[LINK] The "health" record security model
ABC Radio National had some interesting programs this (Sunday) morning. Round Table - https://www.abc.net.au/radionational/programs/the-roundtable/my-health-record-privacy-data/10474670 - discussed My Health Record. Two apologists for it had nothing very interesting to say, and much of it would have to be described as naieve. But the third panelist was Professor David Vaile, Executive Director of the Cyberspace Law and Policy Centre at UNSW. He revealed that medical information (other than a summary of any allergies?) isn't held in a structured database but is a collection of PDF documents! Can you imagine a patient lying unconscious in ED while a doctor makes a cup of coffee and settles down to plow through them? One apologist emphasised how there were legislated penalties for unauthorised access, and penalties seem to be the main security mechanism. But Prof. Vaille described MHRecord as having an appallingly bad IT security model, rather like leaving the bank unlocked because there were penalties for theft. By default, access is allowed and there are no account PINs. Furthermore, individual use is _not_ logged, only the organisation responsible, and it may even be the case that those individuals are not even mentioned in the legislation. (Roger, is that true? How can they be penalised in that case?) Access by organisations including the ATO, Centrelink, the police, etc. wasn't mentioned. The Coalition has tried to abolish & defund the Office of the Privacy Commissioner, and now the MHRecord director of privacy has resigned - see https://www.smh.com.au/technology/my-health-record-s-privacy-chief-quits-amid-claims-agency-not-listening-20181107-p50elu.html People have until next Thursday (or will it be Wednesday?) to opt out. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
[LINK] The "health" record security model
The elephant in the room is Section 71 of the myhr legislation "Prohibitions and authorisations limited to health information collected by using the My Health Record system". This effectively says, even if there are privacy protections and access controls in the legislation, they don't apply if the data can be sourced elsewhere. Considering most clinical data can be sourced elsewhere (that's how the system has been designed), that doesn't leave much data to be protected. IMHO, the legislation (in addition to the possibility of future governments changing it as they see fit) is totally useless. This is the full Section 71, make of it what you will. IANAL. 71 Prohibitions and authorisations limited to health information collected by using the My Health Record system (1) The prohibitions and authorisations under Divisions 1 and 2 in respect of the collection, use and disclosure of health information included in a healthcare recipient’s My Health Record are limited to the collection, use or disclosure of health information obtained by using the My Health Record system. (2) If health information included in a healthcare recipient’s My Health Record can also be obtained by means other than by using the My Health Record system, such a prohibition or authorisation does not apply to health information lawfully obtained by those other means, even if the health information was originally obtained by using the My Health Record system. Information stored for more than one purpose (3) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if: (a) the health information is stored in a repository operated both for the purposes of the My Health Record system and other purposes; and (b) the person lawfully obtained the health information directly from the repository for those other purposes. Note:For example, information that is included in a registered healthcare recipient’s My Health Record may be stored in a repository operated by a State or Territory for purposes related to the My Health Record system and other purposes. When lawfully obtained directly from the repository for those other purposes, the prohibitions and authorisations in this Part will not apply. Information originally obtained by means of My Health Record system (4) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if: (a) the health information was originally obtained by a participant in the My Health Record system by means of the My Health Record system in accordance with this Act; and (b) after the health information was so obtained, it was stored in such a way that it could be obtained other than by means of the My Health Record system; and (c) the person subsequently obtained the health information by those other means. Note:For example, information that is included in a registered healthcare recipient’s My Health Record may be downloaded into the clinical health records of a healthcare provider and later obtained from those records. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 11/11/18 12:48, David wrote: > ... But Prof. Vaille described MHRecord as having an appallingly bad IT security model, rather like leaving the bank unlocked because there were penalties for theft. By default, access is allowed and there are no account PINs. Furthermore, individual use is _not_ logged, only the organisation responsible, and it may even be the case that those individuals are not even mentioned in the legislation. > > (Roger, is that true? How can they be penalised in that case?) Yep, you got it: In practical terms, they can't. The offence provisions might as well not exist, because they're unenforceable. The entire MyHR process and product is a fiasco and a fraud. __ On 11/11/18 12:48, David wrote: ABC Radio National had some interesting programs this (Sunday) morning. Round Table - https://www.abc.net.au/radionational/programs/the-roundtable/my-health-record-privacy-data/10474670 - discussed My Health Record. Two apologists for it had nothing very interesting to say, and much of it would have to be described as naieve. But the third panelist was Professor David Vaile, Executive Director of the Cyberspace Law and Policy Centre at UNSW. He revealed that medical information (other than a summary of any allergies?) isn't held in a structured database but is a collection of PDF documents! Can you imagine a patient lying unconscious in ED while a doctor makes a cup of coffee and settles down to plow through them? One apologist emphasised how there were legislated penalties for unauthorised access, and penalties seem to be the main security mechanism. But Prof. Vaille described MHRecord as having an appallingly bad IT security model, rather like leaving the bank unlocked because there were penalties for theft. By default, access is allowed and there are no account PINs. Furthermore, individual use is _not_ logged, only the organisation responsible, and it may even be the case that those individuals are not even mentioned in the legislation. (Roger, is that true? How can they be penalised in that case?) Access by organisations including the ATO, Centrelink, the police, etc. wasn't mentioned. The Coalition has tried to abolish & defund the Office of the Privacy Commissioner, and now the MHRecord director of privacy has resigned - see https://www.smh.com.au/technology/my-health-record-s-privacy-chief-quits-amid-claims-agency-not-listening-20181107-p50elu.html People have until next Thursday (or will it be Wednesday?) to opt out. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarkemailto:roger.cla...@xamax.com.au T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sun, 2018-11-11 at 14:22 +1100, Bernard Robertson-Dunn wrote: > The elephant in the room is Section 71 of the myhr legislation > "Prohibitions and authorisations limited to health information > collected by using the My Health Record system". As was so eloquently said in quite another context "the only way to win is not to play the game". At an individual level, that means opting out now. For the Government, if they are serious about doing something good for the nation rather than their own bureaucracies, it means killing the current project now. If a health records system is deemed necessary, let's have a discussion around the actual aims first. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 11/11/2018 4:04 PM, Karl Auer wrote: > On Sun, 2018-11-11 at 14:22 +1100, Bernard Robertson-Dunn wrote: >> The elephant in the room is Section 71 of the myhr legislation >> "Prohibitions and authorisations limited to health information >> collected by using the My Health Record system". > As was so eloquently said in quite another context "the only way to win > is not to play the game". > > At an individual level, that means opting out now. > > For the Government, if they are serious about doing something good for > the nation rather than their own bureaucracies, it means killing the > current project now. IMHO, it is more likely that the ALP will kill the thing. The original ALP MyHR design was a virtual health record that connected disparate sources of health data but left it where it was. There was a small central database for additional information. This was a reasonably sensible approach that did not overload doctors with manual data input and did not involve giving data to the government. The system was also supposed to have smart cards for each authorised user so you knew exactly who had seen your data. The organisation set up to deliver this (NEHTA) and a couple of project managers in the Department of Health (run at the time by Jane Halton) discovered the problem was much harder than they thought so they hijacked the design, and simplified it (all data is uploaded to a government owned and controlled database; no smart card so only the institution is identified and a few other stupidities happened) so they could meet their self imposed deadline of 1 July 2012. There's an old saying in the IT world: all projects have time, cost and quality - you can only have two. In the case of MyHR they picked one - time. It cost more and did less. They can blame the Coalition for destroying trust and can kill the thing, thus getting the political benefit and eliminating the future risk. There are signs this is catching on. The body that has a great interest in keeping this thing going is the ADHA - it's why they exist. They are feeding the minister incorrect information and are doing their best to not draw too much attention to it. It is totally against their best interest to extend the opt-out period - the more people find out about it, the more people opt-out. > If a health records system is deemed necessary, let's have a discussion > around the actual aims first. Health record systems exist - all health service providers have them. The problems are exchange of data and patient access. Data exchange, or interoperability, is the way to go - everybody agrees, but it's not an easy problem. NEHTA developed a framework in 2004, but never delivered even though it was a prerequisite for MyHR. Patient access to health record (for those who want it can be best achieved via access to existing systems. There are apps that allow you to view your GP's system (or a least some of the data) on you smartphone - no government database. IMHO MyHR does not solve any problems, it just increases GP costs and patient privacy risks. GPs don't like it and the most likely outcome is atrophy. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
David, On Sun, 11 Nov 2018 at 13:23, David wrote: > The Coalition has tried to abolish & defund the Office of the Privacy > Commissioner, and now the MHRecord director of privacy has resigned - see > https://www.smh.com.au/technology/my-health-record-s-privacy-chief-quits-amid-claims-agency-not-listening-20181107-p50elu.html In the opinion of https://web.archive.org/web/20121015151540/http://technologyspectator.com.au/industry/media/police-get-grubby Ben Grubb at SMH/Fairfax isn't a creditable journalist. -- Regards, Christian Heinrich http://cmlh.id.au/contact ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sun, 2018-11-11 at 16:33 +1100, Bernard Robertson-Dunn wrote: > IMHO, it is more likely that the ALP will kill the thing. Well - OK. But probably not unless they are in Government? > so [ADHA] could meet their self imposed deadline of 1 July 2012. My squint-at-my-thumb estimate would be five to ten years to full implementation, mostly because it would take that time for vendors to upgrade their systems to be compatible with the interoperability standards. > Data exchange, or interoperability, is the way to go - everybody > agrees, but it's not an easy problem. I think the design of the standard - interoperability - is one of the difficult problems. The other is how to communicate user permission to data holders. How does a citizen securely tell their doctor or whomever that they can share that but not this? This is *especially* difficult if the information is not document based. So it's a two-part difficulty; how do we securely communicate permissions how do we identify what the permissions apply to? Regardless of all that, the first thing that must be discarded in any design is the "emergency room scenario". The system should be useful for some large percentage of normal medical interactions; it does not need to be useful for every edge case. The second thing that must be discarded is the desire for the system to do everything. Pick one thing that will really make a difference, make sure the interoperability standards are flexible and extensible, then make that one thing happen well. It will cost a fraction of trying to develop everything at once, will be doable in fraction of the time, and will have an immediate positive effect. The lessons learned during implementation will allow new things to be handled faster and better. But mostly I want a statement of aims first. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sunday, 11 November 2018 18:12:05 AEDT Karl Auer wrote: > But mostly I want a statement of aims first. That's absolutely critical. Too many IT projects are launched on the basis of a vague wish-list, unstated objectives, ideology, no prior stakeholder approval (perhaps so not to rock the boat), sheer ignorance of what's involved (especially things like the required system engineering & impact on current practice), or some combination thereof. Realistic contract clauses relating to changes are avoided like the plague. > Regardless of all that, the first thing that must be discarded in any design > is the "emergency room scenario". The system should be useful for some large > percentage of normal medical interactions; it does not need to be useful for > every edge case. I imagine the ED scenario is probably the one which is most justified. If the patient record held nothing but current status regarding allergies, medications, & critical health conditions, and the medical practice holding the patients records, it would surely be useful. In any common scenario the patient or their agent will be perfectly able to interact with the medical staff. > The second thing that must be discarded is the desire for the system to do > everything. Pick one thing that will really make a difference, make sure the > interoperability standards are flexible and extensible, then make that one > thing happen well. It will cost a fraction of trying to develop everything at > once, will be doable in fraction of the time, and will have an immediate > positive effect. The lessons learned during implementation will allow new > things to be handled faster and better. That's known as having a well written System Requirements Specification. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sun, 2018-11-11 at 20:28 +1100, David wrote: > On Sunday, 11 November 2018 18:12:05 AEDT Karl Auer wrote: > > Regardless of all that, the first thing that must be discarded in > > any design is the "emergency room scenario". > I imagine the ED scenario is probably the one which is most > justified. If the patient record held nothing but current status > regarding allergies, medications, & critical health conditions, and > the medical practice holding the patients records, it would surely be > useful. In any common scenario the patient or their agent will be > perfectly able to interact with the medical staff. I disagree. And this is why a statement of aims is needed :-) The emergency room scenario is freighted with emotion, unstated expectations, time criticality, life-and-death decisions at their most extreme. It might be politically exciting to announce, but in practice a new system will only add to the load on THE most adrenalin-pumped, overworked, pressured and tired health professionals in the business. And being new it will probably let them down. It is NOT a good candidate for a first excursion into a workable health record :-) And it implies that one goal of the system, in it's first iteration, is support emergency room decisions. That's like building a new widget with the goal of being able, from day one, to use it in Formula One racecars. Ambitious, but pretty much doomed to failure if it's anything more complicated than a decal. More to the point it is not a broadly useful thing to support. The vast majority of medical providers are not emergency room staff. The vast majority of patients are not in emergency rooms. I think there are probably better candidates, but we are seriously jumping the gun. There are much higher-level aims that need to be defined. I reckon a good guiding light would be "to directly improve the health outcomes of people receiving medical treatment in Australia". That would shut out all the crap about law enforcement, the ATO, Centrelink and commercial interests. Complex systems need to be described in very simple terms at the top. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sunday, 11 November 2018 22:24:30 AEDT Karl Auer wrote: > The emergency room scenario is freighted with emotion, unstated expectations, > time criticality, life-and-death decisions at their most extreme. [...] It's also the place where it's critical to know the allergies, drug regimes, and co-morbidities of patients who are quite often not in a fit state to communicate reliably. Administering a drug to a patient who is hyper-sensitive to it for one reason or another can result in death. > And it implies that one goal of the system, in it's first iteration, is > support emergency room decisions. [...] Ambitious, but pretty much doomed > to failure if it's anything more complicated than a decal. Well no, I was suggesting that as an example of a system which would be achievable and useful in practice, not as the first iteration of some grand ediface. > More to the point it is not a broadly useful thing to support. The vast > majority of medical providers are not emergency room staff. The vast majority > of patients are not in emergency rooms. Precisely! The vast majority of patients are able to converse with their doctors, usually in a practice they've been going to for years, and MHRecord is then just more paperwork. > I think there are probably better candidates, but we are seriously jumping > the gun. There are much higher-level aims that need to be defined. I reckon > a good guiding light would be "to directly improve the health outcomes of > people receiving medical treatment in Australia". That would shut out all the > crap about law enforcement, the ATO, Centrelink and commercial interests. That wouldn't cut out the crap. The ATO, Centrelink, and the police are attracted to MHRecord because of the honey-pot of other information it might contain about individuals. The only way to guarantee to eliminate that problem is to eliminate the honey-pot. Of course we might do it by rigorously enforcing access restrictions, but then we get a politician like Peter Dutton... > Complex systems need to be described in very simple terms at the top. Yes, but there's a direct relationship between the very simple description and the number of vested interests, ideas about system objectives, and committee sizes bought to bear on implementation, and of course on the final cost of the resulting monument. Cheers! David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
