Showing posts with label data retention. Show all posts
Showing posts with label data retention. Show all posts
Wednesday 22 August 2018
And the warnings continue about My Health Record.....
Financial
Review, 13 August 2018:
One of the world's
leading experts in cyber security policy has warned the manipulation of health
data is one of his biggest concerns facing society, as debate continues to
rage about the long-term viability of the government's controversial opt-out My
Health Record.
Former Pentagon chief
strategy officer for cyber policy and newly appointed head of cyber security
strategy for data centre security company Illumio, Jonathan Reiber,
told The Australian Financial Review the health data of MPs and
business leaders would be of particular interest to cyber criminals.
"If I'm a malicious
actor wanting to cause discontent, I would be interested in that," he
said.
"If you get access
to the health information of key leaders, you can understand what they like,
who they are and what their problems are. [Cyber criminals] would want to look
at a segment of 50 to 100 key leaders in the country, figure out data for
intelligence purposes and then manipulate the data for the negative."
Earlier this month
Health Minister Greg Hunt announced that the government would redraft the
legislation surrounding My Health Record to restrict police access and allow
records to be deleted permanently.
He had previously
copped criticism for saying the digital health database had "military-grade security",
despite not having two-factor authentication protocols.
The
Sydney Morning Herald,
14 August 2018:
Labor's health
spokeswoman Catherine King said the government's decision to switch to an
opt-out model, which Labor originally supported, gave rise to "a whole
range of significant privacy and security issues that we don't think were
thought of in the original enabling legislation".
"Are they then able
to opt-out when they become adults? What's happening in terms of survivors of
domestic violence and the capacity through the creation of a record by an
abusing partner, of a record for their children or agreement to a record for
their children, what security is in place to ensure that they are not
traced?"
Legal experts have
warned that the system provides a loophole for a violent person to create
a record for their child without their ex-partner's consent, potentially
allowing them to track down their estranged family's location, as revealed by
Fairfax Media last month.
Ms King also highlighted
concerns raised about access to medical records by health insurers, including
in relation to worker’s compensation claims, which the government has said will
not occur.
"We want to make
sure that's not the case and we want to make sure that's not the case under the
law," she said.
Some people may find
their My Health Record places them at risk of stigma and discrimination or may
cause safety issues.
You may wish to
carefully consider whether you want your health records held or shared if you:
*
have a criminal record or are affected by the criminal justice system
*
use or have used drugs
*
live with a lifelong transmissible condition such as HIV or hepatitis B
*
have or had hepatitis C
*
are not on treatment after it was recommended
*
are sexually active and test regularly for STIs
*
are or have been a sex worker
*
are transgender or intersex
*
are bisexual, lesbian or gay
*
have lived with mental health issues
*
have been pregnant or terminated a pregnancy
*
are a health care worker.
Tuesday 7 August 2018
Australian Digital Health Agency is considering adding DNA data to My Health Record
Crikey.com.au, 6 April 2018:
DNA DEBATE
The federal government’s
controversial My Health Record program is capable of storing genomic data, such
as cancer risks, using technology that both has huge research applications and
highlights privacy and security concerns.
The Sydney Morning Herald reports that
genome-sequencing company Genome.One, which can track genetic variations and
therefore disease risks, has built “necessary infrastructure” for uploading
sensitive genomic data into the opt-out system.
University of Canberra privacy expert Bruce
Arnold has criticised the inherent risks of DNA-tracking technology and,
just a week after the government backdown on police access to My Health Records, today’s news as
again demonstrating a lack public consultation.
The Australian Digital Health Agency (ADHA) which is responsibe for My Health Record gave Genome.One, a wholly-owned subsidiary of The Garvan Institute, $40,000 in September 2017 to support the development of this software.
Its GoExplore™ software provides sequencing and analyses of patients’ DNA samples to assesses their risk of developing 52 hereditary conditions, including 31 cancers, 13 heart conditions, as well several other conditions where monitoring or intervention can be of benefit.
