Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Sunday 11 August 2019
Alleged data theft by HealthEngine leaves hundreds of thousands of Australians vulnerable
Perhaps now is the time for readers to check who owns the company they might use to make medical appointment online.
ABC News, 8 August 2019:
Australia's biggest medical appointment booking app HealthEngine is facing multi-million-dollar penalties after an ABC investigation exposed its practice of funnelling patient information to law firms.
The Australian Competition and Consumer Commission has launched legal action against the Perth-based company in the Federal Court, accusing it of misleading and deceptive conduct.
In June last year, the ABC revealed HealthEngine was passing on users' personal information to law firms seeking clients for personal injury claims.
The details of the deal were contained in secret internal Slater and Gordon documents that revealed HealthEngine was sending the firm a daily list of prospective clients at part of a pilot program in 2017.
The ACCC has also accused the company of passing the personal information of approximately 135,000 patients to insurance brokers in exchange for payments.
"Patients were misled into thinking their information would stay with HealthEngine but, instead, their information was sold off to insurance brokers," ACCC chairman Rod Sims said in a statement.
The information sold included names, phone numbers, dates of birth and email addresses.
The ACCC has not said how much money the company earned form the arrangement.
The ABC revealed last year that HealthEngine had also boasted to advertisers that it could target users based on their symptoms and medical conditions.
HealthEngine has also been accused of misleading consumers by manipulating users' reviews of medical practices.
"We allege that HealthEngine refused to publish negative reviews and altered feedback to remove negative aspects, or to embellish it, before publishing the reviews," Mr Sims said.
Among a range of examples, the ACCC alleges that one patient review was initially submitted as: "The practice is good just disappointed with health engine. I will call the clinic next time instead of booking online."
But when that review was made public, it was allegedly changed to simply read: "The practice is good."
HealthEngine is facing a fine of $1.1 million for each breach of the law, but the ACCC has yet to determine how many breaches it will allege....
Labels:
ACCC,
data breach,
data theft,
Health Services,
information technology,
Internet,
privacy
Saturday 15 June 2019
Wednesday 22 May 2019
The Abbott-Turnbull-Morrison Federal Government still hasn't made personal health data secure
Since about 2014 it has been known that the personal details of Medicare
cardholders has been for sale on the dark web.
Despite an April
2014 report by the Australian
National Audit Office that the Consumer
Directory - which contains all Medicare customer records - was not secure
and that cardholder
details were for sale, the federal Liberal-Nationals
Coalition Government does not appear to have comprehensively acted act on
the issue of database security.
It was not
unknown that Medicare cardholder details were being used fraudulently.
When contacted
by the mainstream media in July 2017 the Liberal MP for Aston and then Minister for Human Services Alan Tudge denied
any prior knowledge of cardholder details being offered for sale.
It was not reported that at the time if he was asked about instances of Medicare cardholder details being used to commit fraud or identity theft.
In August 2017 eHealth Privacy Australia was telling
the Senate Finance and Public Administration Committee that:
•
There are fundamental weaknesses in both the HPOS (Medicare card data) and My Health
Records systems, which make them vulnerable to illegal access.
•
Those weaknesses mean that fraudulent users of the systems can assume the
identity of legitimate users to gain illegal access.
•
It is not sufficient to mitigate these weaknesses in the My Health Records system.
By 1 January
2019 IT
News was
reporting that Medicare cardholder details fraudulently obtained had been used to access an individual’s My Health Record:
The number of data
breaches involving the My Health Record system rose from 35 to 42 in the past
financial year, new figures show.
The Australian Digital
Health Agency (ADHA) said in its annual report [pdf] that “42 data breaches (in 28
notifications) were reported to the Office of the Australian Information
Commissioner” in 2017-18.
As with previous years,
the agency said that “no purposeful or malicious attacks compromising the
integrity or security of the My Health Record system” were reported in the
period.
Of the 42 breaches, one was the result of “unauthorised
access to a My Health Record as a result of an incorrect Parental Authorised
Representative being assigned to a child”, the agency reported.
A further two breaches were from “suspected fraud against
the Medicare program where the incorrect records appearing in the My Health
Record of the affected individual were also viewed without authority by the
individual undertaking the suspected fraudulent activity”, ADHA said.
In addition, 17 breaches were the result of “data
integrity activity initiated by the Department of Human Services to identify
intertwined Medicare records (that is, where a single Medicare record has been
used interchangeably between two or more individuals)”, the agency said. [my
yellow highlighting]
Despite this
knowledge the Abbott-Turnbull-Morrison
Government has still not grasped the nettle, because on 16 May 2019 The
Guardian reported:
Australians’ Medicare
details are still being illegally offered for sale on the darknet, almost two
years after Guardian Australia revealed the serious privacy breach.
Screenshots of the
Empire Market, provided to Guardian Australia, show the vendor Medicare Machine
has rebranded as Medicare Madness, offering Medicare details for $US21.
Other vendors charge up
to $US340 by offering fake Medicare cards alongside other fake forms of
identification – such as a New South Wales licence.
The Medicare Madness
listing suggests the Medicare details “of any living Australian citizen” have
been available since September 2018.
Guardian Australia first
reported patient details were on sale in July 2017, verifying the listing
by requesting the data of a Guardian staff member and warning that Medicare
card numbers could be used for identity theft and fraud.
The revelation
prompted a
review lead by former secretary of the Department of Prime Minister and Cabinet
Peter Shergold.
The report did not
identify the source of the Medicare data leak but suggested that people could
use publicly available information about healthcare providers – including their
provider number and practice location – to pass security checks and obtain a
Medicare card number through the Department of Human Services provider hotline.
The review panel warned
the “current security check for release of Medicare card information provides a
much lower level of confidence than the security requirements” for Health Professional
Online Services, the portal that allows providers to make rebate claims.
An IT industry source,
who refused to be named, said the re-emergence of the data breach brings into
question government assurances around the privacy of medical data “when those
responsible cannot even manage the security of Medicare cards”.
The source said there is
a “concerted effort at the moment by law enforcement to curtail darknet market
activity”.
“In reality the darknet
markets, while disrupted momentarily when their sites are brought down, easily
relocate and continue business.”
Darknet markets can
simply private message existing clients with a new link to resume business
elsewhere. [my yellow highlighting]
Thus far the federal government has failed to recognise where Medicare cardholder details may be being accessed unlawfully, as this 2 August 2018 ABC online article indicates:
Privacy experts have warned that the system
opens up health records to more people than ever before, thereby increasing the
threat surface — the number of vulnerabilities in a system — dramatically.
Dr Bernard Robertson
Dunn, who chairs the health committee at the foundation, says once the data is
downloaded into the health system, the My Health record system cannot guarantee
privacy.
"Once the data has
been downloaded to, for instance, a hospital system, the protections of the
hospital system apply, and then the audit logs apply to the hospital system —
not to My Health record.
"So there is no way
the Government would know who has accessed that data, and it is untraceable and
untrackable that that access has occurred."
Labels:
big data,
data breach,
information technology,
Medicare,
My Health Record,
privacy,
safety
Thursday 2 May 2019
Dozens of Centrelink clients have had their names published on Facebook by a Commonwealth-funded work-for-the-dole provider
ABC
News, 26
April 2019:
Dozens of Centrelink
clients have had their names published online in what has been described as a
"shocking" abuse of privacy.
A Commonwealth-funded
work-for-the-dole provider uploaded lists of people who were required to attend
client meetings to a public Facebook page.
"We are at a loss
as to why anyone would post about workers' appointments online," union
official Lara Watson said.
"We were shocked at
the publication of names on a social media platform."
The incidents are the
latest to emerge from the Government's flagship remote employment scheme, the
Community Development Programme (CDP).
