I Wonder Where The Truth Lies In All This - It Is Not Clear To Me. - See you again, readers American Health. In I Wonder Where The Truth Lies In All This - It Is Not Clear To Me., we want to give you about . So come to this site if you want to look for reference about home and interior design

Title : I Wonder Where The Truth Lies In All This - It Is Not Clear To Me.
link : I Wonder Where The Truth Lies In All This - It Is Not Clear To Me.

I Wonder Where The Truth Lies In All This - It Is Not Clear To Me.

Tim Kelsey gave a prepared opening statement to the Senate Enquiry on The Medicare Data Breach on Friday afternoon.

Here is the transcript:

Finance and Public Administration References Committee - 15/09/2017

Protection of personal Medicare information

Mr Kelsey: If I could, first of all, thank the committee for giving us an opportunity to explain the security protocols for My Health Record, in particular, and note that we're here really just to consider item C in the terms of reference:

c. the implications of this breach for the roll out of the opt-out My Health Record system;

The Australian Digital Health Agency was established in July 2016 by all the governments of Australia, and, as I mentioned, is responsible not only for the system operations of the My Health Record but also for the implementation of the National Digital Health Strategy, which was agreed by the governments of Australia in August. If I can initially say that there has been no security breach of the My Health Record and that there is no direct or technical connection between the HPOS system and the record system. There has in fact never been a security breach of the My Health Record system in its five years of operation, with the system currently containing over five million records. At the moment we have on a voluntary basis 5.1 million Australians who have registered to have a My Health Record.

I'm responsible as chief executive officer of the agency for the day-to-day operation of the system, including ensuring that all our legislative requirements are met. In May this year the federal government of Australia announced its commitment for continued and improved operation of the My Health Record system. Significantly, the announcement included a transition to an opt-out model by the end of 2018. This followed unanimous support at the COAG for a national rollout with a My Health Record to be created for every Australian unless they tell us they don't want one.

The transition to opt out will bring forward benefits many years sooner than the current opt-in arrangements. It's the fastest way to realise the significant health and economic benefits of My Health Record through, for example, reduced hospital admissions, reductions in adverse drug events, reduced duplication of diagnostic tests, better coordination of care for people seeing multiple healthcare providers and, of course, more control in the hands of the patient and the citizen of their health and wellbeing.

I believe there has been a conflation of issues surrounding the incident which is the subject of today's hearing and the security of My Health Record. I would like to just address some of that commentary by briefly outlining the security features of My Health Record, if that would be helpful to the committee. First of all—we can discuss this in more detail—we operate to the very highest levels of security, as you can imagine, in terms of cyberprotection. My colleague, Mr Kitzelmann, can detail shortly more about the actual protocols we operate to, but we'll perhaps come back to that. What I wanted to dwell on is the way in which the My Health Record system actually operates if you are a healthcare practitioner and to reassure members of the committee that there is a very rigorous process of protection against unauthorised access into the My Health Record in the way the process, the standard, is designed.

In summary, firstly, in order to access a My Health Record, a healthcare provider needs significantly more information than just the Medicare number. In fact, they would need at least five items of personal information in addition to the Medicare number to be able to access a My Health Record. Secondly, a healthcare provider accessing My Health Record has to have a unique identifier for themselves and also be uniquely attributed to an organisation that they are working for in health care. Thirdly, they need to access the record through what's called conformance software. This is software which we accredit at the Australian Digital Health Agency and which performs a number of checks on the identity and authentication of an individual, a patient, as well as on their healthcare provider, before they are able to access a My Health Record. Fourthly, currently, of course, all people who are registered for a My Health Record have volunteered to do so; they have provided their consent to make medical information where appropriate available to a clinical practitioner who is treating them. There are access controls under the My Health Records Act 2012 which individuals have the right to exercise. These are an important set of protections which allow an individual citizen to, for example, mask a particular clinical document from view, should they choose to; put a PIN number on their entire record and can decide whether or not a particular clinician has access to it; and also, in collaboration with their practitioner, elect not to have a document uploaded into My Health Record. Those, in broad terms, are the protections which mean that a Medicare number on its own cannot suffice for access to the My Health Record and, more importantly, that Australia really is setting a standard globally in providing patients with very important rights to control access to their confidential medical information. I will leave it there by way of introduction, if that's okay. Thank you.

----- End Extract.

The link is here:

http://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;db=COMMITTEES;id=committees%2Fcommsen%2Fb0452429-5feb-4bb8-8f24-4cb217abdff4%2F0003;query=Id%3A%22committees%2Fcommsen%2Fb0452429-5feb-4bb8-8f24-4cb217abdff4%2F0000%22

See especially the bolded text.

This is to be contrasted with this:

https://oaic.gov.au/about-us/corporate-information/mous/australian-digital-health-agency-mou-biannual-report-2016-2017-for-the-period-ending-31-december-2016

Here we discover (about ½ way down the full report) the following:

Details of mandatory data breach notifications relating to the My Health Record system

Mandatory data breach notifications received during the reporting period

The OAIC received two mandatory data breach notifications from the System Operator during the reporting period, in September 2016 and December 2016. It involved the unauthorised access of a healthcare recipient’s My Health Record by a third party. The review of these notifications was ongoing as at 31 December 2016.

The OAIC also received eighteen mandatory data breach notifications from DHS during the reporting period.

• Eleven notifications resulted from findings under the Medicare compliance program that certain Medicare claims in the name of a healthcare recipient but not made by that healthcare recipient were uploaded to their My Health Record. These notifications totalled 92 breaches, each of which affected a separate healthcare recipient. Seven of these data breach notifications have been closed, totalling 67 breaches, and the review of the other four notifications, totalling 25 breaches, was ongoing as at 31 December 2016.
• A further seven notifications, affecting fourteen healthcare recipients, eight with a My Health Record and six without, relate to healthcare recipients with similar demographic information having their Medicare records intertwined. As a result, Medicare claims belonging to another healthcare recipient were made available in the My Health Record of the record owner. Review of these notifications was ongoing as at 31 December 2016.

Mandatory data breach notifications closed during the reporting period

The OAIC completed its enquiries into ten data breach notifications received from DHS between April 2016 and October 2016. These data breach notifications relate to the findings under the Medicare compliance program discussed above.

The OAIC requested further information from DHS regarding the data breaches. Following consideration of the additional material and response provided by DHS, the OAIC considers that DHS has acted appropriately in assessing those incidents, sought to cancel the relevant My Health Records and sought to contact affected individuals.

Mandatory Data breach notifications received in previous reporting periods and still open

Two of the data breach notifications received by the OAIC prior to 1 July 2016 were still open at 31 December 2016. These data breach notifications relate to intertwined Medicare records and affected four healthcare recipients and two My Health Records.

----- End Extract.

So are there any breaches or not?

Hard to say….

Comments welcome!

David.

How do you think about I Wonder Where The Truth Lies In All This - It Is Not Clear To Me.

We hope all of you can enjoy to read the article about I Wonder Where The Truth Lies In All This - It Is Not Clear To Me.. Be happy and Good Luck. Don't forget come back to this site

You have read I Wonder Where The Truth Lies In All This - It Is Not Clear To Me. with the link https://topamericanhealth.blogspot.com/2017/09/i-wonder-where-truth-lies-in-all-this.html

Tweet