In a change of focus, Genome.One and The Garvan Institute are reportedly no longer offering clinical reporting for genetic disease diagnosis or personal health genomics in Australia. This service was priced at $6,400 plus GST, with no Medicare rebate.
Staffing numbers in Genome.One have been severely cut, new capital is being sought and, Gavan has
stated that it intends to spin off Genome.One
software into a new company in which it will be a minority shareholder.
However, Genome.One still intends to pilot its genomics technology integrated into GP practice software and on !8 April 2018 its CEO stated; “We're working with some electronic medical record providers and we're hoping that we can get a trial underway at some point this year”.
Labels:
Big Brother,
big data,
data retention,
genetics,
health,
information technology,
privacy,
safety
Sunday 5 August 2018
Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?
It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.
It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.
Lewis Ryan (Academic GP Registrar) |
* 65% of GP Registrars have never discussed My Health Record with a patient
* 78% of GP Registrars have never received training in how to use My Health Record
* 73% of GP Registrars say lack of training is a barrier to using My Health Record
* 71% of GP Registrars who have used the My Health Record system say that the user interface is a barrier
* Only 21% of GP Registrars believe privacy is well protected in the My Health Record system
In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.
UPDATE
Healthcare
IT News, 3
August 2018:
The Federal Government’s Health Care Homes is
forcing patients to have a My Health Record to receive chronic care management
through the program, raising ethical questions and concerns about
discrimination.
The government’s Health Care Homes trial provides
coordinated care for those with chronic and complex diseases through more than
200 GP practices and Aboriginal Community Controlled Health Services
nationally, and enrolment in the program requires patients to have a My
Health Record or be willing to get one.
But GP and former AMA president Dr Kerryn
Phelps claimed the demand for patients to sign up to the national health
database to access Health Care Homes support is unethical.
“I have massive ethical concerns about that,
particularly given the concerns around privacy and security of My Health
Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.
Under a two-year trial beginning in late 2017, up
to 65,000 people are eligible to become Health Care Homes patients as part of a
government-funded initiative to improve care for those with long-term
conditions including diabetes, arthritis, and heart and lung diseases.
Patients in the program receive coordinated care
from a team including their GP, specialists and allied health professionals and
according to the Department of Health: “All Health Care Homes’ patients need to
have a My Health Record. If you don’t have a My Health Record, your care
team will sign you up.”
Phelps said as such patients who don’t want a My
Health Record have been unable to access a health service they would otherwise
be entitled to.
“When you speak to doctors who are in involved in
the Heath Care Homes trial, their experience is that some patients are refusing
to sign up because they don’t want a My Health Record. So it is a
discriminatory requirement.”
It has also raised concerns about possible future
government efforts to compel Australians to have My Health Records.
“The general feedback I’m getting is that the
Health Care Homes trial is very disappointing to say the least but,
nonetheless, what this shows is that signing up to My Health Record could just
be made a prerequisite to sign up for other things like Centrelink payments or
workers compensation.”
Human rights lawyer and Digital Rights Watch board
member Lizzie O’Shea claims patients should have a right to choose whether they
are signed up to the government’s online medical record without it affecting
their healthcare.
“It is deeply concerning to see health services
force their patients to use what has clearly been shown to be a flawed and
invasive system. My Health Record has had sustained criticism from privacy
advocates, academics and health professionals, and questions still remain to be
answered on the privacy and security of how individual's data will be stored,
accessed and protected,” O’Shea said. [my yellow highlighting]
Wednesday 1 August 2018
Turnbull Government prepares an end run around the Australian electorate?
In 1986 the Federal
Government couldn’t get the national electorate to accept the Australia
Card, a national identity card to be carried by all citizens.
Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.
Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.
Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.
Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.
When after three and a half years the
populace did not register in sufficient numbers for the so-called Personally Controlled Electronic Health
Record (PCEHR), an intrusive opt-in data retention system, government
changed tack.
It relabelled
PCEHR as My Health Record (MHR) in 2016 and broadened the number of agencies
which could access an individual’s personal/health information. Decreeing it would become
a mandatory data collection system applied to the entire Australian population,
with only a short an opt-out period prior to full program implementation1.
However, it
seems that the Turnbull Federal Government expects around 1.9 million people to
opt-out of or cancel their My Heath
Record in the next two months. Possibly with more cancellations to occur in
the future, as privacy and personal safety become issues due to the inevitable
continuation of MHR data breaches and the occurrence of unanticipated software vulnerabilities/failures.
So Turnbull
and his Liberal and Nationals cronies have a backup in place in 2018 called the Data
Sharing and Release Bill, which Introduces legislation to improve the
use and reuse of public sector data within government and with private
corporations outside of government, as well as granting access to and the
sharing of data on individuals and businesses that is currently otherwise prohibited.
The bill
also allows for the sharing of transaction, usage and product data
with service competitors and comparison services. An as yet unrealised provision which is currently being wrapped up in a pretty bow and called a consumer right - but one that is likely to be abused by the banking, finance, insurance, electricity/gas industry sectors.
The bill appears to override the federal privacy act where provisions are incompatible.
The bill appears to override the federal privacy act where provisions are incompatible.
This is a
bill voters have yet to see, because the Turnbull Government has not seen fit
to publish the bill’s full text. Only an
issues paper is available at present.
Notes:
1. Federal Government may have succeeded in retaining the personal details of every person who filled in the 2016 Census by permanently retaining these details and linking this information to their future Census information in order to track people overtime for the rest of their lives, but this win for government as Big Brother was reliant on stealth in implementation and was limited in what it could achieve at the time.
Because not everyone ended up with a genuine unique identification key as an unknown number of individual citizens and permanent residents (possibly well in excess of half a million souls) as acts of civil disobedience deliberately filled in the national survey forms with falsified information or managed to evade filling in a form altogether.
Sunday 29 July 2018
When it comes to My Heath Record the words horse, stable, door, spring to mind
In January
2016 the Australian Digital Health
Agency (ADHA) became a corporate Commonwealth established under the Public Governance,
Performance and Accountability (Establishing the Australian Digital Health
Agency) Rule.
It has a
board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable
body of the ADHA.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.
ADHA is also
the designated Systems Operator for My
Health Record which currently
holds the personal health information of 5.98 million people across the country
and will add the remaining 19 million after 15 October 2018 unless they opt
out of being included in this national database.
Given the potential size of this database the question of cyber security springs to mind.
It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
The audit would examine the effectiveness of the Australian Digital Health Agency’s management of cyber security risks associated with the implementation and ongoing maintenance of the My Health Record system.
My Health Record creates a record of Australians’ interactions with healthcare providers, and more than 5.5 million Australians have a My Health Record. The audit would focus on whether adequate controls are in place to protect the privacy and integrity of individual records.It seems that the Australian general public still only has the honeypot's dubious word that it cannot be raided by unauthorised third parties.
Prime Minister Malcolm Turnbull has reacted to growing community concern about the number of agencies which can access My Health Records with a vague promise of "refinements" and with this outright lie; "The fact is that there have been no privacy complaints or breaches with My Health Record in six years and there are over 6 million people with My Health Records".
The Office of the Australian Information Commissioner has recorded complaints and at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".
BACKGROUND
Intermedium, 8 May 2018:
Re-platforming options
for the My Health Record (MHR) system will soon be up for consideration, with
an Australian Digital Health Agency (ADHA) spokesperson confirming that a
request for information will be released in the next few months to inform plans
to modernise the infrastructure underpinning Australia’s mammoth patient health
database.
An open-source,
cloud-based environment has already
been flagged as a possibility for the MHR by Department of Health
(DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....
What happens to medical
records when opting out?
Dr Kerryn Phelps reminds
us that, if people don't opt out, the My Health Records Act
allows disclosure of patients' health information to police, courts and the ATO
without a warrant ("My Health Record backlash builds",
July 25). This would be in addition to "health information such as
allergies, medicines and immunisations" available for emergency staff.
How can the access be
restricted to emergency staff? How can only certain categories of information
be released when allergies and medication are part of general medical notes? I
was not reassured by "serious penalties relating to the misuse of
information do not apply to accidental misuse" on the website. I opted
out.
My GP has told me that, nonetheless, she will be obliged
to upload my records
- which sounds credible since I have formally opted out with the government,
not with my doctor's practice. So what happens -
does my health record get kicked off "the cloud"?
What exactly did I opt out of?
Denise De Vreeze [my yellow highlighting]
Denise De Vreeze [my yellow highlighting]
Labels:
#TurnbullFAIL,
Big Brother,
data retention,
health,
information technology,
privacy,
safety
Friday 20 July 2018
Slowly but surely Russian connections between the UK Brexit referendum campaign and the US presidential campaign are beginning to emerge
“We have concluded that there are risks in relation to
the processing of personal data by many political parties. Particular concerns
include: the purchasing of marketing lists and lifestyle information from data
brokers without sufficient due diligence, a lack of fair processing, and use of
third party data analytics companies with insufficient checks around consent….We
have looked closely at the role of those who buy and sell personal data-sets in
the UK. Our existing investigation of the privacy issues raised by their work
has been expanded to include their activities in political processes….The
investigation has identified a total of 172 organisations of interest that
required engagement, of which around 30 organisations have formed the main
focus of our enquiries, including political parties, data analytics companies
and major social media platforms…..Similarly, we have identified a total of 285
individuals relating to our investigation.” [UK
Information Commissioner’s Office, Investigation
into the use of data analytics in political campaigns: Investigation update,
July 2018]
Slowly but
surely the Russian connections between the UK Brexit referendum campaign and
the US presidential campaign are beginning to emerge.
The
Guardian, 15
July 2018:
A
source familiar with the FBI investigation revealed that the commissioner and
her deputy spent last week with law enforcement agencies in the US including
the FBI. And Denham’s deputy, James Dipple-Johnstone, confirmed to the Observer that
“some of the systems linked to the investigation were accessed from IP
addresses that resolve to Russia and other areas of the CIS [Commonwealth of
Independent States]”.
It was also reported that Senator Mark Warner, vice chair of US Senate Intel Committee and Damian Collins MP, chair of the Digital, Culture, Media and Sport select committee inquiry into “fake news”, met in Washington on or about 16 July 2018 to discuss Russian interference in both British and American democratic processes during an Atlantic Council meeting.
It was also reported that Senator Mark Warner, vice chair of US Senate Intel Committee and Damian Collins MP, chair of the Digital, Culture, Media and Sport select committee inquiry into “fake news”, met in Washington on or about 16 July 2018 to discuss Russian interference in both British and American democratic processes during an Atlantic Council meeting.
UK Information
Commissioner’s Office (ICO), media
release, 10 July 2018:
Information
Commissioner Elizabeth Denham has today published a detailed update of her
office’s investigation into the use of data analytics in political campaigns.
In
March 2017, the ICO began looking into whether personal data had been misused
by campaigns on both sides of the referendum on membership of the EU.
In
May it launched an investigation that included political parties, data
analytics companies and major social media platforms.
Today’s progress report gives details of some of the
organisations and individuals under investigation, as well as enforcement
actions so far.
This
includes the ICO’s intention to fine Facebook a maximum £500,000 for two
breaches of the Data Protection Act 1998.
Facebook,
with Cambridge Analytica, has been the focus of the investigation since
February when evidence emerged that an app had been used to harvest the data of
50 million Facebook users across the world. This is now estimated at 87
million.