Nearly 50 people from
the Northern Territory community of Galiwinku, located 500 kilometres east of
Darwin, were affected.
The job service
provider, the Arnhem Land Progress Association (ALPA), established the social
media page apparently with the intention of uploading such lists.
"Welcome to our
Facebook page where we will be posting appointments, courses and CDP
information," it wrote last month.
The two sheets of names
were posted to the Galiwinku CDP page on March 11 and 12.
Both images were shared
to another local Facebook group titled Elcho Island Notice Board, which has
more than 2,000 members.
One CDP insider
denounced the online uploads, saying they were unprecedented and could have
placed job seekers at risk.
"If a person has a
family violence order in place to protect them, then perhaps the perpetrator
would know where she was," said the source, who requested anonymity.
"It advertised that
a person is accessing welfare services, and unfortunately in Australia there's
discrimination against people accessing welfare services.
"People can be
bullied for being unemployed."
The Galiwinku CDP page
appears to have since been removed from the internet but the organisation
denied any wrongdoing.
"We do not believe
that this is a breach of confidentiality," an ALPA spokeswoman said.....
"All ALPA CDP
participants give … media consent when they commence as a participant."......
Wednesday 1 May 2019
Facebook spends more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy – but refuses constructive action
“It is
untenable that organizations are allowed to reject my office’s legal findings
as mere opinions. Facebook should not get to decide what Canadian privacy law
does or does not require.” [Canandian Privacy Commissioner Daniel
Therrien, 25 April 2019]
Facbook Inc. professes that it has taken steps to ensure the intregrity of political discourse on its platform, but rather tellingly will not roll out transparency features in Australia that it has already rolled out in the US, UK, Eu, India, Israel and Ukraine.
The only measure it commits to taking during this federal election campaign is to temporarily ban people outside Australiabuying ads that Facebook determines are “political”.
So it should come as no surprise that Canada issued this three page news release…….
Office of the Privacy Commission of
Canada, news
release, 25 April 2019:
Facebook refuses to
address serious privacy deficiencies despite public apologies for “breach of
trust”
Joint investigation
finds major shortcomings in the social media giant’s privacy practices,
highlighting pressing need for legislative reform to adequately protect the
rights of Canadians
OTTAWA, April 25,
2019 – Facebook committed serious contraventions of Canadian privacy laws
and failed to take responsibility for protecting the personal information of
Canadians, an investigation has found.
Despite its public
acknowledgement of a “major breach of trust” in the Cambridge Analytica
scandal, Facebook disputes the investigation findings of the Privacy
Commissioner of Canada and the Information and Privacy Commissioner for British
Columbia. The company also refuses to implement recommendations to address
deficiencies.
“Facebook’s refusal to
act responsibly is deeply troubling given the vast amount of sensitive personal
information users have entrusted to this company,” says Privacy Commissioner of
Canada Daniel Therrien. “Their privacy framework was empty, and their vague
terms were so elastic that they were not meaningful for privacy protection.
“The stark contradiction
between Facebook’s public promises to mend its ways on privacy and its refusal
to address the serious problems we’ve identified – or even acknowledge that it
broke the law – is extremely concerning.”
“Facebook has spent more
than a decade expressing contrition for its actions and avowing its commitment
to people’s privacy,” B.C. Information and Privacy Commissioner Michael McEvoy
says, “but when it comes to taking concrete actions needed to fix transgressions
they demonstrate disregard.”
Commissioner McEvoy says
Facebook’s actions point to the need for giving provincial and federal privacy
regulators stronger sanctioning power in order to protect the public’s
interests. “The ability to levy meaningful fines would be an important starting
point,” he says.
The findings and
Facebook’s rejection of the report’s recommendations highlight critical
weaknesses within the current Canadian privacy protection framework and
underscore an urgent need for stronger privacy laws, according to both
Commissioners.
“It is untenable that
organizations are allowed to reject my office’s legal findings as mere
opinions,” says Commissioner Therrien.
