Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Tuesday, November 17, 2015

Do You Find These Final Claims Of Success From NEHTA Fair, Reasonable and Spin Free?

I thought I would extract part of the NEHTA CEO Report from the 2014-15 Annual Report. (Page 4 and 5). It is worth reading to see just how much truth and how much ‘spin’ you note!

CEO Report:

In 1998, Australian health ministers established the National Health Information Advisory Council to deliver a national action plan for health information. Health ministers, including Federal Health Minister Abbott, proposed an entity be established that was wholly owned by Australian governments (Commonwealth, State and Territory) to develop the ‘building blocks’ for eHealth: identifiers, authentication and terminology.
The formation of the National E-Health Transition Authority (NEHTA) was endorsed by the Council of Australian Governments (COAG) in 2005 and NEHTA was funded to deliver the foundations for future eHealth systems.
Over the past ten years, NEHTA has delivered the eHealth foundations in accordance with its charter. This has made it possible to deliver a national eHealth record system to achieve the vision of the Australian health ministers 15 years ago.
NEHTAs purpose
NEHTA has a unique governance structure to fix a unique problem how to connect and join the many information and data silos in our complex health system.
The NEHTA work program has been guided by the 2008 National eHealth Strategy, the 2009 Intergovernmental Agreement and the 2012 Memorandum of Understanding signed by all Australian governments. These documents comprised the core of the national foundation work designing, building and operating the common identifiers, specifications and terminology to establish interoperability and connect healthcare providers and data sources.
The national foundations, the bedrock upon which a national eHealth system is built, have been delivered. The Healthcare Identifiers (HI) Service, National Authentication Service for Health (NASH), clinical document specifications and other national foundations are all operational.
NEHTAs achievements
NEHTA was set up to build the national infrastructure on behalf of the governments of Australia. Since delivering these components, NEHTA has turned its attention to increasing use of the infrastructure and embedding it in clinical practice. Usage of the national infrastructure exceeds anticipations for this point in the adoption curve:
  • The HI Service processed 13 million transactions in May 2015, compared to 6-7million per month 12 months ago. This represents 13 million requests from software in healthcare organisations for an identifier for a patient, healthcare provider or a healthcare organisation (over 500,000 transactions a day in peak times).
  •  National Terminology is now being embedded into clinical information systems. In Victorian hospitals we have already seen the Australian Medicines Terminology eliminate transcription errors and hand a 3% time efficiency gain to hospital pharmacists – 1.5 hours a week to spend on clinical work.
  •  SNOMED has increased coded allergy documentation from 10-60% at the Sanitarium Hospital in Sydney. It is also used in hospitals in WA, ACT, Tasmania.
  •  There are more than 350,000 products on the National Product Catalogue from 464 suppliers. Recallnet enables suppliers to share real-time product recall and withdrawal notifications with their trading partners and regulators in a secure and efficient manner; recall notifications which used to take several days now occur in under two hours.
  • NEHTA undertook the design and specification work for the national eHealth record system funded directly by the federal government. Since it’s launch in 2012, NEHTA has played a supporting role in its operation, based on specifications maintenance and development, clinical safety work, and software integration work.
  •  Secure Messaging Delivery (SMD) rollout has progressed, but more slowly than we would like. There are patches of good implementation: Tasmania has rolled out SMD to 80% of their GPs, and 88% of electronic discharge summaries are now being sent via SMD. Queensland Health are trialling an SMD solution that connects to the National Health Service Directory, also delivered as part of NEHTA’s work programme.
  • The NASH commenced operation in 2012 and has issued over 8,000 certificates to healthcare provider individuals and over 12,000 certificates to healthcare organisations. This enables certificate holders to meet a high standard of authentication to view medical information including records from the eHealth record system.
NEHTAs focus in 2015-16
NEHTA is now very good at what it does and we are continually being contacted from around the world by others asking for help. Other countries see us as being ahead of the curve, which is a testament to the decade of hard work and continued investment by the governments of Australia.
In our final 12 months of operation, NEHTA is focused on driving meaningful use of the national infrastructure. The highways have been built; now we need to get the cars to drive them.
Our work programme is heavily directed to projects with jurisdictions to embed the national infrastructure in their day-to-day activities, with software vendors to stimulate further uptake, and with the pathology and diagnostic imaging sector to make those records available. NEHTA is also working to ensure the significant intellectual property and knowledge built up over the past ten years of investment is handed over to the Australian Commission for eHealth (ACeH), such that the Commission is well placed to lead national eHealth into the next phase.
I would like to take this opportunity to thank the Board for its support and guidance, and to recognise that without the hard work and efforts of the NEHTA management team, staff and clinical advisors we wouldn’t have achieved what we set out to do.
----- End Extract
The links that are relevant are here:

NEHTA's Annual Report 2014-15 is now available

Created on Monday, 09 November 2015
NEHTA's Annual Report 2014-15 is now available and can be downloaded from NEHTA ANNUAL REPORT 14-15 PDF (2.76 MB).
The National E-Health Transition Authority was established in 2005 by the Council of Australian Governments (COAG) to identify and jointly develop the necessary foundations and services – the building blocks – for a national eHealth infrastructure: 'NEHTA's WORK 2005-15' PDF (424.56 kB)
NEHTA is continuing to work with stakeholders on the widespread adoption and use of eHealth across the healthcare community until the Australian Commission for eHealth commences operations in July 2016.
NEHTA's Annual and Financial Reports contain detailed information about its operations during the past financial year as well as an overview of its work programme.
NEHTA is jointly funded by the Australian Government and all State and Territory Governments.
Link here:
I am sure most readers would know what I think of many of the claims made - but let’s hear from readers. I look forward to your spin level rating - where all fact is rated 10 and all truth is 0!
David.

Monday, November 16, 2015

Weekly Australian Health IT Links – 16th November, 2015.

Here are a few I have come across the last week or so.
Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

What an amazing week with an incompetent Parliament passing laws to extend the PCEHR! Other stuff also included.
What a disaster for e-Health in Australia as the mindless ill-conceived juggernaut just rolls on!
-----

My Health Record to have increased penalties for misuse of information

12 Nov 2015
The Senate Community Affairs Legislation Committee has recommended that the Health Legislation Amendment (eHealth) Bill be passed, with proposed increased penalties for misuse of My Health Record information. The Bill proposes, among other things, to change the name of the PCEHR system to the My Health Record system and enable trials of opt-out participation.
The Senate Community Affairs Legislation Committee tabled its report on the Health Legislation Amendment (eHealth) Bill this week. The report noted the AMA argued against the introduction of increased civil penalties and new criminal penalties in relation to unauthorised use or disclosure of My Health Record information. However, the committee considered that these penalties are justified as deterrent measures to protect the privacy of system participants.
-----

Australia to bring citizens' health records online

Bill officially passes parliament.

By Allie Coyne
Nov 12 2015 5:19PM
The Australian government has been given the go-ahead to create a digital health record for every Australian by default pending the success of trials of the model, after the bill for opt-out records passed the parliament today.
The federal government introduced the e-health bill in September. It amends the existing personally controlled electronic health record (PCEHR) law to create a record for every Australian by default.
The change in approach was a response to slow take-up of the former Labor government's PCEHR scheme, which allowed individuals to opt-in to the digital health record.
The Health Legislation Amendment (eHealth) Bill 2015 today passed the Senate with no amendments, allowing the government to trial opt-out e-health records in two locations in Queensland and NSW, covering around one million individuals.
-----

Revamped Australian e-health system passes Parliament

The health records of Australians are set to go online by default, with the new system to be trialled first in northern Queensland and in the Blue Mountains.
By Chris Duckett | November 12, 2015 -- 04:15 GMT (15:15 AEDT) | Topic: Innovation
The medical records of all Australians are set to go online after legislation to revamp the e-health system and get more people using it cleared Parliament.
The new My Health Record system is to be trialled first in north Queensland and the NSW Blue Mountains region, and will be rolled out nationally if it proves a success.
Australians will need to opt-out of the system if they don't want an e-health record, as opposed to the current model, which started out as the Personally Controlled E-health Record System, which required patients to opt-in.
The Australian government's e-health record system was switched on in 2012, and was given a further AU$485 million in funding in the 2015-16 Budget in May.
-----

Inquiry backs legislation for 'opt-out' eHealth record

Privacy group call for opt-out to be dumped
A parliamentary inquiry has endorsed a government bill that will enable the national eHealth system to potentially be shifted to an 'opt-out' model.
Health minister Sussan Ley in September introduced the Health Legislation Amendment (eHealth) Bill 2015.
The bill implements recommendations from the 2013 review of the Personally Controlled Electronic Health Record (PCEHR), including renaming the record to 'My Health Record'.
The bill will allow the minister to apply opt-out participation to particular areas, which will enable trials of new approaches intended to boost participation in the system.
A report from the Senate's Community Affairs Legislation Committee was tabled yesterday in the upper house and recommends that the bill be passed.
----

Senators 'dangerously naive' on ehealth

26 minutes ago
AAP
A PARLIAMENTARY committee has been labelled "dangerously naive" after giving its tick of approval to electronic health records for all Australians.
A SENATE inquiry into government legislation says tough penalties will address any fears of sensitive medical details being accessed or used inappropriately.
-----

E-health opt-out records a 'huge invasion of privacy'

The Privacy Foundation has accused the Australian Senate of ignoring privacy concerns in making the e-health record system opt-out.
By Corinne Reichert | November 11, 2015 -- 07:53 GMT (18:53 AEDT) | Topic: Government : AU
The Australian Privacy Foundation has accused the Senate of being "dangerously naive" in thinking that opt-out e-health records could be secured against breaches of privacy.
Bernard Robertson-Dunn, a member of the Privacy Foundation who has also constructed IT systems for several government departments, said it is "patently absurd" for the Senate inquiry committee to think that Australian laws will do anything to deter criminals and cyber attacks from overseas.
The Senate had said it would institute penalties for privacy breaches in order to address concerns over the misuse of confidential medical information.
The Senate had ignored expert advice by changing the e-health records to be opt-out, according to the Privacy Foundation, with the likelihood of personal information being stolen and published in an attack similar to the Ashley Madison hack increasing with the more data that is stored.
-----

Oz e-health privacy: after a breach is too late

Privacy foundation slams 'dangerously naive' Senators

12 Nov 2015 at 02:56, Richard Chirgwin
Australia's peak privacy body has lambasted the country's Senate for being ignorant about the implications of the country's new e-health records.
What was once called the Personally Controlled Electronic Health Record (PCEHR), re-branded My Health Record this year to give it a smiley face, is the government's attempt to dragoon Australians into a national health database.
Looking behind the mask, however, the Australian Privacy Foundation reckons the e-health system looks more like it was designed for spooks and revenue-collectors than for doctors or patients.
Coming in for special criticism is the Senate committee recommendation (full report here) that My Health Record be changed from an opt-in system to an opt-out system. That decision seems designed to boost the chronically low take-up of a system that this year got a budget allocation of more than AU$450 million (its 15-year estimated cost from 2010 to 2025 is $3.6 billion).
-----

Computer says 'yes’ to CDM care plan for the nearly dead

Serkan Ozturk | 12 November, 2015 | 
Concern over use and abuse of care plan items has been a long-running and heated topic of discussion among GPs.  
This year, the Professional Services Review raised the issue of computer-generated templates — seen by most doctors as a way of dealing with the red tape headaches inherent in the Medicare system. 
A regular problem, according to the PSR, is that practice software automatically updates chronic disease management (CDM) care plans, by simply changing the date.
The computer is set to remind the practice to produce new MBS care plans as soon as the patient becomes eligible.  
But some of these templates are so automated that they verge on the ridiculous.
-----

GP researchers slam online CBT programs for depression

Serkan Ozturk | 12 November, 2015 | 
Online CBT programs have no benefit in depression because patients fail to engage with them, a major evaluation by GPs has found.
UK researchers have recommended against routine use of online CBT after their randomised controlled trial in 100 primary care practices found that programs such as the widely recommended MoodGYM conferred no benefit compared with usual GP care.
Almost one quarter of patients dropped out within four months of being offered the Australian-developed free program, or a commercial program called 'Beat the Blues', showed the research by the Department of Health Sciences at the University of York. 
In addition, only about one in six of the 378 participants completed all the assigned computerised CBT sessions.
-----

IT problems in general practice could be putting patient safety at risk

12 November 2015
Problems with information technology (IT) in general practice are creating risks for patient care, a study led by researchers at Macquarie University, Flinders University and the University of New South Wales has found. The TechWatch study, published in BMJ Quality and Safety, examined the effects of IT errors on patient safety in general practice
The researchers asked 87 General Practitioners (GPs) across Australia to report any IT incidents over a 19 month period between 2012-2013 that could lead to patient harm or near miss events, finding that IT issues were at fault for 90 reported incidents during this period. While some of the patient safety risks were carried over from historical paper records system, there were an array of additional disruptions in workflow and hazards for patients unique to IT.
“Our results show that IT problems can disrupt care delivery and pose risks to patient safety,” said Associate Professor Farah Magrabi from the Australian Institute of Health Innovation and the NHMRC Centre for Research Excellence in E-Health at Macquarie University.
-----

Practice software glitches wasting GPs' time

Alice Klein | 9 November, 2015 | 
Practice software problems are wasting doctors’ time and have the potential to lead to dangerous prescribing errors, research shows.
On average GPs spend two hours a week troubleshooting software issues such as frozen screens, problems with software updates, and disappearing or mismatching patient data, according to a study of 87 GPs across Australia.
If replicated nationwide, this suggests that Australia's 22,600 GPs spend a total of two million hours per year fixing IT problems.
The study found that software issues also put patients at risk, with GPs in the study reporting 90 incidents that either caused patient harm or led to a near miss event over a 19-month period.
-----

Practices fail the eHealth test

9 November 2015
SEVEN GP practices assessed for eHealth PCEHR privacy safeguard compliance all failed to fulfil the requirements — sometimes for simply not activating the screensaver lock when a computer was left unattended. 
That assessment is one of five audits the Office of the Australian Information Commissioner (OAIC) has undertaken, according to its 2014–15 report. 
The report refers to the audits and says no complaints of breaches were made to the independent PCEHR overseer, but that “a number of recommendations” had been accepted by the health department. 
One of these assessments, not contained in the annual report, scrutinised eHealth security in the seven clinics — all active eHealth system users and Health Provider Organisation (HPO) members — between December 2014 and April 2015.
-----

NAB urges ‘healthy habits’ as it dangles carrot to harvest data

Andrew White

You leave a data trail every time you tap your card to make a payment, dial a phone number or use the internet. But would you be willing to let that data tracking into the bedroom, the gym and the doctor’s surgery?
National Australia Bank’s insurance arm is about to test that proposition by handing out smartwatches that collect data on resting heart rate, sleep patterns and exercise to some of their life ­insurance customers, in what is believed to be a first for wearable technology in Australia. In exchange for agreeing to sign over information collected by the watch and then meeting good health goals, MLC is offering discounts on life insurance policies of up to 10 per cent.
It is being pitched as an initiative to try to get customers into healthy habits that will reduce their need to claim.
“It’s a bet that if they can achieve healthy habits for three, six, nine, 12 months then habits are habits and it’s hard to get out of habits,” the general manager of ­insurance for NAB and MLC, David Hackett, said.
-----
  • Nov 10 2015 at 6:01 AM
  • Updated Nov 10 2015 at 6:10 AM

