Showing posts sorted by relevance for query pcehr. Sort by date Show all posts
Showing posts sorted by relevance for query pcehr. Sort by date Show all posts

Tuesday 6 May 2014

e-Health PCEHR platform: what is the Abbott Government trying to hide?


Federal Minister for Health & Minister for Sport, Peter Dutton
Media Release

e-Health Record Review

The review of the Personally Controlled Electronic Health Records (PCEHR) system has been completed.
20 December 2013

The review of the Personally Controlled Electronic Health Records (PCEHR) system has been completed.

Health Minister Peter Dutton today received the report from the review team headed by the Executive Director of the Uniting Care Health Group, Mr Richard Royle.

The review looked into significant concerns about the progress and implementation of the PCEHR.

Mr Royle was assisted by AMA President Dr Steve Hambleton and Australia Post CIO Andrew Walduck.

Their report provides a comprehensive plan for the future of electronic health records in Australia.

Mr Dutton said the Government would now take time to consider the review recommendations and would respond in due course.

“I sincerely thank the members of the review panel for their work on this matter.”

Media Contact: John Wiseman – 0401 776 108
Delimiter 28 April 2014:
However, Dutton has not committed to publicly releasing the findings of the PCEHR Review. As a consequence, in early January, Delimiter filed a Freedom of Information request with the Department of Health seeking to have the full text of the document released under the Freedom of Information Act. In late January, Rob Schreiber, acting assistant secretary for eHealth Policy for the Department of Health, wrote back to Delimiter claiming that he could not find a copy of the report within the department.
Subsequently, Delimiter filed an notice of appeal with the Department, asking explicitly that the Minister’s office be included as a search location for the document. In addition, Delimiter filed a second Freedom of Information request with the Department for the document, under the assumption that a copy may have been filed with the Department at a latter date.
Late last week the Department wrote back to Delimiter, stating that it had decided that the document would not be released under Freedom of Information laws. In the letter (which you can view in full here in PDF format), Linda Jackson, Assistant Secretary of the eHealth Policy Branch of the department’s eHealth Division, acknowledged that there were public interest reasons why the report should be released.
However, ultimately Jackson used section 47C(1) of the Freedom of Information Act to block the release of the report, on the grounds that its release would “disclose opinion, advice or recommendation obtained, prepared or recorded, or consultation or deliberation that has taken place in the deliberative processes of an agency or Minister or the Government of the Commonwealth.”
“If the contents of the review were to be made public, the matters presently under consideration … would be prematurely exposed to scrutiny which would undermine the integrity of the decision-making process of government,” Jackson wrote. “It is in the interest of the Australian community as a whole that consideration of the report’s recommendations and analysis be conducted in circumstances of confidentiality to government and those public officials who need to know relevant details.”
“I note in this context that key stakeholder groups, including peak clinical bodies, were given the opportunity to make submissions to the review team.”
The news comes, however, as pressure grows on the Government to release the report. Australian Medical Association president Steve Hambleton, who was one of three experts who produced the report, told the Financial Review several weeks ago that he had believed the report was going to be released in January, then February, then April…..
Given the privacy issues surrounding the PCEHR system and the background of the review's authors, one has to wonder if the report the Abbott Government is sitting on so determinedly may contain evidence of ongoing privacy breaches or a proposal to increase data collection on patients without their consent or yet again, a proposal to further limit patients control over their own electronic records.
One also has to wonder if this report indicates a relationship between a rise in the number of persons registered within the PCEHR system and the 2013 commencement of the federal government's Practice Incentives Program (PIP) which enables quarterly incentive payments (capped at $12,500 per practice, per quarter) to medical practitioners for joining and using this national data system.

Monday 8 July 2013

Epic Fail: eHealth national database contains only 397,745 mostly empty individual patient files


Delimiter 3 July 2013:

As at June 30, the Department of Health and Ageing said that total number of users was 397,745. The majority of these registrations resulted from a recent push by DoHA using consultants to sign people up at public hospitals and at eHealth roadshows.
Still, even if the government had met the target of 500,000, it would have been a meaningless gesture. The vast majority of those who have signed up, if they ever get around to logging in, will be greeted with an empty record. Given the lack of active participation on the part of GPs, as well as the lack of public hospital systems to integrate with PCEHR, there’s little evidence to suggest that this is going to change any time soon.
So far, only 4,805 individual providers have signed up to access the PCEHR portal. This is despite the fact that the government provides incentives to GPs to connect to the system by paying them the Practice Incentive Payments for eHealth (ePIP).
Despite these payments, GPs still struggle to see the benefit of spending time curating shared records when the legal liabilities are still unknown but are potentially severe.
The cost of the ongoing maintenance of these largely empty records is about AUS$80m a year. And that’s just the baseline. It’s clear that a great deal more funding will be needed to try and lift the level of meaningful use of PCEHR.
The problem for governments is that increasing spending on a system becomes progressively harder the longer it remains largely unused. What’s more, the devolved nature of the Australian health system makes it extremely unlikely that we’ll ever see true and meaningful use of the system. What we will continue to see however, are reports of increasing numbers of registrations, data about the number of people who accessed the system and how much administrative data has been added……

Funding for the personally controlled electronic health record (PCEHR) system does not extend beyond the end of this financial year, but both federal and state governments appear determined to retain this flawed national database.

Wednesday 13 May 2015

The Australian general public overwhelming rejected a national medical records database but the Abbott Government is still insisting on gathering every piece of medical data on citizens that is available


On 10 May 2015 the Australian Minister for Health Sussan Ley freely admitted that two years and ten months after the federal government’s national database of personally controlled health records (PCEHR) opened for business as eHealth less-than one-in-ten Australians have decided to opt-in to this scheme.

Less than one-in-ten appears to indicate that an estimated 18 million adults have decided to not hand over their own medical records and those of their children to a federal government agency.

The Abbott Government’s response, to what can only be seen as an overwhelming rejection by both the general public and GPs, is to insist that all citizens now be mandatorily included in this national database which will allegedly have a new opt-out provision.

The reason given for this move to add every citizen to a re-worked national database is a recommendation contained in an ‘independent’ six-week review of eHealth by a three person panel ordered by then Minister for Health Peter Dutton in November 2013.

This recommendation by Messrs. Royle (Australian Private Hospitals Association), Hambleton (Australian Medical Association) & Walduck (Australia Post) was for an opt-out model to be implemented by 1 January 2015 as there was little meaningful use of the existing opt-in eHealth database.

A brief background of the evolution of this national database on North Coast Voices:

Wednesday, 7 November 2012 e-Health: join at your own risk

Wednesday 1 August 2018

Turnbull Government prepares an end run around the Australian electorate?


In 1986 the Federal Government couldn’t get the national electorate to accept the Australia Card, a national identity card to be carried by all citizens.

Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.

Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.

When after three and a half years the populace did not register in sufficient numbers for the so-called Personally Controlled Electronic Health Record (PCEHR), an intrusive opt-in data retention system, government changed tack.

It relabelled PCEHR as My Health Record (MHR) in 2016 and broadened the number of agencies which could access an individual’s personal/health information. Decreeing it would become a mandatory data collection system applied to the entire Australian population, with only a short an opt-out period prior to full program implementation1.

However, it seems that the Turnbull Federal Government expects around 1.9 million people to opt-out of or cancel their My Heath Record in the next two months. Possibly with more cancellations to occur in the future, as privacy and personal safety become issues due to the inevitable continuation of MHR data breaches and the occurrence of unanticipated software vulnerabilities/failures.

So Turnbull and his Liberal and Nationals cronies have a backup in place in 2018 called the Data Sharing and Release Bill, which Introduces legislation to improve the use and reuse of public sector data within government and with private corporations outside of government, as well as granting access to and the sharing of data on individuals and businesses that is currently otherwise prohibited.

The bill also allows for the sharing of transaction, usage and product data with service competitors and comparison services. An as yet unrealised  provision which is currently being wrapped up in a pretty bow and called a consumer right - but one that is likely to be abused by the banking, finance, insurance, electricity/gas industry sectors.

The bill appears to override the federal privacy act where provisions are incompatible.

This is a bill voters have yet to see, because the Turnbull Government has not seen fit to publish the bill’s full text. Only an issues paper is available at present.

Notes:

1. Federal Government may have succeeded in retaining the personal details of every person who filled in the 2016 Census by permanently retaining these details and linking this information to their future Census information in order to track people overtime for the rest of their lives, but this win for government as Big Brother was reliant on stealth in implementation and was limited in what it could achieve at the time. 

Because not everyone ended up with a genuine unique identification key as an unknown number of individual citizens and permanent residents (possibly well in excess of half a million souls) as acts of civil disobedience deliberately filled in the national survey forms with falsified information or managed to evade filling in a form altogether. 

Thursday 14 April 2011

PCEHR opt-in provision expected to allay privacy concerns. Pull the other one!


Sometimes I wonder exactly where on the globe this LaLa Land pollies live in is to be found.
Because no-one could seriously believe that the e-Health initiative (laughing called the voluntary Personally Controlled Electronic Health Record (PCEHR) System) that Roxon and Co are intent on saddling Australia with is not part of a national database which will be packed with inerasable and sometimes error-riddled records.
A system which will allow every nosey parker, from police through to the local chemist, access to someone else's personal information if they decide to class their data crawl as an 'emergency' request.
To make the entire situation a little more bizarre; it seems that if an emergency request goes in on someone whose does not yet have a digital health record in this system (and perhaps never wanted to opt-in) then one is created without that individual's knowledge or consent.
Once created this new record can be hidden from view but can't be eradicated.
Even death won't see your record disappear; so be prepared for the possibility that eventually these records will turn up in the National Archives for your great-grandkids entertainment. Just as anyone can now find out if their dead Anzac grandpa contracted the clap on the way to the front in WWl by looking at a copy of his military record online.
And apparently this e-Health system can be accessed after July next year by Roxon's nosey parkers on the move using iPhone and Blackberry.
The potential for abuse is enormous.

Tuesday 7 February 2012

eHealth - when "We told you so" gives no satisfaction


First it was privacy concerns which headed the list of reasons why the proposed eHealth scheme could be one of the worst ideas Federal Labor has come up with in the last one hundred years – now it seems the very wheels are thought to be falling off the national database wagon and it may even be dangerous to patient health.


The Australian 6 February 2012:


"That medication list (on records) is going to become a major mish-mash of sources of information from different people in different places describing the medication using different names and it's going to be extremely confusing."

Senate Community Affairs Committees Inquiry into Personally Controlled Electronic Health Records Bill 2011 and one related bill

MSIA has repeatedly asked for the information contained in the comprehensive safety report that NeHTA has stated was performed prior to the Health Identifier service going live. This has not been made available. The results of a recent FOI request to DoHA by The Australian, demonstrated that DoHA does not have such a report. The recently discovered design flaws suggest that the safety report, if completed, was not sufficiently comprehensive.
[Medical Software Industry Association submission (PDF 438KB)]

Wednesday 7 November 2012

E-Health: join at your own risk

 
It is hard to believe that 13,600 people are said to have joined the national e-Health database, when the system seems so insecure.
 
Pulse+IT 22 October 2012:
 
The National E-Health Transition Authority (NEHTA) has confirmed it has cancelled its $23.6 million contract with IBM to build the authentication service for the PCHER system.
IBM won the contract to build the National Authentication Service for Health (NASH) in March 2011. It promised to create a security and access management system to enable healthcare providers to securely access the PCEHR by June 26, 2012.
IBM failed to deliver its promised infrastructure for NASH by its deadline and an interim solution was deployed by the Department of Human Services (DHS). Secure tokens were issued in late August to those healthcare providers and organisations who had registered for an HPI-I and an HPI-O respectively and had applied for a certificate from Medicare Australia.
 
Australian IT 23 October 2012:
 
THE Department of Health and Ageing has refused to guarantee that its much vaunted e-health record system is risk-free after more than 140 risks were identified before it went live on July 1.
The Gillard government's personally controlled e-health record system, developed by Accenture, contained a staggering 142 risks of which 32 were rated extreme, 77 high and 33 medium.
The detailed risk assessment study, obtained by The Australian, was prepared by the National E-Health Transition Authority (Nehta) and submitted to the Health Department and other relevant parties about two months before the July go-live date.
The department did not directly respond when asked to confirm that all the risks were resolved by July 1.
 

Sunday 29 July 2018

When it comes to My Heath Record the words horse, stable, door, spring to mind


In January 2016 the Australian Digital Health Agency (ADHA) became a corporate Commonwealth established under the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule.

It has a board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable body of the ADHA.

Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng,  Professor Johanna Westbrook and Michael Walsh sit on this board.

The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.

ADHA is also the designated Systems Operator for My Health Record which currently holds the personal health information of 5.98 million people across the country and will add the remaining 19 million after 15 October 2018 unless they opt out of being included in this national database.

Given the potential size of this database the question of cyber security springs to mind.

It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.

Australian National Audit OfficePotential audit: 2018-19:

Management of cyber security risks in My Health Record

The audit would examine the effectiveness of the Australian Digital Health Agency’s management of cyber security risks associated with the implementation and ongoing maintenance of the My Health Record system.
My Health Record creates a record of Australians’ interactions with healthcare providers, and more than 5.5 million Australians have a My Health Record. The audit would focus on whether adequate controls are in place to protect the privacy and integrity of individual records.

It seems that the Australian general public still only has the honeypot's dubious word that it cannot be raided by unauthorised third parties.

Prime Minister Malcolm Turnbull has reacted to growing community concern about the number of agencies which can access My Health Records with a vague promise of "refinements" and with this outright lie; "The fact is that there have been no privacy complaints or breaches with My Health Record in six years and there are over 6 million people with My Health Records".

The Office of the Australian Information Commissioner has recorded complaints and at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".

BACKGROUND

Intermedium, 8 May 2018:

Re-platforming options for the My Health Record (MHR) system will soon be up for consideration, with an Australian Digital Health Agency (ADHA) spokesperson confirming that a request for information will be released in the next few months to inform plans to modernise the infrastructure underpinning Australia’s mammoth patient health database.

An open-source, cloud-based environment has already been flagged as a possibility for the MHR by Department of Health (DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....

The Sydney Morning Herald, Letter to the Editor, 26 July 2018. p20:

What happens to medical records when opting out?

Dr Kerryn Phelps reminds us that, if people don't opt out, the My Health Records Act allows disclosure of patients' health information to police, courts and the ATO without a warrant ("My Health Record backlash builds", July 25). This would be in addition to "health information such as allergies, medicines and immunisations" available for emergency staff.

How can the access be restricted to emergency staff? How can only certain categories of information be released when allergies and medication are part of general medical notes? I was not reassured by "serious penalties relating to the misuse of information do not apply to accidental misuse" on the website. I opted out.

My GP has told me that, nonetheless, she will be obliged to upload my records - which sounds credible since I have formally opted out with the government, not with my doctor's practice. So what happens - does my health record get kicked off "the cloud"? What exactly did I opt out of?

Denise De Vreeze [my yellow highlighting]