In addition to the power
to levy financial penalties on companies, both Commissioners say they should
also be given broader authority to inspect the practices of organizations to
independently confirm privacy laws are being respected. This measure would be
in alignment with the powers that exist in the U.K. and several other countries.
Giving the federal
Commissioner order-making powers would also ensure that his findings and
remedial measures are binding on organizations that refuse to comply with the
law.
The complaint that
initiated the investigation followed media reports that Facebook had allowed an
organization to use an app to access users’ personal information and that some
of the data was then shared with other organizations, including Cambridge
Analytica, which was involved in U.S. political campaigns.
The app, at one point
called “This is Your Digital Life,” encouraged users to complete a personality
quiz. It collected information about users who installed the app as well as
their Facebook “friends.” Some 300,000 Facebook users worldwide added the app,
leading to the potential disclosure of the personal information of
approximately 87 million others, including more than 600,000 Canadians.
The investigation
revealed Facebook violated federal and B.C. privacy laws in a number of
respects. The specific deficiencies include:
Unauthorized access
Facebook’s superficial
and ineffective safeguards and consent mechanisms resulted in a third-party
app’s unauthorized access to the information of millions of Facebook users.
Some of that information was subsequently used for political purposes.
Lack of meaningful
consent from “friends of friends”
Facebook failed to
obtain meaningful consent from both the users who installed the app as well as
those users’ “friends,” whose personal information Facebook also disclosed.
No proper oversight over
privacy practices of apps
Facebook did not
exercise proper oversight with respect to the privacy practices of apps on its
platform. It relied on contractual terms with apps to protect against
unauthorized access to user information; however, its approach to monitoring
compliance with those terms was wholly inadequate.
Overall lack of
responsibility for personal information
A basic principle of
privacy laws is that organizations are responsible for the personal information
under their control. Instead, Facebook attempted to shift responsibility for
protecting personal information to the apps on its platform, as well as to
users themselves.
The failures identified
in the investigation are particularly concerning given that a 2009
investigation of Facebook by the federal Commissioner’s office also found
contraventions with respect to seeking overly broad, uninformed consent for
disclosures of personal information to third-party apps, as well as inadequate
monitoring to protect against unauthorized access by those apps.
If Facebook had
implemented the 2009 investigation’s recommendations meaningfully, the risk of
unauthorized access and use of Canadians’ personal information by third party
apps could have been avoided or significantly mitigated.
Facebook’s refusal to
accept the Commissioners’ recommendations means there is a high risk that the
personal information of Canadians could be used in ways that they do not know
or suspect, exposing them to potential harms.
Given the extent and
severity of the issues identified, the Commissioners sought to implement
measures to ensure the company respects its accountability and other privacy
obligations in the future. However, Facebook refused to voluntarily submit to
audits of its privacy policies and practices over the next five years.
The Office of the
Privacy Commissioner of Canada plans to take the matter to Federal Court to
seek an order to force the company to correct its privacy practices.
The Office of the
Information and Privacy Commissioner for B.C. reserves its right under
the Personal Information Protection Act to consider future actions
against Facebook.
Related documents:
* Note: my yellow highlighting
Nor should this alleged 'mistake' made by Facebook cause surprise.......
The
New York Times,
25 April 2019:
SAN FRANCISCO — The New
York State attorney general’s office plans to open an investigation into
Facebook’s unauthorized collection of more than 1.5 million users’ email
address books, according to two people briefed on the matter.
The inquiry concerns a practice
unearthed in April in which Facebook harvested the email contact lists of a
portion of new users who signed up for the network after 2016, according to the
two people, who spoke on condition of anonymity because the inquiry had not
been officially announced.
Those lists were then
used to improve Facebook’s ad-targeting algorithms and other friend connections
across the network.
The investigation was
confirmed late Thursday afternoon by the attorney general’s office.
“Facebook has repeatedly
demonstrated a lack of respect for consumers’ information while at the same
time profiting from mining that data,” said Letitia James, the attorney general
of New York, in a statement. “It is time Facebook is held accountable for how
it handles consumers’ personal information.”…
Users were not notified
that their contact lists were being harvested at the time. Facebook shuttered
the contact list collection mechanism shortly after the issue was discovered by
the press…..
Facebook Inc's rapacious business practices has been the death of online privacy and now threatens the democratic process.
Labels:
data breach,
data mining,
Facebook,
information technology,
Internet,
law,
privacy,
safety
Thursday 31 January 2019
The relentless drive by Australian federal and state governments to create unsafe data collection and retention systems continues unabated
The Sydney Morning Herald, 26 January 2019:
More than 1 million
Australians have had their name and address added to the electoral roll and
then automatically passed to global marketing giants without their knowledge.
Direct enrolment laws
passed by Parliament in 2012 meant Australians no longer had to register on the
electoral roll to have their details entered, with information of workers and
school students scanned from drivers licences, Centrelink and records from the
Board of Studies in each state.
The electoral roll has
since been handed over to credit-check operators for identification purposes
designed to help financial services firms such as banks, Afterpay and Zip, to
run fraud, anti-money laundering and anti-terrorism checks, but four of those
identity firms are now running global marketing operations using data
analytics.
No government body has
been able to advise if anyone is monitoring the companies for breaches of the
electoral act, which carries fines for using the data in commercial operations,
or if they are monitoring the separation of data between the companies'
identification and marketing arms.
The Sydney Morning
Herald and The Age revealed this week that AXCIOM, Experian,
Global Data and illion (formerly known as debt collectors Dun & Bradstreet)
all have access to the electoral roll as "prescribed authorities". In
their secondary businesses, each boasts of their ability to provide marketing
data analytics on millions of Australians to their clients but maintain they
are in full compliance with the privacy act and do not use the data for
marketing purposes.
AXCIOM and Global Data
have not responded to multiple requests for comment. An auto-reply email from
AXCIOM said "data monetisation awaits!"
The only non-marketing
firm among the group, US credit check giant Equifax, had the records of 145.5
million hacked in a breach in 2017 was fined $3.5 million by the Federal Court
last year for misleading, deceptive and unconscionable conduct…..
….database that contains
information on 16 million Australians. More than 1.5 million Australians who
were eligible to vote - but not on the electoral roll - are likely to have been
added since the laws passed.
School students as young
as 16 have been caught up in the data transfer, with more than 18,846 people
aged 16 and 17 provisionally on the electoral roll as of December 31.
Wednesday 30 January 2019
Prime Minister Scott Morrion's bullying of single mothers increases
The
Guardian, 28
January 2019:
Single mothers placed on
a compulsory welfare program for disadvantaged parents allege they were
pressured into allowing private job service providers to collect their
“sensitive information”.
ParentsNext participants
are asked to sign a privacy notification and consent form, which is similar to
documentation provided to those on other welfare programs such as the
employment scheme Jobactive.
The program is
compulsory for those who want to receive parenting payments and are considered
“disadvantaged”, but departmental guidelines state that participants may
decline to sign the form and still take part.
Instead, some case
workers have told participants that they would have their payments cut if they
refused to sign the form.
The situation has meant
women who did not want to give their consent have done so anyway. One of the
five participants who spoke to Guardian Australia about their experience said
they felt the situation represented “coercion”.
“She [my case worker]
just said, flat out, ‘If you don’t sign it, you won’t get your parenting
payment’,” one mother, who did not want to be named, told Guardian Australia.
“It was simple as that.”
The women were concerned
by the fact the privacy form states that providers “may collect sensitive
information … [which] may include … medical information”. It is understood the
form would allow providers to handle participants’ mental health information.
Parenting payment is the
sole income for many women on the ParentsNext program, which
is currently the subject of a Senate inquiry.
While is standard
practice for welfare recipients to be asked to sign privacy consent and
notification forms, the chairman of the Australian Privacy Foundation, David
Vaile, noted that, in this case, the women felt they needed to sign the form in
order to keep receiving their payments.
“It has all the
characteristics of bad consent,” Vaile said.
Ella Buckland, who has
been campaigning against ParentsNext since she was placed on the program, has
asked her provider to destroy the consent form she signed last year. She was
told she needed to sign the form to take part in the program – and therefore
keep her payments.
“I felt humiliated and
disempowered that I didn’t have a choice,” Buckland, a former Greens staffer,
told Guardian Australia. “[I thought] if I didn’t sign it, I wouldn’t be able
to feed my kids.”
The department has told
Buckland in writing she may withdraw her consent at any time. Her provider, who
did not reply to a request for comment, has been asked by the Department of
Jobs and Small Business to respond to her claims.
Terese Edwards, the
chief executive of the National Council of Single Mothers and their Children,
said many women had legitimate reasons for refusing to sign the form, such as
having left a violent relationship.
“Providing this information reduces their
sense of security,” she said. “It could be where the child is getting schooled,
which then has the address of the parent. It could also have the name of the
child.”
Among the women Guardian
Australia has spoken is a mother of a transgender child who did not want to
sign the form because she was concerned about the privacy of her daughter.
Eva* is eligible for an
exemption from the program because she homeschools her daughter, but was told
in a text message she would have to sign the consent form for this to be
processed. She was also told she would have to attend a meeting with her
provider, about two hours’ drive away, and to provide evidence that her
daughter was homeschooled......
ParentsNext privacy notific... by on Scribd
Saturday 8 December 2018
Quotes of the Week
“in the Liberal Party, the problem is intellectual honesty,
intellectual capacity, courage and integrity. Liberal Party politicians are not
even game to attempt ideological coherence in their public pronouncements. They
prefer simplistic slogans, message manipulation, outright lies, and varying
levels of verbal bullying” [Academic
and blogger Ingrid Matthews writing
in oecomuse,
27 November 2018]
“I note, and
accept, advice that there is nothing in the bill that would abrogate
parliamentary privilege. However, the main issue with covert access in relation
to privilege … is that there would be no opportunity for a parliamentarian who
considers that material is protected by privilege to raise such a claim.” [ Speaker of the Australian Senate, Senator Scott Ryan, quoted in The
Guardian, 29 November 2018]
Labels:
#LiberalPartyFAIL,
Big Brother,
federal government,
Internet,
privacy
Friday 16 November 2018
Yet other digital privacy betrayals
The global situation......
The
Guardian, 14
November 2018:
Google has been accused
of breaking promises to patients, after the company announced it would be
moving a healthcare-focused subsidiary, DeepMind Health,
into the main arm of the organisation.
The restructure, critics
argue, breaks a pledge
DeepMind made when it started working with the NHS that “data will
never be connected to Google accounts or services”. The change has also
resulted in the dismantling of an independent review board, created to oversee
the company’s work with the healthcare sector, with Google arguing that the
board was too focused on Britain to provide effective oversight for a newly
global body.
“Our vision is for
Streams to now become an AI-powered assistant for nurses and doctors everywhere
– combining the best algorithms with intuitive design, all backed up by
rigorous evidence,” DeepMind said, announcing the
transfer. “The team working within Google, alongside brilliant colleagues
from across the organisation, will help make this vision a reality.”
DeepMind Health was
previously part of the AI-focused research group DeepMind, which is officially
a sibling to Google, with both divisions being owned by the organisation’s
holding company Alphabet.
But the transfer and
vision for Streams looks hard to reconcile with DeepMind’s previous comments
about the app. In July 2016, following criticism that the company’s
data-sharing agreement with the NHS was overly broad, co-founder Mustafa
Suleyman wrote:
“We’ve been clear from the outset that at no stage will patient data ever be
linked or associated with Google accounts, products or services.”
Now that Streams is a
Google product itself, that promise appears to have been broken, says privacy
researcher Julia Powles: “Making this about semantics is a sleight of hand.
