Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, October 12, 2011

Draft Submission on the Proposed PCEHR Legislation - Due October 28, 2011


Here is what I have in mind - happy to take comments and thanks for all those on yesterday’s post.
-----

Submission to the Commonwealth Department of Health and Ageing.

Topic: Exposure Draft PCEHR Bill

Date October, 2011
Submissions Due: 28 October, 2011
Address for submissions:
E-mail
Postal Mail
PCEHR Legislation Issues Feedback
Department of Health and Ageing
GPO Box 9848
Canberra, ACT 2606
Submission Author:
Dr David G More BSc, MB, BS, PhD, FANZCA, FCICM, FACHI.
Author’s Background. I am experienced specialist clinician who has been working in the field of e-Health for over 20 years. I have undertaken major consulting and advisory work for many private and public sector organisations including both DoHA and NEHTA.
Previous Submissions
I previously provided a Submission on the PCEHR proposal to NHHRC in May, 2009 and the views expressed in that submission remain my position despite the work undertaken by DoHA and NEHTA since.
This submission is available here:
A later submission on the Draft Concept of Operations for the PCEHR from May2011 is found here:
Consent for Publication.
I am more than happy for this submission to be made available for public review on the Department of Health and Ageing website.

Submission

As a non-lawyer I am unable to comment on the drafting of the planned Bills but am basing my comments on the Companion to the Exposure Draft Bill - as I am sure this document accurately reflects both the intention and the drafting of the proposed Bill(s).
It is my view that the intent reflected in the Companion document is deeply flawed and will result in failure of the PCEHR System to deliver the outcomes sought by the Government.
In my view there are two major errors of omission and two major errors of commission contained in the present proposals.
Error of Omission Number 1. - The Lack of an Agreed, Consulted and Legislated Framework for the Governance of the PCEHR.
On Page 13 of the Companion: (as reported by Adobe Reader)
"It is intended that the Secretary will fill the role of System Operator initially. Further discussions will be held with the states and territories around possible future options for the long-term governance of national e-health such as an inter-jurisdictional body."
This is a disastrous flaw and will guarantee there is simply no one will trust the system. Having a system holding your private health information which is not at arm’s length to Government and to political interference is vital.
I believe the best way this can be achieved is via an independent Statutory Authority which is responsible to parliament for its activities, reports regularly, is subject to review by Parliament and Senate Estimates, has a formal recurring budget allocation and a properly constituted and accountable board.
Unless this is planned, discussed, legislated and delivered the Government is simply setting itself up for a lack of public confidence and failure.
Error of Omission Number 2. The Failure to Provide a Legislated and Obligatory Breach Reporting Regime.
On page 29 of the Companion to the Exposure Draft we read:
“Certain participants in the PCEHR system must notify certain matters such as data breaches or risk of being in contravention of the Draft Bill with potential civil penalties to apply to those contraventions.
Entities such as the System Operator, a registered repository or registered portal provider have obligations to report matters to the System Operator, or in certain circumstances both the System Operator and the Information Commissioner.
In addition to the notification, the entity must do the followings things:
  • contain the contravention and undertake a preliminary analysis;
  • evaluate the associated risks;
  • if the entity is the System Operator – consider notifying the affected consumers;
  • if the entity is not the System Operator – ask the System Operator to consider notifying the affected consumers.
