In January
2016 the Australian Digital Health
Agency (ADHA) became a corporate Commonwealth established under the Public Governance,
Performance and Accountability (Establishing the Australian Digital Health
Agency) Rule.
It has a
board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable
body of the ADHA.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.
ADHA is also
the designated Systems Operator for My
Health Record which currently
holds the personal health information of 5.98 million people across the country
and will add the remaining 19 million after 15 October 2018 unless they opt
out of being included in this national database.
Given the potential size of this database the question of cyber security springs to mind.
It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
BACKGROUND
Intermedium, 8 May 2018:
Re-platforming options
for the My Health Record (MHR) system will soon be up for consideration, with
an Australian Digital Health Agency (ADHA) spokesperson confirming that a
request for information will be released in the next few months to inform plans
to modernise the infrastructure underpinning Australia’s mammoth patient health
database.
An open-source,
cloud-based environment has already
been flagged as a possibility for the MHR by Department of Health
(DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....
What happens to medical
records when opting out?
Dr Kerryn Phelps reminds
us that, if people don't opt out, the My Health Records Act
allows disclosure of patients' health information to police, courts and the ATO
without a warrant ("My Health Record backlash builds",
July 25). This would be in addition to "health information such as
allergies, medicines and immunisations" available for emergency staff.
How can the access be
restricted to emergency staff? How can only certain categories of information
be released when allergies and medication are part of general medical notes? I
was not reassured by "serious penalties relating to the misuse of
information do not apply to accidental misuse" on the website. I opted
out.
My GP has told me that, nonetheless, she will be obliged
to upload my records
- which sounds credible since I have formally opted out with the government,
not with my doctor's practice. So what happens -
does my health record get kicked off "the cloud"?
What exactly did I opt out of?
Denise De Vreeze [my yellow highlighting]
Denise De Vreeze [my yellow highlighting]
No comments:
Post a Comment
Note: only a member of this blog may post a comment.