 percent of the data finding that it was possible to decrypt some of the service provider identification numbers.
-----

Privacy Commissioner warns of ‘hidden risks’ of the IoT

The Australian Privacy Commissioner has warned that Australian businesses assessed as part of a global sweep of Internet of Things products and services generally lack clear information for customers about how their personal information is being managed.
And, more than half of Aussie businesses have failed to adequately explain how personal information was collected, used and disclosed, according to the Privacy Commissioner.
The sweep of IoT devices, just released by the Australian Privacy Commissioner, and fellow international regulators, through the Global Privacy Enforcement Network (GPEN), reveals that 71% of the IoT devices and services, and how information is managed, were not adequately explained by Australian businesses.
-----

U.S. Hospital Night Shifts Are Being Monitored From Australia

When the sun goes down in America, Australians are starting their day.

23/09/2016 11:21 AM AEST | Updated September 23, 2016 15:13
Hospital accidents are more likely to occur during the graveyard shift. When the sun goes down, much of the medical staff goes home while patients' circadian rhythms slow to sleep.
To combat the statistically significant increase in overnight incidents, six U.S. hospitals with group Emory Health care are stationing a 'remote Intensive Care Unit' in Sydney, Australia, paving the way for similar arrangements for the outback and remote areas.
The team will be based at Macquarie University's health sciences centre and hospital MQ Health where they'll monitor things like a patient's heart rate, while on-the-ground staff can contact them in patient's rooms to ask questions.
-----
  • Updated Sep 27 2016 at 10:26 AM

How Apple plans to profit from HealthKit data as it taps $10 trillion sector

by Alex Webb
So far Apple's HealthKit has mostly collected fitness data from its devices.
In the future, if the company gets its way, the software will interpret that information, turning it into advice for users, doctors and others.
Scores of health-care experts hired by Apple in recent years are building improved electronic health record software that can better analyse and understand the implications of patient data, according to people familiar with the team's plans.
The iPhone maker is also working on new apps for the Apple Watch. One helps users track sleep patterns, one of the people said. Another app gauges fitness levels by measuring the time taken for the heart rate to fall from its peak to resting level, according to one of the other people.
-----

Seamless Clinical eAudit participation from within MedicalDirector Clinical

MedicalDirector together with our newest partner, mdBriefCase Australia, are pleased to bring General Practitioners (GPs) the new seamless solution that will facilitate their continued professional development from within their software via the sidebar.
This new widget has been built within the consult workflow and offers 6 eAudits, each accredited for 40 Category 1 points, covering Anticoagulation, Asthma, Back Pain, Diabetes, Hypertension and Osteoarthritis , all conveniently available via the MedicalDirector Sidebar. With the end of the 2014-2016 Triennium drawing near, GPs must earn a total of 130 Category 1 points before 31st December 2016.
With a few simple clicks, GPs can now simply search and select patients that meet the audit criteria and enrol them into the appropriate audit programs. Each audit program can take approximately 4-6 weeks to complete with a minimum of 10 patients required for each audit. “The accredited audit programs have been designed specifically for GPs and have been reviewed by key leaders in their respective fields. By accessing the audit programs through the widget, GPs are provided with the opportunity to keep informed about the latest developments in patient care and directly apply their learnings to practice”, said Suzanne Coutinho, Managing Director of mdBriefCase Australia.
-----

Medical Channel immediately profitable after AU$25m raise and acquisition of rival firm

Australian point of care digital media company Medical Channel has announced it has raised AU$25 million and acquired rival digital signage company Community Network.
By Tas Bindi | September 27, 2016 -- 06:45 GMT (16:45 AEST) | Topic: Start-Ups
Medical Channel, a point of care digital media company, announced on Tuesday that it has raised AU$25 million in an investment round led by Sandbar Investments and Wingate Group. The company has used the funds to acquire rival digital signage firm Community Network, following its acquisition of another rival firm Medical Media in February this year.
Founded by Garry Fahey in 2012, Medical Channel provides healthcare practices with digital screens with an integrated media engine, which displays highly-targeted advertisements as patients wait to see their general practitioner (GP).
The company's content, which is created in-house on behalf of advertisers, reaches an audience of 6.25 million viewers per month in more than 3,200 healthcare practices, with an average dwell time of 30 minutes.
-----
  • Updated Sep 26 2016 at 11:45 PM

Big name investors hand ad startup Medical Channel $25m to buy rival

Medical Channel chief executive Nazar Musa. The company has just closed a major capital raising of $25 million. Sarah Keayes
High-profile investors including Darren Smorgon, the Wingate Group and Tony Faure have poured $25 million into a startup that pumps digital advertising into doctors' waiting rooms, as it looks to corner the market by acquiring its biggest rival.
The big name backers have invested in digital advertising company Medical Channel, as it sets out to buy out The Community Network. 
Medical Channel was founded only in 2012, but has quickly grown to be the market leader in the space, after buying up so-called advertising "real estate" in general practices, before pursuing advertisers.
In February this year it also bought Medical Media, a similar business which provides television advertising in doctor staff rooms targeting health professionals, rather than patients.
-----

NBN Co marks one year of FttN rollout with 745,000 premises connected

Just a few hours after releasing its Broadband Index showing the latest stats and figures on how well it is doing with the rollout of the national broadband network, NBN Co has reported that nearly three quarters of a million Australian premises can now sign up for an Fibre-to-the Node (FttN) service one year after it commercially launched FttN services.
Following release of its Broadband Index, as reported by iTWire, and keen to keep up a barrage of positive news about the NBN rollout in the face of, at times, criticism of its performance and questioning of the mix of technology underpinning the network, NBN Co said on Tuesday that around a quarter of a million premises are also now activated via FTTN.
And, according to NBN Co, if you include the figures from its Fibre-to-the-Building (FttB) deployment, then it has a total of 854,000 premises ready for service across FttN and FttB combined.
-----
Enjoy!
David.

Sunday, October 02, 2016

Labor Day Holiday Rest! Need A Day Off!

Dear Readers,

On the basis no-one tends to read on public holidays I plan a little rest.

Back later in the week!

David.

AusHealthIT Poll Number 338 – Results – 2nd October, 2016.



Here are the results of the poll.

Do Clinicians Spend Too Much Time Using Their Computers Rather That Communicating With Their Patients?

Yes 63% (76)

No 17% (20)

I Have No Idea 20% (24)

Total votes: 120

Most readers think clinicians can do better engaging with patients when using a computer! The 'I don’t know' vote was rather high….

A great turnout of votes.

Again, many, many thanks to all those that voted!

David.