The Australian has two related articles on e-Health in the IT Section today.
First we have:
No risk guarantee on e-health
- by: Fran Foo
- From: The Australian
- October 23, 2012
THE Department of Health and Ageing has refused to guarantee that its much vaunted e-health record system is risk-free after more than 140 risks were identified before it went live on July 1.
The Gillard government's personally controlled e-health record system, developed by Accenture, contained a staggering 142 risks of which 32 were rated extreme, 77 high and 33 medium.
The detailed risk assessment study, obtained by The Australian, was prepared by the National E-Health Transition Authority (Nehta) and submitted to the Health Department and other relevant parties about two months before the July go-live date.
The department did not directly respond when asked to confirm that all the risks were resolved by July 1.
However, a spokeswoman said: "By July 1 we had safeguards in place to avoid those risks we identified from occurring.
"For example, to safeguard against security breaches, we have put in place strong encryption and firewalls and implemented all of the recommendations from (Defence's) information security manual," she said.
One severe risk cited in the report was individuals being granted access to health information they were not entitled to if the PCEHR registration process did not adequately authenticate a user.
The five consequences of such access included a user's safety being compromised or, worse, inappropriate medical treatment being given to an individual.
The report did not spell out that this could lead to death, but it is well known that people can pay a high price when they receive wrong medical advice or treatment. Another adverse result could be that an individual's privacy would be compromised.
The report also said that under these circumstances the Health Department could be exposed to legal action and penalties if deemed to be negligent.
Lots more here:
Second we have:
Medical agency blocks request for report's release
- by: Fran Foo
- From: The Australian
- October 23, 2012
THE Department of Health and Ageing has refused to release details of a crucial risk-assessment study conducted by Ernst & Young on the personally controlled e-health record system.
The department's e-health division head, Matthew Corkhill, ruled that it was against the public interest to release the 21-page report, Assessment of PCEHR Information Security Threat and Risk Assessments, in response to a Freedom of Information request lodged by The Australian in July.
Mr Corkhill said the report, which recommends strategies to mitigate potential vulnerabilities in the PCEHR program, continued to inform the ongoing operation and management of the program.
He said it was prepared for the sole use of the department to provide advice and proposals in relation to information security risk-management processes for the PCEHR system.
More here:
Dealing with the second report first it seems to me that at the very least the Government should be releasing a summary of the findings with a summary of what has been done to remedy each of the issues identified. To just bat the whole thing away leaves the public with the sense that something is being hidden and this will only result in a lack of trust in the overall system. Openness is clearly the best policy in areas like this in my view.
On the first article again openness would have said - yes we had a lot of problems prior to ‘go live’ and here is how each of them has now been addressed. Given the rocky start from the ‘go live’ for the first few months it seems unlikely we are being provided with the whole truth on the status just prior to ‘go live’ and since that the date the silence has been deafening. We are no in the situation where really no-one outside Government has a clue as to what is going on.
David.