In addition, the entity must take steps to prevent or mitigate the effects of further contraventions, events or circumstances in relation to the unauthorised collection, use or disclosure of health information included in a person’s PCEHR.
A further civil penalty provision in the Draft Bill provides that a registered repository operator or a registered portal operator must not contravene the PCEHR Rules that apply to that operator or portal.”
Can I suggest this is just not good enough. The legislation should make it clear that the release or breach of any personally identifiable information should be notified to the individual concerned and additionally any breach that involves more than 100 individuals should be notified to the public with an analysis of what caused the breach.
Of course notification is just bolting the door after the horse has gone and clearly the legislation should also make it clear, as it does to some extent, that to prevent breaches in the first place is required and to not take reasonable preventative steps is also an offence.
Proof of the benefit of this approach is that in the US there is compulsion to notify significant breaches and, of course, this is the reason we know how it bad it is over there and why we need the same approach here.
Error of Commission Number 1. A blatant attempt to transfer responsibility for identification of users of the PCEHR from the Government provided security systems to the practitioner or other entity who is accessing the PCEHR.
Page 33 of the Companion: (As reported by Adobe Reader)
“Registered healthcare provider organisations must ensure that individuals accessing PCEHRs on their behalf (i.e. authorised users) provide, at the time of access, sufficient information to identify the individual accessing the PCEHR. This requirement is essential to ensuring a comprehensive audit trail is maintained of access to consumers’ PCEHRs.”
What does this actually mean and how will it work? It seems to it mean the provider organisation needs to retain an audit trail of which user who logged on to what system using the organisational certificate. Note this appears to transfer an obligation to do so from the PCEHR Operator and the PCEHR system back to the healthcare provider organisation.
It is also clear that the approach to providing a user specific audit trail from provider to the PCEHR system is still pretty much a work in progress (in the absence of NASH actually being defined and implemented) - and that the assurances given by NEHTA and the Minister that full audit trails of user access will not be available when the System commences - and for a good while thereafter if special legislative cover is required.
No provided is going to expose themselves to the substantial penalties proposed for no benefit. This approach will ensure just zero practitioner participation once they are advised of the risks by their indemnity insurers.
Error of Commission Number 2. Removal of Both The Commonwealth and All Jurisdiction from Any Accountability and Liability for Harm and Damage Caused by The PCEHR System.
Page 8 of the Companion: (As reported by Adobe Reader)
“Binding of the Crown
The Draft Bill applies to the Commonwealth, states and territories and section 7 of the Draft Bill provides that all jurisdictions will be subject to this law.
While each jurisdiction will be legally bound by the arrangements set out in the Draft Bill, the Crown in right of the Commonwealth, states and territories will not be subject to prosecution and will not be liable for pecuniary penalties.”
So it seems no Government can be sued or prosecuted for any harm or damage resulting from this Legislation and its implementation.
This section clearly does not correctly balance the interests of citizens and government.
There are a number of other minor points where I feel the planned Legislation is in error but correcting the issues cited above would clearly take enormous strides towards some satisfactory and implementable outcomes.
David G More
Date 11.10.2011.
-----
Comments and Suggestions Please!
David.

Tuesday, October 11, 2011

Draft Article on Australian E-Health in 2012 - For Comment.

I am developing a new article to appear very late in the year. Here is a draft. Comments welcome!

We Are Almost Into A New Year. Time For An E-Health Progress Check.

By the time you are reading this the Festive Season will be well and truly underway and we will be able to consider what we might hope for in the New Year in E-Health.
Unquestionably the major item on the agenda for next year is the commencement of the Personally Controlled Electronic Health Record (PCEHR) which is planned to commence on July 1, 2012.
Before focussing on the PCEHR is it important to point out there is other work going on in the E-Health domain with both WA and Qld moving on finalising procurement of new systems (as of writing in mid-October, 2011) and the other States continuing with implementation of their hospital system infrastructure. The National E-Health Transition Authority (NEHTA) is also pushing on with their agenda and we can only hope in 2012 some value for patients and clinicians finally emerges for all the funds invested.
Additionally it is also worth noting both the new Commonwealth Telehealth Initiative and a range of private sector projects will be making some progress towards their objectives.
Moving to the PCEHR - which is clearly the elephant in room - I thought that there are two questions that are worthwhile considering.
The first is what needs to go right for the PCEHR System to be considered a practical and political success? Here is my list of what is needed.
1. Consumers - especially those with chronic illnesses and other reasons - need to register for and use the system in reasonable numbers. This will require that patients are confident their private health information will be safe from abuse and disclosure. It will be vital that public trust in the system is well managed, especially in the initial start-up phase.
2. Clinicians need to choose to undertake the work of preparing and transmitting the proposed health summaries to the PCEHR System and also decide to refer to the system when wishing to find out more about patients they are seeing.
3. GP and specialist software providers need to undertake the work necessary to integrate access to the PCEHR seamlessly into their practice systems.
4. Hospitals and service providers (pathology and radiology etc.) need to choose to make their information accessible to the PCEHR system or operate their own compliant information repositories.
5. The two key infrastructure programs (the Health Identifier Service and the National Authentication Service for Health (NASH)) need to be available and properly integrated into all the clinical workflows that need them.
6. The enabling legislation for the PCEHR System needs to get through the Commonwealth Parliament in a workable form including a robust governance framework and well considered security.
7. The technical aspects of the PCEHR System need to be properly delivered and the performance and reliability of the system needs to be satisfactory.
8. There needs to be a guarantee of continuing funding and support for the PCEHR System into the future. As of now the funding runs out on the day the system is planned to go live and there needs to be some clear announcement of future funding and support in the reasonably near future.
9. The risk of the entire project being simply scrapped by an incoming Coalition government before the system has had time to prove itself is not realised needs to be considered and planned for. I would be surprised if any serious evaluation of the Program could be done by the time of the next Federal Election so the project is at some risk until the outcome of that is resolved.
10. There need to be no major or publicly damaging breaches of sensitive personal information - especially in the first year or two.
11. It needs to have becomes clear to the public and profession that the PCEHR System is both useful and valuable and is making a positive difference to the care being provided to patients.
12. There need to be working secure and reliable clinical information communications in place between all the relevant parties in the health System.
13. The Standards required for the system to be implemented need to be decided and available for live implementation.
Right now it would be difficult to not form a view that the whole program carries very substantial risk and that it might have been quite sensible to proceed rather more slowly and in an initially geographically confined area until the concept, utility of the approach and rate of user adoption is better understood.
The second is to address is the issue of just what is meant by real success?
This question is pretty easy to answer. Health Minister Roxon has said many times ““Electronic health records have the potential to save lives, time and money and make the health system more efficient.” A recent example of her view on this can be found here:
Without being too cynical I fear the ‘practical and political’ success and ‘real’ success may not be as closely related as we might like!
It seems to me, therefore, the real criteria are the ones on which we should judge the PCEHR initiative, i.e. making a real and tangible difference. I hope that the consulting evaluation partner hired by DoHA have a plan to get back to us all in year or two after the system is implemented to confirm that indeed this is the case! I won’t hold my breath given the number of times I have seen such evaluations not quite see the light of day. I hope I am wrong in this case.
From an E-Health perspective it is clear that 2012 will be a very interesting year one way or another!
-----
Thanks for any suggestions!
David.

Monday, October 10, 2011

Weekly Australian Health IT Links – 10th October, 2011.

Here are a few I have come across this week.
Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

By far the best thing this week was to see the representatives of the medicines shopkeepers union bale out of their absurd plan to sell unproven side-effect modifying medicines to unsuspecting customers based on recommendations provided by their dispensing systems. No matter that most people won’t get the side-effect - let’s just increase our turnover and profit.
Other than this good news we have seen Minister Roxon coming out spruiking the PCEHR with at least some claims that might just be a bit wide of the mark - especially those on just how secure the planned system will be.
Of course I should mark the passing of Steve Jobs. He was clearly an important innovator and a provider of intuitively usable technologies. For this alone e-Health is probably in his debt.
Last I was again reminded that whenever you assign people a number you expose them to some risks. In this case it seems the Tax File Number system has not been as free of abuse as might be wished. The lesson of avoiding letting documents with your Tax File Number - and indeed, if you have one, your CHESS Shareholder Identity Number - go into the bin where they can be retrieved needs to be repeated often! Major risks can be avoided with a little care.
(A good trick is to have a permanent black ink marker and just write over the sensitive numbers before placing in the re-cycling!)
Note: Tomorrow I am going to start work on a submission on the planned PCEHR legislation. Any views via comments or e-mail are welcome.
-----

Experts fear e-health privacy breach

  • by: Adam Cresswell, Health editor
  • From: The Australian
  • October 04, 2011 12:00AM
COMPUTER experts have expressed alarm over draft laws on how the federal government's $470 million electronic health records system will work, saying the technology to guarantee security does not exist, yet healthcare organisations will face stiff penalties for privacy breaches.
The draft legislation, released for public comment by federal Health Minister Nicola Roxon on Friday, shows hospitals, GP surgeries and other organisations will be responsible for ensuring the system can identify which individual staff members are accessing records at any given time.
The government has promised this capability, known as an audit trail, will be a key part of the system of personally controlled electronic health records (PCEHR), saying it will help deter unauthorised snooping by ensuring anyone who accesses medical files without a patient's permission can be quickly and easily identified.
-----

Patient safety boost with e-health

Australia’s proposed new e-health system will improve security of medical records, rather than increase privacy concerns, the Federal Government believes.
In an article in today’s Australian Financial Review, Nicola Roxon, the Minister for Health and Ageing, said arguments that electronic records would lead to decreased safety were incorrect. 
“Electronic health records have the potential to save lives, time and money and make the health system much more efficient,” she said. “They can also make medical information much more secure and private.”
-----

Roxon defends electronic health records system

Posted October 04, 2011 23:34:02
Federal Health Minister Nicola Roxon has dismissed criticism from privacy groups about the Government's proposed electronic health records system.
The Australian Privacy Foundation and other computer experts say the Government's draft legislation does not provide sufficient privacy guarantees, will be difficult to implement, and that the system will be unusable.
Ms Roxon says the new system is well developed and will be a great improvement on the current situation.
-----

Roxon swipes at privacy advocates

  • by: By Karen Dearne
  • From: Australian IT
  • October 07, 2011 6:46PM
HEALTH Minister Nicola Roxon has been out spruiking her $500 million national e-health record system this week, along the way taking an unwarranted swipe at volunteer health consumer and privacy advocates who try to consult with her department on such initiatives.
In Hobart, Ms Roxon told ABC Radio that the Australian Privacy Foundation was refusing to get onboard with government plans to create a centralised database containing everyone’s medical information and then offer access to some 800,000 healthcare providers and staff members nationwide.
“We’re actually improving on the current system,” she said. “There are very few protections in place for paper records held in big institutions like hospitals, in general practices, in pathology labs.
-----

Govt agencies escape e-health penalties

  • by: Karen Dearne
  • From: Australian IT
  • October 06, 2011 6:09AM
LEGAL liability for medical record data breaches will fall on private-sector healthcare providers, while federal and state agencies will escape prosecution and large penalties to be imposed under proposed draft legislation for the personally controlled e-health record system.
General practitioners, private hospitals, medical centres, pathology labs and diagnostic imaging centres will all be expected to access patient files held in the $500 million PCEHR system when it commences next July, but they will bear the full brunt of fines up to $66,000 for each "inappropriate access" by a doctor or other employee.

Meanwhile, public hospitals and state-based facilities will have Crown immunity from prosecution over data breach offences.
-----

Illegal e-records access to draw fines

4-Oct-2011
Doctors and other health workers risk massive fines if they illegally access soon-to-be created e-health records, under proposed Federal Government legislation.
Federal Health Minister Nicola Roxon outlined the draft laws, which show there would be fines of $13,200 for individuals and $66,000 for companies which unnecessarily accessed the e-health record of any patient.
“Electronic health records have the potential to save lives, time and money and make the health system more efficient,” Ms Roxon said in a statement.
-----

Federal Govt sheds light on next round of e-health record funding

The Department of Health and Ageing has revealed what it do with the third tranche of PCEHR funding
The Federal Department of Health has revealed detailed plans for the third round of funding to be allocated to the National e-Health Transition Authority (NEHTA) next month for the Personally Controlled Electronic Health Record (PCEHR).
A spokesperson for the Department of Health and Ageing (DoHA) told Computerworld Australia that negotiations around the funding were expected to be completed shortly as the scope of NEHTA’s activities for the rest of the initiative were finalised, but could not yet disclose the figure.
According to the spokesperson, the next round of funding will support the management of delivery partners to complete the build of the system, to implement strategies to for change and take-up of the PCEHR, and to support the e-health sites in implementing and testing aspects of e-health record.
-----

NEHTA proposes e-health standards stopgap

'Tiger teams' look to November deadline

The Federal Government's lead e-health transition body has proposed a new standards strategy that would speed up development of specifications underpinning the personally controlled electronic health record (PCEHR).
It would replace the current, seven-stage standards development process undertaken with Standards Australia, with a view to establishing specifications by the end of November.
In a standards and specifications document released Friday, the National eHealth Transition Authority (NEHTA) said the current development process was comprehensive but slow and resulted in "considerable re-work and re-education being performed during the Working Draft Stage".

