Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Tuesday, August 07, 2018

Commentators and Journalists Weigh In On The MyHR Debate. Lots Of Interesting Perspectives - 3.

Note: I have excluded any commentary taking significant  funding from the Agency or the Department of Health on all this to avoid what amounts to paid propaganda. (e.g. CHF, RACGP, AMA, National Rural Health Alliance etc. where they were simply putting the ADHA line – viz. that the myHR is a wonderfully useful clinical development that will save huge numbers of lives at no risk to anyone – which is plainly untrue)
-----

Time to start carrying health records in your wallet

By Adrian Pokorny
5 August 2018 — 12:00am
Like many of my fellow doctors, I am a great supporter of My Health Record. But just like many others, I opted out.
That doesn’t make it a bad system, nor do I think it should be made opt-in. To suggest otherwise misunderstands the role of electronic health systems, as well as the populations for whom they are most likely to benefit.
For me, the argument against signing on was simple: it felt like an unnecessary intrusion into my medical care. I agree there are likely to be privacy issues and security flaws in the program, some of which are utterly unpredictable.
Tens of thousands of Australians have done the same. Opinion pieces on the program have been almost universally negative, with pressure mounting to the extent that Health Minister Greg Hunt has announced a redrafting of the legislation.
-----

Doctor-patient privilege dies with My Health Record

Chris McCormack
The Federal Government’s My Health Record is not fit for purpose, according to many health professionals, and raises serious concerns over patient privacy.
By October 15 this year, every Australian will have a My Health Record, unless they opt out before-hand. According to myhealthrecord.gov.au, over 5.9 million Australians already have a My Health Record (MHR).
The MHR scheme’s apparent benefit is that a person’s medical record will be amalgamated online, just the touch of a button away. Doctors will be paid by the government to upload the medical record of their patients while patients can also upload their medical record. The default setting will give all your healthcare providers access to your medical record. But to quote a former prime minister, MHR will not be “the suppository of all wisdom” as it will not always be an up-to-date or accurate summary of the patient’s health record as it relies upon medical practitioners or patients to upload all relevant information. Chair of the Royal Australian College of General Practitioners’ Expert Committee for eHealth and Practice Systems, Dr Nathan Pinskier, told Healthcare IT News Australia, “The current model of requiring GPs to create a shared health summary to a cloud repository does not in itself provide an immediate value proposition in the eyes of the GP.” He added, “most of the clinical information needed by a patient’s GP is usually already available without the need to access an external source.”
-----

My Health Record: What you need to know about your digital health record

12:08pm Aug 4, 2018
For Sydney grandfather Phil Powell the federal government’s My Health Record is the difference between a loss of privacy or a loss of life.
The digital record keeping system has caused controversy since Australians first learned in May they would have until October 15 to opt out of their record if they didn’t want one.
The My Health Record combines all your medical details into one location, allowing health professionals to access it securely online.
However, one of the major concerns for those opposed to the My Health Record has been around just how secure they are, who can access them and who ultimately controls them.
-----

Peak bodies lend support to MyHR

Australia’s peak digital health and health information organisations have united to support sharing health information through the Government’s MyHR to create better health outcomes for all Australians.
 The Health Informatics Society of Australia (HISA), the Australasian College of Health Informatics (ACHI) and the Health Information Management Australia Association (HIMAA) also endorse the Government’s move to implement an “opt-out” record.
The peak membership bodies, who together provide accreditation, education, training and professional certification for the majority of Australia’s digital health professionals, say the sharing of patient information is in everyone’s interest.  The conversation should always be about how to ensure better patient care.
-----

Health Minister bows to privacy pressure on My Health Record, but big issues remain

Editor: Marie McInerney Author: Tim Woodruff on: August 01, 2018
Introduction by Croakey:
As has been widely reported today (Wednesday), Federal Health Minister Greg Hunt has finally bowed to intense pressure over privacy concerns for the My Health Record, particularly on access to medical records by police and government agencies.
The Minister released a statement late on Tuesday after what were described by media as “crisis talks” with the Australian Medical Association and Royal Australian College of GPs.
In a statement that tried to shift as much blame as possible to Labor for its 2012 legislation, Hunt said he would introduce amendments to the legislation to ensure:
  • no medical record can be released to police or government agencies, for any purpose, without a court order
  • if someone wishes to cancel their record they will be able to do so permanently and it will be deleted from the system.
-----

The Coalition has lost its political radar

  • 12:00AM August 4, 2018
There is nothing wrong with a politician changing their mind. It was British economist John Maynard Keynes who once said: “When the facts change I change my mind. What do you do?”
In politics, however, the facts don’t always need to change for a new political response to become necessary. John Howard was the master at reading the political play, never letting the perfect become the enemy of the good; not falling victim to hubris, which erodes a politician’s affinity with the public. Since Howard’s forced retirement, the Liberal Party has lacked a good political radar to back up a conviction-based approach to policy.
Politically, the facts may not have changed courtesy of last weekend’s by-elections: the government, despite over-promising and under-delivering, was always pressing up against 100 years of history in the hope of taking a seat from the opposition.
-----
  • Updated Aug 3 2018 at 11:45 PM

Privacy debate has helped My Health Record: Digital Health Agency's Tim Kelsey

The head of the Australian Digital Health Agency says weeks of controversy around a national medical record database has actually helped the system, through increasing community awareness.
More than 20,000 people left the My Health Record system at the start of a three-month opt-out period, amid weeks of criticism from digital security and privacy advocates and warnings cloud-based records would be hacked.
Digital Health Agency boss Tim Kelsey told AFR Weekend he welcomed bipartisan agreement from state and federal health ministers this week on the ongoing expansion and an extended deadline for individuals to remove their records.
-----

Thriving on Dark Web: The My Health Record and Data Insecurity

Data is rarely inert. It moves, finds itself diverting, adjusting and adapting to users and distributors. Ultimately, as unspectacular and banal as it might be, data sells, pushing the price in various markets whoever wishes to access it. Medical data, given its abundance, can do very nicely in such domains as the Dark Web. With governments attempting to find the optimum level of storing, monitoring and identifying the medical health of citizens, the issue of security has become pressingly urgent.
Britain’s National Health Service is a case in point. Last year, that venerable, perennially criticised body of health provision received the full attention of the WananCry virus. Much of this was occasioned by carelessness: a good number of organisations were running on out-of-date Windows XP software. The principle of insecurity was, however, affirmed.
Last month, the Singaporean government faced the grim reality that 1.5 million health records had been accessed by hackers including, audaciously, the records of Prime Minister Lee Hsien Loong. This well landed blow riled all the more for that state’s heralded insistence on the merits of its own cybersecurity. In the words of the government statement, “Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed that this was a deliberate, targeted and well-planned cyberattack.”
-----

My Health Record: Deleting personal information from databases is harder than it sounds

August 3, 2018 6.24am AEST
Robert Merkel  Lecturer in Software Engineering, Monash University
Since the period for opting out of My Health Record began on July 16, experts in health, privacy and IT have raised concerns about the security and privacy protections of the system, and the legislation governing its operation.
Now federal health minister Greg Hunt has announced two key changes to the system.
First, the legislation will be amended to explicitly require a court order for any documents to be released to a law enforcement agency. Second, the system will be modified to allow the permanent deletion of records:
In addition, the Government will also amend Labor’s 2012 legislation to ensure if someone wishes to cancel their record they will be able to do so permanently, with their record deleted from the system.
-----

How should healthcare providers manage compliance with the My Health Records System?

Differing standards and regulatory requirements apply to health providers who access the My Health Records system, although they are not as stringent as the requirements just introduced in Europe under the General Data Protection Regulation. With the heightened public and regulatory scrutiny for health records, each healthcare provider needs to have a comprehensive data management plan, including a data breach plan.
Regardless of whether the My Health Records System remains opt-in or manages to navigate the current political attention to become an opt-out model, healthcare providers will be handling or accessing an increasing level of personal information and medical information through the system ‒ and that means more data to protect. With the significant interest in and scrutiny from the public and regulators, the consequences of a data breach become overwhelming. How healthcare providers can protect that data, reduce the risk of a reputational and regulatory firestorm, and comply with the various regimes which apply to them, will turn on exactly what they're including in their data management plan.
-----

My Health Record: Canberra is still missing the point

No, Minister. It's not just about law enforcement access to digital health records. The Australian government needs to address all the concerns. A media circus in a playground won't help.
By Stilgherrian | August 3, 2018 -- 02:40 GMT (12:40 AEST) | Topic: Security
"There's a lot of interest around the My Health Record system," said Anthony Kitzelmann, chief information security officer at the Australian Digital Health Agency (ADHA). Such understatement! But fears about the security of ADHA's IT systems shouldn't top our list.
The My Health Record systems achieved "96.7 percent compliance" with the Australian government's Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) at the protected level for health data, Kitzelmann told the SINET61 cybersecurity innovation conference in Melbourne on Wednesday.
ADHA is "always keeping in mind that this isn't our data. It belongs to our citizens, and it has to be held to the highest standards," he said. While developing its security controls, ADHA consulted with organisations such as the Australian Medical Association (AMA), the Royal Australian College of General Practitioners (RACGP), and, allegedly, consumers.
-----

Fixing My Health Record will take more than Hunt’s promises

The Health Minister may have bowed to public pressure on My Health Record, but many questions remain.
Aug 02, 2018
The federal government has finally realised that there are major problems with its implementation of the My Health Record.
The glaring issue of the decrease in controls on accessing records for non medical purposes by police, security services, and welfare services has been exposed and legislation will now be passed to address this.
The fact that it took so long for the government to accept there was a problem is a very concerning sign of either the lack of understanding or a lack of concern for individuals’ rights, or both.
But this is only one of the problems with My Health Record.
-----

My Health Record expansion: Why citizens’ data must be protected

  • By Robin Schmitt
  • August 3, 2018
As cyber-hackers elevate their attacks, it’s becoming clear that 2018 is already a record-breaker with a huge 1.35Tbps DDOS attack being registered; as highlighted within Neustar’s July 2018 The Changing Face of Cyber Attack report, and the recent leak of personal recruitment data by PageUp People. This is a cause for concern as the Australian federal government announces plans to expand My Health Record system, an online platform that will curate a shared digital medical record for all Australians unless they opt-out prior to October 15, 2018.
As 12,860 healthcare organisations, including general practices, hospitals, pharmacies and almost 900,000 health professionals will be able to access these records, experts have already raised a number of security concerns. They have voiced their concerns about the possibility of unauthorised access to records, a breach by criminals intent on selling health data and inadequate GP security, which would create massive issues for the government.
Moreover, privacy advocates have also hinted at concerns over the number of individuals that aren’t fully versed in privacy and data management, as in this case it remains in the hands of individuals to set up and access privacy settings. Software engineering lecturer at Monash University, Robert Merkel, believe that “most people simply aren’t going to be aware of those privacy controls.”
-----

Research Australia Welcomes My Health Record Reforms

MEDIA RELEASE
1 August 2018
My Health Record: Health and medical researchers welcome strengthened privacy
Australia’s health and medical research sector has welcomed Government moves to strengthen privacy protections of the My Health Record.
“Australians must be able to confidently participate in this scheme. Strengthening the My Health Record Act is an important first step in ensuring public trust in the system.
“People have real concerns over privacy and access of their My Health Record and those concerns must be heard and addressed through additional communications to the public about the benefits and purpose of the My Health Record. This is too important an opportunity to forego because of a lack of information,” said Research Australia’s CEO, Ms Levin.
-----

The My Health Record debacle and the need for trust in communications

The rush by the public to opt out of the Australia government's digital health record program is a reminder for crisis managers and PR professionals that effective communication demands a framework of trust, writes Issue Outcomes' Tony Jacques.
August 2, 2018 3:23
by TONY JACQUES
It’s no secret that citizens don’t trust governments. Yet that lack of trust has seldom been so manifestly evident as when the Australian Government solemnly promised to safeguard the nation’s most intimate and personal health data.
The public rarely get the chance to exercise their distrust of government – except in the political framework of an election. But that opportunity arose recently with the start of a three-month period for people to opt out of My Health Record, a centralised registry of personal healthcare information designed to improve healthcare through better access to data by primary providers and researchers.
It was also an opportunity for issue and crisis managers to be reminded that effective communication demands a framework of trust, especially when dealing with real or perceived risk.
That was the challenge facing the Australian Digital Health Agency. The privacy and security threats were blindingly obvious from the start, not helped by a worrying catalogue of government data breaches, like when hackers offered Medicare Card details for sale on the dark web last year. As Ellen Broad of the Open Data Institute wrote at the time: “It just got a whole lot harder to trust government with our data.”
-----

USYD commits to no direct use of My Health Record

Researchers at the University will be able to independently apply for data.
August 2, 2018
A spokesperson for the University of Sydney has indicated to Honi Soit that the University will not be directly applying for access to health data stored as part of the centralised My Health Record program.
My Health Record is a government initiative that seeks to create a centralised healthcare file for all Australian citizens. It is designed so health practitioners can easily review all of a patient’s medical history, and will store records of your “allergies, medical conditions, previous or current medication, test results and anything else that is uploaded by your doctor”. The information will be stored until 30 years after a patient’s death.
The bulk data from the system will be made available in an aggregated and anonymised form for ‘secondary use’, including research, policy, and planning. These uses are governed by a framework released by the Department of Health. The framework notes that the first release of such data is expected to occur in 2020.
-----

My Health concessions 'woefully inadequate', says former AMA president

By Dana McCauley
2 August 2018 — 8:00pm
Former AMA president Kerryn Phelps has called for a full parliamentary review of the My Health Record system, rejecting the “minor concessions” announced by Health Minister Greg Hunt this week as “woefully inadequate”.
Dr Phelps said a complete redraft of the legislation was needed to properly enshrine patient privacy and data security, with concerns remaining about the way the My Health Record Act was drafted in 2012 - and the fact that nine data breaches had been recorded by the system in two years.
 “If this truly is about the wellbeing of patients, then there is absolutely no need for third party access to be in the legislation,” she said, repeating her earlier warning that doctors who are tasked with uploading patient information to My Health Record may boycott the digital system.
-----

My Health Records - To opt-in, or to opt-out? That is the question

This year all Australians will have a My Health Record created. A My Health Record will operate as a digital medical file that allows healthcare providers to upload health information about a patient. This information may include prescriptions, medical conditions and test results. A patient’s digital medical file will be stored in a national electronic database operated by Australian Digital Health Agency (ADHA).
The My Health Record has received a lot of attention recently as the period to opt-out of having a My Health Record began on 16 July 2018.
A question many Australians have been asking themselves recently is – should I opt-out of having a My Health Record or not? Australians have until 15 October 2018 to answer this question.
-----

My Health Record sparks domestic violence concerns

·         Download audio
Thursday 2 August 2018 8:06AM (view full episode)
Federal Health Minister Greg Hunt will meet with his state and territory counterparts in Alice Springs this morning...amid ongoing concerns about the operation of the Government's My Health Record system.
The Minister agreed this week to amend the legislation behind the system to better protect patients from having their medical records accessed by police — amid rising concerns from doctors and others over the privacy and security of online records.
But some experts say the changes don't go far enough — particularly when it comes to protecting women and children fleeing domestic violence.
-----

Safeguards make My Health the right option

By Editorial
2 August 2018 — 12:05am
The public debate about the My Health Record data base goes to the heart of the unique dilemma of our age: How to reconcile the benefits of a networked digital society against the threat to privacy especially by Big Brother governments?
The plan for My Health Record was swinging dangerously towards the latter but Health Minister Greg Hunt's timely intervention seems to have moved it back to a sensible compromise.
The benefits of having your health records online are obvious to the 6 million people who have registered since My Health was launched on a voluntary basis in 2012. If you are admitted to emergency or fall sick while travelling or if you see multiple GPs, My Health lets your doctor see your full records including pre-existing conditions, medications, medical imaging and allergies. Without it, research shows doctors cannot see all the relevant clinical information in up to 13 per cent of GP consultations.
-----
  • Updated Aug 1 2018 at 6:00 PM

Why the Coalition needs to start picking the right fights

Scott Morrison insists he doesn't want to talk about hypotheticals. But he knows better than anyone the issue of corporate tax cuts is about to become very real for him and for the rest of the Turnbull government.
With the return of parliament this month, the government must once again try its luck in the the Senate. Yet after Super Saturday, any prospect of Finance Minister Mathias Cormann being able to wangle a few more crossbench senators over the line on corporate tax cuts vanished faster than the media frenzy over Bill Shorten's leadership.
It may be true, as federal ministers argue, that the Coalition's tax policy still makes the most economic sense and provides the best sustainable basis for the sort of increased spending on education and health Labor so happily demands.
-----

RACGP President-elect reaffirms commitment to stopping data breaches

Doug Hendrie 31/07/2018 9:45:41 AM
The RACGP has reiterated its commitment to ensuring general practice is able to fight the risk of data breaches.
RACGP President-elect Dr Harry Nespolon said the RACGP takes all data breaches, big and small, very seriously.
RACGP President-elect Dr Harry Nespolon said GPs are the champions of data privacy within the healthcare sector.

‘As GPs we work with highly sensitive data every day, which is why it is so important that we take all possible steps to ensure its security,’ he told newsGP.
-----

My Health Record a honeypot for malign influences

The biggest threat posed by the My Health Record scheme is the potential for widespread blackmail and therefore manipulation – including of government officers, the judiciary, police, public servants, penal officers, corporate employees, etc. 
Many people have health issues that they cannot afford to have revealed, for all sorts of reasons; huge numbers of people have access to My Health records; and foreign intelligence agencies (and some illicit operators) are very sophisticated.
 So the latter will rapidly and easily target everyone, from politicians down, and in a stepwise fashion through vulnerable individuals who can themselves provide further My Health access, who can deliver a route to whatever ultimate goal they are seeking. 
-----

My Health Record still isn't safe enough to proceed. It needs more than a band-aid fix

By Katharine Kemp, Bruce Baer Arnold and David Vaile
Health Minister Greg Hunt has announced changes to the My Health Record system in an attempt to allay growing concerns about its lack of security and privacy for all those who do not opt out by October 15.
While some doctors' groups and politicians seem reassured by these minor changes, fundamental flaws have not been addressed. This ill-conceived platform is neither useful nor safe enough to proceed.
Last month, hackers accessed 1.5 million health records in the Singaporean government's online health system — even the Prime Minister's.
The vast breach shows the risks of storing our sensitive health information in massive, centralised online databases, as Australia is about to do.
-----

Band-Aid solution not enough to fix My Health Record

By Bruce Baer Arnold
Updated 2 August 2018 — 6:08amfirst published 1 August 2018 — 5:02pm
So federal Health Minister Greg Hunt has finally heeded a chorus of criticism by lawyers, doctors and information specialists about the My Health Record scheme, promising to strengthen privacy provisions and legislate to ensure government agencies can only access information with a court order.
But his very belated recognition of fundamental deficiencies in the design and implementation of a billion dollar e-health scheme is disquieting. While we can be glad that he has at last recognised problems, his proposal to fix those problems is inadequate. Applying Band-Aids at midnight is not good medicine and not good policy.
Critics of the scheme will be looking for meaningful change and for official responsibility, rather than Hunt's sorry attempt to blame deficiencies on the previous Labor government. Hunt and his predecessor, Peter Dutton, have been in power for some time. An effort to blame the legislation on the ALP is disingenuous. It doesn't provide much confidence that changes to the legislation will be more than superficial.
-----

My Health Record is historic, efficient and must not be wasted, says AMA boss

The clinical benefits and health benefits for patients are 'far too important'
27th July 2018


AMA president and Melbourne GP Dr Tony Bartone offers his thoughts on My Health Record and why he feels the nation, including GPs, should embrace it.


At the National Press Club in Canberra last week, I declared that the AMA would do whatever it takes to ensure patient information on the My Health Record remains private, secure and in the control of the patient.
It is the patient who will choose who has access to that information, as is the intention.
For well over a decade, successive Australian governments have worked to make an electronic health record a reality.
-----

“Hunt health record humiliation raises the question: why no warrant for metadata”

Bernard Keane
Politics editor, Crikey, 1 August 2018

It doesn’t get much more humiliating: a major backdown slipped out at 8.16pm, in effect acknowledging that what your critics have been saying, and what you fought so hard against, is entirely correct: “The Government will strengthen privacy provisions under the My Health Record Act, removing any doubt regarding Labor’s 2012 legislation,” Greg Hunt admitted last night, after days of insisting, absurdly, that black (or at least black letter law) was white and that the absence of any warrant requirement in the health records legislation meant there was no warrant requirement for police, the ATO and other regulators to access your data.
Presumably Hunt will apologise to the parliamentary library staff who made that exact point before his minions bullied the library into retracting and censoring the article.
-----

Multi-factor authentication can help reduce breaches: claim

The latest data breach report from the Office of the Australian Information Commissioner indicates that organisations which do not use multi-factor authentication for customers, employees and sysadmins are not using a relatively simple method of minimising risk, an IT security industry professional claims.
Mark Perry, the chief technology officer for the APAC at Ping Identity, said he advocated the use of preventive technology right through a company's IT architecture.
From multi-factor authentication at the end user device, through to access management for applications and APIs to control access to services based on user context and policies, to the data tier with strong controls over who can access sensitive records and individual data elements, with data encrypted at rest and in back-ups," Perry said, commenting about the second-quarter data breach report released by the OAIC on Tuesday.
-----

My Health Record a new battleground in family disputes

By Dana McCauley
Updated31 July 2018 — 6:40pmfirst published at 4:03pm
Family law experts have warned that the My Health Record system could become a new battleground in disputes between warring ex-spouses, while risking the safety of women fleeing abusive former partners.
It has emerged that a loophole exists in the system, allowing a parent who does not have primary custody to create a My Health Record on their child's behalf, without the consent or knowledge of their former partner.
An abusive ex-partner can thereby gain access to details including the location of medical practitioners and pharmacies attended by the child with their primary caregiver, potentially narrowing down the locations of victims in hiding.
-----

Australia suffering 81 notifiable data breaches per month: OAIC

Healthcare tops the list again – but My Health Record remains safe so far
More than a third of reported Australian data breaches are due to human error, the Office of the Australian Information Commissioner (OAIC) has revealed as it released its first full-quarter statistical report about the functioning of the new Notifiable Data Breaches (NDB) scheme.
There were 242 notifications of eligible data breaches during the last quarter of fiscal 2018, according to the new report.
That represents an average of just under 81 breaches per month – a significant increase on the 55 incidents recorded in March, the first full month of NDB reporting.
-----

Majority of doctors say they won't use My Health Record for their own care: survey

Poll shows most doctors are wary of the system
31st July 2018
Three out of four doctors will not sign up to My Health Record for their own healthcare, an Australian Doctor poll suggests.
The billion-dollar system has been at the centre of another media frenzy after claims government agencies and law enforcers would be able to access patients’ clinical data without warrants or the oversight of the courts.
But doctors themselves also remain wary of the system and the promises it will improve patient safety and healthcare efficiency.
Of the 471 doctors who responded to Australian Doctor’s online poll (see graph below), just 75 say they currently have a record and a further 12 say they intend to sign up.
-----
  • Jul 31 2018 at 9:35 AM

Data rights are key to taming tech giants: Productivity Commission

Giving consumers explicit rights to control their data will help tame the growing power of tech giants such as Google and Facebook, the Productivity Commission says.
Addressing The Australian Financial Review Innovation Summit in Sydney on Tuesday, commissioner Stephen King said the size, reach and market power of internet platforms is testing the limits of competition law.
That law was developed to police traditional business models, where even traditional platform businesses – such as that of media – were typically constrained by some factor, such as geography.
"The internet has raised the size and reach of these platform businesses. They sit uncomfortably with competition laws that are designed for vertical production chains," Mr King said.
-----

Big data backlash: Consumers wise up to Facebook, Twitter

By Stephen Bartholomeusz
30 July 2018 — 8:34pm
Last week something, two things really, happened that would have sent a frisson of concern through those monetising "Big Data’’. First, Facebook shares plummeted on Thursday, wiping more than $US120 billion off its market capitalisation. Then, on Friday, Twitter lost 15.5 per cent of its market value.
The precipitous falls came after both of the social media networks reported user numbers and sales growth that disappointed the market.
Shares of Facebook tumbled 25 per cent as the fallout from a massive data breach led to a surprise warning and erased roughly $203 billion from the social network's market value.
-----
July 30 2018 - 2:27PM

MP says My Health Record privacy concerns must be addressed

·         Jess Layt
Clock's ticking: Australians have until mid October to to elect to opt out of My Health Record if they do not want their information stored in the database.
Macarthur MP Dr Michael Freelander believes the government’s controversial new health record system is far from ideal.
Dr Freelander – a practicing local medical professional for more than 30 years – said the My Health Record system, which was launched in mid-July, was a necessary, but poorly executed, idea.
-----

My Health Record is an important step towards a healthier future for all Australians

The Garvan Institute of Medical Research considers that My Health Record will enhance patient care and help transform medical research.
Media Release: 30 July 2018
Position statement, 30 July 2018 – The Australian government, through the Australian Digital Health Agency, is in the process of providing all Australians (except those who choose to opt out) with a My Health Record: an online summary of an individual’s key health information. Already, 6 million Australians have a My Health Record.
During the opt-out period, there has been considerable public debate about the pros and cons of My Health Record. Debate has understandably focused on legitimate and important concerns about the security and privacy of an individual’s health information.
As the debate has intensified, we are concerned that there has been little opportunity to explore the considerable advantages of My Health Record for Australians.
-----
July 30 2018 - 3:00PM

My Health Record could benefit senior travellers: UOW research

A national health database could be of benefit to the increasing number of grey nomads travelling around Australia according to Wollongong researchers.
A study conducted by researchers from the Illawarra Health and Medical Research Institute and University of Wollongong found that seniors with chronic health conditions had poor continuity of care on their travels.
Many had to take hard copies of their health records with them, with GPs in remote areas often unable to access their medical details electronically.
-----

My Health Record a sick joke

Australian politics
30 July 2018
You would be hard pressed to find an article positively recommending having a My Health Record. 
That’s because the government has set it up so that we all automatically get one unless we opt out. So they largely dispensed with the bother of promoting it. Do nothing, and you’re in. Even if you later change your mind, once a My Health Record exists, whatever is in it will not be deleted until 30 years after your death. There are already 6 million people for whom, often without them realising, a My Health Record has already been created following the Labor government’s introduction of the My Health Record Act in 2012.
There are in theory very good reasons for everyone to have an accurate, complete, up-to-date, electronically available medical record. The promise of better connected care, in which your health information is all in one place providing a convenient snapshot of your medical history, has myriad potential advantages.
-----

Canberra still in denial over My Health Record concerns

The government is attempting to hose down concerns about the privacy of Australia's centralised digital health records, but their own messaging continues to prove they still don't get it.
By Stilgherrian for The Full Tilt | July 30, 2018 -- 07:14 GMT (17:14 AEST) | Topic: Security
Denial, anger, bargaining, depression, acceptance. The Australian government's response to the grief it's getting over the controversial My Health Record is now up to stage three. Provided you call a PR barrage "bargaining". Which is isn't. No, they're still just getting angry.
The government's denials are several, but they all fall under the broad heading of "denying there's a problem with My Health Record". It's clear that they think it's just a problem with the messaging. If they keep repeating lots of little stories about digital health records being useful, then people's privacy fears will go away.
They won't.
-----

My Health Record: former privacy head warned of dangers six years ago

Malcolm Crompton says his cautions about an opt-out system were ignored by the government
Malcolm Crompton, now an advisor at one of Australia’s leading information privacy consultancies, has also warned digital health records will not be secure unless a widespread audit of every GP clinic in Australia is conducted.
-----

Patients trust their doctors with secrets, not the government or the tax office

People have a right to worry about their health data falling into the wrong hands. Dismissing their concerns is unethical
 ‘When patients reveal their innermost secrets to a doctor, they trust in the doctor-patient relationship, not in the doctor-patient-government or the doctor-patient-tax office relationship.’
What is that antibiotic I am allergic to that sounds like penicillin but isn’t? What happens when I take ibuprofen? Did my last ECG have a left or right bundle branch block? Am I due for my pneumonia shot yet? What does proteinuria mean?
Occasionally for my parents and often for my patients, I am the default holder of such information. Sometimes, in the fog of ill health, people forget critical information like their heart stopped beating upon receiving a certain anaesthetic or they have a propensity for low blood pressure. Sometimes, a meticulous discharge summary has been shoved into the bottom of a drawer where it stays while doctors frantically chase information on which a patient’s wellbeing, or even life, depends.
-----

Here’s how Turnbull can fix My Health Record mess

There are eight things the Turnbull government could do right now to fix the My Health Record debacle.
JUL 30, 2018
As the privacy and security controversy surrounding the Turnbull government’s My Health Record debacle enters its third week, there were no concrete resolutions in sight to allay the concerns of the Australian people, whose rights were literally being politicised in the process.
So much has been said, including by Health Minister Greg Hunt, over the past several days in an attempt to allay Australians’ concerns. And many of it has been proven to be incorrect.
But what this fall-out has shown, if anything, is that many Australian people do, in fact, care about their privacy, especially when it comes to their deeply intimate and personal health records. They also care about whether the security of the system (not to be confused with “privacy”) is up-to-scratch, or safeguarded by bank- or “military-grade” protections, as the minster likes to claim.
-----

A surgeon’s very real concerns about My Health Record

Neela Janakiramanan 30 July 2018
Healthcare provider Neela Janakiramanan has concerns about the My Health Record that go way beyond privacy. She shares this comprehensive analysis of what’s at stake – and why youth and women in particular are at risk.
I’m going to start by breaking an iron-clad rule of debating tournaments by talking about Nazi Germany.
On March 27, 1943, a small group of the Dutch resistance coordinated an attack on an occupied building in Amsterdam. Disguised as policemen, they entered the building, drugged the guards, doused the contents of the building in a flammable liquid and set it all on fire. At a nearby fire station, other members of the resistance delayed the departure of the fire trucks as long as possible, allowing the contents of the building to burn, and then used excess water to extinguish the fire in order to cause as much water damage as possible.
This building was the Gemeente, the municipal register of Amsterdam, which contained in meticulously recorded detail, information about all the inhabitants of the city. For the Nazis entering The Netherlands, this treasure trove of information made it incredibly easy to find the members of those groups they had identified as being subject to their persecution. Unfortunately, this resistance attack was only a partial success, with 85% of the records still usable after – and were ultimately used with great and tragic effect.
-----

Security concerns drive growing concern over mandatory health records

As breaches of medical data mount, union calls for “urgent ministerial intervention”
In the wake of a series of healthcare data breaches, the Electrical Trades Union (ETU) of Australia has joined the chorus of critics pushing back against the government’s plans to mandate use of its My Health Record (MHR) scheme.
Designed to improve the flow of healthcare data between hospitals, doctors, pharmacists and other allied health practitioners, MHR was recently shifted from an opt-in to an opt-out model in order to boost its takeup.
Australians have until 15 October to opt out of the scheme or automatically have an MHR record created for them – and a growing tide of dissent is pushing many to take that option based on an uncertain cybersecurity environment and the privacy risks that a centralised digital healthcare record poses.
-----

Poor patching, lack of guidance leaving Australian healthcare data exposed

Cybersecurity, patching policies inadequate or missing completely
Half of healthcare CISOs admit having suffered a security breach in the last 24 months, according to new research that not only highlights the poor state of information security in healthcare organisations, but warns attackers are have gained the upper hand using machine learning (ML) and artificial intelligence (AI) tools.
Just a third of organisations responding to a recent member survey – conducted by the Health Informatics Society Australia (HISA) within its Cybersecurity Community of Practice – said they performed a cybersecurity risk assessment at least annually, while only 65 percent had a formal business or governance plan that included managing cybersecurity issues.
The large number of unprepared and under-tested organisations highlighted the ongoing risk to Australian healthcare data, with poor system-administration practices rife.
-----

To stay in or to opt out? That is the question!

While not all grey nomads are yet to be fully convinced of the merits of the system, the rollout of the Government’s much-vaunted My Health Record system has been taken to the next level. From now until October 15, all Australians will actively need to opt out of the electronic medical records scheme if they don’t want to be a part of it.
On the very first day of the new approach, some 20,000 people opted out and it is estimated some 500,000 others will eventually do the same. If Australians don’t remove themselves from the system, the Federal Government will automatically make a digital copy of their medical record, store it centrally, and provide a number of people such as doctors, pharmacists, physiotherapists, and nurses with access.
The electronic health record details a patient’s medications, allergies and a summary of their health problems.
-----

Facebook's "shadow profiles": the involuntary dossiers of information you never provided, and can't opt out of

Gizmodo's Kashmir Hill continues her excellent investigative work on Facebook's mysterious "People You May Know" system, which has caused consternation among users by making seemingly impossible (and often disturbing) connections, such as "A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later."
Facebook is well understood as being a major customer of third-party data-brokers, who compile huge dossiers on people based on their spending, internet and phone usage, employment history and so on. In addition, Facebook encourages users to upload their entire address books to the system to "find your friends," and users generally don't appreciate that they may be leaking sensitive information, including nicknames, private numbers, and connections to the system.
Facebook mines this data to create "shadow profiles" of its billions of users. These are profiles that are filled with data about you that you have never consciously provided to the system -- data mined from third parties, including your friends, but also those spooky data-brokers. Facebook's shadow profile system was first confirmed in 2013 when it accidentally leaked users' shadow profiles to them along with their own data, something the company says it will never do again out of (ironic) respect for the privacy of the people who provided the data that goes into your shadow profile.
-----
David.

Chris "Roy" Taylor Of The Herald Sun Comments On The myHR


Bernard Robertson-Dunn Brings The Threads Together - Clarifies Key The Issues I Believe!

Bernard sent this to me yesterday.

Privacy, Trust and My Health Record, or The Spy in The Consulting Room

This was first published in Privacy Unbound, the Journal of the International Association of Privacy Professionals ANZ (iappANZ) Edition no. 85, August 2018

1    Introduction

Dr Bernard Robertson-Dunn is an electronic and automation engineer, has a PhD in modelling the electrical activity in the human small intestine and has had over forty years modelling, architecting and designing large scale information systems, mostly in government environments.
These include the Departments of Health, Finance, Immigration, Defence Bernard has been following the progress of, and has contributed to, the debate on the My Health Record for over ten years. He has no association or affiliation with any vendor or government organisation. Bernard is chair of the Health Committee of the Australian Privacy Foundation.
The views in this article are his considered opinion and are provided to Privacy Unbound to provide a broad contextual analysis of the issue surrounding health records and My Health Record in particular.

2    A Medical Record primer

Back in the day, when General Practitioners wrote on paper with black ink about the consultation they had just had with their patient, there was an implied joint contract and mutual trust. The doctor wanted to remember what their patient’s symptoms were, what he (they were nearly always he in those days) had prescribed and his musings and guesses as to what you were suffering from. You didn’t have to know or remember what you were suffering from. You both had in interest in the existence of the record. It was written by and for the doctor, you never saw it and it was called a medical record.
There was a reasonable balance between two parties with different but compatible and complementary objectives. You trusted your GP to keep your data confidential and do their best to make and keep you well; the GP wanted to stay in business and he valued his reputation.