The
ICO’s investigation concluded that Facebook contravened the law by failing to
safeguard people’s information. It also found that the company failed to be
transparent about how people’s data was harvested by others.
Facebook
has a chance to respond to the Commissioner’s Notice of Intent, after which a
final decision will be made.
Other
regulatory action set out in the report comprises:
warning letters to 11 political
parties and notices compelling them to agree to audits of their data protection
practices;
an Enforcement Notice for SCL
Elections Ltd to compel it to deal properly with a subject access request from
Professor David Carroll;
a criminal prosecution for SCL
Elections Ltd for failing to properly deal with the ICO’s Enforcement Notice;
an Enforcement Notice for Aggregate IQ
to stop processing retained data belonging to UK citizens;
a Notice of Intent to take regulatory
action against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby)
Ltd); and
audits of the main credit reference
companies and Cambridge University Psychometric Centre.
Information
Commissioner Elizabeth Denham said:
“We
are at a crossroads. Trust and confidence in the integrity of our democratic
processes risk being disrupted because the average voter has little idea of
what is going on behind the scenes.
“New
technologies that use data analytics to micro-target people give campaign
groups the ability to connect with individual voters. But this cannot be at the
expense of transparency, fairness and compliance with the law.
She
added:
“Fines
and prosecutions punish the bad actors, but my real goal is to effect change
and restore trust and confidence in our democratic system.”
A
second, partner report, titled Democracy Disrupted? Personal information and political influence,
sets out findings and recommendations arising out of the 14-month
investigation.
Among
the ten recommendations is a call for the Government to introduce a statutory
Code of Practice for the use of personal data in political campaigns.
Ms
Denham has also called for an ethical pause to allow Government, Parliament,
regulators, political parties, online platforms and the public to reflect on
their responsibilities in the era of big data before there is a greater
expansion in the use of new technologies.
She
said:
“People
cannot have control over their own data if they don’t know or understand how it
is being used. That’s why greater and genuine transparency about the use of
data analytics is vital.”
In
addition, the ICO commissioned research from the Centre for the Analysis of
Social Media at the independent thinktank DEMOS. Its report, also published
today, examines current and emerging trends in how data is used in political
campaigns, how use of technology is changing and how it may evolve in the next
two to five years.
The
investigation, one of the largest of its kind by a Data Protection Authority,
remains ongoing. The 40-strong investigation team is pursuing active lines of
enquiry and reviewing a considerable amount of material retrieved from servers
and equipment.
The
interim progress report has been produced to inform the work of the DCMS’s
Select Committee into Fake News.
The
next phase of the ICO’s work is expected to be concluded by the end of October
2018.
The
Washington Post,
28 June 2018:
BRISTOL,
England — On Aug. 19, 2016, Arron Banks, a wealthy British businessman,
sat down at the palatial residence of the Russian ambassador to London for
a lunch of wild halibut and Belevskaya pastila apple sweets
accompanied by Russian white wine.
Banks
had just scored a huge win. From relative obscurity, he had become the largest
political donor in British history by pouring millions into Brexit, the
campaign to disentangle the United Kingdom from the European Union that had
earned a jaw-dropping victory at the polls two months earlier.
Now
he had something else that bolstered his standing as he sat down with his new Russian
friend, Ambassador Alexander Yakovenko: his team’s deepening ties to Donald
Trump’s insurgent presidential bid in the United States. A major Brexit
supporter, Stephen K. Bannon, had just been installed as chief executive of
Trump’s campaign. And Banks and his fellow Brexiteers had been invited to
attend a fundraiser with Trump in Mississippi.
Less
than a week after the meeting with the Russian envoy, Banks and firebrand
Brexit politician Nigel Farage — by then a cult hero among some
anti-establishment Trump supporters — were huddling privately with the
Republican nominee in Jackson, Miss., where Farage wowed a foot-stomping crowd
at a Trump rally.
Banks’s
journey from a lavish meal with a Russian diplomat in London to the raucous
heart of Trump country was part of an unusual intercontinental charm offensive
by the wealthy British donor and his associates, a hard-partying lot who dubbed
themselves the “Bad Boys of Brexit.” Their efforts to simultaneously cultivate
ties to Russian officials and Trump’s campaign have captured the interest of
investigators in the United Kingdom and the United States, including special
counsel Robert S. Mueller III.
Vice
News, 11 June
2018:
Yakovenko
is already on the radar of special counsel Robert Mueller, who is investigating
Russian interference in the U.S. presidential election, after he was named in
the indictment of ex-Trump campaign aide George Papadopoulos….
Banks,
along with close friend and former Ukip leader Nigel Farage, was among the very
first overseas political figures to meet Trump after his surprise victory in
November 2016.
It
also emerged over the weekend that Banks passed contact information for Trump’s
transition team to the Russians.
Thursday 7 June 2018
Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database
Apparently this email is currently being sent out to registered Australian citizens.
Australian Digital Health Agency, email, 5 June 2018:
Hello,
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.
If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.
The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.
Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.
A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.
For further information about the My Health Record, please visit the My Health Record website.
Thank you,
The My Health Record System Operator
www.digitalhealth.gov.au
[my yellow highlighting]
Wednesday 16 May 2018
An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook
Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".
Healthcare IT News, 4 May 2018:
Weeks
before the anticipated announcement of the My Health Record opt out period, an
insider’s leak has claimed the Australian Digital Health Agency has decided associated
risks for consumers “will not be explicitly discussed on the website”.
As
the ADHA heads towards the imminent announcement of the three-month window in
which Australians will be able to opt out of My Health Record before being
signed up to the online health information repository, the agency was caught by
surprise today when details emerged in a blog post by GP and member of the
steering group for the national expansion of MHR, Dr Edwin Kruys.
Kruys wrote that MHR offers “clear benefits”
to healthcare through providing clinicians with greater access to discharge
summaries, pathology and diagnostic reports, prescription records and more, but
said “every digital solution has its pros and cons” and behind-the-scenes risk
mitigation has been one of the priorities of the ADHA. However, he claimed
Australians may not be made aware of the risks involved in allowing their
private medical information to be shared via the Federal Government’s system.
“It
has been decided that the risks associated with the MyHR will not be explicitly
discussed on the website,” Kruys wrote.
“This
obviously includes the risk of cyber attacks and public confidence in the
security of the data.”
The
most contentious contribution in the post related to the secondary use of
Australians’ health information, the framework of which has yet to be announced
by Health Minister Greg Hunt.
Contacted
by HITNA, the agency moved swiftly to have Kruys delete the paragraph
relating to secondary use.
In
the comment that has since been removed, Kruys wrote, “Many consumers and
clinicians regard secondary use of the MyHR data as a risk. The MyHR will
contain a ‘toggle’, giving consumers the option to switch secondary use of
their own data on or off.”
Under
the My Health Records Act 2012, health information in MHR may be
collected, used and disclosed “for any purpose” with the consent of the
healthcare recipient. One of the functions of the system operator is “to
prepare and provide de-identified data for research and public health
purposes”.
Before
these provisions of the act will be implemented, a framework for secondary use
of MHR systems data must be established.
HealthConsult
was engaged to assist the Federal Government in developing a draft framework
and implementation plan for the process and within its public consultation
process in 2017 received supportive submissions from the Australasian College
of Health Informatics, the Australian Bureau of Statistics and numerous
research institutes, universities, and clinicians’ groups.
Computerworld, 14 May 2018:
Use of both de-identified
data and, in some circumstances, identifiable data will be permitted under a
new government framework for so-called “secondary use” of data derived from the
national eHealth record system. Linking data from the My Health Record system
to other datasets is also allowed under some circumstances.
The Department of Health
last year commissioned
the development of the framework for using My Health Record data for
purposes other than its primary purpose of providing healthcare to an
individual.
Secondary use can
include research, policy analysis and work on improving health services.
Under the new framework,
individuals who don’t want their data used for secondary purposes will be
required to opt-out. The opt-out process is separate from the procedure
necessary for individuals who don’t want an eHealth
record automatically created for them (the government last year
decided to shift to an opt-out
approach for My Health Record)……
Access to the data will
be overseen by an MHR Secondary Use of Data Governance Board, which will
approve applications to access the system.
Any Australian-based
entity with the exception of insurance agencies will be permitted to apply for
access the MHR data. Overseas-based applicants “must be working in
collaboration with an Australian applicant” for a project and will not have
direct access to MHR data.
The data drawn from the
records may not leave Australia, but under the framework there is scope for
data analyses and reports produced using the data to be shared internationally……
The Department of Health
came under fire in 2016 after it released for download supposedly
anonymised health data. Melbourne University researchers were able to
successfully re-identify a range of data.
Last month the Office of
the Australian Information Commissioner revealed that health
service providers accounted for almost a quarter of the breaches reported
in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.
The Sydney Morning Herald,
14 May 2018:
Australians who don't
want a personal electronic health record will have from July 16 to October 15
to opt-out of the national scheme the federal government announced on Monday.
Every Australian will
have a My Health Record unless they choose to opt-out during the three-month
period, according to the Australian Digital Health Agency.
The
announcement follows the release of the government’s secondary use of data
rules earlier this month that inflamed concerns of patient privacy and data
use.
Under the framework,
medical information would be made available to third parties from 2020 -
including some identifying data for public health and research purposes -
unless individuals opted out.
In other news.......
The
Sydney Morning Herald,
14 May 2018:
A cyber attack on Family
Planning NSW's website has exposed the personal information of up to 8000
clients, including women who have booked appointments or sought advice
about abortion, contraception and other services.
Clients received an
email from FPNSW on Monday alerting them that their website had been hacked on
Anzac Day.
The compromised data
contained information from roughly 8000 clients who had contacted FPNSW via its
website in the past 2½ years to make appointments or give feedback.
It included the personal
details clients entered via an online form, including names, contact details,
dates of birth and the reason for their enquiries….
The website was secured
by 10am on April 26, 2018 and all web database information has been secure
since that time
SBS
News, 14 May
2018:
Clients were told Family
Planning NSW was one of several agencies targeted by cybercriminals who
requested a bitcoin ransom on April 25…..
The not-for-profit has
five clinics in NSW, with more than 28,000 people visiting every year.
The most recent Digital
Rights Watch State of Digital Rights (May 2018) report can be found here.
The report’s
8 recommendations include:
Repeal
of the mandatory metadata retention scheme
Introduction
of a Commonwealth statutory civil cause of action for serious invasions of
privacy
A
complete cessation of commercial espionage conducted by the Australian Signals
Directorate
Changes
to copyright laws so they are flexible, transparent and provide due process to
users
Support
for nation states to uphold the United Nations Convention on the Rights of the
Child in the digital age
Expand
the definition of sensitive information under the Privacy Act to specifically
include behavioural biometrics
Increase
measures to educate private businesses and other entities of their
responsibilities under the Privacy Act regarding behavioural biometrics, and
the right to pseudonymity
Introduce
a compulsory register of entities that collect static and behavioural biometric
data, to provide the public with information about the entities that are
collecting biometric data and for what purpose
The
loopholes opened with the 2011 reform of the FOI laws should be closed by
returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the
FOI Act, with the interpretation of national security as a ground for refusal
of FOI requests being reviewed and narrowed
Telecommunications
providers and internet platforms must develop processes to increase
transparency in content moderation and, make known what content was removed or triggered an account suspension.
Subscribe to:
Posts (Atom)