> On 12 Nov 2018, at 11:02, David wrote: > >> On Sunday, 11 November 2018 22:24:30 AEDT Karl Auer wrote: >> >> The emergency room scenario is freighted with emotion, unstated >> expectations, time criticality, life-and-death decisions at their most >> extreme. [...] > > It's also the place where it's critical to know the allergies, drug regimes, > and co-morbidities of patients who are quite often not in a fit state to > communicate reliably. Administering a drug to a patient who is > hyper-sensitive to it for one reason or another can result in death. Might there not be a simpler way to record this information then, say in the Medicare chip? That way, most of the privacy issues will have gone away and the critical info will be available. For those who don't have their chip or who can't communicate at the time, the issues remain as now. When drugs change, the Dr/Pharmacist just uploads the amended info into the Medicare chip. BobJ --- Dr Bob Jansen Turtle Lane Studios Pty Ltd 122 Cameron St, Rockdale NSW 2216, Australia Ph (Korea): +82 10-4494-0328 Ph (Australia) +61 414 297 448 Resume: http://au.linkedin.com/in/bobjan Skype: bobjtls KakaoTalk: bobjtls http://www.turtlelane.com.au In line with the Australian anti-spam legislation, if you wish to receive no further email from me, please send me an email with the subject "No Spam" ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
"The emergency room scenario is freighted with emotion, unstated expectations, time criticality, life-and-death decisions at their most extreme. It might be politically exciting to announce, but in practice a new system will only add to the load on THE most adrenalin-pumped, overworked, pressured and tired health professionals in the business. And being new it will probably let them down. It is NOT a good candidate for a first excursion into a workable health record :-) " Maybe you should go talk to an ED doctor. As a matter of fact, a fair amount of time is lost in EDs trying to deduce information that would be in the current version of the health record, like preexisting conditions and drugs the patient is currently taking. (Or the absence of comorbidities.) This loss time will result harm and death both for the patients themselves and coincidentally to the other people they could be treating. Obviously, if you're are a 20 year old who has slammed into tree while mountain biking you probably don't have anything significant in a health record. However, if you are an 85 year old female you probably do. When you are dragged into ED the people treating you want to know your history and they will put a fair bit of time and effort into finding out. When you go back to your GP she will want to know what happened, whether there were any diagnoses and importantly what ongoing drug etc treatments you have been given that they need to take into account in your ongoing treatment. Do you care about these frequent flyers (the big health care users) or or do you only care about yourself or your kind of people? Younger males are typically less concerned about their health and way more likely to be attracted to libertarian arguments. Apparently testosterone related. Have you noticed? What beats me about this current moral panic is the uninformed flippant denial of the big positives of the shared health record. It's like listening global warming deniers arguing that there are too many cold mornings. It all about you, is it? This sort of government initiative, eg, mandatory seat belts, anti-smoking, etc - has a long history of people obsessing about what are actually quite minor risks and inconveniences compared to being incapacitated or dead. Personally, I'm quite happy to put up with a small risk of my health care information being hacked, if it improves my health outcomes, or even (get this!) if it improves the health outcomes for someone's 85 year old granny who I don't even know. Or even if it contributes to the health care of people I don't know who aren't born yet. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 12/11/2018 11:52 AM, Jim Birch wrote: > What beats me about this current moral panic is the uninformed flippant > denial of the big positives of the shared health record. Are you aware that when you get a myhr it will be pretty empty and history will not be uploaded? (I'm quoting their little brochure) PBS data that is uploaded automatically might give some indication of medical problems, but the gap between script and reality can be significant. Why have you been prescribed something? Have you been taking it? How much have you been taking? Why is the government building a real time prescription monitoring system if myhr is so good? There's just too many questions, even after six years. BTW, only about 20-25% of existing registered users have a shared health summary - which may or may nor be accurate or complete. When 17million more are added that will drop immediately to about 9% Most of the data in a myhr will be old and unreliable, assuming there's any there in the first place. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 12/11/2018 12:26 PM, Bernard Robertson-Dunn wrote: BTW, only about 20-25% of existing registered users have a shared health summary - which may or may nor be accurate or complete. When 17million more are added that will drop immediately to about 9% Most of the data in a myhr will be old and unreliable, assuming there's any there in the first place. That's a valid point, too. What is the life cycle of health information? What is relevant when you're 2 versus when you're 13 (puberty, folks), 18 (majority), middle aged and then older? Do records fall off the back end once you reach an age? Which information is valuable at which stage? When you end up with a (guessing) 5000 page PDF health record, what does the provider need to pay attention to? How do they find it? Just a collection of data is useless if it's not accurate (which some of it clearly is not), valid for the question, and undiscoverable. Too many questions/problems to trust this thing blindly, leaving aside the privacy and confidentiality problems. Jan -- Melbourne, Victoria, Australia jw...@janwhitaker.com Twitter: @JL_Whitaker Blog: www.janwhitaker.com Sooner or later, I hate to break it to you, you're gonna die, so how do you fill in the space between here and there? It's yours. Seize your space. ~Margaret Atwood, writer _ __ _ ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
"The vast majority of patients are able to converse with their doctors, usually in a practice they've been going to for years, and MHRecord is then just more paperwork" The vast majority of patients are unable to reliably convey diagnoses, whether they corpus mentus or not. They can usually converse about their symptoms but patients with reliable memory of explicit diagnoses are atypical. This may not apply equally young educated middle class people. Do you serious expect a 70 year old with multiple comorbidities who has just had a fall to remember all their conditions and allergies? "I have a heart condition" is a help, but the actual heart condition out of a couple of hundred is more useful. It may rule out therapies that are otherwise the best option. cf something we hear in IT: "There's something wrong with my computer." Jim Jim On Mon, 12 Nov 2018 at 11:04, David wrote: > On Sunday, 11 November 2018 22:24:30 AEDT Karl Auer wrote: > > > The emergency room scenario is freighted with emotion, unstated > expectations, time criticality, life-and-death decisions at their most > extreme. [...] > > It's also the place where it's critical to know the allergies, drug > regimes, and co-morbidities of patients who are quite often not in a fit > state to communicate reliably. Administering a drug to a patient who is > hyper-sensitive to it for one reason or another can result in death. > > > And it implies that one goal of the system, in it's first iteration, is > support emergency room decisions. [...] Ambitious, but pretty much doomed > to failure if it's anything more complicated than a decal. > > Well no, I was suggesting that as an example of a system which would be > achievable and useful in practice, not as the first iteration of some grand > ediface. > > > More to the point it is not a broadly useful thing to support. The vast > majority of medical providers are not emergency room staff. The vast > majority of patients are not in emergency rooms. > > Precisely! The vast majority of patients are able to converse with their > doctors, usually in a practice they've been going to for years, and > MHRecord is then just more paperwork. > > > I think there are probably better candidates, but we are seriously > jumping the gun. There are much higher-level aims that need to be defined. > I reckon a good guiding light would be "to directly improve the health > outcomes of people receiving medical treatment in Australia". That would > shut out all the crap about law enforcement, the ATO, Centrelink and > commercial interests. > > That wouldn't cut out the crap. The ATO, Centrelink, and the police are > attracted to MHRecord because of the honey-pot of other information it > might contain about individuals. The only way to guarantee to eliminate > that problem is to eliminate the honey-pot. Of course we might do it by > rigorously enforcing access restrictions, but then we get a politician like > Peter Dutton... > > > Complex systems need to be described in very simple terms at the top. > > Yes, but there's a direct relationship between the very simple description > and the number of vested interests, ideas about system objectives, and > committee sizes bought to bear on implementation, and of course on the > final cost of the resulting monument. > > Cheers! > David L. > > ___ > Link mailing list > Link@mailman.anu.edu.au > http://mailman.anu.edu.au/mailman/listinfo/link > ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
BobJ: Might there not be a simpler way to record this information then, say in the Medicare chip? You really expect a frangible, easily-misplaced solution to work reliably? What do you do when you lose your card, or cook it? Go around to to the 5, 10, 20... health care providers you have seen in the last three years and request a re-download? Or do you periodically save it's contents in your dropbox? The security of the card creates a similar set of risks to access to the repository. Who can access it, what security protocols, etc, etc. Much smarter would be to drop the perfect security fetish. Jim On Mon, 12 Nov 2018 at 11:49, Dr Bob Jansen wrote: > > On 12 Nov 2018, at 11:02, David wrote: > > > >> On Sunday, 11 November 2018 22:24:30 AEDT Karl Auer wrote: > >> > >> The emergency room scenario is freighted with emotion, unstated > expectations, time criticality, life-and-death decisions at their most > extreme. [...] > > > > It's also the place where it's critical to know the allergies, drug > regimes, and co-morbidities of patients who are quite often not in a fit > state to communicate reliably. Administering a drug to a patient who is > hyper-sensitive to it for one reason or another can result in death. > > Might there not be a simpler way to record this information then, say in > the Medicare chip? That way, most of the privacy issues will have gone away > and the critical info will be available. For those who don't have their > chip or who can't communicate at the time, the issues remain as now. When > drugs change, the Dr/Pharmacist just uploads the amended info into the > Medicare chip. > > BobJ > --- > Dr Bob Jansen > Turtle Lane Studios Pty Ltd > 122 Cameron St, Rockdale NSW 2216, Australia > Ph (Korea): +82 10-4494-0328 > Ph (Australia) +61 414 297 448 > Resume: http://au.linkedin.com/in/bobjan > Skype: bobjtls > KakaoTalk: bobjtls > http://www.turtlelane.com.au > > In line with the Australian anti-spam legislation, if you wish to receive > no further email from me, please send me an email with the subject "No Spam" > > ___ > Link mailing list > Link@mailman.anu.edu.au > http://mailman.anu.edu.au/mailman/listinfo/link > ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 12/11/2018 1:17 PM, Jim Birch wrote: > The vast majority of patients are unable to reliably convey diagnoses, > whether they corpus mentus or not. They can usually converse about their > symptoms but patients with reliable memory of explicit diagnoses are > atypical. > > This may not apply equally young educated middle class people. Do you > serious expect a 70 year old with multiple comorbidities who has just had a > fall to remember all their conditions and allergies? "I have a heart > condition" is a help, but the actual heart condition out of a couple of > hundred is more useful. It may rule out therapies that are otherwise the > best option. cf something we hear in IT: "There's something wrong with my > computer." Totally agree. The issue is that MyHR doesn't help in this situation. Access to the patient's real medical records (which is becoming more frequent and at a much lower cost and risk) is what would be better, not some badly curated mess. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Bernard Robertson-Dunn wrote: > On 12/11/2018 11:52 AM, Jim Birch wrote: > > Are you aware that when you get a myhr it will be pretty empty and > history will not be uploaded? Of course. Are you aware that when you buy a house it is not full of furniture and homely memories? > PBS data that is uploaded automatically might give some indication > of medical problems, but the gap between script and reality can be > significant. > Absolutely. And the seatbelts that were introduced in the 1960 would not cut it today - too dangerous. Does that mean they should not have been introduced. No, they were an improvement. This whole argument is a bit wonky. Do you want the health system we have now, the one we had a 50 or a hundred years ago? I don't want either. I want the world that continuously improves not the one that is perfect. I would ideally like to be treated by the health system of two centuries in the future and the sooner we get there the better. I certainly would prefer the MyHR that's been running for a few decades and has complete and reliable information but there is only one way to get there. I just don't get this end of history thing. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 11/11/2018 11:48, David wrote: He revealed that medical information (other than a summary of any allergies?) isn't held in a structured database but is a collection of PDF documents! Can you imagine a patient lying unconscious in ED while a doctor makes a cup of coffee and settles down to plow through them? Off Topic: using your MYHR account as a personal cloud document storage. Imagine scanning in old photos as PDF and uploading into myhr, saving other non-health related documents... who's checking the validity of what's uploaded? -andyf ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Mon, 2018-11-12 at 13:40 +1100, Jim Birch wrote: > Much smarter would be to drop the perfect security fetish. No-one is demanding "perfect security". They are demanding *some* security. The current model appears to have been designed by a complete fool, OR by someone who wanted to actively prevent people from being able to protect themselves - starting with the change from opt-in to opt-out. Not am I saying there are no benefits. I'm just saying that the touted benefits are modest *at best*. I have yet to hear one that is even a little convincing. And all are far outweighed by the frankly almost unbelievable lack protection for the data. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 12/11/2018 2:01 PM, Jim Birch wrote: > Bernard Robertson-Dunn wrote: > > On 12/11/2018 11:52 AM, Jim Birch wrote: > > > > Are you aware that when you get a myhr it will be pretty empty and > history will not be uploaded? > > > Of course. Are you aware that when you buy a house it is not full of > furniture and homely memories? That would be dishonest. Rather like the government claiming that "My Health Record is an on-line summary of your health information". Not, could be; not, could become; not, only if you see your GP and authorise them to be your representative, but IS. > > > PBS data that is uploaded automatically might give some indication > of medical problems, but the gap between script and reality can be > significant. > > > Absolutely. And the seatbelts that were introduced in the 1960 would > not cut it today - too dangerous. Does that mean they should not have > been introduced. No, they were an improvement. > > This whole argument is a bit wonky. Do you want the health system we > have now, the one we had a 50 or a hundred years ago? I don't want > either. I want the world that continuously improves not the one that > is perfect. I would ideally like to be treated by the health system > of two centuries in the future and the sooner we get there the > better. I certainly would prefer the MyHR that's been running for a > few decades and has complete and reliable information but there is > only one way to get there. I agree, but myhr isn't the way of the future. All it is is a very bad document management system with no smarts and huge costs and risks. The problems in healthcare are not about records. I saw an advert for an international conference recently that was all about clinical medicine of the future. Not a single mention of medical or health records. It's all about better data acquisition, analysis and diagnosis followed by more targeted treatment, not just symptoms and risk reduction, which is what most of today's clinical medicine is. > I just don't get this end of history thing. It's the end of history, because there are better ways than the old ways. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Over the past 2 years I've experienced professionals in the health system at their most impressive. Two surgeons, three oncologists, two gastroenterologists, two GPs, one hematologist, four hospitals as inpatient, three different hospital EDs, many pathologists, and more. I soon found that not one of them had records that gave anything like a complete story, so I collected records from all of them and created my own complete set chronologically, on paper, now in four manilla folders and a 5th folder dedicated to 28 scans (PET,MRI,Xray etc). None of the records was or is on My Health. My ED experiences are all related to infections not accident trauma or the like so I am sufficiently alert to be able to take the latest folder with me which the doctors always grab with glee. The folder has an inside cover summary of conditions and treatments with specialists names etc. A short version is in my wallet with my driving licence which as a 76 yrs old I'm required by law (Qld) to always carry when driving. Questions I've pondered are whether paper is superior in my circumstances to a digital copy, what information is critical, and how best to present it. My experience is that the information on paper has been immediately accessible under all of the circumstance when it has been useful, more so that if it were in digital format (stored on what?). Keeping the information up-to-date is a matter of discipline, not means. I believe My Health is a good idea badly designed and implemented, and until it is made reliable and is universally used then I have to take responsibility for maintaining my own records and making them available when needed. Admittedly a simple solution for a pedantic, somewhat aspergic retired IT grumpy with librarianship experience. It's not privacy of my information that concerns me, it's whether it's complete, up-to-date, and easily accessed. Mike Shearer Townsville On 12/11/18 10:52 am, Jim Birch wrote: "The emergency room scenario is freighted with emotion, unstated expectations, time criticality, life-and-death decisions at their most extreme. It might be politically exciting to announce, but in practice a new system will only add to the load on THE most adrenalin-pumped, overworked, pressured and tired health professionals in the business. And being new it will probably let them down. It is NOT a good candidate for a first excursion into a workable health record :-) " Maybe you should go talk to an ED doctor. As a matter of fact, a fair amount of time is lost in EDs trying to deduce information that would be in the current version of the health record, like preexisting conditions and drugs the patient is currently taking. (Or the absence of comorbidities.) This loss time will result harm and death both for the patients themselves and coincidentally to the other people they could be treating. Obviously, if you're are a 20 year old who has slammed into tree while mountain biking you probably don't have anything significant in a health record. However, if you are an 85 year old female you probably do. When you are dragged into ED the people treating you want to know your history and they will put a fair bit of time and effort into finding out. When you go back to your GP she will want to know what happened, whether there were any diagnoses and importantly what ongoing drug etc treatments you have been given that they need to take into account in your ongoing treatment. Do you care about these frequent flyers (the big health care users) or or do you only care about yourself or your kind of people? Younger males are typically less concerned about their health and way more likely to be attracted to libertarian arguments. Apparently testosterone related. Have you noticed? What beats me about this current moral panic is the uninformed flippant denial of the big positives of the shared health record. It's like listening global warming deniers arguing that there are too many cold mornings. It all about you, is it? This sort of government initiative, eg, mandatory seat belts, anti-smoking, etc - has a long history of people obsessing about what are actually quite minor risks and inconveniences compared to being incapacitated or dead. Personally, I'm quite happy to put up with a small risk of my health care information being hacked, if it improves my health outcomes, or even (get this!) if it improves the health outcomes for someone's 85 year old granny who I don't even know. Or even if it contributes to the health care of people I don't know who aren't born yet. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 12/11/2018 2:45 PM, Andy Farkas wrote: > On 11/11/2018 11:48, David wrote: >> He revealed that medical information (other than a summary of any >> allergies?) isn't held in a structured database but is a collection >> of PDF documents! Can you imagine a patient lying unconscious in ED >> while a doctor makes a cup of coffee and settles down to plow through >> them? >> > > Off Topic: using your MYHR account as a personal cloud document storage. > > Imagine scanning in old photos as PDF and uploading into myhr, saving > other > non-health related documents... who's checking the validity of what's > uploaded? You can't just upload pdfs The only thing you can do is fill in a Personal Health Summary, which is a sort of replication of the Shared Health Summary that a GP can upload. It lets you record allergies/adverse reactions and medication. Something the government doesn't talk about much is that you can't put access controls on either of these documents. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Hi Jan There are three basic reasons for having a shared health record 1. To help the patient by treating their conditions. Primary benefit goes to the patient. 2. To help the health system: to make the system more efficient, basically to treat more people and/or treat them better at the same budget. 3. To aid medical research. As befits our narcissistic times, the debate is basically around item 1, ie. ME (Multiple exclamation marks intended.) What are my benefits v my risks, etc. If you're promoting the system, you promote the benefits to the individual; if you're against it, you deny that there are any benefits and talk about the risks. Item 2 is the one that influences the government. It indirectly affects us all who pay taxes or receive the benefits of taxes because we pay less tax, or get better healthcare, or we can get something else. Healthcare costs are rising faster than most other costs to a significant degree because we are treating more things, better. Medicine is empirically better than it was two decades ago. Healthcare is already a major government budget item and if the rise continues it will become the major budget item. I'm pretty ok with this. Healthcare is basically good, ie, more diseases cured or better managed, statistically means longer happier lives. However, because it is such a big ticket item we want it to be as efficient as practicable. In practice arguing for efficient use taxation is boring accountancy stuff and doesn't get much of a run, except for the periodic shock/horror value of some bit of government profligacy. Item 3 is actually the deep benefit, the one we should be considering if we are interested future generations as well as ourselves. Suppose everyone decided a thousand years ago to forego 1% annual growth for an easier life, or because change was disturbing, or whatever, we would now be nearly as poor as the average person was a thousand years ago. Thing weren't too good by current standards. Sure there weren't problems with plastic bags, but there was a lot of starvation and the chance of a kid making it to age 10 was about 50%. Improvement is medicine operate in a similar way, it is cumulative. If you're concerned about not leaving a planet decimated by global warming you should also be concerned about creating better medicine. Currently there are there are a lot of treatments that don't have an established benefit case. The gold standard in clinical trials is currently the randomised control trial. They are difficult to set up and cost a lot. The usual problem is getting enough numbers from the available budget to get a statistically significant result. The big data approach that a common shared health record provides is a way around this. It won't give the same information as an RCT but it has great potential. Once the system gets going we have a n=2500 natural experiment running. Medical researchers are rubbing their hands. Back to your original question on how long is medical history useful. Purpose 1: Short term if you get better, longer as a managed condition. Purpose 2: Longer term, it allows treatment of the population to be optimised for the available resources. Including people who haven't got the disease yet. Purpose 3: Forever, well, almost. These are actually lifetime longitudinal studies in large numbers. And the benefit is not just to us but to future generations because medical knowledge is not consumed (like medical treatments) it is a persistent good which accumulates. Purpose 3 is actually the big net benefit for everyone now and in the future but it is slow and impersonal. It's the hardest to get people to think about. You probably won't die of global warming; you won't be probably saved be saved by medical knowledge generated from medical records but there will be incremental improvements in treatments that accumulate. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Monday, 12 November 2018 15:26:09 AEDT Bernard Robertson-Dunn wrote: > I agree, but myhr isn't the way of the future. All it is is a very bad > document management system with no smarts and huge costs and risks. It's not even a document-management system as far as I can tell, it's more of a badly designed drop-box. > The problems in healthcare are not about records. I saw an advert for an > international conference recently that was all about clinical medicine of the > future. Not a single mention of medical or health records. > > It's all about better data acquisition, analysis and diagnosis followed by > more targeted treatment, not just symptoms and risk reduction, which is what > most of today's clinical medicine is. MHRecord seems to have been "designed" by a committee with little collective understanding of the current practice of medicine in its various contexts. The fact patient information is held as a collection of PDFs and system security is non-existent suggests there hasn't been any IT&C expertise either. No wonder there's apparently no publicly documented Systems Requirements Specification or System Architecture. However ATO, Centrelink, the police, and others have access to MHRecord. Why? That strongly suggests the real aim is to spy on citizens, and if there's a residual health benefit, it's incidental. Was the system designed by Peter Dutton's office (:-)? Perhaps Labor should try to flush out whatever justification exists for our $1B expenditure, and then we can all see its proposed justification. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Monday, 12 November 2018 17:06:42 AEDT Jim Birch wrote: > Back to your original question on how long is medical history useful. > > Purpose 1: Short term if you get better, longer as a managed condition. > Purpose 2: Longer term, it allows treatment of the population to be optimised > for the available resources. [...] > Purpose 3: Forever, well, almost. These are actually lifetime longitudinal > studies in large numbers. [...] They're fine wish-list objectives. But the problem with MHRecord lies in it's unknown objectives, and poor implementation based on what we assume. Longitudinal studies have to be reasonably well-controlled to be reliable, and a collection of random PDFs is unlikely to cut it. That applies to (2) as well, since it's an application of (3) if I read you correctly. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Sun, Nov 11, 2018 at 1:15 PM David wrote: > > People have until next Thursday (or will it be Wednesday?) to opt out. > Well, it just took me 43mins on the phone to opt out after the website wouldn't work for me... And they have the *most* infuriating on hold noise I can come up with. Someone send me a cure for the morbid despair it has driven me to... -- Narelle narel...@gmail.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Perhaps of interest, an American doctor’s perspective .. “Sometimes, before I interview new patients, while I’m waiting for them to be transported from the emergency department to the medical floor, I play a game. I look through their lab tests. I peruse their imaging studies. I read other doctors’ notes and recent discharge summaries. Then I guess what the diagnosis is. I know this is bad. It goes against most of what I learned about good doctoring in medical school — that the patient’s story is the core of medicine, that it’s essential for accurate diagnoses and therapeutic relationships. It can also be dangerous. When I interview patients, I often find their medical charts are littered with inaccuracies. It’s one reason “read it in my chart” isn’t a good way for patients to communicate health information — or for doctors to learn it. “I noticed you’re scheduled for surgery next week,” I say to one patient. “I had that surgery three months ago,” he responds. “So you don’t have diabetes?” I ask another, perplexed. I see “diabetes” clearly indicated in her chart. “No! Why does everyone keep asking me that?” she exclaims, exasperated. When I read a patient’s electronic health record, I now assume what’s written there is as likely to be wrong or outdated as it is to be accurate. Sometimes these discrepancies are minor and inconsequential; sometimes they can be devastating. And unlike what happens in Vegas, what’s written in your medical record often stays with you forever. One study found that there’s complete agreement between medications listed in the electronic health record and what patients actually take only in about 5 percent of patients. Another study found that 43 percent of medications listed in the electronic health record were inaccurate — with 29 percent having been stopped and 14 percent changed. Many allergies and adverse drug reactions aren’t recorded. Research from the Veterans Health Administration found that 60 percent of patient records had at least one error. From 2013 to 2014, the percentage of lawsuits related to electronic health record issues doubled and is expected to rise. The ease with which doctors can copy and paste the information in a medical record can be one source of error — as well as a potent source of “note bloat”: notes so filled with extraneous information that you have to scroll through pages and pages of nonsense to find anything useful. Almost all doctors use the copy-paste function when writing notes, and by some estimates between half and three-quarters of daily notes are copied text. There are advantages: Forwarding text for stable patients can be safe and efficient — and a majority of doctors believe it doesn’t hurt patients. But, if not done carefully, it can perpetuate false or outdated material. Another problem is that large amounts of patient information are now automatically imported into patient notes. Cognitively, it’s a very different experience searching for, confirming and personally recording aspects of a patient’s history than it is reviewing what’s auto-populated into your note. In some cases, one can “write” an entire note simply by clicking a few boxes to indicate the duration and frequency of a patient’s symptoms — essentially the same way you fill in a Mad Libs template What can get lost in all this is the patient’s story. Eliciting, distilling and communicating an account of what’s happened in a person’s life are skills that are vital for all doctors, but especially for doctors in training still learning to care for patients. Gathering and sharing a patient’s story offers the fullest sense of who a patient is as a human being, why he might have received this treatment, for example, and not that one, and what the best course of action might be going forward. We now spend two hours a day reporting quality measures, but what needs to be mandatory in the age of digitalization is the art of story gathering and storytelling. One solution may be to encourage more patients to read their medical records. Doctors may be motivated to write more thoughtful and accurate notes if they know their patients will be reading them. While patients have had the right to access their medical records since 1996, when the Health Insurance Portability and Accountability Act was enacted, and the right to electronic copies since 2009, most patients never see their charts. Research suggests that only about 40 percent of patients are offered online access to their medical records. Of those given access, only half choose to view them — but 80 percent of those who do find it useful. A quarter of patients remain unaware of their right to an electronic copy of their medical records. But patients who frequently access their medical records may be more motivated to take control of their health — and in a better position to correct outdated or erroneous information. The federal government recently released g
Re: [LINK] The "health" record security model
On Mon, 12 Nov 2018 at 17:28, David wrote: It's not even a document-management system as far as I can tell, it's more > of a badly designed drop-box. > I don't quite understand what you're saying here. It is a document management system as a matter of fact because it actually manages documents. However, it has quite different objectives to most document management systems that you may or may not be familiar with. Basically it presents a few views of a single patient's records. It doesn't need all the usual classification and searching stuff. It doesn't choose what is relevant that's up to the medical practitioner. > MHRecord seems to have been "designed" by a committee with little > collective understanding of the current practice of medicine in its various > contexts. The fact patient information is held as a collection of PDFs and > system security is non-existent suggests there hasn't been any IT&C > expertise either. No wonder there's apparently no publicly documented > Systems Requirements Specification or System Architecture. > "designed" or designed? I guess you prefer the pejorative. by a committee? Do you think it should be designed by an individual or is this just a random pejorative thrown in. "with little collective understanding of the current practice of medicine in its various contexts." Less than you? Seriously? Records are one of fundamental pillars of medicine, historically, now and into the future. A massive amount of work went into this system. It's a big projects. Big projects have problems. That's normal. The project has multiple conflicting design objectives that have to be wrangled out and compromises reached. That's normal. I'm 100% sure that this project could have been better managed. The fact that you poo-poo it doesn't prove a lot. Be specific. What are your improved design element? > However ATO, Centrelink, the police, and others have access to MHRecord. > Why? That strongly suggests the real aim is to spy on citizens, and if > there's a residual health benefit, it's incidental. "Real aim is to spy on citizens" "incidental residual health benefit" Hello? You have completely departed from reality. This is paranoid. Do you really believe that there is a cabal of evil men sitting somewhere in Canberra designing a health record system just so they can control the country via access to people's health records? How [expletive deleted] does that work? These are your health records! What are they going to do: send you spiteful emails about your arthritic elbow to make you vote liberal? Make the flu punishable with a two year jail term? Please explain how that might work in actual harms and actual mechanisms. It sounds completely insane to me. That fact that you can say things like that and expect to be taken serious says something about the mythological dimension of this debate, to me, at least. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Tue, 2018-11-13 at 09:32 +1100, Jim Birch wrote: > What are your improved design element? How often do we have to point them out? 1: Uploaded documents should be inaccessible by default (except to the user) 2: The user should be able to upload any document. 3: The user should be able to permanently delete any document 4: Others should be unable to delete any document 5: People uploading or accessing documents should be individually identified And these should be attributes of a coherent approach; I'm aware that each has implications to be dealt with. The legislative changes needed are huge, and even then cannot really address the intractable problem of all this data being centralised. > does that work? These are your health records! What are they going > to do: send you spiteful emails about your arthritic elbow to make > you vote liberal? Make the flu punishable with a two year jail > term? Please explain how that might work in actual harms and actual > mechanisms. There will be close to a million people with essentially anonymous read/write access to this system. Systemic abuse is almost a certainty. That means blackmail opportunities for a start. For Government abuse, look no further than Alan Tudge using Centrelink information to attack a citizen; and that was a pretty tame case. In security, you don't fart about with what people *say* the system can do, or what the system is *intended* to do. You look at what the system CAN do, and plan around that. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
David wrote: But the problem with MHRecord lies in it's unknown objectives Please explain what you imagine these "unknown objectives" might be in concrete language and how they might hurt me. It sound very like fairies at the bottom on the garden talk. Sorry, goblins. > Longitudinal studies have to be reasonably well-controlled to be reliable, > and a collection of random PDFs is unlikely to cut it. Longitudinal studies are not actually controlled studies, they're different. I'm not 100% sure what sense you are using the word "random" here unless it is just a generalized pejorative. The data in MyHR is not complete. However, completeness is rare in experimental data sets in medical science, and in science generally. A slew of statistical methods has been developed to deal with incomplete data sets. Google and Facebook have been incredibly economically successful working with incomplete data sets, however, their primary objective is to sell stuff, not improve population health. Big data has been incredibly successful in lots of areas and there is no good reason to think it won't work in health science - or health economics. As a matter of fact, big data is already being used successfully in health, go look. PDFs also appears to be a pejorative term here. Just so you or anyone still tuned in knows, I'll explain it: The basic reasons why PDFs were used is that it is the existing system. Doctors look at text records. It is what thousands of bits of healthcare software in hospitals and labs produce. It's the format that gets checked and approved. Ideally, from an abstract data perspective at least, health records would use some kind of structured xml-like format, clearly and unambiguously. There are two primary problems; the scale of change on the source side, and, creating the data standards. There is no unified common standard for naming medical symptoms or diagnoses. Names change from place to place. Standardisation requires doctors to change the names of their diagnoses. Similarly, medical testing is done differently from place to place using different standards and different equipment. It is often annotated to indicate problems with a sample or an interpretation. The process has multiple checks to ensure reliability, culminating in check and sign off of the final text by a senior clinician. The clinician does not sign off an xml data set and they would be rightfully wary of having their signoff to an xml dataset. There are ongoing moves to standardisation and abstraction of data from presentation but these are slow and careful processes that will take years. We are stuck with PDFs for some time. Do PDFs present a problem for researchers? Yes. Do they think they can handle it? Yes. If Google can reliably determine street numbers in all kinds of formats from photos, extracting a particular data element from a PDF blood test will be relatively easy. The data doesn't have to be perfect; real world datasets are not perfect. What researchers are excited by is the numbers. Rather than running an expensive longitudinal study or RCT over a few hundred participants that struggles to achieve statistical significance they are looking at the n=100 000 or 5 000 000 real world trials. The data is of course different, weaker in many respects but stronger in others. Meshing epidemiological studies with trails is normal in medical science but we can expect to see more good epidemiological studies. Epidemiological studies are highly regarded in medical science for very good reasons that I won't go into but you can check this if you are interested. Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Tuesday, 13 November 2018 10:52:20 AEDT Jim Birch wrote: > David wrote: > But the problem with MHRecord lies in it's unknown objectives > Please explain what you imagine these "unknown objectives" might be in > concrete language and how they might hurt me. It sound very like fairies at > the bottom on the garden talk. Sorry, goblins. The complete sentence read: "But the problem with MHRecord lies in it's unknown objectives, and poor implementation based on what we assume." That was intended to be interpreted as: "But the problem with trying to discuss MHRecord lies in the fact that we do not know its formal objectives (i.e. as specified in its System Requirements document), and its apparently poor implementation is based on the objectives we assume." Sorry for the confusion... David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Tue, 2018-11-13 at 10:52 +1100, Jim Birch wrote: > David wrote: > > But the problem with MHRecord lies in it's unknown objectives > > Please explain what you imagine these "unknown objectives" might be > in concrete language and how they might hurt me. Can you genuinely not see how misuse of medical information might hurt you, or how a Government might wish to use it for purposes that we the population may not want or approve of? If you genuinely cannot, then say so and we will try to elucidate. But I fear you are being rhetorically obtuse. Here's what I said to Stephen Duckett. I think it accurately states why I and many others fear that there are hidden/unstated and dangerous objectives behind MHR system: "Forgive my cynicism, but when a good way of achieving an objective is persistently ignored in favour of a much, much worse way that coincidentally is a really good way to achieve a bunch of other unrelated things, the suspicion must arise that the real objective has not been shared." Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Karl Auer Can you genuinely not see how misuse of medical information might hurt > you, or how a Government might wish to use it for purposes that we the > population may not want or approve of? If you genuinely cannot, then > say so and we will try to elucidate. But I fear you are being > rhetorically obtuse. > I'm not being rhetorically obtuse. I want explicit information: risks, likelihood estimates. The reason I ask is I believe that this argument is taking place in a mythological zone where the government is some kind weird evil entity single mindedly set on subjugation of the good people of the land. That's a silly narrative, even if it is currently a standard part of the groupthink. Australia regularly does well on independent quality of government indexes, eg, http://info.worldbank.org/governance/wgi/#reports. If you are seriously running a narrative that Australia is an evil state, check out the competition. I previously ask for an example of harm enabled through too much government information and got the Stolen Generation. Is that realistic? Should the government abrogate child protection because that requires information? Or was the stolen generation more realistically a result of racist attitudes of both the government, and the populace, at the time? My approach to this would be to ask for solid quantifiable facts. So what explicit risks do you see? How likely? How serious is the harm? (Most importantly from my point of view how does it weigh up the the potential benefits of the shared health record but as you have claimed that benefits are nonexistent or negligible we can leave that out for now.) I'm hearing what appear to me to be a lot of lot of fluffy and unsubstantiated claims around here. One - or both of us - are off the rails. I don't have a problem changing my mind but I need evidence not narratives. A list of what you think are actual risks with a real chance of happening would help. Jim > > Here's what I said to Stephen Duckett. I think it accurately states why > I and many others fear that there are hidden/unstated and dangerous > objectives behind MHR system: > > "Forgive my cynicism, but when a good way of achieving an objective is > persistently ignored in favour of a much, much worse way that > coincidentally is a really good way to achieve a bunch of other > unrelated things, the suspicion must arise that the real objective has > not been shared." > > Regards, K. > > -- > ~~~ > Karl Auer (ka...@biplane.com.au) > http://www.biplane.com.au/kauer > http://twitter.com/kauer389 > > GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 > Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A > > > ___ > Link mailing list > Link@mailman.anu.edu.au > http://mailman.anu.edu.au/mailman/listinfo/link > ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 13/11/2018 3:16 pm, Jim Birch wrote: > My approach to this would be to ask for solid quantifiable facts. So what > explicit risks do you see? How likely? How serious is the harm? (Most > importantly from my point of view how does it weigh up the the potential > benefits of the shared health record but as you have claimed that benefits > are nonexistent or negligible we can leave that out for now.) > > I'm hearing what appear to me to be a lot of lot of fluffy and > unsubstantiated claims around here. I agree, which is why I'm advocating the clinical medical profession treat My Health Record as they would any other proposed protocol, procedure or treatment. The government needs to have its claims validated by independent researchers. RCT may be difficult but there are other approaches. However, one of the problems is that the government never seems to have made any statements about total costs and or risks, so they are difficult to validate. The fact that many GPs don't seem to like it may well be due to them not believing the claims. See the poll at the bottom of this https://www.doctorportal.com.au/mjainsight/2018/44/why-is-the-my-health-record-question-so-difficult/ My Health Record: staying in or opting out? Opting out (73%, 284 Votes) Staying in (27%, 103 Votes) Total Voters: 387 And this one from July, after they published one of my papers https://www.doctorportal.com.au/mjainsight/polls/?poll_page=3 My Health Record will improve patient outcomes Strongly disagree (41%, 159 Votes) Disagree (26%, 102 Votes) Neutral (15%, 59 Votes) Agree (10%, 38 Votes) Strongly agree (8%, 31 Votes) Total Voters: 389 I know it may not represent just GPs but it is a consistent number in multiple MJA polls And I did not vote, I have a myhr. -- Regards brd Bernard Robertson-Dunn Canberra Australia email: b...@iimetro.com.au web: www.drbrd.com web: www.problemsfirst.com ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On Tue, 2018-11-13 at 15:16 +1100, Jim Birch wrote: > I'm not being rhetorically obtuse. I want explicit information: > risks, likelihood estimates. Can you provide the same for the putative benefits? Come on - explicit information please! > The reason I ask is I believe that this argument is > taking place in a mythological zone where the government is some kind > weird evil entity single mindedly set on subjugation of the good > people of the land. Not at all. Th following is FACT: The plan is to: a) default all citizens into the database b) collect all the data in one place c) keep it there for a hundred years d) make it available to commercial interests e) provide warrantless access to law enforcement f) provide warrantless access to Government agencies g) provide NO control over their data to those citizens Doesn't any of that trigger your "what could possibly go wrong?" circuits? Given the enormous and frankly obvious risks that the above poses, any putative benefits had better be pretty bloody good. Sadly the pro lobby has yet to offer ANY clear examples of where this system would unambiguously improve the lot of Australians seeking medical help, and certainly no examples that even begin to outweigh the level of harm that the system *certainly can* and *probably will* cause. If I've missed one, do tell. The potential benefits as so far presented are nebulous and vague. The potential harms are starkly plausible and range from damage to some individuals right up to damaging entire classes of people. Some of the harms have already been seen with other systems - witness Alan Tudge's abuse of CentreLink data, and indeed the entire robodebt debacle. Hundreds of thousands of people will have read access to this system. Their access will in most cases be effectively anonymous. There is ZERO chance that they are all good people; some WILL misuse the data they have access to. As they already do in other contexts - witness recent stories about police giving out info from police databases. Our current Government, benign or not, has a poor track record of being able to secure or manage data. The Centrelink debacle, the Census debacle, the MHR system itself failing just because a lot of people wanted to opt out at the same time - all the way down to selling filing cabinets full of confidential papers. And is there anyone who doesn't have an ATO horror story of some stupid error that took a year to fix? Whether I love them or loathe them, I wouldn't trust the Austraklian Government with anything confidential of mine, and that's BEFORE you look at the potential for active misuse. > That's a silly narrative, even if it is currently a standard part > of the groupthink. Now who's being perjorative? For a start it's not a "narrative"; this is not some sort of political attempt to peddle a lie. I wouldn't care if this was invented by the left right or the middle, it's a bad, bad system for reasons I have clearly argued. If you don't like it, argue back, but don't put it down as "narrative" and "groupthink". > If you are seriously running a narrative that Australia is an evil > state, check out the competition. I'm not running any "narrative". But I think it is pretty stupid to put a tool that could all too easily be used for harm in the hands of every government for the next hundred years or more. > I previously ask for an example of harm enabled through too much > government information I don't see that it's about too much information per se. It's about the intimate nature of the information, the fact that it is all in one place and the fact the the people it is about, in the most intimate ways possible, have little to no control over the content. > My approach to this would be to ask for solid quantifiable facts. So > what explicit risks do you see? How likely? How serious is the > harm? I've given examples already. I've given more below. I'm tired of being asked for them. Respond to those. Preferably with an equally long list of equally likely benefits. And try to compare apples with apples. No amount of money saved or additional convenience for doctors outweighs a risk that leaves ruined lived behind. > (Most importantly from my point of view how does it weigh up the the > potential benefits of the shared health record but as you have > claimed that benefits are nonexistent or negligible we can leave that > out for now.) No, I have claimed that the potential benefits of the system, or at least those I have read about, do not outweigh the almost certain harms that it will bring. I don't count the benefits as negligible, but I do count them as lesser. But I absolutely concur that the system may bring some benefits. I just haven't heard of any very convincing ones yet. > I'm hearing what appear to me to be a lot of lot of fluffy and > unsubstantiated claims around here. Which is exactly how I feel about the pro camp! > A list of what you think are actual risks with a real > chance of
Re: [LINK] The "health" record security model
Jim, On Tuesday, 13 November 2018 15:16:33 AEDT Jim Birch wrote: > I'm hearing what appear to me to be a lot of lot of fluffy and > unsubstantiated claims around here. [...] A list of what you think are > actual risks with a real chance of happening would help. Many people, myself included, value privacy for its' own sake. If "the government" (including in this specific case ATO, Centrelink, AFP, state police forces, the Judiciary, et al) can monitor their citizen's detailed health history, then we're a short step from the Chinese Social Credit system where they know all that and much more, like Google. Knowledge is Power, as the Power Coaching College used to say. And when the government knows too much it will almost inevitably begin to control. Soon we'd find an Australian Social Credit system where the government begins to actively control what you can think and do. Do you want that? David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
On 13/11/2018 3:16 PM, Jim Birch wrote: I'm hearing what appear to me to be a lot of lot of fluffy and unsubstantiated claims around here. One - or both of us - are off the rails. I don't have a problem changing my mind but I need evidence not narratives. A list of what you think are actual risks with a real chance of happening would help. Jim Jim, do you have a relationship with ADHA? If so, what is it? I think it's right that the rest of us know what your potential biases are. Thanks, Jan -- Melbourne, Victoria, Australia jw...@janwhitaker.com Twitter: @JL_Whitaker Blog: www.janwhitaker.com Sooner or later, I hate to break it to you, you're gonna die, so how do you fill in the space between here and there? It's yours. Seize your space. ~Margaret Atwood, writer _ __ _ ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] The "health" record security model
Jim, On Tuesday, 13 November 2018 15:16:33 AEDT Jim Birch wrote: > I'm hearing what appear to me to be a lot of lot of fluffy and > unsubstantiated claims around here. [...] A list of what you think are > actual risks with a real chance of happening would help. Many people, myself included, value privacy for its' own sake. If "the government" (including in this specific case ATO, Centrelink, AFP, state police forces, the Judiciary, et al) can monitor their citizen's detailed health history, then we're a short step from the Chinese Social Credit system where they know all that and much more, like Google. Knowledge is Power, as the Power Coaching College used to say. And when the government knows too much it will almost inevitably begin to control. Soon we'd find an Australian Social Credit system where the government begins to actively control what you can think and do. Do you want that? David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link