Home » Uncategories » How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.
Edit

How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.

How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure. - See you again, readers American Health. In How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure., we want to give you about . So come to this site if you want to look for reference about home and interior design

Title : How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.
link : How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.

Read To


How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.

This appeared last week:

How ADHA is trying to secure GP clinics

By Allie Coyne on Aug 3, 2017 6:30AM

As opt-out change looms.

It’s no secret that your local doctor’s office is unlikely to have the best protections when it comes to securing your personal health records.
In this small business environment, technology often gets pushed to the bottom of the priority list when contending with life or death matters.
It means medical practices often fall victim to ransomware attacks that exploit vulnerabilities in old software - like the recent WannaCry epidemic - and hold patient and practice data to ransom.
Health services was the second most frequently breached industry in 2016, according to Symantec. Medical records also fetch a pretty penny on the black market, at somewhere around US$10 per record on average.
But with the shift to an online health record for every Australian looming - and in light of the recent access control issues raised in the discovery of black market sales of Medicare details - strengthening these weak links in the chain becomes all the more pertinent.
From next year every Australian will get an e-health record, unless they explicitly remove their consent.
It means the Australian Digital Health Agency (ADHA) will be in charge of securing around 22 million e-health records within a big ecosystem of healthcare providers.
“We’ve worked on the basis that one record is worth US$1 and we’ve got 22 million of them - is that enough for somebody to get out of bed and try to steal our data? I think it is,” ADHA chief information security officer Anthony Kitzelmann told the Technology in Government conference.
This is why the ADHA will spend $15.8 million this year alone shoring up the security of the My Health Record system.
This focus on security was also behind the hiring of Kitzelmann, a former Lockheed Martin CISO who joined the agency in February.
But one of ADHA's biggest challenges is working out what an applicable standard for digital health in Australia looks like in lieu of any prescriptive documentation.
“Is the ISM an appropriate standard? Is the ISO standard applicable? HIPAA regulations out of the US? Which one works, which is fit for purpose?” Kitzelmann said.
An internal review conducted in the lead-up to the policy switch to opt-out e-health records found that there were elements of all these standards that could apply to Australia’s e-health ecosystem.
More importantly what came out of the review process was that ADHA needed to change its focus and move to a risk-based governance model.
“If we have a large jurisdiction that has 130,000 employees and a massive investment in their health strategy, we’d expect them to sit [high up] in terms of their security performance,” Kitzelmann said.
“But how do we measure when it’s a general practice run by a husband and wife, the husband is the GP and the wife is the receptionist, IT support and nurse at lunchtime? What do we expect them to do to protect citizen records in an appropriate way? And how do we help them get that balance?
“Because we know quite well they’re going to be sitting on a Windows XP machine that has vulnerabilities up the kazoo, and that it’s going to be a point of egress into the national system that we need to mitigate and manage.
"[However] we also need to understand that it’s irresponsible of us to say ‘you need to be on Windows 10, patched within 24 hours, and running this AV software’ - it’s just not going to happen.”
ADHA’s solution to this problem has been to amalgamate elements of all the relevant standards into a risk-based governance model that helps GPs have “good clinical hygiene with their cyber security practices”.
It is currently working with the Royal Australian College of General Practitioners to develop a single standard that provides “practical, commonsense guidelines” outlining what clinics can do to be more secure.
However, Kitzelmann said ADHA recognised that while GPs would “try their best”, they would “never be truly secure”.
Lots more here:
https://www.itnews.com.au/news/how-adha-is-trying-to-secure-gp-clinics-469963
As Anthony says you can never have all those GP practices, pharmacies and so on be secure. Given these are all likely access points to the myHR it is hard to see just how the central data base can itself be secure.
My view is that the cat has been belled and that if you want to be sure your private information to stay private you will manage carefully what personal information makes it to the myHR. If you are not sure you are on top of all the access controls etc. it would be prudent to simply opt-out.
David.

Postscript:


The  views expressed are not isolated. See here:

Australia's inside-out digital health strategy

If patients are to be 'put at the centre of their healthcare', they need to be put at the centre of their health data.
By for The Full Tilt | | Topic: Security

----- 

Here ares the relevant paragraphs.

"If patients are to be "put at the centre of their healthcare", and their biggest worry is that their confidential health data might be breached, then surely this whole strategy is inside out.

Surely you don't mitigate the data breach risks by pouring all that data into a massive, complex system that can be accessed by tens of thousands of people.

If patients are meant to be at the centre of their healthcare, then maybe they should be carrying the data. After all, medical practitioners only need that data if the patient is right there in front of them.

Give every Australian resident a USB stick to carry around their neck on a string, like soldiers wear dog tags recording their blood type. Or maybe a wristband with some Bluetooth cleverness.

And of course the last para. is a ripper.

"With the Australian government's well-known track record with this sort of big IT project, we can obviously rest assured that everything will run smoothly as expected."

Here is the link:

http://www.zdnet.com/article/australias-inside-out-digital-health-strategy/

D.




How do you think about How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.

We hope all of you can enjoy to read the article about How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure.. Be happy and Good Luck. Don't forget come back to this site

You have read How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure. with the link https://topamericanhealth.blogspot.com/2017/08/how-refreshing-to-encounter-such-honest.html

0 Response to "How Refreshing To Encounter Such An Honest Man Who Knows Access To The myHR Can Never Be Really Secure."

Post a Comment

Subscribe to: Post Comments (Atom)