Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Friday 24 August 2018
Australian Attorney-General releases a draft bill which will allow the gaoling of Australian citizens for 10 years if they refuse to reveal passwords or encryption codes
According to Crikey.com.au on 15 August 2018:
In addition to its
village idiot approach to undermining end-to-end encryption in new surveillance
laws, the government is also seeking a blunt-force trauma approach: it wants to
jail people for a decade if they refuse to give up the password to their
devices.
Under the draft Assistance
and Access Bill 2018 unveiled yesterday, the government is giving
police, spy agencies and regulators like the ATO the power to demand that tech
companies help them plant malware on computers and phones to help it defeat
end-to-end encryption.
Wednesday 22 August 2018
And the warnings continue about My Health Record.....
Financial
Review, 13 August 2018:
One of the world's
leading experts in cyber security policy has warned the manipulation of health
data is one of his biggest concerns facing society, as debate continues to
rage about the long-term viability of the government's controversial opt-out My
Health Record.
Former Pentagon chief
strategy officer for cyber policy and newly appointed head of cyber security
strategy for data centre security company Illumio, Jonathan Reiber,
told The Australian Financial Review the health data of MPs and
business leaders would be of particular interest to cyber criminals.
"If I'm a malicious
actor wanting to cause discontent, I would be interested in that," he
said.
"If you get access
to the health information of key leaders, you can understand what they like,
who they are and what their problems are. [Cyber criminals] would want to look
at a segment of 50 to 100 key leaders in the country, figure out data for
intelligence purposes and then manipulate the data for the negative."
Earlier this month
Health Minister Greg Hunt announced that the government would redraft the
legislation surrounding My Health Record to restrict police access and allow
records to be deleted permanently.
He had previously
copped criticism for saying the digital health database had "military-grade security",
despite not having two-factor authentication protocols.
The
Sydney Morning Herald,
14 August 2018:
Labor's health
spokeswoman Catherine King said the government's decision to switch to an
opt-out model, which Labor originally supported, gave rise to "a whole
range of significant privacy and security issues that we don't think were
thought of in the original enabling legislation".
"Are they then able
to opt-out when they become adults? What's happening in terms of survivors of
domestic violence and the capacity through the creation of a record by an
abusing partner, of a record for their children or agreement to a record for
their children, what security is in place to ensure that they are not
traced?"
Legal experts have
warned that the system provides a loophole for a violent person to create
a record for their child without their ex-partner's consent, potentially
allowing them to track down their estranged family's location, as revealed by
Fairfax Media last month.
Ms King also highlighted
concerns raised about access to medical records by health insurers, including
in relation to worker’s compensation claims, which the government has said will
not occur.
"We want to make
sure that's not the case and we want to make sure that's not the case under the
law," she said.
Some people may find
their My Health Record places them at risk of stigma and discrimination or may
cause safety issues.
You may wish to
carefully consider whether you want your health records held or shared if you:
*
have a criminal record or are affected by the criminal justice system
*
use or have used drugs
*
live with a lifelong transmissible condition such as HIV or hepatitis B
*
have or had hepatitis C
*
are not on treatment after it was recommended
*
are sexually active and test regularly for STIs
*
are or have been a sex worker
*
are transgender or intersex
*
are bisexual, lesbian or gay
*
have lived with mental health issues
*
have been pregnant or terminated a pregnancy
*
are a health care worker.
Tuesday 7 August 2018
Australian Digital Health Agency is considering adding DNA data to My Health Record
Crikey.com.au, 6 April 2018:
DNA DEBATE
The federal government’s
controversial My Health Record program is capable of storing genomic data, such
as cancer risks, using technology that both has huge research applications and
highlights privacy and security concerns.
The Sydney Morning Herald reports that
genome-sequencing company Genome.One, which can track genetic variations and
therefore disease risks, has built “necessary infrastructure” for uploading
sensitive genomic data into the opt-out system.
University of Canberra privacy expert Bruce
Arnold has criticised the inherent risks of DNA-tracking technology and,
just a week after the government backdown on police access to My Health Records, today’s news as
again demonstrating a lack public consultation.
