It is also importsnt to note that medical records are not something new. They are currently currently scattered around Australia/held by various parties including medical practitioners, medical test companies, hospitals, insurance companies, medicare/government etc. If one is worried about insurance companies accessing ones data, there has been the same opportunity in the past. Evidence shows that such has not been done and the MyHealth systems restricts who is authorised to access patient data… .insurance companies can’t.
It is also worth noting the one of the security of the records includes:
The Agency’s Cyber Security Centre continually monitors the system for evidence of unauthorised access. This includes utilising specialist security real-time monitoring tools that are configured and tuned to automatically detect events of interest or notable events. Examples of this include:
Overseas access by Consumers and Healthcare Providers
Multiple failed logins from the same computer
Multiple logins within a short period of time
Logins to the same record from multiple computers at the same time
High transaction rate for a given Healthcare Provider
Certain instances of after business hours access and all instances of emergency access.
It is a good initiative that they monitoring overseas IPs…however, it possibly would be better to completely block them as overseas IPs will possibly be the main source of most hackers.
It should also be only Australians and their medical services who should need access…which should be based in Australia. The only exceptions would be travelling Australians who may be in difficultly and wish to share their medical history…but this is possibly an likely scenario OR medical services companies that run their servers overseas. Restricting IPs to only Australia would force these companies to have local services to manage data/access which may not be a bad thing to so anyway.
Sounds like you’ve swallowed a great many of the government’s talking-points.
The question is; is MyHealthRecord an improvement? If so, then is it enough of an improvement to compensate for the risks?
From the perspective of the few medical-professional users that I’ve managed to speak with, the answer to that is probably no. The best that can be said for it is that a limited set of data can be made available, assuming adequate telecommunications. The data is not presented in effective of efficient formats, nor in effective or efficient ways.
Here’s a quote from an article that one contact pointed out. It’s not directly MyHealthRecord-related, but mentions it in passing:
In the real world, GPs are grappling with being thrown links to hospital electronic records through systems such as “The Viewer”. Investigations are likely to be uploaded (after a delay) to MyHealthRecord. These are raw data, unfiltered and disorganised, and more of a throw than a handover. Being thrown raw data and being expected to catch them in this way is akin to a hospital doctor being given the login to the GP clinic’s patient management system and being expected to extrapolate a referral.
Some day, MyHealthRecord might be enough of an improvement to make the risks worth taking. That day has not yet come.
I reckon the government has gone for opt-out while the system is still half-baked, so they can pretend that the program is a success at the next election. Sadly, it’s not yet ready. They’ve spent so much that they can’t afford to admit the truth.
I here what you are saying but when even the Governments Former Digital Transformation Head has said “if he was Australian he would probably opt out of the Government’s controversial online health database” there is certainly a security concern.
Australia’s largest Online Appointment Booking app HealthEngine has funnelled hundreds of users’ private medical information to law firms seeking clients for personal injury claims.
My main concern is that once this data is put on the net it can never be removed, ever.
I agree, they might also hike your premiums.
Just imagine if your DNA is somehow put on the website, if the data is hacked it could be sold on to anybody with an interest. Most worrying is for the younger generation as this sort of information has serious implications for them.
I’d like to know if all my information on the site is able to be viewed by myself or am I only able to view limited information
I find it highly offensive that the Government is able to have all this information put onto the site without my permission, this should be a voluntary opt in not opt out.
There has been very little put out by the government regarding this program
I agree & remember once this information is on the net it can not ever be removed.
I don’t think its scaremongering when there are so many examples of data breaches
HealthEngine passing on personal information to lawyers
Facebook
Amazon
Cambridge Analytica 50m Facebook profiles
US Election
Ticketfly 26 Million users
Timehop 21 Million users
MyHeritage 92 Million users
Under Armour/MyFitnessPal 150 Million users
Taringa! 29 Million users
21st Century Oncology 2.2 Million
Philippines Commission on Elections 55 Million
Ai.Type 31 Millions customers
Uber 57 Million customers
Pizza Hut Undisclosed customers
Yahoo 3 Billion email users
Deloitte Undisclosed customers
Equifax 143 million consumers in the US credit card numbers of 209,000 consumers and the
personal identifying information of 182,000
CEX 2 million customers
‘Onliner’ spambot 711 million usernames and passwords
Bupa 500,000 customers
Zomato 17 million users
‘Eddie’ 560 million passwords
Ashley Madison 32,000,000 users
This is why I have a hard copy of relevant medical information at home & an electronic copy on an SD card taped to my medicare card. I also have a small note taped to my medicare card informing that medical information can be found on attached SD card
You are expecting paramedics, nurses and doctors to think of going through your pockets looking for a stick when they are trying to stop you from bleeding to death or treating your heart attack. Even if found, then they would hardy want to fluff about trying to bring up the relevant file(s) on your stick.
