back to article Oz digital health agency tightens medical record access as watchdog warns of crim honeypot

Australia's Human Rights Commissioner has weighed into the country's troubled electronic health records rollout. Speaking to the Australian Broadcasting Corporation about the launch of a project to protect human rights amid the growing reliance on artificial intelligence and global data sharing, commissioner Edward Santow said …

  1. Anonymous Coward
    Anonymous Coward

    No worries, its all good, nothing to see here....

    Singapore: Hackers broke into govt health database 1/4 population hit:

    https://www.bbc.co.uk/news/world-asia-44900507

    ~~~~

    If hackers don't get you, Surveillance-Economy AI-insurance bots will:

    https://www.bbc.co.uk/news/business-44466213

    1. Sampler

      Re: No worries, its all good, nothing to see here....

      Was going to post the same, in case the article wasn't clear, opt out here:

      https://www.myhealthrecord.gov.au/for-you-your-family/opt-out-my-health-record

      1. Denarius
        FAIL

        Re: No worries, its all good, nothing to see here....

        and to add insult to irritation,

        the web site stage two identification may barf if one uses a drivers license or passport as identity documents. Would you trust a department that cant even get a standard ID process working that other governments have done for a year or three ? At least humans on phones were competent.

        1. sanmigueelbeer

          Re: No worries, its all good, nothing to see here....

          Would you trust a department that cant even get a standard ID process working that other governments have done for a year or three

          Don't be silly. No public servant made that website. The entire site was probably given to one of the big "body shop". Malcolm Turnbull recently gave IBM Australia a US$1billion contract.

          Don't worry. IBM knows what they're doing.

          1. Anonymous Coward
            Anonymous Coward

            Re: No worries, its all good, nothing to see here....

            No that was the previous $1Bill they gave to accenture back in 2010’ish to build this heap of junk

        2. onefang
          FAIL

          Re: No worries, its all good, nothing to see here....

          "the web site stage two identification may barf if one uses a drivers license or passport as identity documents."

          It barfed on me trying to use my Medicare card.

    2. Adam 1

      Re: No worries, its all good, nothing to see here....

      You might as well add the 37 no sorry we mean 78 million left pondian Anthem Healthcare sods whose records were stolen by hackers in 2015. But don't worry. We have big penalties.

  2. sanmigueelbeer
    Mushroom

    he's concerned that patient data isn't sufficiently protected.

    Opting out.

    I am concerned that the Australian government don't have the necessary manpower to timely detect and stop unauthorized access to the database.

    Singapore took a week to detect the breach. At our current state, I think the Australian government won't even announce the breach and cite "national interest" as a reason to keep it quiet.

  3. Invidious Aardvark

    So if I understand these tough new powers, the CEO now has the power to close the stable door a mere 5 days after the horse, loaded down with all that data, has bolted.

    If he feels like it.

    After he's notified the offending party that he's about to do so.

    Needless to say I have opted out rather than participate in this game of health data breach roulette.

  4. Winkypop Silver badge
    Thumb Up

    A tissue, a tissue

    We all opt out...

  5. david 12 Silver badge

    Unauthorized Access

    So the police /can/ access the database - when authorized to do so. Faugh.

    Government on the radia this week saying "Government can't access the data". Cause when I say "Government", I mean me. The rest of government, the police, the internal fraud division, the courts, the child support agency, the intelegence services, they aren't "government".

  6. Pascal Monett Silver badge
    Stop

    What's that ?

    "discretion to release information without a warrant, if it “reasonably believes that the use or disclosure is reasonably necessary”"

    If the disclosure is reasonably necessary from a judiciary point of view, then there will be a warrant. If there is no warrant, then it is not warranted to disclose the information and I refuse to consider that the ADHA has that authority under any grounds.

    That said, I don't live in Australia, but still, if I did, I wouldn't be happy about the situation.

  7. mathew42
    Thumb Down

    I'm surprised the government hasn't simply added creating a record to their practice incentive payment scheme. For those not aware the government makes additional payments to clinics which achieve certain KPIs.

    For GPs already using medical records software it would be a simple ticking of a box and wait for the cash to arrive.

  8. onefang

    Due to popular demand, next week at the seniors place I volunteer at, I'll be sitting at my computer helping any senior that requests it, help with opting out. Although given how well their web site has worked so far, I'm not expecting a high success rate.

  9. Woodnag

    I bet there's a fundamental lie here

    "If you don't have a My Health Record and don't want one created for you, you will need to opt out."

    "However, if you decide later that you would like a My Health Record, you can create one at any time by following the steps to register."

    All the data on everyone will be in this database. It's just the data access portal called "My Health Record" will only be enabled per the opt-in/out system. One check box.

    So everyone's data will be vulnerable, because it's the database that gets shared, copied etc. Opting out of this one portal helps a little, but not much.

  10. chrisw67

    Not just law enforcement

    'Section 70 of the Act gives the ADHA discretion to release information without a warrant, if it “reasonably believes that the use or disclosure is reasonably necessary” for law enforcement purposes.'

    If I was feeling generous I might assume that any law enforcement purpose could already be covered by a court-issued warrant. However, the Act does not require a warrant for law enforcement purposes just a "reasoanble belief" on the part of the system operator. This was deliberate wording, not an accident.

    More concerning for me is that only "reasoanble belief" is required to release information to "protect the public revenue" (70(1)(c)). So, when a government is looking to save a few bucks on Medicare it can trawl this information, in aggregate, for the areas it could cut with least public backlash. Or, in or targeted fashion, evaluate "suspect" citizens or groups with a view to reducing their personal Medicare or private health rebates. Even worse, "protecting the public revenue" could mean increasing the public revenue by on-selling the data to anybody with the cash. All good as long as someone at a system operator being paid by the government arrives at "reasoanble belief" when requested by the government.

    1. GrumpyOldBloke

      Re: Not just law enforcement

      And we haven't even got to 5-eyes and the data sharing implications there yet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon