Australians, don't forget to opt-out[0] of MHR before November 15th (eg, do it NOW). Our Government can't even run a census[1], let alone be trusted to keep our medical data safe.
As a European, I’ll never understand why people have such a distrust for public healthcare, but will still log into google when they search for symptoms.
The public sector uses the data to save your life, google sells your medical search history to your insurance company.
I do work in the public sector, and I’m obviously biased, but really, I’d prefer an efficient public sector to a dysfunctional one hindered by data security.
I mean, if we took the GDPR at its strongest interpretation, then you’d need to consent when the ambulance hands your information over to the hospital, and if you’re unconscious, well though luck, then you’ll just have to die. In what world does that make any sense?
> you’d need to consent when the ambulance hands your information over to the hospital, and if you’re unconscious, well though luck, then you’ll just have to die
lol nope. GDPR does address this. It's one of the bases for processing - vital interests.
GDPR is far less vague & excessively strict than people seem to think. It's sensible and pretty well-defined imo. You just need to take a little bit of time to read it and consider how it reasonably applies to you.
As an Australian our public healthcare has a lot of trust as does does the public sector that operates it. What we don't trust is government IT initiatives. Our political class do not understand technology and in this country nobody takes responsibility for creating, managing and verifying their own IT systems. IT here is all about procurement. Everything is outsourced. Nobody knows what the hell they are doing and there is no way they even understand the systems and services they are buying. I have no confidence in their ability to protect health data.
As an Australian... Our government does not know how to build a technical system. They have a lot of failures on their hands.
Thus, not opting out does give all your medical data to the private sector anyway. Because they will have large breaches of data. And insurance companies will use it.
Every government has a lot of IT failures, but the perception that they are worse than other enterprise is mostly due to the failures being on record.
There was a study in the 00s that looked at major IT system implementations, and I can’t remember the exact number, but it was around a 77% failure rate for business and around 85% for public sector systems.
Which frankly make a lot of sense. Because the public sector buys its systems from the same software companies that the private sector does.
I don’t necessarily think giving up is the best sollutuon though, I think it would be better if we demanded a higher priority on IT from our political leadership than we do now. I mean, we’re seeing some with the GDPR, but did we really have to rely on the EU to do the right thing?
> I don’t necessarily think giving up is the best sollutuon though, I think it would be better if we demanded a higher priority on IT from our political leadership than we do now.
But opting out of a broken system (many GPs are refusing to use the system as they, in their general computer illiteracy, still find it to be insecure), is not the same as just asking for the government to do better.
You should opt out now, system is broken.
You should ask for it to be better in future - we are. Our government rejected a commission investigating why the last large-scale architecture deployment, NBN, was such an atrocious failure. A year later (under a different controlling party), a different government branch did launch an investigation, and found that it was an utter failure, at pretty much every level.
But again... That doesn't mean opting out isn't wise.
1. GPs think it's insecure.
2. If you have a MHR, then the police, Centrelink, Medicare can access it without a court order or subpoena (not the case if the clinic holds the records).
3. Finally, MHR accept no responsibility for if they do get a breach. In fact, their security disclaimer suggests that the user will be considered at fault if it happens.
Look at it from a bigger perspective. We have a digital mail box for every citizen in my country. It’s safe and works very well, but people still have the option to opt out.
Opting out was meant for people who aren’t capable of accessing a digital mailbox, but because of the reputation of public IT some people opt out for no reason other than they don’t want to be part of it.
That’s their right, sure, but those 1-3% of the population are now costing the government as much as the other 97% times four.
The typical person to opt out isn’t old by the way, seniors are among the most happy users, no, it’s middle aged men who think they know better than the system.
Ironically around 80% of them would like to cut the public funding. I guess we could start with all the money they are wasting by opting out.
mygov, is [0] not [1] secure [2]. Therefore, MHR is not secure. I have no reason to believe the situation has changed (2FA is still SMS only for starters) - and I cannot see any reasonable effort being made by our government to change that same situation.
Their past response [3] has been to ignore security problems.
I don't care how much they're paying for this brand-new insecure service. I'm irritated that they're asking Australia to pay for something that wasn't requested (people asked for an easier way to transfer records - not for their records to be housed in a known, insecure facility), and I'm irritated that after complaints of insecurity began surfacing across the nation, they started a campaign on TV calling it secure.
So no, the bigger perspective isn't a nation paying a lot for a system that isn't getting used - the bigger perspective is the nation is paying the government to allow enterprising individuals to steal and sell their data.
Why does the data need to be stored on a centralised database acessibile by 100,000 people and not on individual medicare cards?
Is there some dire pressing need where people are literally dying because doctors can't access prior medical history in time? I've not heard anything of the sort.
Do you think the Australian government is proficient with IT and IT security?
People die when the data isn’t available or wrong.
In the perfect world, you could design an architecture for sharing data, so patients would own some sort of medical card with their history.
In the real world, your doctor and your eye doctor bought different IT systems that can’t share data without someone manually typing them in.
Hell, the hospital probably runs around a thousand different IT systems and maybe two of them have APIs, but one is SOAP and the other is Graphql and there isn’t any middleware to make them speak with eacother. So the hospital can’t share your journal between your ward and the X-Ray room, unless there is a centralised journal.
We’re working toward a better architecture, but it’s not easy, and if only 500 of your 1000 systems adopt it, then you’ll still need a way to handle those 500 systems.
Things are made worse by the political decision organ and it’s variating agendas.
For a decade you may have political leadership that enforces an open architecture in which systems have to be able to share data. And you get maybe 10 major systems build on it, and they work, and you build some middleware and use RPA for some of the other systems.
Then the political landscape shifts, and maybe lobbyists play a part. Because open architecture for data is making companies less money since they can’t sell you data extractions. So they spend money on politics, and the conservative side listens and starts making the open APIs and public ownership and management illegal because it “steals” jobs.
Then you have another decade where you change another 10 major systems, except now they are silos and you fire your local IT developers so you can’t build RPA or middleware.
Then people realise that was stupid, so it shifts back to open architecture. Except now 20 years have passed, so we design a new open architecture that doesn’t fit with the old one. And then we buy another 10 major systems on the new architecture.
Now, after 30 years of good intentions, you still need a centralised way to share patient data, and when it fails, people do die.
Because cards break, are lost and stolen all the time. Moreover, ER patients may not have the card with them when they need it. One would still need a centralized backup.
Things are grim in Ontario as well, the ministry of health is trying to centralize EHRs (rather than do the sensible thing Alberta's chose: a standard viewer application mapped on a distributed records system), and they don't give one solitary fuck about the data integrity or privacy outcomes their effort has (ask anyone involved, and they'll tell you it's somebody else's job).
[0] https://www.myhealthrecord.gov.au/for-you-your-family/opt-ou...
[1] https://www.lifehacker.com.au/2016/08/what-organisations-can...