The Australian Digital Health Agency (ADHA) which is responsibe for My Health Record gave Genome.One, a wholly-owned subsidiary of The Garvan Institute, $40,000 in September 2017 to support the development of this software.
Its GoExplore™ software provides sequencing and analyses of patients’ DNA samples to assesses their risk of developing 52 hereditary conditions, including 31 cancers, 13 heart conditions, as well several other conditions where monitoring or intervention can be of benefit.
In a change of focus, Genome.One and The Garvan Institute are reportedly no longer offering clinical reporting for genetic disease diagnosis or personal health genomics in Australia. This service was priced at $6,400 plus GST, with no Medicare rebate.
Staffing numbers in Genome.One have been severely cut, new capital is being sought and, Gavan has
stated that it intends to spin off Genome.One
software into a new company in which it will be a minority shareholder.
However, Genome.One still intends to pilot its genomics technology integrated into GP practice software and on !8 April 2018 its CEO stated; “We're working with some electronic medical record providers and we're hoping that we can get a trial underway at some point this year”.
Labels:
Big Brother,
big data,
data retention,
genetics,
health,
information technology,
privacy,
safety
Sunday 5 August 2018
Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?
It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.
It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.
Lewis Ryan (Academic GP Registrar) |
* 65% of GP Registrars have never discussed My Health Record with a patient
* 78% of GP Registrars have never received training in how to use My Health Record
* 73% of GP Registrars say lack of training is a barrier to using My Health Record
* 71% of GP Registrars who have used the My Health Record system say that the user interface is a barrier
* Only 21% of GP Registrars believe privacy is well protected in the My Health Record system
In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.
UPDATE
Healthcare
IT News, 3
August 2018:
The Federal Government’s Health Care Homes is
forcing patients to have a My Health Record to receive chronic care management
through the program, raising ethical questions and concerns about
discrimination.
The government’s Health Care Homes trial provides
coordinated care for those with chronic and complex diseases through more than
200 GP practices and Aboriginal Community Controlled Health Services
nationally, and enrolment in the program requires patients to have a My
Health Record or be willing to get one.
But GP and former AMA president Dr Kerryn
Phelps claimed the demand for patients to sign up to the national health
database to access Health Care Homes support is unethical.
“I have massive ethical concerns about that,
particularly given the concerns around privacy and security of My Health
Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.
Under a two-year trial beginning in late 2017, up
to 65,000 people are eligible to become Health Care Homes patients as part of a
government-funded initiative to improve care for those with long-term
conditions including diabetes, arthritis, and heart and lung diseases.
Patients in the program receive coordinated care
from a team including their GP, specialists and allied health professionals and
according to the Department of Health: “All Health Care Homes’ patients need to
have a My Health Record. If you don’t have a My Health Record, your care
team will sign you up.”
Phelps said as such patients who don’t want a My
Health Record have been unable to access a health service they would otherwise
be entitled to.
“When you speak to doctors who are in involved in
the Heath Care Homes trial, their experience is that some patients are refusing
to sign up because they don’t want a My Health Record. So it is a
discriminatory requirement.”
It has also raised concerns about possible future
government efforts to compel Australians to have My Health Records.
“The general feedback I’m getting is that the
Health Care Homes trial is very disappointing to say the least but,
nonetheless, what this shows is that signing up to My Health Record could just
be made a prerequisite to sign up for other things like Centrelink payments or
workers compensation.”
Human rights lawyer and Digital Rights Watch board
member Lizzie O’Shea claims patients should have a right to choose whether they
are signed up to the government’s online medical record without it affecting
their healthcare.
“It is deeply concerning to see health services
force their patients to use what has clearly been shown to be a flawed and
invasive system. My Health Record has had sustained criticism from privacy
advocates, academics and health professionals, and questions still remain to be
answered on the privacy and security of how individual's data will be stored,
accessed and protected,” O’Shea said. [my yellow highlighting]
Wednesday 1 August 2018
Turnbull Government prepares an end run around the Australian electorate?
In 1986 the Federal
Government couldn’t get the national electorate to accept the Australia
Card, a national identity card to be carried by all citizens.
Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.
Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.
Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.
Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.
When after three and a half years the
populace did not register in sufficient numbers for the so-called Personally Controlled Electronic Health
Record (PCEHR), an intrusive opt-in data retention system, government
changed tack.
It relabelled
PCEHR as My Health Record (MHR) in 2016 and broadened the number of agencies
which could access an individual’s personal/health information. Decreeing it would become
a mandatory data collection system applied to the entire Australian population,
with only a short an opt-out period prior to full program implementation1.
However, it
seems that the Turnbull Federal Government expects around 1.9 million people to
opt-out of or cancel their My Heath
Record in the next two months. Possibly with more cancellations to occur in
the future, as privacy and personal safety become issues due to the inevitable
continuation of MHR data breaches and the occurrence of unanticipated software vulnerabilities/failures.
So Turnbull
and his Liberal and Nationals cronies have a backup in place in 2018 called the Data
Sharing and Release Bill, which Introduces legislation to improve the
use and reuse of public sector data within government and with private
corporations outside of government, as well as granting access to and the
sharing of data on individuals and businesses that is currently otherwise prohibited.
The bill
also allows for the sharing of transaction, usage and product data
with service competitors and comparison services. An as yet unrealised provision which is currently being wrapped up in a pretty bow and called a consumer right - but one that is likely to be abused by the banking, finance, insurance, electricity/gas industry sectors.
The bill appears to override the federal privacy act where provisions are incompatible.
The bill appears to override the federal privacy act where provisions are incompatible.
This is a
bill voters have yet to see, because the Turnbull Government has not seen fit
to publish the bill’s full text. Only an
issues paper is available at present.
Notes:
1. Federal Government may have succeeded in retaining the personal details of every person who filled in the 2016 Census by permanently retaining these details and linking this information to their future Census information in order to track people overtime for the rest of their lives, but this win for government as Big Brother was reliant on stealth in implementation and was limited in what it could achieve at the time.
Because not everyone ended up with a genuine unique identification key as an unknown number of individual citizens and permanent residents (possibly well in excess of half a million souls) as acts of civil disobedience deliberately filled in the national survey forms with falsified information or managed to evade filling in a form altogether.
Sunday 29 July 2018
When it comes to My Heath Record the words horse, stable, door, spring to mind
In January
2016 the Australian Digital Health
Agency (ADHA) became a corporate Commonwealth established under the Public Governance,
Performance and Accountability (Establishing the Australian Digital Health
Agency) Rule.
It has a
board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable
body of the ADHA.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng, Professor Johanna Westbrook and Michael Walsh sit on this board.
The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.
ADHA is also
the designated Systems Operator for My
Health Record which currently
holds the personal health information of 5.98 million people across the country
and will add the remaining 19 million after 15 October 2018 unless they opt
out of being included in this national database.
Given the potential size of this database the question of cyber security springs to mind.
It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
Australian National Audit Office, Potential audit: 2018-19:
Management of cyber security risks in My Health Record
The audit would examine the effectiveness of the Australian Digital Health Agency’s management of cyber security risks associated with the implementation and ongoing maintenance of the My Health Record system.
My Health Record creates a record of Australians’ interactions with healthcare providers, and more than 5.5 million Australians have a My Health Record. The audit would focus on whether adequate controls are in place to protect the privacy and integrity of individual records.It seems that the Australian general public still only has the honeypot's dubious word that it cannot be raided by unauthorised third parties.
Prime Minister Malcolm Turnbull has reacted to growing community concern about the number of agencies which can access My Health Records with a vague promise of "refinements" and with this outright lie; "The fact is that there have been no privacy complaints or breaches with My Health Record in six years and there are over 6 million people with My Health Records".
The Office of the Australian Information Commissioner has recorded complaints and at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".
BACKGROUND
Intermedium, 8 May 2018:
Re-platforming options
for the My Health Record (MHR) system will soon be up for consideration, with
an Australian Digital Health Agency (ADHA) spokesperson confirming that a
request for information will be released in the next few months to inform plans
to modernise the infrastructure underpinning Australia’s mammoth patient health
database.
An open-source,
cloud-based environment has already
been flagged as a possibility for the MHR by Department of Health
(DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....
What happens to medical
records when opting out?
Dr Kerryn Phelps reminds
us that, if people don't opt out, the My Health Records Act
allows disclosure of patients' health information to police, courts and the ATO
without a warrant ("My Health Record backlash builds",
July 25). This would be in addition to "health information such as
allergies, medicines and immunisations" available for emergency staff.
How can the access be
restricted to emergency staff? How can only certain categories of information
be released when allergies and medication are part of general medical notes? I
was not reassured by "serious penalties relating to the misuse of
information do not apply to accidental misuse" on the website. I opted
out.
My GP has told me that, nonetheless, she will be obliged
to upload my records
- which sounds credible since I have formally opted out with the government,
not with my doctor's practice. So what happens -
does my health record get kicked off "the cloud"?
What exactly did I opt out of?
Denise De Vreeze [my yellow highlighting]
Denise De Vreeze [my yellow highlighting]
Labels:
#TurnbullFAIL,
Big Brother,
data retention,
health,
information technology,
privacy,
safety
Tuesday 24 July 2018
Australian Health Minister Greg Hunt is not being truthful about My Health Record and he knows it
On 16 July 2018 the Australian Minister for Health and Liberal MP for Flinders, Gregory Andrew 'Greg' Hunt, characterised My Health Record as a "secure summary" of an individual's key health information.
The Office of the Australian Information Commissioner (OAIC) tells a rather different story.
One where at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare
recipient’s My Health Record by a third party".
A story which also involves at least 96 instances of Medicare uploading data to the wrong digital health records and also uploading claim information to another 123 My Health Records apparently without the knowledge or consent of the persons in whose names these My Health Records had been created.
There were other instances where MyGov
accounts held by healthcare recipients were incorrectly linked to the My
Health Records of other healthcare recipients.
Prior to the database name change and system change from opt-in to opt-out there had been another 9 data breaches of an unspecified nature reported, involving an unknown number of what are now called My Health Records.
More instances are now being aired in mainstream and social media where My Health Records were created by DHS Medicare Repository Services or other agents/agencies without the knowledge or consent of the individual in whose name the record had been created.
Prior to the database name change and system change from opt-in to opt-out there had been another 9 data breaches of an unspecified nature reported, involving an unknown number of what are now called My Health Records.
More instances are now being aired in mainstream and social media where My Health Records were created by DHS Medicare Repository Services or other agents/agencies without the knowledge or consent of the individual in whose name the record had been created.
Healthcare IT News 16 July 2018 |
If this is how the national e-health database was officially functioning malfunctioning by 30 June 2017, how on earth is the system going to cope when it attempts to create millions of new My Health Records after 15 October 2018?
On the first day of the 60 day opt-out period about 20,000 people refused to have a My Health Record automatically created for them and at least one Liberal MP has also opted out, the Member for Goldstein and member of the House of Representatives Standing Committee on Health, Aged Care and Sport Tim Wilson.
Prime Minister Malcolm Bligh Turnbull has stated his view that mass withdrawals will not kill the national digital health records system - perhaps because he and his government are possibly contemplating adopting the following three coercive recommendations found amongst the thirty-one recommendations included in the Siggins Miller November 2016 Evaluation of the Participation Trials for the My Health Record: Final Report:
NOTES
OAIC annual reports:
On the first day of the 60 day opt-out period about 20,000 people refused to have a My Health Record automatically created for them and at least one Liberal MP has also opted out, the Member for Goldstein and member of the House of Representatives Standing Committee on Health, Aged Care and Sport Tim Wilson.
Prime Minister Malcolm Bligh Turnbull has stated his view that mass withdrawals will not kill the national digital health records system - perhaps because he and his government are possibly contemplating adopting the following three coercive recommendations found amongst the thirty-one recommendations included in the Siggins Miller November 2016 Evaluation of the Participation Trials for the My Health Record: Final Report:
20. Use all mechanisms
available in commissioning and funding health services as vehicles to require
the use of the My Health Record to obtain funds where practical.
21. Consider ways to
require the use of the My Health Record system by all healthcare providers and
how to best use the Government’s purchasing power directly (e.g. in the aged
care sector), via new initiatives as they arise (such the Health Care Home
initiative) or via PHNs commissioning clinical services (e.g. require use of
the My Health Record system in all clinical and aged care services that receive
Commonwealth funds). Such requirements should have a timeframe within which
healthcare providers need to become compliant.