All they would be searching for is your electronic health records as well as your heart beat.
Well yes they would be going through your pockets to look for who you are as if the don’t know who you are how are they going to look up your medical records. It would be far quicker to look at a file on a sd card than log into a website especially as the internet in Australia is of a third world standard
I’m sure that some of the feedback posted will not be ignored.
In a “careful what you wish” for moment - I can see Steve1959 suggestion we carry an SD card strapped to our Medicare card morphing. First to a smart Medicare card that holds all your data on a chip. No risk of any hacking there. The second improvement on the notion upgrade to an implanted medi chip, instantly available to a medics reader. It’s best to leave up to your imagination how this might be hacked.
I can see in my ’ Medicare’ that I’ve had my FluVax (but Tetanous and Pneumonia vaccinations are missing) and the dates and names of doctors I last visited, but to see if there is any information or any of my details in ‘MyHealth’ I need to sign in!
I know you know this and it was bait. Nobody has ever lost their medicare card and we all carry them with us every time we venture out. Same with a chip taped to the card. Since ‘someone’ needs to read it, it can be cracked.
Yes.
I admit to have little confidence in our reactive government’s ability to execute much of anything to a high standard as they have consistently been blindly partisan in decision making, short sighted, and repeatedly sign contracts with companies that have failed and failed again just to get yet another lucrative government contract.
If there is a successful penetration that is an audit of, not a protection for what was hacked. Universities, including ANU would have had many if not all of those same ‘protections’ in place as did the Bureau of Meteorology.
I can already hear the bleating that such restrictions could be circumvented by VPNs as well as inhibiting companies ability to turn a larger profit via offshore call centres. Considering how government appears to make so many decisions do you think privacy and security or profits will win that discussion? OK, sometimes they arrive at the ‘correct’ conclusion, but.
My GP is excellent but her office has gone 100% digital over the past few years. It would be interesting to know the format of MyHealth records. Are they separated into (eg) maintenance prescriptions, allergic reactions, surgeries, blood test results, ‘personal problems’, diagnosed maladies (ie ear infections, an STD, etc) and so on, or is it truly government thinking whereby every entry must match a database of approved entries (Argh!) or almost as bad, a free for all where each entry merely appends to the previous? So many curiosities and so little factual information.
If so, in these days of ever stingier medicare payments to the GPs what are the chances all duty and care is going to be taken, especially by the bulk billers who survive on volume?
I am not sure it has not yet come, but more importantly I have not been convinced it has.
Last I heard, most were just pdf files. According to one contact there are some database records, but they’re either in proprietary formats or converted from proprietary formats (with variable results).
Whether it has or not will depend on the individual’s circumstances. For me, it hasn’t.
Perhaps the real test will be the practicing medical professionals response to Myhealth.
That’s given their need to commit their resources - fee increases?
And if Myhealth does become practical and functional, the ease of customers changing providers.
Of course there is a benefit to the profession in reliable shared data assisting their responses to customers inappropriately shopping around for medication.
If this is the case, it is easy to lock/encrypt PDFs to make data extraction near impossible or very time consuming.
Assume the records systems is successfully hacked, I can’t see a hacker retypng or cracking each PDF to make the data available to to others.
Likewise with proprietary formats.
If the records are locked/encrypted PDFs (which the government often uses for its publicly available documents), this also discredits some of the information being reported by the media/critics.
But this would still need to be done manually and also the data extracted and reformatted to make usable/attractive. A hacker won’t really be interested in doing this for potentially millions of records as they will be spending all their time extracting the data and not hacking to make money/give grief.
Yes, but to set up batch files extraction for multiple formats would be time consuming to say the least. Is someone who is after quick results going to make the effort to sets up such extraction systems, including data validation etc.
My guess would be no.
If all patient/consumer data was in a digitial tabular/matrix/traditional database format, then this would be far easier and more attractive as it would be easy to pass on as a whole data set.
