Wednesday, 16 May 2018
An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook
Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".
Healthcare IT News, 4 May 2018:
Weeks
before the anticipated announcement of the My Health Record opt out period, an
insider’s leak has claimed the Australian Digital Health Agency has decided associated
risks for consumers “will not be explicitly discussed on the website”.
As
the ADHA heads towards the imminent announcement of the three-month window in
which Australians will be able to opt out of My Health Record before being
signed up to the online health information repository, the agency was caught by
surprise today when details emerged in a blog post by GP and member of the
steering group for the national expansion of MHR, Dr Edwin Kruys.
Kruys wrote that MHR offers “clear benefits”
to healthcare through providing clinicians with greater access to discharge
summaries, pathology and diagnostic reports, prescription records and more, but
said “every digital solution has its pros and cons” and behind-the-scenes risk
mitigation has been one of the priorities of the ADHA. However, he claimed
Australians may not be made aware of the risks involved in allowing their
private medical information to be shared via the Federal Government’s system.
“It
has been decided that the risks associated with the MyHR will not be explicitly
discussed on the website,” Kruys wrote.
“This
obviously includes the risk of cyber attacks and public confidence in the
security of the data.”
The
most contentious contribution in the post related to the secondary use of
Australians’ health information, the framework of which has yet to be announced
by Health Minister Greg Hunt.
Contacted
by HITNA, the agency moved swiftly to have Kruys delete the paragraph
relating to secondary use.
In
the comment that has since been removed, Kruys wrote, “Many consumers and
clinicians regard secondary use of the MyHR data as a risk. The MyHR will
contain a ‘toggle’, giving consumers the option to switch secondary use of
their own data on or off.”
Under
the My Health Records Act 2012, health information in MHR may be
collected, used and disclosed “for any purpose” with the consent of the
healthcare recipient. One of the functions of the system operator is “to
prepare and provide de-identified data for research and public health
purposes”.
Before
these provisions of the act will be implemented, a framework for secondary use
of MHR systems data must be established.
HealthConsult
was engaged to assist the Federal Government in developing a draft framework
and implementation plan for the process and within its public consultation
process in 2017 received supportive submissions from the Australasian College
of Health Informatics, the Australian Bureau of Statistics and numerous
research institutes, universities, and clinicians’ groups.
Computerworld, 14 May 2018:
Use of both de-identified
data and, in some circumstances, identifiable data will be permitted under a
new government framework for so-called “secondary use” of data derived from the
national eHealth record system. Linking data from the My Health Record system
to other datasets is also allowed under some circumstances.
The Department of Health
last year commissioned
the development of the framework for using My Health Record data for
purposes other than its primary purpose of providing healthcare to an
individual.
Secondary use can
include research, policy analysis and work on improving health services.
Under the new framework,
individuals who don’t want their data used for secondary purposes will be
required to opt-out. The opt-out process is separate from the procedure
necessary for individuals who don’t want an eHealth
record automatically created for them (the government last year
decided to shift to an opt-out
approach for My Health Record)……
Access to the data will
be overseen by an MHR Secondary Use of Data Governance Board, which will
approve applications to access the system.
Any Australian-based
entity with the exception of insurance agencies will be permitted to apply for
access the MHR data. Overseas-based applicants “must be working in
collaboration with an Australian applicant” for a project and will not have
direct access to MHR data.
The data drawn from the
records may not leave Australia, but under the framework there is scope for
data analyses and reports produced using the data to be shared internationally……
The Department of Health
came under fire in 2016 after it released for download supposedly
anonymised health data. Melbourne University researchers were able to
successfully re-identify a range of data.
Last month the Office of
the Australian Information Commissioner revealed that health
service providers accounted for almost a quarter of the breaches reported
in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.
The Sydney Morning Herald,
14 May 2018:
Australians who don't
want a personal electronic health record will have from July 16 to October 15
to opt-out of the national scheme the federal government announced on Monday.
Every Australian will
have a My Health Record unless they choose to opt-out during the three-month
period, according to the Australian Digital Health Agency.
The
announcement follows the release of the government’s secondary use of data
rules earlier this month that inflamed concerns of patient privacy and data
use.
Under the framework,
medical information would be made available to third parties from 2020 -
including some identifying data for public health and research purposes -
unless individuals opted out.
In other news.......
The
Sydney Morning Herald,
14 May 2018:
A cyber attack on Family
Planning NSW's website has exposed the personal information of up to 8000
clients, including women who have booked appointments or sought advice
about abortion, contraception and other services.
Clients received an
email from FPNSW on Monday alerting them that their website had been hacked on
Anzac Day.
The compromised data
contained information from roughly 8000 clients who had contacted FPNSW via its
website in the past 2½ years to make appointments or give feedback.
It included the personal
details clients entered via an online form, including names, contact details,
dates of birth and the reason for their enquiries….
The website was secured
by 10am on April 26, 2018 and all web database information has been secure
since that time
SBS
News, 14 May
2018:
Clients were told Family
Planning NSW was one of several agencies targeted by cybercriminals who
requested a bitcoin ransom on April 25…..
The not-for-profit has
five clinics in NSW, with more than 28,000 people visiting every year.
The most recent Digital
Rights Watch State of Digital Rights (May 2018) report can be found here.
The report’s
8 recommendations include:
Repeal
of the mandatory metadata retention scheme
Introduction
of a Commonwealth statutory civil cause of action for serious invasions of
privacy
A
complete cessation of commercial espionage conducted by the Australian Signals
Directorate
Changes
to copyright laws so they are flexible, transparent and provide due process to
users
Support
for nation states to uphold the United Nations Convention on the Rights of the
Child in the digital age
Expand
the definition of sensitive information under the Privacy Act to specifically
include behavioural biometrics
Increase
measures to educate private businesses and other entities of their
responsibilities under the Privacy Act regarding behavioural biometrics, and
the right to pseudonymity
Introduce
a compulsory register of entities that collect static and behavioural biometric
data, to provide the public with information about the entities that are
collecting biometric data and for what purpose
The
loopholes opened with the 2011 reform of the FOI laws should be closed by
returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the
FOI Act, with the interpretation of national security as a ground for refusal
of FOI requests being reviewed and narrowed
Telecommunications
providers and internet platforms must develop processes to increase
transparency in content moderation and, make known what content was removed or triggered an account suspension.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment