“If data can be re-identified with no more than SQL, there's no
"if" about a leak, and the "when" is history.” [Journalist Richard Chirgwin, Twitter
18 December 2017]
“But why are
medical records so attractive? Well, it turns out that there’s a metaphorical
holiday feast of enticing data served up in your average health record. Family
history, demographic data, insurance information, medications, etc. means
there’s enough information to completely steal an individual’s identity and
commit medication fraud, financial fraud, insurance fraud and a wide array of
other crimes. When this very private, unchangeable information gets into the
wrong hands, devastation can ensue.” [Robert
Lord writing in Forbes,
15 December 2017]
First the Australian general public were told that patient data was well protected and data breaches wouldn't happen as a result of government's drive to collect, cross-match and retain as much information about each and every Australian citizen/permanent resident as possible.
Then when the inevitable day came where poor data security was laid bare - as the personal histories of 550,000 blood donors were placed on an insecure computer and accessed, as Medicare details began to be offered for sale on the Internet's dark web and Medicare itself became careless with its encryption - the public was told in the first instance that misuse was unlikely, in the second instance that personal medical information couldn't be accessed and that patients couldn't really be individually identified in the third instance where a billion line encrypted data set was publicly released.
After that the Turnbull Government assured the population that it would create legislation which would make it illegal for anyone to de-encrypt anonymised data and create a Notifiable Data Breaches scheme.
We were all going to be safe once more in the arms of the Turnbull Government.
Now the cat is out of the bag, because that billion-line 30 year's worth of personal health information about est. 3 million people just won't stay in the back of the ministerial cupboard where Greg Hunt shoved it.
The
Sydney Morning Herald,
18 December 2017:
One in ten Australians'
private health records have been unwittingly exposed by the Department of
Health in an embarrassing blunder that includes potentially exposing if someone
is on HIV medication, whether mothers have had terminations, or if mentally unwell
people are seeing psychologists.
A report, published on
Monday by Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague from
the University of Melbourne's School of Computing and Information Systems,
outlines how de-identified historical health data from the Australian Medicare
Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS) released to
the public in August 2016 can be re-identified using known information about
the person to find their record.
The study reveals unique
patient records matching the online public information of seven prominent
Australians, including three (former or current) MPs and an AFL footballer.
While a unique match may not always be accurate, Dr Rubinstein said there was
the possibility to improve confidence by cross-referencing other data.
"Because only 10
per cent of Australians are included in the sample data, there can be a
coincidental resemblance to someone who isn't included," he said.
"We can improve
confidence by cross-referencing with a second dataset of population-wide
billing frequencies. We can also examine uniqueness according to the
characteristics of commercial datasets we know of, such as bank billing
data."…….
Privacy analyst and
Lockstep consultant Stephen Wilson said the breach damaged public confidence in
health policy makers and data custodians.
"It's a huge breach
of trust," he said.
"Promises of
'de-identification' and 'anonymisation' made by health officials, and ABS too
in connection with census data releases, have been shown to be erroneous.
"The ability to
re-identify patients from this sort of public release is frankly, in my view,
catastrophic. Real dangers are posed to patients with socially difficult
conditions.
"It beggars belief
that any official would promise 'anonymity' any more. These promises cannot be
kept."
Computer security
researcher Troy Hunt said re-identification of anonymised records was
attractive to researchers and nefarious parties alike.
"In this case,
clearly more work needs to be done to protect individuals' identities,' he
said. "My hope is that the government embraces responsible research like
this and strives to improve confidentiality rather than penalise those seeking
to report deficiencies such as this."
The federal Department
of Health was notified about the issue December last year.
"The Department of
Health takes this matter very seriously and had already referred this to the
Privacy Commissioner," a Department of Health spokesperson told Fairfax
Media......
Meanwhile, the Office of
the Australian Information Commissioner, which houses Australia's privacy
commissioner, said it was investigating the publication of the datasets.
"The investigation
was opened under section 40(2) of the Australian Privacy Act 1988 (Privacy Act)
in late September 2016 when the Department of Health notified the OAIC that the
datasets were potentially vulnerable to re-identification," a spokesperson
said.
"Given the
investigation into the Medicare Benefits Scheme (MBS) and Pharmaceutical
Benefits Scheme (PBS) datasets is ongoing, we are unable to comment on it
further at this time.
However, the
commissioner will make a public statement at the conclusion of the
investigation."
The OAIC said it
continued to work with Australian government agencies to enhance privacy
protection in published datasets.....
No comments:
Post a Comment