top_left top_right
bottom_left
Next Event: Unknown | Forum Rules | QGL Website | Event Registration
openFolder AusForums.com
iconwatfolderLineopenFolder LANs
iconwatfolderLineopenFolder QGL
iconwatfolderLineopenFolder QGL Forum
Author
Topic: Govt. Online Health Record
Twisted
Posts: 12343
Location: Brisbane, Queensland

What's everyone's thoughts on this? I have 0 confidence confidence in their ability to get this done right all the time every time over the next 20-30+ years. Eventually they will either just hand your data over to your insurers or someone will get into it. But there are heaps of people who tell me they have no medical problems so they don't care, so maybe I'm must crazy :)

Link for those who want to Opt-out.
system
--
trog
AGN Admin
Posts: 39629
Location: Other International

I think it should be opt-in by default. I will probably opt-out but I'm holding off doing it immediately; I want to read a bit more about it. I do think security and confidentiality of information is a huge concern and I have not seen these concerns addressed in a meaningful way by government or anyone on the project.

I can see the advantages of this system; centralising health records will be really helpful in many cases. The costs of keeping everything secure (technically possible of course) will be huge though and they may outweigh the benefits.

I think almost all large government IT projects are doomed because they try to do them too huge too quickly. I suspect that will turn out to be the case with this again, although I'd really like it to work out.
dranged
Posts: 2122
Location: Sydney, New South Wales
Let's see... It will either get hacked, and have multiple, glaring security holes, or you can bet your bottom dollar on some grumpkin inadvertently or maliciously broadcasting confidential information.
it will also be a terrible user experience, with terrible performance and consistent outages. It should also be delivered at the heat death of the universe, whilst also being really lucrative for some three letter conglomerate. It should also have integrity issues around consistency of data.

But I suppose I'm just naive ?
BOOST
Posts: 778
Location: Brisbane, Queensland
Same as Trog I'm leaning towards opting out but won't rush in.

I'm trying to decide if the benefits of health professionals having a full history and overview of my health is worth the inevitable public release of that data.

Interested to know from a health workers perspective of how useful a full history of data would be in a emergency scenario. Do ambulance and emergency room staff think this would be an advantage? If so, I think the risk might be worth it.
PornoPete
Posts: 3258
Location: Melbourne, Victoria

Victoria tried something like this, and it was a total clusterf***. It was called HealthSMART or something like that.

It was a case study in how not to do a large IT roll out.

Access to better data is always a good idea, provided it can be done securely. You don't even need to worry about getting hacked, though that is a strong possibility. I'd be worried about some public servant not paying attention and putting the records on a public page without realising it. Child services have done that more than once I'm pretty sure.

But there are heaps of people who tell me they have no medical problems so they don't care, so maybe I'm must crazy :)


You ain't crazy. People without medical problems would the dead last demographic to seek opinion on privacy and medical records from.
infi
Posts: 24104
Location: Brisbane, Queensland

i don't trust the government to do anything correctly. I am uploading my health record to facebook so it's secure.
DecayingCorpse
Posts: 2292
Location: Brisbane, Queensland
I managed to opt out easily.

The government can't secure an electronic pencil sharpener.
Twisted
Posts: 12344
Location: Brisbane, Queensland

If you opt-out I assume there's nothing stopping you from opting in at a later date? The only thing I could find was that if you don't opt-out your sh*te will end up there for a hundred odd years or something. I've done a bit of Govt. consulting/contracting and a lot of training with Govt. people. I'm always terrified about how little they seem to know. And I suppose I've just never trusted the Govt. How they've handled the meta data retention scheme, sharing your data out with every man and their dog, solidified that.
PornoPete
Posts: 3259
Location: Melbourne, Victoria

Out of interest where do you find they know the least?
BladeRunner
Posts: 2875
Location: Queensland

I like the idea of it, seems useful. I hope it goes well.
G-R0nk
Posts: 35
Location: Sunshine Coast, Queensland
Definitely for new kids i reckon
Scooter
Posts: 6620
Location: Brisbane, Queensland

I support the intent behind the idea, better health care for all wherever you may go. I doubt they would be able to pull off the original intent.
Despite the many technical difficulties they probably wont overcome there will definitely be, if not already, someone that wants to use the database for something other than the original intent.

I am going to chose to opt out. I keep my own information register about vaccinations, allergies, medical history (inc family) etc. I don't rely on any one doctor to keep that for me.
G-R0nk
Posts: 36
Location: Sunshine Coast, Queensland
http://www.abc.net.au/news/2018-07-20/singapore-health-database-hack-steals-details-of-1.5m-people/10019492
paveway
Posts: 21549
Location: Brisbane, Queensland

As i have a ridiculously long and complicated health history generated over the last 5 years i can see the benefit in this

For example if i need to go to a GP it is a complete cluster f*** for me to explain i have had cancer, the treatments i have had, multiple stem cell transplnts etc. All for something that i am not even sure is related. Usually i just skip gp's and try see my doctor or a registrar at the hospital if i think it is something minor but remotely related to the stem cell transplant or whatever.

In saying all that just because the info is there doesn't mean it won't blow the gp's mind any less than it does when i roll in there and explain it all, they usually don't know that much which i can't vlame them for. But it would help regardless.
dais
Posts: 12276
Location: Brisbane, Queensland

Yeah it certainly has merit for anyone who has a long medical history. The problems surrounding it are IT related, not to do with the medical aspect of it so much. I really hope they can keep this data secure.

I'm going to talk to my doctor about it soon and see what he thinks.
Twisted
Posts: 12345
Location: Brisbane, Queensland

The problems surrounding it are IT related, not to do with the medical aspect of it so much. I really hope they can keep this data secure.
Not just IT related, but privacy policy related. Just look at how many people they let have access to your Internet meta data. Everything from the ATO to local libraries. Who knows who they will allow into this data as the years roll on. And by default everything is shared from what I'm reading. You have to go in and change the privacy settings.
As i have a ridiculously long and complicated health history generated over the last 5 years i can see the benefit in this
As do I. But opt-out enrolment to basically fudge the numbers and force your failed project into a success...that's a whole other thing.
Out of interest where do you find they know the least?
Definitely depth of product knowledge would be the most obvious technical gap. Most Govt. people I have dealt with over the decades have known enough to keep the lights on, assuming everything is going well. Life cycle management, upgrades, scaling, etc....forget that. I still think some Govt. dept's would still be running NT4 today if some people had their way.
notgreazy
Posts: 945
Location: Other International

Anyone got info on what/who the health department can share this info with?

Is it a free for all, can insurance companies get access to my records?
Ickus
Posts: 640
Location: Perth, Western Australia

I'm thinking of allowing it but on a RAC/LDAC only basis as long as the information contained in it is all medical and not other related stuff.

Chances are its going to store all your info anyway and just not display it if you opt out.

RAC/LDAC is their system for privacy which allows you to control who can see what documents.
Twisted
Posts: 12346
Location: Brisbane, Queensland

Is it a free for all, can insurance companies get access to my records?
Not at this time...but in future...who knows.
Chances are its going to store all your info anyway and just not display it if you opt out.
If you opt-out its not there at all from everything I've read. If you opt-out after the cut off then you won't see it, but its all happening in the background anyway.
PornoPete
Posts: 3267
Location: Melbourne, Victoria

But opt-out enrolment to basically fudge the numbers and force your failed project into a success...that's a whole other thing.


Yeah and I think it ties back into the philosophy you adopt around privacy. These kinds of projects seem to have a uncanny knack of doing things in a way to undermine trust as quickly as possible.

Definitely depth of product knowledge would be the most obvious technical gap. Most Govt. people I have dealt with over the decades have known enough to keep the lights on, assuming everything is going well. Life cycle management, upgrades, scaling, etc....forget that. I still think some Govt. dept's would still be running NT4 today if some people had their way.


It would surely depending where you go, but the NT4 quip is pretty accurate.
Twisted
Posts: 12347
Location: Brisbane, Queensland

It would surely depending where you go
Yes, bit of a generalisation I know, and sometimes I feel bad railing on Govt. IT people because I know a lot of really good guys who work in Govt. that are very good at their jobs. There's just so many useless bastards though...I should clarify, Govt. doesn't just mean federal, I'm talking the whole spectrum from local council all the way up.
dranged
Posts: 2123
Location: Sydney, New South Wales
Predictably, I can't opt-out because it can't correctly identify me from my medicare and drivers. I'll try a passport and if that fails, the dreaded support line is next.
G-R0nk
Posts: 40
Location: Sunshine Coast, Queensland
do we just go down to medicare in person to opt out ? surely there is somewhere we can line up down the street with our pitchforks and hatchets...
Sir Redhat
Posts: 2227
Location: Sydney, New South Wales

I've opted out, it is a great idea if only doctors/hospitals could access the data and you got a notification of who/when someone accessed your record, but at the moment it's just way to murky.

I don't trust future govs to not sell the data to 3rd party/insurance companies.
ravn0s
Posts: 19174
Location: Brisbane, Queensland

do we just go down to medicare in person to opt out ? surely there is somewhere we can line up down the street with our pitchforks and hatchets...
https://www.myhealthrecord.gov.au/for-you-your-family/opt-out-my-health-record
Twisted
Posts: 12348
Location: Brisbane, Queensland

I don't trust future govs to not sell the data to 3rd party/insurance companies.
Yep, basically my position too really.
infi
Posts: 24112
Location: Brisbane, Queensland

I don't trust future govs to not sell the data to 3rd party/insurance companies.


the real risk is use of your medical data for law enforcement or intelligence purposes, which is permitted by the scheme's legislation.

imagine reporting to am doctor for illegal substance addiction and then becoming the target of law enforcement searches etc.... way to build trust in the system
Hogfather
Posts: 16858
Location: Cairns, Queensland

As a general principle I'm against consolidated private information within information systems and avoid giving out my personal data as much as possible. Same deal with e-voting.

"The technology just isn't there yet" to sufficiently guard digital privacy and may never be. Unless I hear something pretty convincing I'll be opting out.

A citizen's medical history and its relationship with Government is a locus for modern day privacy concerns.
Sir Redhat
Posts: 2228
Location: Sydney, New South Wales

the real risk is use of your medical data for law enforcement or intelligence purposes, which is permitted by the scheme's legislation.

imagine reporting to am doctor for illegal substance addiction and then becoming the target of law enforcement searches etc.... way to build trust in the system

Yeah exactly, they could at the very least have a notification of when someone accesses your record, with data about their organisation and location.

I think that would go a long way to building trust in the system.
paveway
Posts: 21553
Location: Brisbane, Queensland

Yeah exactly, they could at the very least have a notification of when someone accesses your record, with data about their organisation and location.

I think that would go a long way to building trust in the system.


But completely contradict infi's example of law enforcement using it to then target search warrants
Twisted
Posts: 12349
Location: Brisbane, Queensland


It looks like they're starting to try fix Up this cluster f***.

https://www.itnews.com.au/news/govt-moves-to-reinforce-my-health-record-privacy-499394

Good first steps.

* Record can be deleted including the data.
* Warrant or court order will be required by law enforcement.

Now they need to address:

* People being able to access your data without your knowledge, some sort of visible log of who, what and when.
* Whether or not private health companies will ever be given access.
* The weakest link and most obvious attack vector... GP's, etc.; whose most likely weak as piss security practices will result in the first beaches.

It's good to see people debating this because it's bringing about change. A shame that it requires poor media coverage for the arseholes to do the right thing.


infi
Posts: 24114
Location: Brisbane, Queensland

They can say this stuff but the real question is: do you trust the government to get it right? For example, they say police cannot view the records without court order. But a doctor or nurse may view the records as a conduit.

Imagine the size of the auditing function required to verify that every single access is authorised. it could never be verified in a million years. At the moment doctors and hospitals are accountable for their privacy performance. Once a national database exists the genie is out of bottle.

For the average person with isolated health complaints it is completely unnecessary. Someone with multiple or complex health complaint may decide to consciously sacrifice their privacy in order to avoid a life-threatening situation, but fully accepts that EVERYONE now knows their conditions.
trog
AGN Admin
Posts: 39634
Location: Other International

I saw the communications budget for this project is over $100m. I haven't seen any mention of the security/pentesting budget; has anyone seen that anywhere? I would be massively surprised if they'd spent even 1% of that on pentesting, for example.
Twisted
Posts: 12350
Location: Brisbane, Queensland

Wouldn't surprise me at all. Even in finance everyone talks big about security, but the reality is that at the end of the day the amount spent on security is a fraction of what it should be.
Spook
Posts: 41148
Location: Brisbane, Queensland
im happy for my records to be looked after by the government.

i would actually think if they (or the police) took the time to have a look at my medical history, they would be quite impressed with how healthy i am.
infi
Posts: 24116
Location: Brisbane, Queensland

Manchildren definitely need the government to manage their health records.
system
--
Not a new post since your last visit.
New Post Since your last visit
Back To Forum
Advertise with Us | Privacy Policy | Contact Us
© Copyright 2001-2018 AusGamers Pty Ltd. ACN 093 772 242.
Hosted by Mammoth Networks - Australian VPS Hosting
Web development by Mammoth Media.