This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Quote Of The Year
Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"
or
H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."
Digital mental-health companies plunged in,
promising to provide millions with access to high-quality care by video, phone,
and messaging.
Many of the businesses, however, put a
premium on growth. Investor-backed, they deployed classic Silicon Valley
tactics such as spending heavily on advertising and expansion while often using
contractors instead of employees to control costs. A strategy designed for
mundane businesses such as food delivery, the formula can be badly suited to
the sensitive activity of treating mental-health problems.
After Caleb Hill told his parents he was
gay, he was kicked out of the house. He had been taught, growing up in a
conservative Christian household in Tennessee, that his attraction to men was a
grave sin.
Feeling isolated and depressed a few months
later, Mr. Hill, then 22, thought therapy might help. He had heard podcast ads
for BetterHelp, a company that provides therapy remotely and promises “a
personalised therapist match that is tailored to your preferences and needs.”
His biggest concern was he missed his family. The therapist he was given, he
says, recommended he try to stop being gay so he could go back to them. “He
said if I chose to go back to who I was and deny those feelings, he could get
me where I needed to be,” Mr. Hill said.
Mr.
Hill had requested an LGBTQ+ therapist, a screenshot of his intake form shows.
BetterHelp gave him one who didn’t specialise in LGBTQ+ issues, according to
the provider’s profile on its website, and whose personal website says he
practices Christian counselling.
“He
said either you sacrifice your family or you sacrifice being gay,” said Mr.
Hill. “I needed someone to tell me I was gay and that was OK. I got the exact
opposite.” BetterHelp declined to comment on Mr. Hill’s experience, citing
patient confidentiality. The therapist wouldn’t discuss him either, citing the
same reason.
“Given
the scale of the service, unfortunate and negative experiences are not
completely unavoidable,” BetterHelp, a unit of Teladoc Health Inc., said in a
written statement. “This is true in all therapy settings, whether traditional
or online.” A number of other clients of digital mental health companies
described to The Wall Street Journal how they felt they were badly matched or
encountered unprofessional therapists. Some, like Mr. Hill, also told of being
gay and being assigned to therapists who were unsympathetic.
Other
clients of digital mental health companies described to The Wall Street Journal
how they were badly matched or encountered unprofessional therapists. Some,
like Mr. Hill, also told of being gay and being assigned to therapists who were
unsympathetic.
Telehealth
technology was used for 36% of outpatient visits for mental-health and substance-abuse
treatment in the March-through-August stretch of 2021, a jump from essentially
zero before the pandemic, according to research from Kaiser Family Foundation.
Sensing
opportunity, investors last year poured $4.8 billion into startups offering digital
mental-health services, according to Rock Health, a research and investment
firm. Some of the companies provide therapy, some prescribe psychiatric drugs
and some do both.
The
companies say that their advertising helps to break the stigma associated with
seeking mental-health treatment. And those that lean on nurse practitioners
instead of physicians to prescribe medication can lower the price of care and
expand the number of available providers. Many patients say the care they have
received from the companies is good and also is unavailable elsewhere.
Cerebral
Inc. was a star in the field. It raised hundreds of millions of dollars, signed
Olympic gymnast Simone Biles as a spokeswoman and by two years after its launch
was valued at close to $5 billion.
Its
heavy social-media advertising and brief appointments with clinical contractors
sparked trouble when the company began prescribing drugs that are prone to
abuse. The Wall Street Journal reported how Cerebral executives pitched its
investors on the superior profitability of prescribing stimulants such as
Adderall, which can benefit people with attention deficit hyperactivity
disorder but are sought by others for the buzz they provide. The reporting
showed how some Cerebral clinicians felt pressured to prescribe the drugs.
Cerebral
now faces two federal investigations, has been told by Walmart Inc. and CVS
Health Corp. that they will no longer fill its prescriptions for controlled
substances and has been dropped from insurance networks Optum and Aetna. It has
laid off hundreds, fired its CEO and stopped prescribing stimulants.
Another
digital mental-health provider, Done Global Inc., faces a Justice Department
investigation after the Journal reported that some of its clinicians, too, felt
pressured to prescribe stimulants to treat ADHD.
Done,
run by a former Facebook product manager with no medical training, also
advertises heavily on social media. Done’s clinicians continue to prescribe
stimulants, sometimes after appointments as short as 10 minutes, the Journal
has reported. Walmart and CVS have said they won’t fill its prescriptions for
the drugs.
Cerebral
and Done have said that they don’t pressure clinicians and that they provide an
essential service. Cerebral has said it is cooperating with the investigations
and hasn’t been accused of breaking any laws. Neither company answered
questions for this article.
Workit
Health Inc. was a hot startup treating opioid addiction via telehealth, ranking
among the leaders in capital raised. Its clinicians prescribe Suboxone, an aid
to controlling cravings. Workit’ssocial-media ads show boxes of the medication.
Addiction
experts say that while Suboxone can be crucial for opiate addicts to help hold addiction
at bay, so is counselling that helps them develop new habits and gives them
other tools to beat the addiction.
Workit
advertises support to help with recovery. In some states it has hundreds or
thousands of clients but just a handful of counsellors, according to people
familiar with the figures. In Florida, it recently had a few thousand clients
and no counsellors licensed there, the people said, as its last one departed in
September.
What I can away from all this was
that the treatment probably worked but that the surrounding business models and
profit seeking left a fair bit to be desired and lacked clinical focus etc.
I would take the headline with a ‘grain
of salt’ and suggest that OZ and the US may have very different experiences of
value delivery!
Increased
cyber security requirements for systems connecting to My Health Record
Australian Digital Health Agency
The Australian Digital Health Agency (the
Agency) is strengthening My Health Record protections through a new mandatory conformance profile
for clinical information systems (including those used in GP clinics,
pharmacies and allied health services) connected to the My Health Record
system.
The security requirements profile will be
effective from April 2023 following a 3-month period where industry is invited
to provide feedback on the profile. Software vendors with clinical software
products will be supported to implement changes in their products in a phased
approach, to balance the need to strengthen security for all systems connected
to My Health Record with the capability of software vendors to make necessary
adjustments in a timely manner. The conformance profile was co-developed with
stakeholders including regulators, software vendors and security experts.
The Agency is supporting industry with their
preparation by providing visibility of the conformance profile in advance of
the official implementation period. Questions and comments on the new
conformance profile and the proposed phased implementation schedule from across
the software industry can be sent to the Agency until April 2023.
The new security requirements profile
contains an evidence-based list of security requirements that harden clinical
information systems from cyber security attacks, uplift information security
and provide better protection for consumer information. Each vendor with
software products connected to My Health Record will be required to submit an
extensive file of evidence to demonstrate conformance to each requirement, as
well as participate in an observation session conducted by the Agency
specialist team.
Australian
Digital Health Agency Acting Chief Digital Officer, Dr. Holger Kaufmann said,
“Protecting sensitive information is essential in the provision of healthcare
services and is a fundamental capability that is required to enable connected
healthcare systems and safe, seamless, secure, and confidential information
sharing across all healthcare providers.”
“The
Agency has and will continue to work with clinical information system vendors
to provide support and guidance to further secure and protect their software
for the benefit of patient privacy, national infrastructure, and their own
businesses” he said.
The
new requirements align to the best-practice standards recommended by the
Australian Cyber Security Centre (ACSC), detailed in the ACSC’s Strategies to
Mitigate Cyber Security Incidents, known as the Essential
Eight, that help protect systems against a range of online and cyber
security threats.
Software
vendors have up to 24 months to make changes.
Systems that interconnect with the
government’s My Health Record will need to meet elevated security standards
that align with the Essential Eight over the next two years.
The Australian Digital Health Agency (ADHA)
said in a statement
late Tuesday that it would introduce a new - mandatory - security requirements
“conformance profile” for clinical software vendors.
“All clinical information systems that use
one or more My Health Record B2B web services will need to conform to the new
security profile,” the agency said
in accompanying release notes.
"The agency is cognisant of the
inherent cyber security risks posed by systems connected to and accessing the
My Health Record system, as well as potentially vulnerable aspects of the
national infrastructure and all services under its care.
"To
address this risk, a set of security requirements for systems connecting to the
My Health Record system have been identified, comprising controls related to
application development and web development, with controls aligned to the
Australian Cyber Security Centre’s (ACSC) Essential Eight maturity model.
"These
controls are selected as the areas of the ACSC Information Security Manual (ISM)
that are most relevant to the development of software for healthcare
organisations."
The
conformance profile is currently in draft, pending industry feedback. Full
details are behind a login, accessible to industry participants only.
Although
it becomes “effective from April 2023”, implementation will be phased across
five tranches and two years, with most clinical software vendors having
18-to-24 months to complete the necessary rework and upgrades on their end.
Tranche
one vendors - those making systems used in acute care, which covers hospitals,
emergency and the like - have six-to-12 months to make changes.
“Software
vendors with clinical software products will be supported to implement changes
in their products in a phased approach, to balance the need to strengthen
security for all systems connected to My Health Record with the capability of
software vendors to make necessary adjustments in a timely manner,” ADHA said.
“The
new security requirements profile contains an evidence-based list of security
requirements that harden clinical information systems from cyber security
attacks, uplift information security and provide better protection for consumer
information.
“Each
vendor with software products connected to My Health Record will be required to
submit an extensive file of evidence to demonstrate conformance to each
requirement, as well as participate in an observation session conducted by the
[ADHA] specialist team.”
“Although
it becomes “effective from April 2023”, implementation will be phased across
five tranches and two years, with most clinical software vendors having
18-to-24 months to complete the necessary rework and upgrades on their end.
Tranche
one vendors - those making systems used in acute care, which covers hospitals,
emergency and the like - have six-to-12 months to make changes.”
It
seems we can all have our Christmas break, come back in February and start work…
Seems
a little too relaxed to me, given the data that is at stake….
This weekly blog is to explore the news around the larger issues around
Digital Health, data security, data privacy, AI / ML. technology, social media
and any related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board were
dated 6 December, 2018 and we have seen none since! It’s pretty sad!
Note: Appearance here is not to suggest I see any credibility or
value in what follows. I will leave it to the reader to decide what is
worthwhile and what is not! The point is to let people know what is being said
/ published that I have come upon, and found interesting.
Western
Australia’s Future Health Research and Innovation Fund will
award 70 per cent more money than originally forecast over the forward
estimates following the mid-year review.
The
state’s Investment Attraction Fund, which aims to support economic
diversification in sectors including energy, METS, defence, space, and health
and medical life sciences, also received a $105 million top-up for 2022-23 in
the review, released last week.
The
Future Health Research and Innovation Fund is a $1.6 billion sovereign wealth
fund that finances grant programs from its yearly investment income. According
to the review, the additional 2022-23 funding is the result of a “once-off
$16.7 million top-up”.
Overall,
“after a review of the fund’s investment profile and returns”, the fund will
award an additional $84 million from 2022-23 to 2025-26. The state Budget
initially estimated around $120 million would be awarded over the same period.
The
fund has awarded $63.6 million since programs began in financial year 2020-21.
After
three years, the Privacy Act Review commissioned under the
Coalition government has been completed and the final report handed to Attorney
General Mark Dreyfus.
The
Attorney General will now consider the review over the summer and is expected
to release it publicly alongside the government’s response in the first half of
2023.
Half of
Australians don’t trust the government when it comes to cyber security, with
almost two-thirds believing it could do more protect them and their data, according
to new figures.
Multinational
cybersecurity company Palo Alto Networks, revealed on Friday that more than 70
per cent of Australians were “fearful” of a nationwide cyber-attack that would
affect their daily lives and almost 90 per cent wanted government to increase
requirements for companies storing personally identifiable information. In a
survey commissioned by Palo Alto of more than 1000 people across the nation,
only a third of Australians believed the nation was a “global superpower” when
it came to cyber security.
Palo Alto
Networks head of government affairs for Australia and New Zealand Sarah Sloan
said the survey revealed the anxiety of Australians when it came to the
protection of data and the possibility of a nationwide cyber-attack, with 26
per cent responding they were “very fearful” of such an event.
“Between an
increasingly complex geopolitical environment and a string of high-profile
cyber-attacks, Australians are on high alert,” Ms Sloan said.
Over the past
three decades, a handful of products like Netscape’s web browser, Google’s
search engine and Apple’s iPhone have truly upended the tech industry and made
what came before them look like lumbering dinosaurs.
Three weeks
ago, an experimental chatbot called ChatGPT made its case to be the industry’s
next big disrupter. It can serve up information in clear, simple sentences,
rather than just a list of internet links. It can explain concepts in ways
people can easily understand. It can even generate ideas from scratch,
including business strategies, Christmas gift suggestions, blog topics and
vacation plans.
Although
ChatGPT still has plenty of room for improvement, its release led Google’s
management to declare a “code red.” For Google, this was akin to pulling the
fire alarm. Some fear the company may be approaching a moment that the biggest
Silicon Valley outfits dread — the arrival of an enormous technological change
that could upend the business.
For more than
20 years, the Google search engine has served as the world’s primary gateway to
the internet. But with a new kind of chatbot technology poised to reinvent or
even replace traditional search engines, Google could face the first serious
threat to its main search business. One Google executive described the efforts
as make or break for Google’s future.
ChatGPT was
released by an aggressive research lab called OpenAI, and Google is among the
many other companies, labs and researchers that have helped build this
technology. But experts believe the tech giant could struggle to compete with
the newer, smaller companies developing these chatbots, because of the many
ways the technology could damage its business.
Summer is a
time for outdoor activities, barbecues and soaking up the sunshine.
However, The
Australian Digital Health Agency is encouraging people to be aware of the
potential health hazards that can come with the warmer weather.
Here are some
things to watch out for and tips on how to stay safe and healthy this summer.
Heat
stroke
When the body
is unable to regulate its temperature, it can lead to heat stroke. Symptoms
include dizziness, headache, rapid heartbeat and loss of consciousness.