3    Automation

Then along came computers. Initially all they did was store the same information in the same manner as did the paper records. There was the odd downside; computers are more expensive than pen and paper; GPs had to learn how to use a keyboard and how to operate a computer. The relationship between patient and GP didn’t change much. The GP probably spent more time looking at a computer screen than they did when they used pen and paper, but that was seen as a small price to pay for improved record keeping.
It was a similar situation in those hospitals that implemented electronic health records, although there are some horrendous tales of failed IT projects, but that’s not particularly uncommon in such complex environments.
With early computerisation, the situation regarding privacy, confidentiality and trust between patient and health care provider was largely unchanged. The IT systems were more prone to single points of failure, to ransom-ware and to data breaches but they were issues that could be solved with proper management and attention to technology.
There were, and still are, some major problems with the access to, and management of, health care information. Much data is transferred via fax, only a small amount of information is interchanged, sometimes data exists but this is unknown to health providers who could benefit from having it available.
However, the old medical record systems did have one advantage. Only those involved in a particular aspect of a patient’s care had access to a patient’s data about that care. Poor sharing of data was a two edged sword. It was privacy enhancing but there were clinical downsides.
When it comes to addressing some of the problems facing data management in the health care system – better access to health information dispersed throughout a large, multifaceted industry – there are two potential approaches. These can be summarised as decentralised or centralised.

4    Distributed Health Eco-systems

A decentralised, or distributed system would create a mechanism for identifying the location of a patient’s health data and allowing a health provider to access that data. There would need to be a mechanism for implementing a need to know principle – i.e. a health provider could only see that data they needed to in order to treat or advise their patient. The holder of that information would be responsible for granting access to the data.
All data could remain where is was; thus not complicating data consistency, which would occur if data were copied from one system to another. However, there may be a good argument that there should be a single source of truth, which would logically be the patient’s primary health provider – their GP.
A distributed system has the added advantage or being far more resilient and thus reliable than a centralised one which is at risk of being overloaded in times of high usage e.g. in an epidemic or bio-hazard situation, or prone to failure dues to power or communication loss. It is far less risky to have clinical systems located as close as practical to the point of care.
A distributed system has the characteristics of a virtual health ecosystem, rather than a health record. Additional capabilities at the health provider level can include such integrated functions as appointments, repeat prescription requests and a patient portal access to relevant information. Such systems are being implemented overseas.
The result would be an eco system of health information in which a virtual medical record existed. This record, although distributed, could be made available to systems that could undertake complex analysis and predictive functions that would assist health providers in their diagnosis and treatment of the patients. The major characteristics would be flexibility, coexistence of a variety of capabilities and a platform for small scale innovation that would scale or find a niche if useful or atrophy if not.
The privacy, trust and confidentiality issues would not be unduly challenged; the symmetry of need between patient and health provider would be retained. The health provider would be responsible for maintaining patient privacy and the patient would only need to trust a single party.

5    Centralised Health Records

The alternative is a centralised system such as My Health Record. This requires a database at the hub and a system which acquires and stores data. If it only passed on the data and did not retain it, it would functionally be the same as a distributed system.
A centralised system results in the database becoming the defining feature of the health information ecosystem. Innovation is stifled because compatibility with the database is essential. In a distributed system, local innovation is possible and preferable – it can be tested and assessed locally. Change in a centralised system is totally dependent on the hub and would need to happen globally.
The primary issue of a centralised system is “who owns the database in the hub?” Ownership bestows significant privileges; the owner runs the system and any access rules do not apply to the owner.
This single characteristic completely changes the dynamics of the health data environment.
Now there are three parties –the patient, the health provider and the system owner. In the case of My Health Record, this is the Australian Digital Health Agency, an Australian government entity that both reports to, and is funded by, the Federal Minister for Health.
What was a symmetry of needs between the patient and their health provider is fundamentally altered. Not just changed but distorted.
If the health provider is a GP, then a number of changes are introduced into the interaction between the GP and their patient. My Health Record is an additional, summary system over and above the GP’s clinical support system. Uploading data into My Health Record is not a simple matter of a few clicks. The AMA has produced a set of guidelines [1] that GPs are supposed to follow. It is a 27 page document and following it takes time out of a consultation to manage a patient’s My Health Record.
In addition, and this is a significant issue, the government, through a variety of mechanisms, pays the GP to provide the patient’s data. It could be argued that this is “selling” patient data to the government. This may or may not be a valid description, but it does introduce a real or perceived conflict of interest. The patient suffers from less attention; the GPs is paid for something that does not involve treating the patient. The patient may not be happy with the financial arrangement and may perceive a conflict of interest. This issue has the potential to have a negative impact on the trust between the patient and their GP.
The relationship between the GP and the government is primarily financial. The GP gains little or no benefit, they already have the data. The GP still gets data from other providers via the traditional mechanisms – fax, or emails. Data that is not provided to GPs may or may not be uploaded to My Health Record. Patients have the option of requesting that pathology labs or specialists do not upload data. There is no guarantee that data that a new GP or an A&E department would like to see is in My Health Record. In short, it is unreliable. There are also reports that data is sometimes incorrect or uploaded to the wrong patient resulting in either compromised treatment or the need for a patient to spend significant time and effort correcting the error, if they discover it.
The relationship between the patient and the Federal government, a funding agent, is totally un‑necessary for the delivery of health care. However, it represents a real and potential problem for the patient. Why does the Federal Government want such detailed health data? This is a question that has never been answered satisfactorily. There is an argument that the government needs aggregated data in order to develop policy, but there is no rationale for more detailed data. Furthermore, there is a suggestion that it could match detailed health data to its existing payment data looking for patterns of health care decisions by health providers; but this is only supposition. However, this uncertainty does nothing to engender trust.
The existence of a centralised database means that data from different providers will be stored in a single location; data which is available to anyone authorised to see the record. The inherent privacy advantages of a distributed system, where only the originating health provider has access, are nullified. In order to retain the trust levels inherent in a distributed system there needs to be an access control mechanism that, at a minimum, mimics that of the old system. My Health Record does not provide this. My Health Record has a complicated, poorly implemented set of access controls that require the patient to take responsibility for monitoring and managing access controls. In a similar way that automation has failed to help GPs manage input and usage of data in their clinical system, My Health Record has introduced extra responsibilities into the management of a patient’s health data. This is a responsibility that most patients are unaware of, and are potentially unable to take on. If they don’t, their privacy is at risk from third parties.