22. Explore with health
insurers how they could encourage preferred suppliers and clients to use the My
Health Record system as part of their push for preventive care and cost
containment.
That the My Health Record is not about improving health service delivery for individual patients is indicated by the fact that a My Health Record is retained by the National Repositories Service for between 30 and up to 130 years after death and, even during an individual's lifetime can be accessed by the courts, police, other government agencies and private corporations listed as research organisations requiring medical/lifestyle information for what is essentially commercial gain, at the discretion of the Secretary of the Department of Health or the Digital Health Agency Systems Operator. See: My Health Records Act 2012 (20 September 2017), Subdivision B - s63 to s70
To put it bluntly, this national database will allow federal government to monitor the personal lives of Australian citizens more closely, enforce civil & criminal law, monetise collated data for its own benefit and, weaponize the personal information collected anytime it feels threatened by dissenting opinion.
NOTES
OAIC annual reports:
The Guardian, 22 July 2018:
Australia’s impending My
Health Record system is “identical” to a failed
system in England that was cancelled after it was found to be selling
patient data to drug and insurance companies, a British privacy expert has
said.
My Health Record is a
digital medical record that stores
medical data and shares it between medical providers. In the UK, a similar
system called care.data was announced in 2014, but cancelled in 2016 after an
investigation found that drug and insurance companies were able to buy
information on patients’ mental health conditions, diseases and smoking habits.
The man in charge of
implementing My Health Record
in Australia, Tim Kelsey, was also in charge of setting up care.data.
Phil Booth, the
coordinator of British privacy group Medconfidential, said the similarities
were “extraordinary” and he expected the same privacy breaches to occur.
“The parallels are
incredible,” he said. “It looks like it is repeating itself, almost like a
rewind or a replay. The context has changed but what is plainly obvious to us
from the other side of the planet, is that this system seems to be the 2018
replica of the 2014 care.data.” [my yellow highlighting]
North Coast
Voices , 22 July 2018, Former
Murdoch journalist in charge of MyHealth records –what could possibly go wrong?
UPDATE
Australian
Parliamentary Library, Flagpost,
23 July 2018:
Section 70 of the My Health Records Act
2012 enables the System Operator (ADHA) to ‘use or disclose
health information’ contained in an individual’s My Health Record if the ADHA
‘reasonably believes that the use or disclosure is reasonably necessary’ to,
among other things, prevent, detect, investigate or prosecute any criminal
offence, breaches of a law imposing a penalty or sanction or breaches of a
prescribed law; protect the public revenue; or prevent, detect, investigate or
remedy ‘seriously improper conduct’. Although ‘protection of the public
revenue’ is not explained, it is reasonable to assume that this might include
investigations into potential fraud and other financial offences involving
agencies such as Centrelink, Medicare, or the Australian Tax Office. The
general wording of section 70 is a fairly standard formulation common to
various legislation—such as the Telecommunications
Act 1997—which appears to provide broad access to a wide range of agencies
for a wide range of purposes.
While this should mean
that requests for data by police, Home Affairs and other authorities will be
individually assessed, and that any disclosure will be limited to the minimum
necessary to satisfy the request, it represents a significant reduction in the
legal threshold for the release of private medical information to law
enforcement. Currently, unless a patient consents to the release of their
medical records, or disclosure is required to meet a doctor’s mandatory
reporting obligations (e.g. in cases of suspected child sexual abuse), law
enforcement agencies can only access a person’s records (via their doctor) with
a warrant, subpoena or court order....
It seems unlikely that
this level of protection and obligation afforded to medical records by the
doctor-patient relationship will be maintained, or that a doctor’s judgement
will be accommodated, once a patient’s medical record is uploaded to My Health
Record and subject to section 70 of the My Health Records Act 2012. The
AMA’s Guide
to Medical Practitioners on the use of the Personally Controlled Electronic
Health Record System (from 2012) does not clarify the situation.
Although it has
been reported that
the ADHA’s ‘operating policy is to release information only where the request
is subject to judicial oversight’, the My Health Records Act 2012 does
not mandate this and it does not appear that the ADHA’s operating policy is
supported by any rule or regulation. As legislation would normally take
precedence over an agency’s ‘operating policy’, this means that unless the ADHA
has deemed a request unreasonable, it cannot routinely require a law
enforcement body to get a warrant, and its operating policy can be ignored or
changed at any time.
The Health
Minister’s assertions that no one’s data can be used to ‘criminalise’
them and that ‘the Digital Health Agency has again reaffirmed today that
material … can only be accessed with a court order’ seem at odds with the
legislation which only requires a reasonable belief that disclosure of a
person’s data is reasonably necessary to prevent, detect, investigate or
prosecute a criminal offence…..
Although the disclosure
provisions of different agencies may be more or less strict than those of the
ADHA and the My Health Records Act 2012, the problem with the MHR system
is the nature of the data itself. As the Law Council of Australia notes,
‘the information held on a healthcare recipient’s My Health Record is regarded
by many individuals as highly sensitive and intimate’. The National Association
of People with HIV Australia has
suggested that ‘the department needs to ensure that an individual’s My
Health Record is bound to similar privacy protections as existing laws relating
to the privacy of health records’. Arguably, therefore, an alternative to the
approach of the current scheme would be for medical records registered in the
MHR system to be legally protected from access by law enforcement agencies to
at least the same degree as records held by a doctor.
Sunday 22 July 2018
Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?
Former news editor of the notorious Newscorp
publication The Sunday Times which was involved
in the UK hacking scandal, former
Executive Director of Transparency and Open
Data
in the UK Cabinet Office and then National Director for Patients and
Information and head of the toxic
government Care.data project which
stored patient medical information in a
single database. before ending up as
the commercial director of Telstra
Health in Australia, Tim Kelsey, was appointed as CEO of
the Australian Digital
Health Agency by the Turnbull Coalition Government to progress the
stalled My Health Record national
database in 2016 with a salary worth $522,240 a year.
A curriculum vitae
which may go some way to explaining why
reports
are beginning to emerge of individuals seeking to opt-out of My Health Record
finding out they have been registered by stealth in the Australian national
database some years ago.
Crikey.com.au, 18 July 2018:
The
bureaucrat overseeing My Health Record presided over a disaster-plagued
national health record system in the UK, and has written passionately about the
belief people have no right to opt out of health records or anonymity.
Tim
Kelsey is a former British journalist who moved into the electronic health
record business in the 2000s. In 2012, he was appointed to run the UK
government’s national health record system, Care.data, which was brought
to a shuddering halt in 2014 after widespread criticism
over the sale of patients’ private data to drug and
insurance companies, then scrapped altogether in 2016. By that stage,
Kelsey had moved to Telstra in Australia, before later taking
a government role. There was considerable criticism about the lack of
information around Care.data, and over 700,000 UK people opted out of the system.
Kelsey
vehemently opposed allowing people to opt out — the exact model he is
presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect…..
For
Kelsey, this was necessary for effective health services…….
Kelsey
also expressed his opposition to the anonymisation of data, even of the most
personal kind…...
Kelsey’s
vision was of a vast state apparatus collecting, consolidating and distributing
private information to enable an interventionist state.
Moreover,
he stated others should have access to data…..
ADHA,
Kelsey is doing little to fix his reputation for controversy. On Saturday,
ADHA released an extraordinary 1000-word attack on News Corp health journalist Sue
Dunlevy who correctly pointed out the strong risk to privacy
in the My Health Record system. The statement repeatedly criticised Dunlevy,
accusing her of “dangerous fearmongering” and being “misleading and ignorant”.
Dunlevy
had rightly noted the lack of any effective information campaign about My
Health record (exactly the criticism made of Care.data), prompting ADHA to
boast of its $114 million campaign at Australia Post shops, Department of Human
Services “access points” and letters to health practitioners. It makes you
wonder why even News Corp’s Janet Albrechtsen said she’d never heard of My Health Record until last week….
Labels:
Big Brother,
big data,
information technology,
privacy,
safety
Sunday 15 July 2018
"Bad actor" Facebook Inc given £500,000 maximum fine - any future breach may cost up to £1.4bn
The
Guardian, 11
July 20018:
Facebook is to be fined
£500,000, the maximum amount possible, for its part in the
Cambridge Analytica scandal, the information commissioner has announced.
