[LINK] The "health" record security model

Bernard Robertson-Dunn brd at iimetro.com.au
Sun Nov 11 16:33:48 AEDT 2018

On 11/11/2018 4:04 PM, Karl Auer wrote:
> On Sun, 2018-11-11 at 14:22 +1100, Bernard Robertson-Dunn wrote:
>> The elephant in the room is Section 71 of the myhr legislation
>> "Prohibitions and authorisations limited to health information
>> collected by using the My Health Record system".
> As was so eloquently said in quite another context "the only way to win
> is not to play the game".
> At an individual level, that means opting out now.
> For the Government, if they are serious about doing something good for
> the nation rather than their own bureaucracies, it means killing the
> current project now.

IMHO, it is more likely that the ALP will kill the thing.

The original ALP MyHR design was a virtual health record that
connected disparate sources of health data but left it where it was.
There was a small central database for additional information. This was
a reasonably sensible approach that did not overload doctors with manual
data input and did not involve giving data to the government. The system
was also supposed to have smart cards for each authorised user so you
knew exactly who had seen your data.

The organisation set up to deliver this (NEHTA) and a couple of project
managers in the Department of Health (run at the time by Jane Halton)
discovered the problem was much harder than they thought so they
hijacked the design, and simplified it (all data is uploaded to a
government owned and controlled database;  no smart card so only the
institution is identified and a few other stupidities happened) so they
could meet their self imposed deadline of 1 July 2012.

There's an old saying in the IT world: all projects have time, cost and
quality - you can only have two. In the case of MyHR they picked one -
time. It cost more and did less.

They can blame the Coalition for destroying trust
and can kill the thing, thus getting the political benefit and
eliminating the future risk. There are signs this is catching on.

The body that has a great interest in keeping this thing going is the
ADHA - it's why they exist. They are feeding the minister incorrect
information and are doing their best to not draw too much attention to
it. It is totally against their best interest to extend the opt-out
period - the more people find out about it, the more people opt-out.

> If a health records system is deemed necessary, let's have a discussion
> around the actual aims first.

Health record systems exist - all health service providers have them.
The problems are exchange of data and patient access.

Data exchange, or interoperability, is the way to go - everybody agrees,
but it's not an easy problem. NEHTA developed a framework in 2004, but
never delivered even though it was a prerequisite for MyHR.

Patient access to health record (for those who want it can be best
achieved via access to existing systems. There are apps that allow you
to view your GP's system (or a least some of the data) on you smartphone
- no government database.

IMHO MyHR does not solve any problems, it just increases GP costs and
patient privacy risks. GPs don't like it and the most likely outcome is



Bernard Robertson-Dunn
Canberra Australia
email: brd at iimetro.com.au
web:   www.drbrd.com
web:   www.problemsfirst.com

More information about the Link mailing list