Collaboration leader VisiInc plans push into e-health

PERTH-BASED collaboration leader VisiInc plans to push into the e-health market with its $US16 million ($16.63m) purchase of US multimedia conferencing platform vendor VIA3.
VisiInc will add VIA3's advanced collaboration software -- featuring secure 3D file-sharing together with secure video and audio services -- to its Vistime communications suite.
Jacques Blandin, founder and chief executive of VisiInc, said the acquisition was timely because the platform addressed key concerns about e-health security.
"We aim to be a major player in the local e-health arena," he said. "We have some of the smartest technology."
-----

VisiInc PLC National Research reveals Australians Embrace E-health Personal Health Records

Perth, Western Australia, October 04, 2011 - VisiInc PLC (VZJ) (www.deutsche-boerse.com) have released a National Australian survey showing public confidence in security will boost E-health uptake, just days after VisiInc announced their acquisition of VIA3.
The USD$16 million scrip deal to acquire USA company VIA3 will deliver a powerful combined technology of 3D real time collaboration, voice and video conferencing, an ultra-secure platform and marks a major push into Australian E-health market. The acquisition is timely with a national Australian opinion survey revealing that the uptake of E-health could be considerably higher if security issues are addressed.
-----

Service streamlines medical data access

Australian medical software company Zedmed has signed insurance provider MLC as the second customer for its medical record exchange service. The MRE service allows authorised insurance agents to access and search medical information required to process claims or provide health insurance premium quotes.
Zedmed, owned by the Medical One Group which runs 11 doctors’ clinics, developed MRE just over two years ago and has previously signed up MetLife for the service. A further two insurance companies are also running pilots.
Martin Hoel, Zedmed client services manager, acknowledged that when the system was first launched “the market was not quite ready.”
-----

Oracle fleshes out PCEHR software deal

By Suzanne Tindal, ZDNet.com.au on October 3rd, 2011
Oracle has today detailed what systems it will use to support Accenture in the development of the backbone for the government's planned personally controlled e-health records (PCEHR) system.
-----

Medical association concerned over PCEHR draft legislation

According to the industry body, the proposal fails to address the issue of availability of critical information for practitioners
The Australian Medical Association (AMA) has raised concerns that the federal government’s released draft of legislation for the Personally Controlled Electronic Health Record (PCEHR) still fails to address the availability of critical information for practitioners.
AMA federal vice president, Steve Hambleton, told Computerworld Australia the government’s nominated healthcare providers, which includes medical practitioners, nurses, aboriginal health practitioners and others, remained a concern for the system’s success.
“We’d prefer to start with medical practitioners to get used to the system and get it up and running and then widen it after that if it seems suitable,” Hambleton said.
-----

GPs get prepared for e-health records

The Royal Australian College of General Practitioners has launched revised information security standards and a workbook to ensure GPs are meeting the minimum requirements
The Royal Australian College of General Practitioners (RACGP) has launched revised information security standards and a workbook in order to prepare GPs for the Federal Government’s Personally Controlled Electronic Health Record (PCEHR).
RACGP National Standing Committee e-health chair, Dr John Bennett, told Computerworld Australia the revised standards are more comprehensive than the previous Computer Security Guidelines and have been broken into two components, one for information and the other as the workbook.
“The idea with the workbook is to make it easier for a practice to be able to use the information or recommendations contained in the standards and then to make it aligned to their practice,” Bennett said.
-----

RACGP launches e-health security guide

Issues IT security standards to general practitioners.

The Royal Australian College of General Practitioners (RACGP) has launched a new IT security standards guide to help its members keep practice and patient information secure.
The 43-page self-assessment guide (pdf) is the third edition of a document that was last published in 2005.
It contains a check list covering ten categories of IT security. These include appointing a computer security coordinator, documenting the role and training the person in question.
Security policies and procedures should be documented, the guide advises.
-----

Harbinger of security warns national e-health system

THE vulnerability of Australia’s planned national e-health system to cyber attacks is not being taken seriously enough, according to a WA security academic.
The weakest points of this system are the individual healthcare providers, particularly the small primary care and specialist organisations which make up more than half the connections in the national e-health system.
ECU secau Security Research Centre senior lecturer Trish Williams says the initiative has multiple points of vulnerability that are unlikely to be fully realised until the system goes live.
The $466.7 million plan will digitise and integrate Australia’s patient record databases to allow much greater sharing of patient information, such as allergies, test results and medications, than the current “safe but not particularly useful” paper system.
Dr Williams says the integration of such a big and complex system is far more susceptible to attack than a decentralised paper one because of the communication between diverse healthcare providers, unlike banks where information is securely stored in one domain.
“The integration of individual systems creates greater system susceptibilities,” she says.
-----

College unveils standards for telehealth and e-security

7th Oct 2011 Mark O’Brien
NEW standards for video consultations and information security have been released by the RACGP, giving GPs a framework to apply to the Medicare telehealth item numbers launched in July.
The college launched its new Standards for Video Consultations and Computer and Information Security Standards yesterday at the GP11 conference in Hobart.
In the absence of standards to abide by since the launch of the MBS items for telehealth, GPs had been advised by Medicare to simply ensure they were confident their method of delivering the service was capable of providing secure, reliable and private consultations.
-----

Telehealth software for remote cochlear implant maintenance

THE EAR Science Institute of Australia is building software for remote mapping and analysis of cochlear implants.
The software will allow patients to plug their implants into their computer and have them tested by audiologists in real time. This will allow full use of telehealth software, and reduce the need for patients (especially those in remote areas) to visit ear centres for their implant maintenance.
-----

Human Services taps new CIO

  • by: Fran Foo
  • From: Australian IT
  • October 06, 2011 6:00PM
THE Department of Human Services has tapped the services of former ANZ Bank Australia chief information officer Gary Sterrenberg as its new tech chief.
The department confirmed to The Australian that Mr Sterrenberg will start on October 24.
He will fill the slot left vacant by retired CIO and Infrastructure head John Wadeson.
Mr Wadeson has been a key player in the integration of Centrelink, Medicare and Child Support IT systems under a new look DHS as part of Labor's service delivery reform agenda.
Mr Sterrenberg joined ANZ in 2006 and worked in various roles, including head of IT and business partnerships, Retail.
-----

Human Services appoints former ANZ CIO

The department appointed Gary Sterrenberg after the retirement of former CIO, John Wadeson
The Department of Human Services (DHS) has appointed a former ANZ Australia CIO, Gary Sterrenberg, after a four month search.
Sterrenberg will succeed retiring CIO, John Wadeson, who exited the role in September after five years with the department. Sterrenberg will commence the role on 24 October.
A DHS spokesperson said that Sterrenberg's history in the banking industry would be an asset as it involved significant work with numerous complex systems and was a customer-focused organisation.
-----

GPs and pharmacists united on evidence-based medicines

Monday, 3 October, 2011 - 14:14
GPs and pharmacists agree that the good of the patient and evidence-based medicine should form the basis of all health care advice provided.
The Royal New Zealand College of GPs, the Pharmacy Guild of New Zealand, Pharmaceutical Society and General Practice New Zealand have agreed that a commercial initiative being employed in Australia to companion sell supplements with prescriptions would not be appropriate in New Zealand.
Blackmores has struck a deal with the Pharmacy Guild of Australia, representing the owners of community pharmacies. Under the agreement, when a prescription is filled, a prompt in the pharmacy's computer will suggest staff discuss with the customer a Blackmores supplement designed to offset possible side effects of the drug being prescribed.
-----

Pharmacists call for Blackmores deal scrapping

4th Oct 2011 Mark O’Brien
PHARMACISTS have appealed to the Pharmacy Guild of Australia to scrap a deal with Blackmores involving computer prompts to ‘companion sell’ nutritional supplements together with certain prescription medications.
Pharmacist Coalition for Health Reform spokesperson Chris Walton said pharmacists had rejected the deal and it was now time for the Pharmacy Guild to scrap the plan.
“A Pharmacist Coalition poll of over 460 people has shown that 94% of community members, including pharmacists and pharmacists-in-training, disagree with the Blackmores deal and believe it undermines the professionalism of pharmacists,” he said.
-----

Pharmacy Guild deal with Blackmores ends in tears

, by Melissa Sweet
Some extremely interesting conversations must have been occurring behind closed doors in pharmacy-land, in the wake of the disastrous deal between the Pharmacy Guild and Blackmores.
According to a Guild statement reproduced in full below, the deal – for pharmacists’ computer systems to prompt them to discuss Blackmores products with patients picking up a prescription for certain medications – will not go ahead in response “to the strong level of public concern”.
-----

