Showing posts with label My Health Record. Show all posts
Showing posts with label My Health Record. Show all posts

Sunday, 28 March 2021

My Health Record not always helping people prove they have a medical condition that prioritises them for a COVID-19 vaccine


The Australian Digital Health Agency which became fully operational on 1 July 2016 is the System Operator of the My Health Record system.


It appears that its record keeping may not be living up to expectations created at the time by then Australian Prime Minister Malcolm Turnbull and Minister for Health Sussan Ley.


Before booking an appointment it may be wise to check if you have sufficient proof of eligibility if you are not being vaccinated against the  COVID-19 virus at your usual GP practice.


The Daily Telegraph, 27 March 2021:


It has cost taxpayers $2 billion but the My Health Record is proving useless when it comes to helping people prove they have a medical condition that prioritises them for a COVID-19 vaccine.


Two million Australians who have an underlying medical condition are eligible for the COVID-19 vaccine under phase 1b, which began this week, but many will be unable to get it at their regular GP. Only 1000 GPs are approved to provide the vaccine and one in three GPs decided not to apply at all.


This means many patients will need to provide some kind of proof to an unfamiliar medical practice that they have a condition that qualifies them for a priority vaccination.


The Department of Health’s website warns: “If you are not eligible or cannot demonstrate your eligibility when you arrive for your vaccination, you may be asked to leave.” It states that a clinic’s records may be relied on as evidence at their usual doctor. At an unfamiliar practice “accepted evidence” includes My Health Record or government-issued documents with date of birth.


Bronia Nowaine has a cardiac problem and, as advised by the Department of Health, had planned to use her My Health Record as proof of the condition so she could get a COVID-19 vaccine.


But when she opened her My Health Record online to see if it would be of use, she was shocked to discover it was virtually empty.


Earlier this year we revealed doctors and hospitals are not using the record. GPs look at the record in fewer than 1 per cent of consults and hospitals use it in just 2 per cent of cases. Ms Nowaine said she was annoyed at having to find another way of proving her eligibility. “If I was to fall down in the street and an ambulance needed my information they should be able to get it but it seems they wouldn’t,” she said. 


Wednesday, 22 May 2019

The Abbott-Turnbull-Morrison Federal Government still hasn't made personal health data secure


Since about 2014 it has been known that the personal details of Medicare cardholders has been for sale on the dark web.

Despite an April 2014 report by the Australian National Audit Office that the Consumer Directory - which contains all Medicare customer records - was not secure and that cardholder details were for sale, the federal Liberal-Nationals Coalition Government does not appear to have comprehensively acted act on the issue of database security.

It was not unknown that Medicare cardholder details were being used fraudulently.


When contacted by the mainstream media in July 2017 the Liberal MP for Aston and then Minister for Human Services Alan Tudge denied any prior knowledge of cardholder details being offered for sale.

It was not reported that at the time if he was asked about instances of Medicare cardholder details being used to commit fraud or identity theft.

In August 2017 eHealth Privacy Australia was telling the Senate Finance and Public Administration Committee that:

• There are fundamental weaknesses in both the HPOS (Medicare card data) and My Health Records systems, which make them vulnerable to illegal access.

• Those weaknesses mean that fraudulent users of the systems can assume the identity of legitimate users to gain illegal access.

• It is not sufficient to mitigate these weaknesses in the My Health Records system.

By 1 January 2019 IT News was reporting that Medicare cardholder details fraudulently obtained had been used to access an individual’s My Health Record:

The number of data breaches involving the My Health Record system rose from 35 to 42 in the past financial year, new figures show.

The Australian Digital Health Agency (ADHA) said in its annual report [pdf] that “42 data breaches (in 28 notifications) were reported to the Office of the Australian Information Commissioner” in 2017-18.

As with previous years, the agency said that “no purposeful or malicious attacks compromising the integrity or security of the My Health Record system” were reported in the period.

Of the 42 breaches, one was the result of “unauthorised access to a My Health Record as a result of an incorrect Parental Authorised Representative being assigned to a child”, the agency reported.

A further two breaches were from “suspected fraud against the Medicare program where the incorrect records appearing in the My Health Record of the affected individual were also viewed without authority by the individual undertaking the suspected fraudulent activity”, ADHA said.

In addition, 17 breaches were the result of “data integrity activity initiated by the Department of Human Services to identify intertwined Medicare records (that is, where a single Medicare record has been used interchangeably between two or more individuals)”, the agency said. [my yellow highlighting]

Despite this knowledge the Abbott-Turnbull-Morrison Government has still not grasped the nettle, because on 16 May 2019 The Guardian reported:

Australians’ Medicare details are still being illegally offered for sale on the darknet, almost two years after Guardian Australia revealed the serious privacy breach.

Screenshots of the Empire Market, provided to Guardian Australia, show the vendor Medicare Machine has rebranded as Medicare Madness, offering Medicare details for $US21.

Other vendors charge up to $US340 by offering fake Medicare cards alongside other fake forms of identification – such as a New South Wales licence.

The Medicare Madness listing suggests the Medicare details “of any living Australian citizen” have been available since September 2018.

Guardian Australia first reported patient details were on sale in July 2017, verifying the listing by requesting the data of a Guardian staff member and warning that Medicare card numbers could be used for identity theft and fraud.


The report did not identify the source of the Medicare data leak but suggested that people could use publicly available information about healthcare providers – including their provider number and practice location – to pass security checks and obtain a Medicare card number through the Department of Human Services provider hotline.

The review panel warned the “current security check for release of Medicare card information provides a much lower level of confidence than the security requirements” for Health Professional Online Services, the portal that allows providers to make rebate claims.

An IT industry source, who refused to be named, said the re-emergence of the data breach brings into question government assurances around the privacy of medical data “when those responsible cannot even manage the security of Medicare cards”.

The source said there is a “concerted effort at the moment by law enforcement to curtail darknet market activity”.

“In reality the darknet markets, while disrupted momentarily when their sites are brought down, easily relocate and continue business.”

Darknet markets can simply private message existing clients with a new link to resume business elsewhere. [my yellow highlighting]

Thus far the federal government has failed to recognise where Medicare cardholder details may be being accessed unlawfully, as this 2 August 2018 ABC online article indicates:

Privacy experts have warned that the system opens up health records to more people than ever before, thereby increasing the threat surface — the number of vulnerabilities in a system — dramatically.

Dr Bernard Robertson Dunn, who chairs the health committee at the foundation, says once the data is downloaded into the health system, the My Health record system cannot guarantee privacy.

"Once the data has been downloaded to, for instance, a hospital system, the protections of the hospital system apply, and then the audit logs apply to the hospital system — not to My Health record.

"So there is no way the Government would know who has accessed that data, and it is untraceable and untrackable that that access has occurred."

Sunday, 5 August 2018

Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?


It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.

It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.

Lewis Ryan (Academic GP Registrar)
* 91 % of GP Registrars have never used My Health Record in a clinical context

* 65% of GP Registrars have never discussed My Health Record with a patient

* 78%  of GP Registrars have never received training in how to use My Health Record

* 73% of GP Registrars say lack of training is a barrier to using My Health Record

* 71% of  GP Registrars who have used the My Health Record system say that the user interface is a barrier

* Only 21% of  GP Registrars believe privacy is well protected in the My Health Record system

In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.


UPDATE

Healthcare IT News, 3 August 2018:
The Federal Government’s Health Care Homes is forcing patients to have a My Health Record to receive chronic care management through the program, raising ethical questions and concerns about discrimination.
The government’s Health Care Homes trial provides coordinated care for those with chronic and complex diseases through more than 200 GP practices and Aboriginal Community Controlled Health Services nationally, and enrolment in the program requires patients to have a My Health Record or be willing to get one.
But GP and former AMA president Dr Kerryn Phelps claimed the demand for patients to sign up to the national health database to access Health Care Homes support is unethical.
“I have massive ethical concerns about that, particularly given the concerns around privacy and security of My Health Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.
Under a two-year trial beginning in late 2017, up to 65,000 people are eligible to become Health Care Homes patients as part of a government-funded initiative to improve care for those with long-term conditions including diabetes, arthritis, and heart and lung diseases.
Patients in the program receive coordinated care from a team including their GP, specialists and allied health professionals and according to the Department of Health: “All Health Care Homes’ patients need to have a My Health Record. If you don’t have a My Health Record, your care team will sign you up.”
Phelps said as such patients who don’t want a My Health Record have been unable to access a health service they would otherwise be entitled to.
“When you speak to doctors who are in involved in the Heath Care Homes trial, their experience is that some patients are refusing to sign up because they don’t want a My Health Record. So it is a discriminatory requirement.”
It has also raised concerns about possible future government efforts to compel Australians to have My Health Records.
“The general feedback I’m getting is that the Health Care Homes trial is very disappointing to say the least but, nonetheless, what this shows is that signing up to My Health Record could just be made a prerequisite to sign up for other things like Centrelink payments or workers compensation.”
Human rights lawyer and Digital Rights Watch board member Lizzie O’Shea claims patients should have a right to choose whether they are signed up to the government’s online medical record without it affecting their healthcare.
“It is deeply concerning to see health services force their patients to use what has clearly been shown to be a flawed and invasive system. My Health Record has had sustained criticism from privacy advocates, academics and health professionals, and questions still remain to be answered on the privacy and security of how individual's data will be stored, accessed and protected,” O’Shea said. [my yellow highlighting]