The fine is for two
breaches of the Data Protection Act. The Information Commissioner’s Office
(ICO) concluded that Facebook failed
to safeguard its users’ information and that it failed to be transparent about
how that data was harvested by others.
“Facebook has failed to provide the kind of
protections they are required to under the Data Protection Act,” said Elizabeth
Denham, the information commissioner. “Fines and prosecutions punish the bad
actors, but my real goal is to effect change and restore trust and confidence
in our democratic system.”
In the first quarter of
2018, Facebook took £500,000 in revenue every five and a half minutes. Because
of the timing of the breaches, the ICO said it was unable to levy the penalties
introduced by the European General Data Protection (GDPR), which caps fines at
the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case,
$1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.
As one of the IT whistleblowers described the situation...
Just to sum up. 1) Facebook broke the law. 2) Cambridge Analytica broke the law. 3) Vote Leave broke the law. 4) LeaveEU broke the law. 5) Brexit and Trump were both won through breaking the law. 6) Facebook let it all happen and covered it up. https://t.co/CAOrP5rKry— Christopher Wylie 🏳️🌈 (@chrisinsilico) July 11, 2018
Labels:
data breach,
Facebook,
law,
privacy,
safety
Thursday 5 July 2018
Turnbull and Keenan botching digital transformation policy
The
Australian Minister for Human Services, Minister Assisting the Prime Minister
for Digital Transformation and Liberal MP for Stirling, 46 year-old Michael Fayat Keenan, is
all gung-ho for digital transformation.
The problem
is that he is just not good at being transformative – rather like his prime
minister.
One could almost see the trainwreck coming down the line from the moment of then Communications Minister Turnbull's initial joint announcement with then Prime Minister Tony Abbott in 2015.
Despite the obvious problems Michael Keenan will be commencing pre-rollout trials of a facial recognition program this year,
Yahoo
News, 1 July
20118:
Welfare recipients will
soon be asked to have their faces scanned before they can claim their benefits.
It is part of a new
trial of biometric security measures the government will begin within months.
Similar to how
SmartGates work at airports to check passports, government services will ask
recipients to take a photo on a computer or phone to create a MyGov ID.
The photo will then be
checked against passports and driver’s licences.
But there are questions
as to whether this information could be misused.
Australian Privacy
Foundation’s Bernard Robertson-Dunn said people needed to be assured “it works
properly” and the government “doesn’t use the technology to do things it didn’t
say it was going to do”.
Human Services Minister
Michael Keenan said on May 1 the misuse of data which could be used to “impinge
on people’s privacy” was “clearly” a concern for many Australians.
The 2016 Census is an
example of a recent government technology fail….
Uses for the MyGov ID
will trial from October – with an all-online way to get a tax file number.
Next year Centrelink
services, including Newstart and Youth Allowance, will also be trialled.
Here is the organisational and technological mess that Keenan helped create…..
The Canberra Times, 29 June 2018, p.14:
The agency charged with
guiding IT projects has been sidelined from major policies and is removed from
the Coalition's thinking about digital reform, an inquiry into the
government's $10 billion tech spend has found.
A report released on
Wednesday has called for a central vision to guide the government in its IT
reform and found changes to the Digital Transformation Agency
had left it watching on as major tech projects hit disaster.
The inquiry found the
DTA did not have the Australian Criminal Intelligence Commission's botched
project to adopt biometric technology on its watchlist and that it had failed
to involve itself in determining why the Education Department's Australian Apprenticeship
Management System project was called off.
It was sidelined as the
Department of Home Affairs took charge of cyber policy, the Prime Minister's
department assumed control of data policy and the newly created Office of the
Information Commissioner was created separate from the DTA, the report said.
"The evidence heard
by this committee revealed an organisation that was not at the centre of government
thinking about digital transformation, or responsible for the
creation and enactment of a broader vision of what that transformation would
look like," it said.
News.com.au, 12 June 2018:
Australians will be able
to access government services with a single log-in under a plan to create a
"single digital identity" by 2025.
Michael Keenan, the
federal minister in charge of digital services, said face-to-face interactions
with government services would be greatly reduced.
"Think of it as a
100-point digital ID check that will unlock access to almost any government
agency through a single portal such as a myGov account," Mr Keenan said.
The minister wants
Australia to be a world leader in digital government, with almost all services
to be available online by 2025.
Mr Keenan said having 30
different log-ins for government services is not good enough.
"The old ways of
doing things, like forcing our customers to do business with us over the
counter, must be re-imagined and refined," he said.
People will need to
establish their digital identity once before being able to use it across
services.
The first of several
pilot programs using a "beta" version of what will be known as
myGovID will begin in October.
The initial pilot will
enable 100,000 participants to apply for a tax file number online, which Mr
Keenan says will reduce processing time to a day from up to a month currently.
In a pilot starting from
March next year, services including student identification and Centrelink will
be connected to the digital identity.
Also from March 2019,
100,000 people will be able to use their digital identity to create their My
Health Record online.
Mr Keenan says one
face-to-face or over-the-counter transaction costs on average about $17 to
process, while an online transaction can cost less than 40 cents.
The Human Services
department will operate as the gateway between service providers and people.
"This is key to
protecting privacy, as the exchange will act as a double-blind - service
providers will not see any of the user's ID information and identity providers
will not know what services each user is accessing," Mr Keenan said.
Labor digital economy
spokesman Ed Husic said the Turnbull government was responsible for a
"dirty dozen" of failed digital transformation failures, including
the census and tax office website crashes.
"The biggest challenge
confronting the Turnbull government is to quit its addiction to glitzy digital
announcements and get stuck into properly delivering these multimillion-dollar
projects," Mr Husic said.
The Australian Crime
Intelligence Commission has suspended the contract for its beleaguered biometric
identification services project in order to renegotiate it after the contractor
failed to meet the deadline for completion and the cost ran $40 million over
budget.
It follows a
recommendation from a scathing independent review late last year that the
contract be overhauled, the project be simplified and the timeline for delivery
changed.
In 2016 ACIC (then
CrimTrac) contracted NEC Australia to deliver a program that would replace the
national automated fingerprint identification system, adding in facial
recognition, palm prints and foot prints and would be available for use by
police forces around the country.
Industry news website
InnovationAus reported on Wednesday that NEC contractors had been marched from
ACIC's premises on Monday June 4, after being told that the project had been
suspended at the start of June.
It is believed the
project has been suspended until Friday, while the negotiations over the contract
take place.
A PricewaterhouseCoopers
report last November seen by Fairfax Media said "a chain of decisions
involving all levels and stakeholders" had led to the project running
behind schedule and over budget.
It recommended that the
scope of the project be simplified and standardised, and called it "highly
challenged" and presenting a "high risk" to the commission.
"There is low
confidence in likelihood of delivery which requires focus to achieve
turnaround."
Poor communication,
operational silos, limited collaboration and a failure to estimate the
project's complexity had blown it off-track, the report said.
The report also
recommended that the existing fingerprint database contract with Morpho be
extended for 12 months after its expiry last month. It is not clear whether
this contract was extended as recommended……
NEC Australia was also
the contractor for the failed Australian apprentice management system, which
was dumped by the Department of Education and Training last month due to
critical defects, also found by a report by PwC.
InnovationAus, 12 June 2018:
NEC Australia won a $52
million tender for the Biometric Identification Services project in early 2016.
The project involved replacing the ACIC’s National Automated Fingerprint
Identification System with a “multi-modal biometric identification” service,
incorporating fingerprints, footprints and facial recognition.
But the project is
running behind schedule and is understood to be returning a high amount of
false positives.
ABC
News, 28 May 2018:
A massive case of
mistaken identity in the UK is prompting calls for a rethink on plans to use
facial recognition technology to track down terrorists and traffic offenders.
"If you have
technology that is not up to scratch and it is bringing back high returns of
false positives then you really need to go back to the drawing board,"
president-elect of the Law Council of Australia Arthur Moses told AM.
The comments follow
revelations a London police trial of facial recognition technology generated
104 "alerts", of which 102 were false.
The technology scanned
CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in
London in search of wanted criminals.
Labels:
Australia Card,
big data,
information technology,
Internet,
privacy,
safety
Subscribe to:
Posts (Atom)