Watch your weight: MLC offers discounts for healthy customers

MLC smartwatch lightens insurance burden
You're being watched.
Your breathing, heartbeats, the hours that you sleep and wake are being monitored by an Intel-built smart watch on your wrist. 
And if you're proven to be healthy and hit the set goals, you could save hundreds of dollars in insurance premiums each year.
That is the new proposition by life insurance giant MLC, which has become Australia's first insurer to use smart watch technology to track customers' habits and reward them for good behaviour.
-----

Big data can improve health but first we need to build the foundations

November 11, 2015 1.08pm AEDT

Author Julian Elliott

Head of Clinical Research in the Department of Infectious Diseases, Alfred Hospital and Monash University and Senior Research Fellow at the Australasian Cochrane Centre, Cochrane Collaboration
 “What if we, as government, got out of the way and gave consumers full access to their own personalised health data and full control over how they choose to use it?” Health Minister Sussan Ley asked in her recent speech to the National Press Club.
Ley sketched out a new health landscape populated by consumers who shared their personal e-health records with app developers, dietitians and retailers in return for products and services tailored to their particular health needs.
“The great digital health revolution,” the minister concluded, “lies literally in the palms of consumers, rather than government.”
On one level this rings true. There have never been more ways to monitor our personal health and well-being, and share and compare our findings. We can track our activity, diet, exercise, emotions and sleeping habits on our mobiles, Fitbits, Apple watches and apps. We can even have our genomes sequenced.
-----

Your smartphone can help cure cancer while you sleep

Date November 9, 2015

Hannah Francis

Technology Reporter

If you were able to help find a cure for cancer without lifting a finger, it would be a no-brainer, right?
Well now you can, thanks to a new Android app created by the Garvan Institute of Medical Research, and Vodafone Foundation Australia, which funds health and well-being projects that use mobile technology.
Two years in the making and with the help of Melbourne app developer b2cloud, DreamLab harnesses unused capacity in your smartphone while you're sleeping to crunch medical data for cancer research.
The researchers are hoping to get 100,000 users signed up in the first year, which would allow them to process data around 3000 times faster than they currently are, and complete their first phase of research into four cancers: breast, ovarian, prostate and pancreatic.
-----

Australia, NZ agree to share electronic identity checks

Verification services expanded across the Tasman.

By Paris Cowan
Nov 11 2015 4:53PM
Australia and New Zealand have inked an agreement that will allow organisations to electronically verify proof of ID documents issued by either federal government as well as Australian states and territories.
Australia’s document verification service (DVS) has been in use since 2007, and gives authorised government and non-government organisations the ability to check the authenticity of documents they have received against the government’s own records.
The system is run by the Attorney-General’s Department.
-----

News in brief

Monday, 9 November, 2015
Australian CBT program reduces suicidal thoughts
AN Australian-designed, web-based cognitive behaviour therapy (CBT) program has reduced suicidal ideation among US medical interns by 60%, highlighting its potential as an efficacious public health measure in a country where one physician dies by suicide every day, according to the authors of research published in JAMA Psychiatry. The 199 interns from multiple specialties were randomised to the web-based therapy group — MoodGYM, developed at the Australian National University’s National Institute for Mental Health Research — or an attention-control group, who received emails with general information about depression, suicidal thinking and local mental health professionals. MoodGYM is a free, online interactive CBT- and interpersonal-based therapy program for young people experiencing mild to moderate levels of depression or anxiety. All interns in the study also completed study activities lasting 30 minutes each week for 4 weeks before starting the internship year. Suicidal ideation was assessed 3 months before students started their intern year and then at 3, 6, 9 and 12 months of their intern year. Over the year, 12% of interns in the MoodGYM therapy reported suicidal ideation during at least one follow-up assessment, compared with 21.2% of students in the control group. The researchers wrote that the findings were important, given that suicidal ideation increased 370% over the first 3 months of the internship year. “With approximately 24 000 medical trainees beginning internship each year, dissemination of a pragmatic, no-cost, feasible, and efficacious prevention program could have substantial public health benefits”, they wrote. Further research using a larger sample would be required to determine whether MoodGYM had any impact on suicide rates, they wrote. An accompanying editorial suggested MoodGYM “inoculated” interns at a critical time in their lives, by providing knowledge and skills that would “enable them to be resilient to the stresses of internship, depression, and suicidal ideation”.
-----

NEHTA's Annual Report 2014-15 is now available

Created on Monday, 09 November 2015
NEHTA's Annual Report 2014-15 is now available and can be downloaded from NEHTA ANNUAL REPORT 14-15 PDF (2.76 MB).
The National E-Health Transition Authority was established in 2005 by the Council of Australian Governments (COAG) to identify and jointly develop the necessary foundations and services – the building blocks – for a national eHealth infrastructure: 'NEHTA's WORK 2005-15' PDF (424.56 kB)
NEHTA is continuing to work with stakeholders on the widespread adoption and use of eHealth across the healthcare community until the Australian Commission for eHealth commences operations in July 2016.
-----

Putting the eHealth record system into business

Created on Monday, 09 November 2015
Putting the eHealth record system into business is a useful resource for Responsible Officers (ROs) and Organisation Maintenance Officers (OMOs) and their responsibilities in managing their organisations for the Healthcare Identifiers (HI) Service, NASH PKI Certificate for Organisations and the eHealth record system.
-----

It’s time for an eAustralia Card

November 9, 2015 6.21am AEDT
A digitally integrated identity card with comprehensive security could simplify many transactions with government and business. Shutterstock

Author Matthew Sorell

Senior Lecturer, School of Electrical and Electronic Engineering, University of Adelaide
Australian e-government is a long way behind many other developed nations. Our national leadership has utterly failed to comprehend why e-government should have been a national priority decades ago, and continues to offer little in the way of policy direction.
Hence, our current solutions are a bizarre mish-mash of inconsistent approaches, making it confusing and frustrating for Australians. Every mis-step sets back public trust in online government services. Usability, reliability and security are the keys.
The Australian Tax Office (ATO), for example, provides online data entry, but inadequate explanatory guidance. Searching the ATO website is risky because it also contains obsolete material from previous years.
The ATO communicates by print-formatted electronic documents to a separate MyGov email inbox, making reference to non-existent additional information, yet two-way communication is not possible through this service.
If the Digital Transformation Office is appropriately funded, empowered and motivated, then a top-down review of government services may be able to address the usability and reliability issues over time. Of much greater concern and urgency is the challenge of digital identity.
-----

Revealed: Govt's unused e-health software

A relatively cheap software upgrade featuring all the functions of the $422 million Enterprise Patient Administration System - and more - was purchased by SA Health but never implemented, InDaily can reveal.
Adelaide Wednesday November 11, 2015
Bension Siebert @Bension1
The beleaguered EPAS, billed as a statewide solution to slow, paper-based and outdated e-health records systems, has been plagued by doctors’ complaints that it slows down care and risks patients’ safety.
Despite the complaints, however, SA Health has persisted with implementing the system.
But InDaily can now reveal the department purchased a software upgrade to another system – OACIS – in 2009, which boasts all of the health record functions of EPAS.
SA Health would not reveal the cost of the upgrade, but InDaily understands it is significantly cheaper than the $422 million spent on EPAS.
And unlike EPAS, an older version of OACIS is already installed on SA Health computer systems in hospitals across the state.
-----

E-health blamed for Repat waiting list blowout

Patients at a Repatriation General Hospital clinic now wait up to nine months longer than they did before the installation of the State Government’s e-health records system, a senior doctor says.
Bension Siebert @Bension1
A senior clinician at the Repat told InDaily his patients now had to wait for up to a year to receive their first appointment.
Before the introduction of the Enterprise Patient Administration System (EPAS), he said, patients would wait a maximum of three months for an appointment at the specialist clinic.
“We could boast the fastest time, from referral to actually getting surgery, of pretty much any public hospital in Australia,” the doctor said.
 “My waiting list was no more than … three months.
“That’s blown out longer and longer and now it’s hit the 12-month mark.”
-----

Health quietly passes Medicare payments sell-off deadline

Department stays silent about offloading services.

