Data leaked in 3-2-1
Given the government's lack of skill or interest in protecting their citizen's info from hackers, this is hardly surprising.
Anyway, from May next year it will be mandatory to use it.
One of the Australian government's signature policies, the electronic health record, has been all-but-abandoned by the healthcare sector. While the AU$1.7 billion spent on the My Health Record system so far has attracted registrations from more than five million Australians, the government's dashboard [PDF] for the system …
It will be mandatory to give your data to the government. They can't make doctors use it. Doctors have their own systems which are far more useful. In fact doctors will need to be very careful about what gets into my health record, not because of what it might reveal about patients but of what it might reveal about themselves. My health record is only a summary/subset of a patient's medical data. It could easily be misinterpreted.
Although the laws may have been passed, the records are not being created
Informed by the findings of the evaluation of the participation trials in 2016 that tested an opt-out approach with two large communities against the current self-register model, the independent researchers strongly recommended moving to a national opt-out model to bring forward benefits of the system to both consumers and the wider healthcare system.
Currently over 4.8 million people already have self-registered for a My Health Record however by the end of 2018 almost all patients will have a digital health record. This should bring more timely access to important health information by both the consumers and their treating healthcare providers.
There will be an opportunity for every Australian to opt out if they do not want a record in mid 2018. The Agency has created a subscription email for individuals to register to receive an email when the opt out period begins next year. Individuals can register at the My Health Record Website.
https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/news-032
I am still waiting for my email
Edit : Because I know this is coming, at my last GP visit I double checked that the settings on my records with them are still set to not share with anyone. On my file is a solicitor's letter threatening legal action for breach of privacy if any data from my GP file ends up in a myhealth record. I crossed out all the boilerplate on their privacy agreement that allows to share data with anyone outside the practice.
Most healthcare admin staff seem to prefer to work off their tried and true system of getting patients to write everything down about themselves on paper a hundred times, then faxing it around to referred specialists whose reception staff will ask you to write it all down again anyway.
The first aeroplanes had mininal payloads, crashed regularly, and were generally derided. Anyone remember early mobile phones and the early phone network.
Australia spends about 15% of GDP on healthcare. The cost of this initiative is piddling compared to total healthcare spend and the upside is enormous. We are on version 0.2 and everyone wants to moan about the missing V10 features. I read somewhere that just reducing repeated tests would pay for the system. Give it time. This sort of system has to build its dataset and connections to be worth using. It's a big ask. There's a lot of resistance to overcome and connected systems that need to adapt.
Indeed. But this is hardly the first database, web interface, online register of activity, that humanity has built.
Apart from hiring some technical skillz, they could have started by building in a few obvious key requirements in the beginning, such as:
Data protection
Primarily allow the user to own and store their own information, not be forced to leave it in a massive honeypot where others will do their best to dis-own it.
Support user-defined encryption, where at a minimum, users can opt to keep the private key- or do something like use a secure ID token that they can use to access their data, and restrict others' access to it.
Ability for the user to scale security on the encrypted data, re-encrypt, double-encrypt, re-issue tokens, keys, passwords, MFA, etc.
Because they avoid all aspects of user-oriented security concerns, the DTO and others are destined to fail. Why not get it the right way round, implement workable security around the citizen first, and then add features and accessibility? E.g. Plan for regular releases to build solid functionality on top of a stable, well-tested base:
i.e. A New feature/day.
v1.0 Secure and stable storage of information, bare minimum of features
v2.0 Add features as needed
v3.0 etc.
Not
v1.0 Broken
v1.1 Worse
v1.2 Hacked
v1.3 Patched
v1.4 Hacked
v2.0 Doesn't work
v2.1 Fixed so it works (but only for some)
v2.2 Works mostly, but now most users are scared of the whole thing, project stalls.
v2.2 Force everyone to opt-out instead of opt-in
v2.3 Technical release, buying time
v3.0 Mine data from other sources, insert
v3.1-v8000 Remove data inserted into unrelated accounts. Quadruple budget, several times.
v4.0 Deal with constant attacks, publicity around ongoing data ex-filtration to offshore actors
v5.0 Announce new cloud platform version, all data cleaned and migrated
v5.1-5.5 Fail to migrate data, force everyone to re-upload records
v6.0 Amend account data where lost, incorrectly related and causes problems (practitioners to prescribe the wrong dose, medication, procedures, etc.)
Giving a turd rolled in glitter more time to perform only results in throwing more good money after bad.
Having unified data can be very important when dealing with multiple providers. The current system of faxing data is a mess and lead to errors.
However, all the data collected from GPs etc needs to go there automatically for it to be useful. All GPs have IT systems, just not interconnected (except by fax machines).
There are privacy nuts who have made this very difficult to build. ASIO, the AFP and the NSA already could know everything about you, that is a lost battle. But having unified records is essential.
NEHTA spent a large amount of money designing something that was never going to be built. What was needed was a simple system that works.
No it's not. The issue is relevant data, well managed. My Health Record is a heap of unorganised pdfs mostly just summaries and Medicare/PBS data which doesn't tell you anything about your medical treatment, only that you've seen a doctor or had a test or been given or filled a script. 90% of my health record data is useless Medicare/PBS stuff.
A better solution would be to put GP systems at the centre and support them with proper interoperability.
I don't think patients are uninterested in it necessarily. I think they mostly don't know anything about it, or why they're supposed to use it. What benefits is it suppoed to offer? I know I've barely heard of it, and recently I've been spending more time than is good for my blood pressure on the MyGov site. Is it more or less interesting/useful than a royal commission into ba... zzzz.
The government is usually happy to shout its achievements from the TV, radio, etc. at any opportunity (see NBN) whether justified or not, but this thing, has it ever been mentioned?
"I don't think patients are uninterested in it necessarily. I think they mostly don't know anything about it, or why they're supposed to use it. What benefits is it suppoed to offer? I know I've barely heard of it"I spend rather more of my time at the doctor and hospital than I'd like due to chronic illness. This is the first time I've heard about the My Health Record service. Dunno if there's any messages on my MyGov account because I can't access it without entering the code they are not sending to my mobile phone.
The ADHA has issued a media release that tries to correct recent media reports about a lack of decent communication re optout
Original report
http://cruisewhat.com/privacy-groups-outraged-failure-inform-aussies-new-government-health-record/
"correction"
http://www.aapm.org.au/Media/News/ID/603/Correcting-recent-but-inaccurate-media-reporting-for-My-Health-Record
All they have done is confirm that the original report was correct - there will be no mass communication campaign (TV, Press, mail-out). The rest of the media release contains the usual half truths and spin.