Perhaps, but I had multiple staff who could have set the processes up in a few minutes, and the programming is not as difficult as you might think, especially with the tools already available in the wild. Since you seem familiar with batch, you are also probably familiar with spawned tasks so one can take any existing product or program and just plug it in.
Lets just agree you are more trusting with the concept of absolute secured technology than myself.
And childishly easy to crack them. Any script-kiddie could do it in seconds.
In any event, data is never locked at the individual file level. That actually introduces more security weaknesses. Unless, of course, you only have the one file.
For heaven’s sake! Batch files?
Even the most amateurish script-kiddie would start off with something like PERL or Python. For most proprietary formats, it’s just a case of downloading the appropriate modules and stringing them together. In some cases, a bit of C or C++ might be necessary, but most of those are just a module download as well. It really isn’t rocket science.
Writing that got me thinking back. The last time I broached the subject of data formats would have been at least five years ago. The most common data format was pdf because GP practice software was (and probably still is) proprietary. The software companies wouldn’t permit data export in any other format. Basically, the doctors printed a report (to pdf) and sent it to what, at the time, was called the Personally Controlled Electronic Health Record (PCHR). In essence, the software companies claimed Intellectual Property rights over their software and its contents. Specific information could be exported, but they wouldn’t allow access to the raw data. They had managed to bind our information with their intellectual property. I doubt the situation has improved substantially in the interim.
The title Personally Controlled Electronic Health Record reveals some of the concerns that the government had been forced to address, to that point in time. This was not Plan A. In fact, I don’t remember what Plan A looked like. Suffice it to say that the PCHR was more like Plan E or maybe Plan K. MyHealthRecord is probably getting toward Plan R. In other words, the problems are not simple and may be insoluble.
A real life example - a relative who is a country doctor wants his patients to have electronic records. Many of his patients are elderly and need to travel to seek specialist attention in major cities. He has two key reasons.
Firstly with paper records, his practice has to spend inordinate time getting and obtaining results, consultations, etc from city based specialists, pathology centres, hospitals and other ancillary health providers. Making sure that a patient’s documentation is taken/posted is a task particularly as appointments need to be set well in advance. Getting the results back in time is an added set of issues.
Secondly, his practice is basically employing two staff just to do this work. With the practice’s patients being on electronic health records, then these two people can be doing more useful work for the practice.
He and his fellow doctors are not concerned that electronic health records are moving the emphasis on medical records from doctor to patient.
Hey, don’t knock it. Many serious production systems use hundreds of batch files using whatever batch language was appropriate, even PERL or Python! There is still work for dinosaurs who understand COBOL and the finer aspects of fault tolerant and secured batch systems.
Probably already mentioned a few times, but folks, it all too late! My health data is already digitally held by my GP clinic, my dentist, PBS, Medicare, Centrelink, travel insurance and health insurance. All of which have various privacy policies and none of which I can opt out of, nor do I have any real knowledge of their security arrangements. So MyHealth is just another player. All I can consider is the balance of risk and benefit - that is if I have any choice to begin with.
I had heard recently about the health thing and apparently there a certain amount of time that to pull out having the records kept. i never understand how they operate anyway and would have never known unitl i heard reticently on the news. The whole privacy issue always annoys me why we all have to keep proving who we are when you are born in australia. stupid idiots they are kinda never agree with there thinking but have to go along with some of it. Not sure what some you other guys think about privacy and this health record idea ?. I was also watching the end of a discussion that was on the abc tonight in regards to what would happen if everything online went down. It seemed they had cyber experts talking and discussing interventions of how to manage such a issue. Im not sure what anyone has to mention about if the internet went down how we would survive.?
The original purpose of the Internet was ‘To have a defence network that could function in the time of a nuclear war’.
The Internet has made our life easier, like plastic bags at the point of purchase, but we could manage without. Or is it too late to go back in this case?
We don’t have to be fatalistic about the amount of information that’s out there about us, we can regain a bit of control by refusing to go along if we’re not sure.
It would make life a lot easier to have all of our medical info in one place, but there’s also a big risk associated with it. We all have a choice to make. It is possible to opt in at any time, easier than getting all your information erased from the site I would guess.
This assumes the internet your mobile talks to is not the same one as the NBN connects to?
I like the idea (not) that when one private (future of the NBN) run enterprise fails to deliver connection to essential public infrastructure (myGov, DSS, ATO, and others), your fall back is another pirate enterprise. One that comes with no universal service obligations or CSG? So true to liberal values you need to pay for both to access an essential public system.
Or have I got this wrong, Myhealth is neither essential nor a free public service?
If so why has the current Federal Govt committed to it, and at what cost?
P.s. I still believe the need is greater than the evil. Is this the LNP’s soon to be NBN moment? Inspired and future proofing, but poorly thought thru.
As others have pointed out numerous times there is much of greater value about each of us with the ATO, Medicare, Centrelink. Refuting Myhealth being added on data security concerns is just another falsehood. It has the same risks as all other government held data. It is more likely your local GP or Hospital will give up your data to hacking or scams, or provided by their software company to litigation lawyers.
I also agree we need much better security and control over all our electronic records and digital finger prints. Saying no to Myhealth may not change the current Governments position on Myhealth or Personal Data. It would need a time machine to return us all to a world with no online billing, account access, email, Facebook and Netflix. There is no Opt out.
It was not meant to assume anything but intended to reinforce how (un)suitable for purpose the NBN is and will remain.
OT but please be careful with the term ‘liberal values’. There are values that are liberal, usually referencing ‘progressives’ in these times, and then there are values that the Liberal Party of Australia espouses, eg far more libertarian than liberal and quite conservative in nature.
edit - addition:
It is not obvious the ALP NBN was poorly thought through, but perhaps the coalitions problem is that they have not embraced their marketing outlets, such as this:
I went to my GP and we discussed the My Health Record when I said that I had opted in in 2016 and there was nothing on my record.
She looked at my record and showed me a box that should automatically be bordered in green for every patient that has opted in. Apparently if it is green, then data should be uploading automatically.
Mine wasn’t green. She had to manually turn my record on, and then go through a rather laborious process of selecting what was to be added to my record. She had to do this several times as the system is not intuitive (for a doctor) and it wiped her selections. Eventually, it started to upload my records. Bear in mind that my GP has been using the automated medical systems for at least the five years that I have been seeing her, if not longer, so she’s an experienced user.
She said that with her patients who had health records it was incredibly difficult to find information, as the information is stored in the order it is uploaded (in a flat file?). She said that it would be better if just the summaries were stored there.
I asked if it would be better if it was something like a hierarchical database, starting with an executive summary with linkages to a summary of each medical specialty (covering such as pathology, medications, x-rays, etc). If it was of interest, the doctor could drill further down to get the necessary detail. She said that would be her preferred option, instead of wasting time hunting through from record to record to look for what she wanted.
From talking to my doctor, it sounds like after all these years of planning, we have another ill conceived piece of technology.
Given the debate on MyHealth Record, the news that has come out in the last 24 hours is interesting and perhaps relevant. It has been reported there has been a major hack of SingHealth in Singapore. The hack involves non -medical information of a quarter of Singapore’s population and 160, 000 patients outpatient medical data has been compromised, but not altered. The attackers, who the Singaporean government say were neither casual or criminal gangs, repeatedly targeted “Prime Minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines.”
SingHealth is Singapore’s largest group of healthcare institutions, comprising of 42 clinical specialties, 4 public hospitals, 5 specialty centres, 9 polyclinics and 3 community hospitals.
As a result, "all of Singapore’s Smart Nation plans, including the mandatory contribution to the National Electronic Health Record (NEHR) project - which enables the sharing of patients’ treatment and medical data among hospitals here - have been paused.
“Specifically, mandatory contribution to NEHR is now on hold until further notice.”
The breach has come as a shock since Singapore is considered to be among the most cyber secure countries in the Asia Pacific region, according to Sky News.
According to ZDNet, "Leonard Kleinman, RSA’s Asia-Pacific Japan chief cybersecurity advisor, said: "Medical data contains a trove of information, from personally identifiable data to financial details, that can be used to create a highly sought-after composite of an individual. As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons.
“On the Dark Web, such data can fetch a high price,” Kleinman said, adding that each entry could be sold for $50 to $100 higher than stolen credit card data. Citing data from Ponemon Institute, he noted that a lost or stolen healthcare record could fetch US$408."
We examine the operation of Australia’s national electronic health records system, known as the “My Health Record system”. Pursuant to the My Health Records Act 2012 (Cth), every 38 seconds new information about Australians is uploaded onto the My Health Record system servers. This information includes diagnostic tests, general practitioners’ clinical notes, referrals to specialists and letters from specialists. Our examination demonstrates that the intentions of successive Australian Governments in enabling the collection of clinical data through the national electronic health records system, go well beyond statutorily articulated reasons (overcoming “the fragmentation of health information”; improving “the availability and quality of health information”; reducing “the occurrence of adverse medical events and the duplication of treatment”; and improving “the coordination and quality of healthcare provided to healthcare recipients by different healthcare providers”). Not only has the system failed to fulfil its statutory objectives, but it permits the wide dissemination of information that historically has been confined to the therapeutic relationship between patient and health practitioner. After considering several other purposes for which the system is apparently designed, and who stands to benefit from it, we conclude that the government risks losing the trust of Australians in its electronic health care policies unless it reveals all of its objectives and obtains patients’ consent to the use and disclosure of their information.
It can be argued that the primary beneficiaries of a health record are the health care professionals who use the data in the record in order to inform decision making.
It is our observation that some health professionals like the idea of a system such as My Health Record, a system that adds useful functionality to their existing system.
It is also our observation that many healthcare professionals are not convinced of the benefits of My Health Record Systems while others are actively hostile to it.
This page is a collection of pointers to information provided by doctors and associated institutions regarding the usefulness or otherwise of My Health Record as well as eHealth in general. In some cases we have quoted from these sources in order to make our own observations.
I had a My Health Record, because I opted in when it was first offered. I ended up removing it not because of any perceived insecurities in the system, but because the updates were erratic and not especially useful to anyone. My GP wasnt accessing it, and the medicare records which turned up were also erratic. The ONLY reliable info was when scripts got filled. I’ll sign up again if it has improved, but for now I am taking a wait and see attitude because if its like it was… its about as useful to me as a bicycle to a fish.
There’s a thread on the Link mailing list. Link dates to the dawn of the Internet in Australia. Its membership is mainly IT professionals and educators. None has anything good to say about MyHealthRecord. Notwithstanding all the taxpayers’ money spent so far, it looks like we got it fundamentally wrong from the start.
By most reports, when it works as designed, MyHealthRecord is:
It looks like we need to go back and start again. Little, if any, of what has been built so far is salvageable.