Note: I have excluded (or marked out) any commentary taking significant funding from the Agency or the Department of Health on all this to avoid what amounts to paid propaganda. (e.g. CHF, RACGP, AMA, National Rural Health Alliance etc. where they were simply putting the ADHA line – viz. that the myHR is a wonderfully useful clinical development that will save huge numbers of lives at no risk to anyone – which is plainly untrue) (This signifies probable ADHA Propaganda)
-----
Note: I have also broadened this section to try to cover all the privacy and security compromising and impacting announcements in the week – along with the myHR. It never seems to stop! Sadly social media platforms get a large run this week and most weeks. Sadly there is also the need to recognize polly based risks to privacy!
-----
What is GDPR? Everything you need to know about the new general data protection regulations
General Data Protection Regulation, or GDPR, is here. Here's what it means, how it impacts individuals and businesses - and how to ensure compliance.
What does GDPR stand for?
GDPR stands for General Data Protection Regulation. It's the core of Europe's digital privacy legislation.
How did it come about?
In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe 'fit for the digital age'. Almost four years later, agreement was reached on what that involved and how it will be enforced.
One of the key components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.
"The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information," said Andrus Ansip, vice-president for the Digital Single Market, speaking when the reforms were agreed in December 2015.
-----
Australia: The Un-Healthiness Of The Australian Health Sector's Data Security
Last Updated: 17 May 2019
More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,1 statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an industry scale.
There is a cruel sense of irony that the services we turn to when we are vulnerable are themselves vulnerable, suffering data breaches that may harm us financially, psychologically or, in extreme circumstances, physically. The figures are stark, with 163 notifiable data breaches suffered by health sector businesses that are subject to the federal Privacy Act 1988 (Cth), which does not include the country's major hospitals operated under State jurisdictions. On top of these figures, the Australian Digital Health Agency, the agency responsible for administering the controversial 'My Health Record' system,2 reported that a further 42 data breaches affected Australian My Health Records throughout 2018, which are also excluded from the statistics recorded in the OAIC's reports.
-----
Privacy Awareness Week (health information): health sector and the notifiable data breach scheme - 12 months on
It’s been a little over a year since the notifiable data breach scheme was introduced in Australia. The Office of the Australian Information Commissioner (OAIC) issued its Notifiable Data Breaches Scheme 12-month Insights Report on 13 May 2019, detailing its insights to come out of the scheme’s operation over the past 12 months. As regular readers would no doubt be aware, the health sector was one of the top industry sectors to report breaches in the first 12 months of the scheme’s operation.
Here’s the health sector at a glance:
- Of the 964 eligible data breaches notified to the OAIC from 1 April 2018 to 31 March 2019, health information breaches accounted for 249 notifications (just over a quarter of all notifications). This is consistent with international trends which often show the health sector as a leading reporter of data breaches.
- Human error was the leading cause of data breaches in the health sector, accounting for 55% of the breaches. This figure was relatively higher when compared to the average rate of data breaches in other industries due to human error (35%).
- Human error in the health industry typically involved sending personal information to the wrong recipients via email and other forms communication.
-----
Health policy debate misses the mark
James Scollay
- 12:52PM May 16, 2019
Health policy might be centre stage this election, but there’s a glaring gap in the debate
With only a day to go before the federal election, it’s no surprise our country’s health has come into the firing line.
Cancer services, hospital funding, out-of-pocket costs - these issues warrant concerted policy attention. But while each party continues to pledge new promises, not one has addressed the technologies that will be required to deliver on these for all Australians. This, to me, is a grave oversight, and one that could hinder the delivery of safe, timely and effective care for patients.
Many of the pledges made by the coalition were announced in the federal budget. Here, the Coalition government announced $81.78 billion would be allocated to health, with the largest share directed towards medical services and benefits, pharmaceutical benefits, and assistance to public hospitals. However, interestingly, it excluded any mention of research and development in health technology, which we’re seeing health systems in other parts of the world take tremendous strides.
-----
Protecting your practice from a notifiable data breach
The RACGP has again collaborated with the Office of the Australian Information Commissioner for Privacy Awareness Week.
17 May 2019
The annual initiative is aimed at raising awareness of privacy issues and promoting the importance of protecting personal information, including general practice patient data.
Dr Penny Burns, GP and RACGP Expert Committee – Practice Technology and Management (REC–PTM) member, recently delivered an RACGP eHealth webinar on the Notifiable Data Breaches (NDB) scheme.
The RACGP webinars are designed to assist GPs and general practice teams understand the NDB scheme and their obligations for assessing and responding to potential data breaches in their practice.
The NDB scheme came into action in February 2018 and all general practices are obliged by law to report data breaches which meet the criteria of an ‘eligible data breach’.
-----
Dr Penny Burns, GP and RACGP Expert Committee – Practice Technology and Management (REC–PTM) member, recently delivered an RACGP eHealth webinar on the Notifiable Data Breaches (NDB) scheme.
The RACGP webinars are designed to assist GPs and general practice teams understand the NDB scheme and their obligations for assessing and responding to potential data breaches in their practice.
The NDB scheme came into action in February 2018 and all general practices are obliged by law to report data breaches which meet the criteria of an ‘eligible data breach’.