6    Privacy and My Health Record

The symmetry of the original relationship between patient and GP has now been destroyed. To some, there is now the feeling that there is a spy in the consulting room – the government. In addition, the effort required by the patient to manage their own data has been increased. Hardly an improvement.
The government introduced legislation in 2016 that set the scene to make the system opt-out. Australians now have a three month window in which to tell the government they do not want to be automatically registered for a My Health Record.
In order to enable an opt-out approach the government has had to remove the need to obtain explicit consent to register people and to acquire and disseminate their health data.
Because of the change to My Health Record from opt-in to opt-out, the legislation, especially that in Section 70 has recently become a major issue.
Section 70 includes a wide range of circumstances where it can release or make available My Health Record data. These include providing data to courts, tribunals, coroners and to other government agencies “in the protection of the public revenue”. This last item has never been defined by the government but appears to be related to investigation of fraud and applies to any government, state or federal, that is able to impose fines.
The courts have long been able to subpoena health data from a health provider but, according to a report from the Parliamentary Library [2], the ease with which documents can now be obtained has been significantly increased. This report contradicts the Health Minister’s claims that a warrant is necessary to obtain information under Section 70. The library also makes the observation that the legislation is a major weakening of existing protections around health records. The Minister has also been contradicted by the Queensland Police union [3]. That the Minister for Health, himself a lawyer is seen to be (allegedly) misrepresenting the legal standing of My Health Record is not adding to the trust Australians might have had in the system.
The minister did not add to a feeling of trust or enhance his credibility when the Parliamentary Library withdrew the original document and replaced it with another, revised version.
Even the Human Rights Commissioner has concerns about confidence in the privacy and security of the system and wants the government to improve privacy protections. “I think we can do better. We definitely are saying that there are problems with My Health Record.” He told the ABC [4]

7    Conclusions

Unfortunately, there are significant consequences from having the government both own the system and set the laws and regulations that govern it. The big problem is that a government in the future could change the rules that permit easier access to My Health Record data.[5] What these are is a matter of guesswork and supposition, but is likely to be unsettling to a population that has already rejected several Identity Card/Number initiatives.
Privacy seems to matter to many Australians and they are not routinely likely to trust government initiatives, especially after problems with the recent census and the so called Robodebt debacle the result of the ATO and Centrelink sharing and linking data, something the government has expressed a desire to do with data from other agencies, including Health, more often. We do not know if that will include My Health Record data, but it could, in the future.
How the My Health Record initiative will all turn out is a matter of conjecture. What is certain is that My Health Record, if widely adopted by patients and health providers will have major consequences for the dynamics of health care system in Australia. Patients will need to become more involved in the management of their own summary health data; GPs will need to spend more time managing health record systems – their own and the governments; and the government will need to continue funding, maintaining and operating the system as well as protecting the data for the foreseeable future. The cost of this system is currently over $AUD2billion; what the return on this investment will be is not yet known.
Even if the issue of government ownership is resolved, there are other characteristics of a centralised system that make its use and effectiveness problematic and questionable. In summary these include:
  • The security of a system that is attached to the internet;
  • The system is designed to promote data being downloaded to other systems with fewer controls and less visibility;
  • The responsibility for accuracy, currency and completeness lies with the patient;
  • The significant cost and effort required by patients and GPs to maintain the system.
These are significant obstacles to making any centralised system acceptable for clinical use.
From a privacy and trust perspective, the distributed approach has much to recommend it. The simple yet important relationship between a GP and their patient is a significant driver in the maintenance of a high degree of privacy. Both have a lot to lose. The introduction of a third party, the federal government, apart from distorting the privacy trust relationship is also an asymmetry of power. Taking on the government is no trivial task and only one has a lot to lose.
My Health Record, even after six years operation is still very much a work in progress. The government is currently going through a market testing process that is looking at completely revamping system. This is an implicit acknowledgement that the system as it exists is not fit for purpose.
It is possible, even likely, that over the opt-out period public reaction will result in the government changing its mind regarding such things as the legislation that protects the privacy of My Health Record users. Unfortunately there are two characteristics that cannot be changed.
  1. My Health Record means the government acquires and keeps highly personal health data. It can also potentially track the behaviour and performance of health providers.
  2. The government has already changed the legislation from opt-in and a need to get a patient’s consent to opt-out and no need to get consent. At the end of the second week of the opt-out period, the government has been forced by statements made by the AMA and the Queensland Police to change the legislation to “remove ambiguity” and improve the protection of Australian’s privacy.
What has the potential to totally destroy any trust people may have in the government is the reality that in our political system there is nothing is to stop this or future governments from further changing the privacy protection.
Not only is My Health Record a work in progress, so is the government’s attempt to persuade Australians to adopt this scheme. Unfortunately for the government the twin problems of a lack of a guarantee regarding future governments and the reality that there is a better, cheaper, more flexible system with inherently better privacy protection means they have a difficult job ahead.

References

[1] AMA AMA Guide to Medical Practitioners on the use of the Personally Controlled Electronic Health Record System
https://ama.com.au/sites/default/files/documents/AMA_Guide_to_using_the_PCEHR_Final_June_2012_Formatted_300812.pdf
[2] Law enforcement access to My Health Record data
Both the original and revised versions and a comparison are available through this site:
https://privacy.org.au/campaigns/myhr/
[3] My Health Record: Greg Hunt’s warrant claims contradicted by police union
https://www.theguardian.com/australia-news/2018/jul/26/my-health-record-greg-hunts-warrant-claims-contradicted-by-police-union
[4] My Health Record needs privacy improvements to restore public confidence: Human Rights Commissioner
http://www.abc.net.au/news/2018-07-24/my-health-record-human-rights-commissioner-wants-changes/10028618
[5] My Health Record: it’s worse than you think
https://libertyworks.org.au/my-health-record-its-worse-than-you-think/

Here is the link:

https://privacy.org.au/privacy-trust-and-my-health-record/

Enjoy the read.

David.