To prevent
heat stroke, stay hydrated, avoid excessive alcohol consumption and take
frequent breaks in a cool place.
A huge
cyberattack on the telco in September caused a political storm and made
Australians aware of the power of their personal data. Behind the scenes, it
was a time of high drama.
It
began with a phone call from the other side of the world. Kelly Bayer Rosmarin
was waiting at the airport after a run-of-the-mill business trip to the United
States. Beside the Optus chief executive was her marquee hire, former NSW
premier Gladys Berejiklian. The pair were waiting to board a Qantas flight home.
The call, however, meant it was a flight Bayer Rosmarin would never make.
It
was Wednesday afternoon in Sydney, and late evening on Tuesday in America.
Chief information officer Mark Potter was on the line, and the news was not
good.
Technology
staff had raised concerns about suspicious activity on Optus’ IT networks the
day before. Potter was calling his boss after a series of hastily convened
meetings with other top lieutenants had determined that Optus faced an
impending crisis.
While
details were sketchy, they could have a serious problem on their hands. The
executive team was worried enough to categorise it as a crisis.
Attorney-General
Mark Dreyfus says he has received the review of Australia's privacy laws and
will “carefully consider” its contents as he prepares to overhaul the
legislation next year.
The
review was commissioned by the former federal government in 2019 – years before
millions of Optus and Medibank customers had their data stolen – in a bid to
“ensure privacy settings empower consumers, protect their data and best serve
the Australian economy”.
In
a tweet, Mr Dreyfus said: “The former government left Australia's privacy laws
out of date and not fit-for-purpose in our digital age.”
“I've
now received the review of the Privacy Act by my department, which I will
carefully consider as I prepare to overhaul the Act next year,” he continued.
Following
high profile data breaches, the Privacy Act has been amended to increase the
monetary penalties for serious privacy breaches. Additionally, the Information
Commissioner now has greater powers to gather and to share information to
resolve data breaches.
Up
to an estimated 10 million Australians have been affected by at least one of
the high profile data breaches affecting high profile Australian companies in
2022. In October 2022, the Attorney General, the Hon Mark Dreyfus KC MP,
promised to toughen Australia’s privacy laws. In December 2022, the Privacy Act
was amended to increase penalties for serious or repeated breaches of privacy
and to improve the capacity of the Information Commissioner to gather and to
share information about data breaches.
Tougher
penalties
The
headline grabber is the increase to penalties for serious or repeated breaches
of privacy. The table below sets out how the amended Privacy Act provides for
significantly greater civil penalties for serious or repeated interferences of
privacy when compared to the penalties under the Act before the amendments
received royal assent.
Palo
Alto Networks research find Australians blame executives more than tech workers
when their organisation is attacked.
92%
of Australians want someone to be held liable when an Australian company
is breached in a cyber attack, and one in two Australians want that person to
be a board director or a C-suite executive, according to the latest research
from Palo Alto Networks.
Conducted
by Savanta, the research found that 50% of Australians thought board directors
or C-suite executives should be liable for their companies suffering a cyber
attack, compared to only 44% believing that frontline tech workers should be
held responsible.
Seven
in ten Australians believe not enough corporate leaders in Australia are held
personally accountable after data breaches occur at their organisations. In
contrast, 67% believe leaders should face fines and jail time if they have not
taken reasonable steps to protect personally identifiable information.
Digital
mental-health companies plunged in, promising to provide millions with access
to high-quality care by video, phone, and messaging.
Many
of the businesses, however, put a premium on growth. Investor-backed, they
deployed classic Silicon Valley tactics such as spending heavily on advertising
and expansion while often using contractors instead of employees to control
costs. A strategy designed for mundane businesses such as food delivery, the
formula can be badly suited to the sensitive activity of treating mental-health
problems.
After
Caleb Hill told his parents he was gay, he was kicked out of the house. He had
been taught, growing up in a conservative Christian household in Tennessee,
that his attraction to men was a grave sin.
Feeling
isolated and depressed a few months later, Mr. Hill, then 22, thought therapy
might help. He had heard podcast ads for BetterHelp, a company that provides
therapy remotely and promises “a personalised therapist match that is tailored
to your preferences and needs.” His biggest concern was he missed his family.
The therapist he was given, he says, recommended he try to stop being gay so he
could go back to them. “He said if I chose to go back to who I was and deny
those feelings, he could get me where I needed to be,” Mr. Hill said.
GPT: High-tech parlor trick or the first real AI for
everyday use?
OpenAI’s beta ChatGPT service based on the GPT-3
database of content is amazing people with its human-like conversations, but
the technology is not as deep as it seems — yet.
Executive
Editor for Global Content, Computerworld | 15 December 2022 22:00 AEDT
Within
a week of ChatGPT’s November 30, 2022, launch, the AI-powered conversation tool
was the talk of the (media) town, fascinating early users with its conversational
abilities and even creativity. Soon, the enthusiasts exclaimed, we
won’t need people to write marketing copy, ads, essays, reports, or pretty much
anything other than the most specialized scientific reports. And AI will be
able to handle all our customer service calls, appointment-making, and other
routine conversations.
Not
so fast! My own experiments with the underlying technology suggest we have a
ways to go before we get there.
Still,
what is different about ChatGPT versus previous AI wunderkinds is that it isn’t
just the tech and business media who are paying attention: Regular folks are
too.
A
teacher friend asked me just a week after ChatGPT’s debut how teachers will be
able to detect students having AI write their term papers for them. Policing
cut-and-paste efforts from Wikipedia and the web are tough enough, but an AI
tool that writes “original” papers would make student essays and reports
meaningless as a judge of their learning.
(Switching
to oral presentations with a Q&A component would fix that issue, since
students would have to demonstrate live and unaided their actual understanding.
Of course, schools don’t currently give teachers the time for that lengthy exam
process.)
Data
is invaluable, but concentrating it in one place can make it risky – suddenly
it becomes a resource that is incredibly valuable and something bad players are
desperate to get their hands on. Especially when organisations are storing more
than they need.
It’s
a phenomenon that the security industry has long been aware of and one that
regulators and policymakers are beginning to see as critically important.
“Looking
at the Optus attack, this was a big concern because fraudsters were using
stolen PII (personally identifiable information) to try and commit identity
crime,” says Paul Warren-Tape, Head of Operations for ID verification leader
OCR Labs Pty Ltd.
“We
need to understand why a telco stores copies of people’s identity documents in
the first place, as to provide ongoing services they only need to know a
person’s name, address and their contact details”
Warren-Tape
says the Medibank breach is also “deeply concerning”.
Here are a few I have come across the last week or so. Note:
Each link is followed by a title and a few paragraphs. For the full article
click on the link above title of the article. Note also that full access to
some links may require site registration or subscription payment.
General Comment
-----
Lots of NBN
activity and some moves from the ADHA. Otherwise all is quiet as we rest over
the holidays.
AMA submission to the role and functions of an Australian CDC
Published 22 December 2022
The AMA has been calling for a Centre for Disease Control
(CDC) since 2017, and continuously advocated for a CDC throughout the COVID-19
pandemic. The COVID-19 experience has illustrated the need for a nationally
coordinated CDC across all jurisdictions in Australia.
The AMA
submission to the Department of Health and Aged Care consultation on the role
and functions of an Australian Centre for Disease Control emphasises that
the CDC must be adequately funded and resourced over the long-term to undertake
its multitude of functions, including rapid risk assessment, scientific
briefings, public education, and disease prevention. An Australian CDC should
be situated as the most trusted source of independent expert advice for
pandemic preparedness, other public health emergencies and communicable and
non-communicable disease prevention.
The AMA recognises the need for improved linkages with
primary care, and believes they should go beyond guidance, and pertain to data
collected in primary care. The AMA would like to see greater use of data held
within general practice to inform and improve Australia’s health system and
public health initiatives. The AMA would support the CDC working with the
Australian Digital Health Agency on developing and improving coding compliance
by clinical software vendors in the primary care space to enhance the value and
meaningfulness of analytical outputs
Retail and gaming luminaries have backed data and insights
start-up Bodd, which has closed a $5m capital raise to fuel an expansion into
the North American market.
The round, conducted by family offices and high-net worth
individuals, was led by retail entrepreneurs Candice and Nick Hirons, who
launched the ‘G-Star’ brand in Australia, with participation from Virtual
Gaming Worlds founding chairman Tim Allison, Bodd’s executive chairman.
The start-up uses data from 3D scans to create better retail
experiences for consumers and brands in the fashion, uniform, gym and pharmacy
sectors. Its scanner, manufactured in Australia by Bosch, takes 60 seconds to
make a full-body “passport”.
The tech is the result of five years of research from Bodd’s
engineering team together with Swinburne University of Technology and RMIT,
according to co-founder and chief executive Rob Fisher.
Video recording – Digital Transformation Tech Talk webinar – 6 December
2022
At this webinar, our presenters spoke to aged care and IT
professionals about how our digital transformation initiative intends to assist
the sector in developing solutions that connect, automate, and modernise the
aged care ecosystem.
Altera Digital Health completes Sunrise EMR rollout in
Gippsland
Altera Digital Health's Sunrise EMR has been fully rolled
out across major regional and subregional health services under the Gippsland
Health Alliance in Victoria.
This comes as the third phase
of Sunrise implementation in GHA's emergency department facilities has been completed.
According to Altera, the rollout is Australia's largest EMR
deployment on Microsoft Azure. The health IT company won the competitive
tender to deliver an EMR solution to GHA in late 2017 with the first
implementation at Latrobe Regional Hospital.
Archives NZ discloses breach of historical health records
New Zealand's national archive Archives NZ has disclosed
instances of unauthorised access to historical health records which
happened three months ago.
It’s easy to break good medicine habits during the festive season
It is important to keep your health in mind despite all the
fun with friends and family across the festive season.
It can be easy to neglect or forget to adhere to regular
medicines, but it is crucial to be prepared for your prescriptions.
Managing Director of Webstercare and inventor of the
Webster-pak Gerard Stevens AM said it is one routine that is important to stick
to.
“Most routines fly out the window at the end of the year,
which is really important in order to relax and have a good time. However,
every year millions of Australians suffer adverse medicine events as a result
of not taking medications as prescribed. So it is really important to stick to
your medication schedule. However, routine changes and cost pressures during
the holiday period can put people at risk,” said Mr Stevens.
Ngutungka
West Lakes 9 Charles Street West Lakes, SA 5021
About
this event
1 hour
Discover
the benefits of My Health Record as a secure way to store all your medication
information together in the one place. We'll also show you how to conveniently
link it to your myGov account.
The Australian Digital Health Agency has released an update
to the technical framework information to support software vendors to implement
electronic prescribing.
This update includes changes to the Electronic Prescribing -
Conformance Profile document.
No action is required of software providers at this time.
Software providers developing software products with electronic prescribing
functionality are required to conform to the revised Electronic Prescribing -
Conformance Profile v3.0.1 after the effective date of 1 January 2023.
From 1 January 2023 and when a Prescription Delivery Service
is conformant to this latest version of the profile, software providers who are
in a position to have their product(s) assessed, will be assessed against the
requirements of Electronic Prescribing – Conformance Profile v3.0.1.
Increased cyber security requirements for systems connecting to My Health
Record
Australian Digital Health Agency
The Australian Digital Health Agency (the Agency) is
strengthening My Health Record protections through a new mandatory conformance profile for clinical information
systems (including those used in GP clinics, pharmacies and allied health
services) connected to the My Health Record system.
The security requirements profile will be effective from
April 2023 following a 3-month period where industry is invited to provide
feedback on the profile. Software vendors with clinical software products will
be supported to implement changes in their products in a phased approach, to
balance the need to strengthen security for all systems connected to My Health
Record with the capability of software vendors to make necessary adjustments in
a timely manner. The conformance profile was co-developed with stakeholders
including regulators, software vendors and security experts.
The Agency is supporting industry with their preparation by
providing visibility of the conformance profile in advance of the official
implementation period. Questions and comments on the new conformance profile
and the proposed phased implementation schedule from across the software
industry can be sent to the Agency until April 2023.
The new security requirements profile contains an
evidence-based list of security requirements that harden clinical information
systems from cyber security attacks, uplift information security and provide
better protection for consumer information. Each vendor with software products
connected to My Health Record will be required to submit an extensive file of
evidence to demonstrate conformance to each requirement, as well as participate
in an observation session conducted by the Agency specialist team.
-----
universities,
research institutes or collaborations from international organisations.
Increased cyber security requirements for systems connecting to My Health
Record
Published 20 December 2022
The Australian Digital Health Agency (the Agency) is
strengthening My Health Record protections through a new mandatory security requirements conformance profile (the
profile) for clinical information systems (including those used in GP clinics,
pharmacies and allied health services) connected to the My Health Record
system.
The profile will be effective from April 2023 following a
3-month period where industry is invited to provide feedback on the profile.
Software vendors with clinical software products will be supported to implement
changes to their products in a phased approach, to balance the need to
strengthen security for all systems connected to My Health Record with the
capability of software vendors to make necessary adjustments in a timely
manner. The profile was co-developed with stakeholders including regulators,
software vendors and security experts.
The Agency is supporting industry with their preparation by
providing visibility of the profile in advance of the official implementation
period. Questions and comments from across the software industry on the new
profile and the proposed phased implementation schedule can be sent to the
Agency until April 2023.
The profile contains an evidence-based suite of security
requirements that harden clinical information systems from cyber security
attacks, uplift information security and provide better protection for consumer
information. Each vendor with software products connected to My Health Record
will be required to submit extensive evidence to demonstrate conformance to
each requirement, as well as participate in an observation session conducted by
an Agency specialist team.
The Australian Digital Health Agency is enforcing new
security requirements for software providers whose
products connect to the My Health Record system.
From April 2023, the agency will require clinical
information systems, including those used in GP clinics, pharmacies, and allied
health services, to enact the new mandatory security requirements conformance
profile.
"All clinical information systems that use one or more
My Health Record B2B web services will need to conform to the new
profile," the ADHA said.
Currently in draft, the security conformance profile is said
to contain an "evidence-based suite of security requirements that harden
clinical information systems from cyber security attacks, uplift information
security, and provide better protection for consumer information."
A Brisbane medtech firm is using artificial intelligence to
create patient data sets for medical research, all while ensuring people’s
privacy.
The firm, Max Kelsen, has spun off the project into a
separate company called Propel, with a partnership announced for a three-year
trial at the Peter MacCallum Cancer Centre in Victoria.
The company will focus on developing the new AI data
project, which could revolutionise medical research.
Researchers often rely on data sets that are smaller than
required or do not have the exact information they need, and have to be either
compensated for in the modelling or supplemented with additional data sets.
Propel’s AI data product is intended to sidestep that by
pulling from multiple data sets at once, using the AI component to strip out
all identifying information from the patient data.
Max Kelsen co-founder and CEO Nicholas Therkelsen-Terry said
with recent high-profile data breaches in the medical field, including the
leaking of sensitive patient information from the Medibank hack, keeping patient
information private was more important than ever.
Pathology and Diagnostic Imaging reports in My Health Record
Hosted by RACGP and Australian Digital Health Agency
This webinar will provide an update on the current uploads
of Pathology and Diagnostic Imaging reports to My Health Record.
Join this session to find out if your local pathology lab or
diagnostic imaging provider is currently able to upload to My Health Record and
what your practice may need to do in order to enable this.
Delivered in collaboration with the Australian Digital
Health Agency, you will learn how to best navigate your clinical software to
easily find the right reports.
My Health Record Overviews, Guides and Conformance Material v1.6
This release of the My Health Record Overviews, Guides and
Conformance Material have been updated to include the newly released the
Security Requirements for My Health Record Connecting Systems Conformance
Profile v1.0 (the profile). The profile boosts cyber security defences for
clinical information systems connected to the My Health Record system.
My Health Record Software Vendor Welcome Pack v20221219
The
My Health Record Software Vendor Welcome Pack is a collection of forms and guides
to help new software vendors connect to the My Health Record system for the
first time. Some of these documents are also used by existing software vendors
to connect their updated software to the My Health Record system.
This
version includes updated contact details along with information about the API
Gateway Operator NOC process.
Contents
in order of use:
Pre-Reading
1.
Software Vendor Guide to the Connection Process
2.
Software Vendor Support Contacts
Required
for Product registration
3.
Vendor Product Details Form
For
use upon production access request
4.
Vendor Declaration Form Instructions
5.
Conformance Vendor Declaration Form
For
use once the software has been granted production access
A new security conformance profile has been released for
clinical information systems (CIS) systems connected to My Health Record
effective from April 2023.
The Agency will phase the implementation of the profile,
with different vendor cohorts required to pass conformance at varying intervals
as outlined in the timetable.
This new profile and implementation timetable is initially released as a draft,
for review and comment. All feedback received on the draft profile and proposed
implementation timetable will inform the final release of the security profile.
This page describes what vendors need to do and how to get
assistance at any stage of the process.
Please note that all clinical information systems that use
one or more My Health Record B2B web services will need to conform to the new
security profile.
The Agency is committed to providing support to vendors to
make sure their systems pass conformance. Information sessions will also be
available, following the final release of the profile, which will provide an
overview of the security profile and detail of the steps to conform.
Software vendors have up to 24 months to make changes.
Systems that interconnect with the government’s My Health
Record will need to meet elevated security standards that align with the
Essential Eight over the next two years.
The Australian Digital Health Agency (ADHA) said in a statement late Tuesday that it would introduce a new -
mandatory - security requirements “conformance profile” for clinical software
vendors.
“All clinical information systems that use one or more My
Health Record B2B web services will need to conform to the new security
profile,” the agency said in accompanying release notes.
"The agency is cognisant of the inherent cyber security
risks posed by systems connected to and accessing the My Health Record system,
as well as potentially vulnerable aspects of the national infrastructure and
all services under its care.
Increased cyber security requirements for systems connecting to My Health
Record
By Gordon Peters
The Australian Digital Health Agency is strengthening My
Health Record protections through a new mandatory conformance profile for
clinical information systems, including those used in GP clinics, pharmacies
and allied health services, connected to the My Health Record system.
The agency says security requirements profile will be
effective from April 2023 following a 3-month period where industry is invited
to provide feedback on the profile.
“Software vendors with clinical software products will be
supported to implement changes in their products in a phased approach, to
balance the need to strengthen security for all systems connected to My Health
Record with the capability of software vendors to make necessary adjustments in
a timely manner. The conformance profile was co-developed with stakeholders
including regulators, software vendors and security experts,” the agency said.
The Digital Health Agency says it is supporting industry with their preparation
by providing visibility of the conformance profile in advance of the official
implementation period - and questions and comments on the new conformance
profile and the proposed phased implementation schedule from across the
software industry can be sent to the agency until April 2023.
Melbourne-based Alcidion will be delivering more health
technology capabilities for the Australian Defence Force.
In a statement, the company said it has extended its
partnership with Leidos Australia, the consortium contracted to
deliver digital health technologies to the ADF.
Alcidion has received an additional contract worth A$8.4
million ($6 million) over 57 months to deploy its health analytics platform
Miya Precision to more ADF settings, including Deployed and Strategic
Aeromedical Evacuation settings.
It will also provide access to the Miya Observations and
Assessments modules, which come on top of existing Miya Precision modules
that the Defence already has access to; these are now licensed for use in both
Strategic Aeromedical Evacuation and Tactical Aeromedical Evacuation.
The NBN Co has published its 2023 corporate plan, outlining
how it is pushing fibre deeper into fixed line communities.
It also details its partnership with the Australian
Government, which will fund fixed wireless upgrades, to make higher speed tiers
available to more homes and businesses across Australia.
NBN Co is eyeing around 10 million premises—or up to 90% of
homes and businesses on the fixed line network—to access NBN Home Ultrafast,
offering speeds of 500Mbps and close to 1Gbps by 2025.
This is being delivered through the Government’s investment
of $2.4 billion, which will enable an additional 1.5 million homes and businesses
to upgrade to full fibre connections.
The Federal Government has issued a new statement of
expectations to NBN Co – its first under Communications Minister Michelle
Rowland, who has called for a reset of the project’s pricing model amid planned
price rises.
The government, which says it will retain NBN Co in public
ownership for the foreseeable future, has laid our priorities including keeping
internet affordable for families while delivering speed and reliability
upgrades across the network.
The government had pledged full-fibre NBN access to 1.5
million homes and businesses by 2025 as part of its most recent federal budget.
In a shift from its predecessor, the government in its new
statement acknowledges that the NBN will not be able to deliver a commercial
return across all delivery areas.
NBN Co is working under a revised statement of expectations
that requires the company to be more transparent in the way it operates and
makes strategic decisions.
The revised statement of expectations [pdf] is considerably more detailed than previous
iterations, and emphasises NBN Co’s commercial objectives, but also a deeper
purpose for its existence.
“The enduring purpose of the NBN is to provide fast,
reliable and affordable connectivity to enable
Australia to seize the economic opportunities before it and
service the best interests of consumers,” the statement reads.
In as little as one year, if new pricing model passes.
TPG Telecom has predicted the cost of 50Mbps and 100Mbps
services on the NBN could be the same within a year if a new pricing model is
allowed to pass.
In a submission [pdf] published by the ACCC, TPG Telecom said that one
effect of the current special access undertaking (SAU) pricing proposal will be
to remove any price difference between the two tiers.
“Under the SAU variation proposal, NBN Co is proposing to
immediately increase prices for the 50/20 Mbps speed tier,” the telco said.
“TPG Telecom’s preliminary analysis shows the SAU variation
proposal could see the average cost for the 50/20 Mbps speed tier being the
same as the 100/20 Mbps speed tier within one year, thereby rendering the 50/20
Mbps speed tier obsolete over time and removing any reasonable price relativity
between these two products.”
Regulator saw only 'some benefits' in the arrangement.
Telstra and TPG Telecom’s planned network sharing
arrangement has been blocked by Australia’s competition watchdog.
A flurry of late submissions from the telcos failed to convince the ACCC that the arrangement would be of benefit
to customers, and would not create adverse impacts.
“We examined the proposed arrangements in considerable
detail,” ACCC commissioner Liza Carver said.
While there are some benefits, it is our view that the
proposed arrangements will likely lead to less competition in the longer term
and leave Australian mobile users worse off over time, in terms of price and
regional coverage.”
Communications Minister Michelle Rowland has
recognised that the national broadband network “will not be able to generate a
commercial return in delivering all of its obligations”, particularly in rural
areas, re-writing the statement of expectations for the infrastructure around
its new direction.
Ms Rowland reaffirmed that NBN Co would stay in public hands
for the “foreseeable future” under the Albanese government – a break from the
privatisation policy pursued by its predecessors – which has had the entity change
its tune on wholesale pricing and write off the recovery
of $31.5 billion in losses.
In a rewritten statement of expectations, the minister also
acknowledged that there must be a trade-off between the NBN’s commercial aims
and its policy goal to deliver “fast, reliable and affordable” internet to
Australians.
“The government recognises that NBN Co will not be able to
generate a commercial return in delivering all of its obligations, particularly
in regional and remote Australia, and it is expected the company will take a
flexible approach to supporting these activities,” the statement of
expectations says.