-----
A content analysis of the consumer-facing online information about My Health Record: implications for increasing knowledge and awareness to facilitate uptake and use
1 Sep 2018
Louisa Walsh, Sophie Hill, Meredith Allan, Susan Balandin, Andrew Georgiou, Isabel Higgins, Ben Kraal, Shaun McCarthy, Bronwyn Hemsley
Description
Abstract
Background: Low health literacy, low levels of positive belief and privacy and security concerns have been identified as a significant barrier to personal electronic health record uptake and use. An important tool for overcoming these barriers is the consumer-facing information which accompanies the system. My Health Record (MyHR) is the Australian national e-health record system, for which a large suite of online resources exists to facilitate consumer registration and use. This study uses a number of different measures of health resource quality to assess the MyHR online consumer-facing information and identify any gaps or areas for improvement.
Objective: To analyse the quality and content of the online consumer-facing resources which support the uptake and use of MyHR.
-----
Notifiable Data Breaches scheme: 12‑month insights report
13 May 2019
This report looks back on the last 12 months of the Notifiable Data Breaches scheme (NDB scheme). The NDB scheme introduced new obligations for Australian Government agencies and private sector organisations (entities) that have existing information security obligations under the Privacy Act 1988 (Cth) (the Privacy Act). For a little over a year, it has been a legal requirement for entities to carry out an assessment whenever they suspect that there may have been loss of, unauthorised access to, or unauthorised disclosure of personal information that they hold. If serious harm is likely to result, they must notify affected individuals so they can take action to address the possible consequences. They must also notify the Office of the Australian Information Commissioner (OAIC).
The requirement to notify individuals of eligible data breaches goes to the core of what should underpin good privacy practice for any entity—transparency and accountability. Being ready to assess and, if appropriate, notify of a data breach provides an opportunity for entities to understand where privacy risks lie within their operations, to address the human and cyber elements that contribute to data breaches and to prevent or minimise harm to individuals and the community. And, of course, prevention is better than cure. The requirements under the NDB scheme incentivise entities to ensure they have reasonable steps in place to secure personal information.
------
Australians can check their immunisation status through My Health Record
15 May 2019 ADHA Propaganda
Being up to date on immunisations can stop the spread of serious disease.
Measles is one of the most contagious diseases in human history (1). If a single person has the virus, 90 per cent of those around will catch it. The measles virus lingers for up to two hours – so if you ride the train or walk the grocery aisles after an infected person, you’re exposed.
Thanks to immunisation, local cases of measles had been falling (2). In 2014, Australia declared the end of endemic measles, but a recent spike is bringing it back into public consciousness (2). There have already been 108 cases in Australia this year, compared to 103 for the whole of 2018 and just 81 in 2017.
This leaves 2019 on track to be Australia’s second-highest year for measles since 1997 (3). And Australia isn’t the only country experiencing this surge. Similar trends have emerged in New Zealand, Japan and the US.
-----
Data privacy worries ease, survey suggests
- 1:16PM May 13, 2019
Nearly 60 per cent of Australian consumers are willing to share significant personal data with banks and insurers in exchange for lower prices.
Meanwhile close to 50 per cent of consumers would part with personal data for increased convenience when applying for a product or filing an insurance claim.
In exchange for benefits like faster loan approvals or personalised offers based on their current location, Australians would be happy to share location data and lifestyle information with their bank or insurance company, according to a global survey by professional services company Accenture.
“Most consumers are realising now that personal data has quite a lot of value,” Alex Trott, who heads up Accenture’s banking practice in Australia and New Zealand, told The Australian.
-----
WhatsApp flaw lets hackers spy on activists
- By Mark Bridge and Tom Knowles
- The Times
- 12:00AM May 16, 2019
Encrypted messaging apps should never be considered secure, experts have warned, after a flaw in WhatsApp allowed attackers to spy on activists.
The Facebook-owned firm admitted a weak spot in its app’s voice-call software enabled the installation of spyware in dozens of users’ phones by an “advanced cyber actor”, which may have been a nation state.
The flaw put all 1.5 billion users of the app at risk of compromise, including iPhone and Android users.
Experts said the case highlighted the ability of sophisticated attackers to exploit gaps in code to view messages on a target’s phone even if those messages were encrypted in transit.
-----
Labor gets set to pause open banking
By Julian Bajkowski on May 16, 2019 6:38AM
Husic flags major policy reset to push social equity.
Billions of tech dollars spent by major banks and their emerging competitors on new open banking capabilities could in days be left in limbo by an incoming Shorten government.
Labor’s Digital Economy shadow Ed Husic has told iTnews outstanding enabling legislation for the new Consumer Data Right will play second fiddle to other legislative imperatives, like reforming negative gearing and dividend imputation, in the event of an election win .
“Will it be an immediate or priority? I wouldn't necessarily say that would be the case, given what we have flagged as big priorities for us from negative gearing franking reform and the like,” Husic said.
At the moment open banking enabling legislation contained in new Consumer Data Right laws remain stranded in the Senate log jam that coincided with the Morrison government going to the polls.
-----
Thursday, 16 May 2019 02:47
Australia falling behind other countries in AI race: report
Australia is losing the global race in artificial intelligence and will miss out on future jobs without major new investment to secure its position as a leading destination for AI research and development, according to analysis by the University of Adelaide’s Australian Institute for Machine Learning.
According to the analysis, Australia’s investment in AI as a proportion of GDP is nowhere near comparable countries like South Korea, Singapore, France, Germany and Japan.
And, the research found Australia was also “miles behind” the competition in terms of institutions dedicated to AI research.
AIML director Professor Anton van den Hengel says other countries are investing billions of dollars in AI research because it is a core driver of innovation, revitalising existing industries and helping create new ones.
-----
My Health Record
A My Health Record is an electronic summary of a patient’s health information. A registered healthcare provider organisation may view or add health information (such as diagnoses, treatments, medications and allergies) to the patient’s My Health Record in line with their access controls.