DeepMind said it would never connect Streams with Google. The whole Streams app
is now a Google product. That is an atrocious breach of trust, for an already
beleaguered product.”......
Here in Australia......
Canberra Times, 15 November 2018, p.8:
The chairman of the
agency responsible for the bungled My Health Record rollout
has been privately advising a global healthcare outsourcing company. Fairfax
Media discovered the relationship between the UK-based company Serco and the
Australian Digital Health Agency (ADHA) chairman Jim Birch after
obtaining a number of internal documents.
The revelation comes
as Health Minister Greg Hunt was forced to extend the My Health Record opt-
out period after a compromise deal with the Senate crossbench and a last-minute
meltdown of the website left thousands of Australians struggling to meet the
original deadline.
Since April 2016, Mr Birch has been ADHA chairman with
oversight of My HealthRecord, the online summary of key health information
of millions of Australians. Documents from the ADHA, released under freedom of
information laws, show Mr Birch registered his work for Serco in November 2017,
but the relationship was never publicly declared.
After Fairfax Media
submitted questions last week on whether the relationship posed a conflict of
interest, Mr Birch quit the advisory role.
Serco has won a number
of multibillion-dollar government contracts to privately run - and in some
cases deliver healthcare in - some of Australia's prisons, hospitals and
detention centres.
The ability of Serco to
navigate the controversial area of digital health records would
be invaluable to any future expansion plans.
A spokeswoman for
federal Health Minister Greg Hunt said all board members had declared
their interests.
"Board members do
not have access to system operations, and board members cannot be present while
a matter is being considered at a board meeting in which the member has an
interest," she said.
Lisa Parker, a
public health ethics expert at University of Sydney, said the public
had been asked to trust the agency is acting in its best interests. She said
they should make public any information relevant to that trust…..
The register also shows
Mr Birch knows the chief executive of start-up Personify Care, Ken Saman, and
has been giving him advice since August last year. The software company
recently released "Personify Connect", a product that provides
hospitals with "seamless integration" of its original patient monitoring
platform with My Health Record.
Despite being scheduled
to speak at a "Personify Care breakfast seminar" later this year, Mr
Birch has never publicly declared this interest. Mr Birch is also chairman of
another start-up called Clevertar that allows businesses to create
"virtual agents" and offer "personalised healthcare support,
delivered at scale". This relationship is on the public record.
Public sector ethics expert Richard Mulgan, from Australian National
University, said the chairman should submit to a higher standard than ordinary
board members and distance himself from anything suggesting a conflict of
interest.
He said perception was
just as important as reality and the public, not the people involved, was the
best judge of whether there was a problem.
"The personal
interests register must be published," he said.
"The fact they
haven't can only lead to the perception there are conflicts of which they are
ashamed."
Mr Birch, Personify Care
and Clevertar did not respond to Fairfax Media's questions.
A Serco spokesman
confirmed the company met with Mr Birch "occasionally ... over the past 12
months regarding business management", but did not answer whether it paid
him.......
The Courier Mail, 15 November 2018, p.4:
Your dietitian, dentist,
podiatrist, occupational therapist or optometrist will be able to see if have a
sexually transmitted disease or an addiction unless you set access controls
to My Health Record.
Major new privacy
concerns emerged after the Federal Government was yesterday forced into an
embarrassing call to delay the rollout.
People trying to access
the controversial My Health Record hotline and computer
portal experienced major delays during a rush to opt out before the system was
rolled out tomorrow.
Health Minister
Greg Hunt was forced to delay the opt out period until January 31 after
pressure from health groups and crossbench senators.
The Australian Medical
Association was the only major health group not calling for a delay.
The vast majority of
groups were concerned the record would come into effect before key
privacy and security upgrades had been passed by Parliament. AMA president Dr
Tony Bartone denied its position was related to his need to keep the Health Minister
onside while he negotiated key reforms to general practice care.
Subscribe to:
Posts (Atom)