By Paris Cowan
Nov 9 2015 6:30AM
The Department of Health is staying silent on its proposed sale of Medicare payments to the private sector, despite sailing past the date it originally scheduled to have contracts signed without any movement.
In August 2014, the department issued a request for expressions of interest from organisations to take over the processing and payment of $19 billion in medical benefits claims, $10 billion in pharmaceutical claims and nearly $2.5 million worth of veterans affairs claims every year.
Facing a mammoth IT upgrade bill to replace the ageing system that calculates the Medicare and DVA entitlements, the government instead opted to test the market and see whether any private sector companies already equipped to deliver similar functions - like private health insurers, general insurers or banks - would be interested in taking over the work.
-----

CryptoWall 4.0 the nastiest strain yet

Evolves to become even more dangerous.

By Allie Coyne
Nov 10 2015 9:16AM
The fourth version of the CryptoWall ransomware has landed in the wild, equipped with better evasion techniques and tactics to thwart antivirus protection and detection.
Ransomware attacks computers and encrypts user files and folders via infected email attachments, with attackers demanding ransom payments to unlock the scrambled documents.
Users are told to make the payment by a specific deadline or risk having the private key to unlock the files deleted.
The active CryptoWall ransomware spawned from CryptoLocker, which is thought to have extorted more than $3 million from victims before the botnet used to distribute it - Gameover Zeus - was taken down last year.
-----
Enjoy!
David.

Sunday, November 15, 2015

A Very Minor Comment On The Paris Attacks Of Yesterday. Written In Extreme Sadness.

I am, like most Australians, deeply saddened at what happened in Paris yesterday. The pure violence and hate manifested is just too sad for words.

The only point I have is that some how the world seems full of awfulness these days.

Foreign Policy produces a daily summary of what is going on - with three points for each of the regions (Asia, Africa etc.). It is a daily free e-mail and easy to access.

I read each day and am horrified just how much sadness and horror goes simply un-reported here. It is truly awful what nasty Governments, Terrorists etc. seem to do all over.

Paris is very sad - but the world somehow seems even messier and nastier these days.

Stay safe and hug your children and grandchildren more often.

David.

Now Here Is An Article The PCEHR Proponents Will Not Be Happy About! Their Security Planning Is Not Up Scratch!

This appeared last week:

Practices fail the eHealth test

9 November 2015
SEVEN GP practices assessed for eHealth PCEHR privacy safeguard compliance all failed to fulfil the requirements — sometimes for simply not activating the screensaver lock when a computer was left unattended. 
That assessment is one of five audits the Office of the Australian Information Commissioner (OAIC) has undertaken, according to its 2014–15 report. 
The report refers to the audits and says no complaints of breaches were made to the independent PCEHR overseer, but that “a number of recommendations” had been accepted by the health department. 
One of these assessments, not contained in the annual report, scrutinised eHealth security in the seven clinics — all active eHealth system users and Health Provider Organisation (HPO) members — between December 2014 and April 2015.
One clinic was considered a high risk for privacy breach (defined as requiring “immediate management attention”) because it had no written policy about who could access the eHealth system.
Other clinics displayed various security problems , defined as medium and low risk, including:
  • Lack of ‘password diligence’, seen as a medium risk for unauthorised access to the eHealth system
  • No procedures at any practice for handling ‘record codes’ for locking parts of a patient’s eHealth record
  • No process for handling privacy complaints
  • Staff unaware of Privacy Act requirements
  • Staff with access who did not need or want to use the system 
  • Screensavers that didn’t revert to log-in mode when left unattended
  • Inconsistent recording of privacy and eHealth training.
Lots more here:
Now for a few links to the source information.
First the report that resulted in this article. It can be found here:
Here are the recommendations:

Summary of recommendations

2.4 The OAIC makes the following recommendations to address the issues discussed in Part 6 of this report:

Recommendation 1 — review and update policies and procedures

2.5 The OAIC recommends that assessed GP clinics undertake a review of all relevant policies so that they:
  • specifically, in relation to the eHealth policy required under the PCEHR Rules, ensure the policy:
    • clearly sets out the GP clinic’s current security controls and procedures for accessing the eHealth system and reflects requirements under the PCEHR Rules (in particular Rule 25)
    • contains information on when the policy was previously updated (iteration numbers and dates of previous iterations required under Rule 25(6)(c))
  • review the eHealth policy annually (as required under Rule 25(6)(c)) to ensure the policy’s relevance and accuracy. HPOs should also review the policy if any new material or changed risks are identified
  • accurately and consistently reflect obligations under the Privacy Act (in particular APP 11), the PCEHR Act and the PCEHR Rules (specifically Rule 25) to protect personal information when staff access the eHealth system
  • include a process for destroying eHealth system document and record codes
  • if the GP clinic has not already done so, record the different levels of individual staff access to their ICT systems including access to the eHealth system
  • set out a policy for regularly reviewing passwords/passphrases used to access its ICT systems, including the clinical software system and ensure passwords are regularly changed and sufficiently complex. Passwords and passphrases should be complex enough so that others are not able to guess it, for example using a combination of letters, numbers and symbols or using passphrases
  • outline a process for dealing with eHealth access related privacy breaches and the handling any complaints which may arise from these breaches, if the GP clinic has not already done so. Good privacy practice would involve having a policy which addresses all privacy breaches and complaints not just those which relate to eHealth system access
  • include accurate and up to date references to the eHealth system, the Privacy Act and other privacy obligations, in relation to their practice manuals and other policies.

Recommendation 2 — consider restricting access to users of the eHealth system

2.6 To minimise the risk of access without a patient’s consent or without other authority, the assessed GP clinics should consider limiting internal access to personal information in an eHealth record to those staff who are using or intend to use the eHealth system. Each practice should regularly assess staff’s need for access to the eHealth system in light of their use or intended use of the system and clinical needs.

Recommendation 3 — change screensaver settings on computers

2.7 The OAIC recommends that the assessed GP clinics review the settings on computers used to access the eHealth system so that users are required to enter their user name and password to deactivate screensavers.

Recommendation 4 — regular and ongoing privacy and eHealth system access training

2.8 The OAIC recommends that the assessed GP clinics implement a formal training program where all staff requiring eHealth system access undergo regular and ongoing privacy and eHealth system access training.

Recommendation 5 — record all eHealth system training

2.9 The OAIC recommends that the assessed GP clinics establish and maintain a record of instances where individual staff members have received and completed internal or external privacy and eHealth system access training.

Recommendation 6 — annual risk assessments into eHealth system access

2.10 The OAIC recommends that the assessed GP clinics:
  • confirm whether through their accreditation or some other method that they undertake a risk assessment into their ICT systems and that it includes an examination of privacy and security risks associated with eHealth system access
  • consider conducting a risk assessment into ICT security and eHealth system access every year to complement the risk assessments that may be undertaken, including as part of the practice accreditation process, when they occur
  • document all risk assessments appropriately.
Here is the separate link to the System Operator Annual Report:
So the system operator really did not highlight that 7 out of 7 practices failed the audit of their security around access to the PCEHR.
The obvious recommendation - not made - is that all practices need to be regularly audited so they know security is taken seriously and will be closely watched!
The people running the PCEHR and setting policy clearly just don’t care and are waiting for the complaints that will start rolling in - once people are opted in and practices are under more pressure to access the system.
Just hopeless!
David.

AusHealthIT Poll Number 296 – Results – 15th November, 2015.

Here are the results of the poll.

Does The Australian Government Have A Clear And Well Understood Strategy For Australian E-Health.

Yes 6% (6)

No 85% (82)

I Have No Idea 9% (9)

Total votes: 97

Again a pretty decisive poll. We are a strategy free zone it would seem! This is, of course, a disaster and bodes badly for the future!

Good to see such a great number of responses!

Again, many, many thanks to all those that voted!

David.