Brain implants tested in monkeys may help paralysed people

  • From: AFP
  • October 06, 2011 9:37AM
MONKEYS implanted with brain electrodes were able to see and move a virtual object and sense the texture of what they saw, a step forward in the quest to help the severely paralysed touch the outside world once more.
"Someday in the near future, quadriplegic patients will take advantage of this technology," said lead investigator Miguel Nicolelis, a professor of neurobiology at Duke University in North Carolina.
They will seek "not only to move their arms and hands and to walk again, but also to sense the texture of objects placed in their hands, or experience the nuances of the terrain on which they stroll with the help of a wearable robotic exoskeleton."
-----

Vic healthcare to receive $15m tech boost

By Michael Lee, ZDNet.com.au on October 4th, 2011
Victoria's healthcare system is set to benefit from technology with the launch of a $15 million Health Market Validation Program today, which will encourage the growth of small- to medium-sized businesses (SMBs) by providing grants for healthcare-related technology projects.
Victorian Minister for Technology Gordon Rich-Phillips said that the three-stage program would result in better health outcomes, improved healthcare service delivery and economic benefits in Victoria.
The first stage of the program will identify requirements for healthcare, with health-focused public sector agencies specifying their needs, and the expected benefits in a Technology Requirement Specification (TRS).
In the second stage of the program, SMBs will be invited to submit proposals on how they can deliver on a TRS specified in the first stage.
-----

Cerebral Palsy Alliance streamlines with new CMS

Weighed down with multiple websites and hundreds of forms and policies, the organisation now has one system to support and maintain
Juggling numerous websites and 600 different forms and adhering to almost 200 stringent policies was taking a toll on staff at the Cerebral Palsy Alliance (CPA) and their ability to provide services to clients.
The organisation, headquartered in Sydney, provides services to about 4000 people; the majority of these services occur over the internet. CPA also conducts research into cerebral palsy, a condition that affects human movement.
CPA manager of communication design services, Robyn Cummins, said the organisation’s websites were becoming unmanageable for staff with the team working harder to maintain the sites and leaving no time for anything else.
-----

Tax number is a fraudster's friend

Alexandra Smith
October 3, 2011
STOLEN tax file numbers have been used to lodge as many as 5000 fraudulent tax refunds worth $27 million in just three months, as identity criminals increasingly attempt to defraud government departments.
Since July, the Australian Taxation Office has reviewed about 68,000 claims, with refunds worth more than $285 million.
At least 5000 of those claims are suspected cases of identity crime, including stolen tax file numbers, the Tax Office confirmed.
-----

Dumped computers exploited in overseas fraud

Natalie O'Brien
October 2, 2011
CRIMINAL networks are feeding off Australians' lust for new technology by skimming data from computers dumped in Africa and Asia - and using it for blackmail, fraud and identity theft.
They will pay as much as $200 on the black market for discarded computer hard drives, which they mine for bank details, credit card numbers and account passwords.
These hard drives are among the mountains of electronic waste earmarked for recycling here. Instead, they are illegally shipped to developing countries by operators seeking bigger profits.
-----
Enjoy!
David.

AusHealthIT Poll Number 91 – Results – 10th October, 2011.

The question was:
Assuming a Secure and Properly Private and Governed PCEHR What Consent Model Should Be Adopted?
Opt-In
- 19 (39%)
Opt-Out
  28 (59%)
I Have No View
- 1 (2%)
Votes 48
A pretty clear  vote. I have to say I am a little surprised that the Opt-Out vote was as high as it was - on a reasonable number participating.
Again, many thanks to those that voted!
David.

Sunday, October 09, 2011

Has Anyone Else Noticed This Wonderful (?Horrifying) Irony? This is Descending Into Farce!

During the last week we have had the Royal Australian College of General Practitioners (RACGP) announce a new series of security standards for GPs

GPs get prepared for e-health records

The Royal Australian College of General Practitioners has launched revised information security standards and a workbook to ensure GPs are meeting the minimum requirements
The Royal Australian College of General Practitioners (RACGP) has launched revised information security standards and a workbook in order to prepare GPs for the Federal Government’s Personally Controlled Electronic Health Record (PCEHR).
RACGP National Standing Committee e-health chair, Dr John Bennett, told Computerworld Australia the revised standards are more comprehensive than the previous Computer Security Guidelines and have been broken into two components, one for information and the other as the workbook.
“The idea with the workbook is to make it easier for a practice to be able to use the information or recommendations contained in the standards and then to make it aligned to their practice,” Bennett said.
Bennett said it will enable a practice that lacks internal skills or structure to do things such as name a person or persons responsible for the supervision of their information security. It will also allow them to then identify the need to outsource to the right people to do it on their behalf.
“There’s been an increase on the requirements that practices might want to undertake, although it’s fair to say that can be based on their capacity to do so, but for certain things is should be essential,” he said. “GPs should really be running a firewall of some sort in between their system and the outside but it’s amazing how some practices still don’t do that.
“It’s also a response to the federal government’s requirements around the PCEHR; the college knew this was coming and that it will place a greater responsibility upon general practices and get them prepared for the PCEHR.”
He said that GPs will no longer be protecting just their information but also information that could potentially be entered by other parties including the patient.
The revised standards have been in progress for about a year, Bennett said, with the college enlisting the help Edith Cowan University’s Trish Williams who specialises in the security of healthcare systems.
More here:
There is another report here:

RACGP launches e-health security guide

Juha Saarinen

Issues IT security standards to general practitioners.

The Royal Australian College of General Practitioners (RACGP) has launched a new IT security standards guide to help its members keep practice and patient information secure.
The 43-page self-assessment guide (pdf) is the third edition of a document that was last published in 2005.
It contains a check list covering ten categories of IT security. These include appointing a computer security coordinator, documenting the role and training the person in question.
Security policies and procedures should be documented, the guide advises.
More here:
Rather surprising is this from the RACGP web-site - until you read the media release.

Computer and information security standards (CISS)

The RACGP Computer and information security standards (CISS) is a guide to gain an understanding of requirements for computer and information security implementation in general practice.
The CISS is a major revision of the Computer security guidelines: a self assessment guide and checklist for general practice (3rd edition) and has been developed with significant input from the general practice profession.
The CISS covers:
  • governance processes
  • risks to information
  • effective planning
  • appropriate security measures.
The accompanying CISS Workbook is a tool to assist general practice in recording essential information needed to put in place effective computer and information security.
The CISS will be available as a PDF version by the end of October 2011. The CISS Workbook will be available as an MS Word manual with templates to use and adapt to your general practice.
---- End Page:
See here:
The media release - But NOT the standards were released a few days ago:
See here:
So what we have here is a pre-announcement of a document that presumably is already sorted - but for some reason needs to have its release pre-announced. What on earth is going on?
Then from the expert who advised the RACGP on all this we have:

Harbinger of security warns national e-health system

THE vulnerability of Australia’s planned national e-health system to cyber attacks is not being taken seriously enough, according to a WA security academic.
The weakest points of this system are the individual healthcare providers, particularly the small primary care and specialist organisations which make up more than half the connections in the national e-health system.
ECU secau Security Research Centre senior lecturer Trish Williams says the initiative has multiple points of vulnerability that are unlikely to be fully realised until the system goes live.
The $466.7 million plan will digitise and integrate Australia’s patient record databases to allow much greater sharing of patient information, such as allergies, test results and medications, than the current “safe but not particularly useful” paper system.
Dr Williams says the integration of such a big and complex system is far more susceptible to attack than a decentralised paper one because of the communication between diverse healthcare providers, unlike banks where information is securely stored in one domain.
“The integration of individual systems creates greater system susceptibilities,” she says.
The weakest points of this system are the individual healthcare providers, particularly the small primary care and specialist organisations which make up more than half the connections in the national e-health system.
“The mixture of private and public health providers and services results in less overall control. The responsibility for security is delegated to individual healthcare provider organisations,” Dr Williams says.
While big healthcare businesses have IT security staff, small providers do not have these resources and may face significant security challenges.
“These include a lack of time, a lack of funding, and a lack of understanding of the potential dangers and appropriate responses to these dangers,” she says.
Dr Williams says attacks on healthcare systems are increasing, pointing to research indicating 83 per cent of small organisations (with less than fifty staff) had an average of between 14–45 breaches and this rose to 92 per cent of large organisations in 2009.
More here:
So the expert advisor is saying that the PCEHR system will simply not be secure enough and we won’t know how bad it is until the system goes live!
Guess what? The management of overall system security is a core Governance issue for Government but has been filed in the ‘too-hard basket’ and won’t apparently be legislated before the system goes live.
To Ms Roxon who says we are all worrying unnecessarily can I suggest she listens carefully to her own paid experts.
I look forward to a release of the actual Guidelines! What a fiasco.
David.