Simon Elvery Profile picture
Jul 16, 2018 142 tweets 106 min read Twitter logo Read on Twitter
Here's someone who's highly engaged in politics, news and society but didn't know about #MyHROptOut until this morning.

If you're in media and wondering if this needs more coverage, here's your answer. #MyHealthRecord #Privacy
Opting out doesn't appear to be going well for people so far. I've seen multiple reports of long wait times on the phone and web server crashes.

I've you're planning to opt out, I'd suggest maybe not doing it today, but definitely not waiting too long.

#MyHealthRecord #Privacy
For the record, I've gone back and forward on opting out myself.

As a journalist with strong interests in tech and privacy, I really want to see the system for myself. Kick its tyres and experience its flaws and limitations personally. But ...

#MyHealthRecord #Privacy
... ultimately I've concluded that the problems with it, for me, are just too big.

The one that tipped the balance is that it's impossible to have your record removed once you have one. #MyHealthRecord #Privacy
Here are some reasons why #MyHealthRecord is problematic for people who you might expect to get the most benefit most from such a system.

I haven't seen much commentary from doctors on #MyHealthRecord. The AMA supports it, but this analysis suggests that for many doctors the benefits to their practice may be hard to find while complications and costs could quickly become clear. #Privacy doctorportal.com.au/mjainsight/201…
National Rural Heath Alliance urges people not to opt-out, pointing to some potential benefits while acknowledging there are privacy risks. #MyHealthRecord #Privacy
Many of the possible benefits being used as selling points seem compromised—it's not just privacy concerns. I would like to see some doctors weigh in on this: How problematic is it to rely on a record that is potentially incomplete or outdated? #MyHealthRecord #Privacy
There's some commentary from doctors on @George_Roberts' latest report for AM. Catch it at about 25mins into this: abc.net.au/radio/programs… #MyHealthRecord #Privacy
It isn't the 'full picture' though. As the Q&A @arielbogle did with Tim Kelsey makes clear. abc.net.au/news/science/2… #MyHealthRecord #Privacy
Do we actually know what the data model is for the MHR system?

To my knowledge it's little more than a document store at this point. 'Flinstonian' feels like an apt description for such a system.

#MyHealthRecord #Privacy
So why misleadingly say it's a 'full picture' in your advice?

And don't these problems all have better solutions than MHR? #MyHealthRecord #Privacy
This piece from @bengrubb quotes doctors, security & privacy experts inc. @trentyarwood, @troyhunt & @MalcomC (who points out computer systems in individual doctor's practices are possibly the most vulnerable point in the system). #MyHealthRecord #Privacy theage.com.au/technology/bre…
It's worth pointing out that an electronic health record that helps with integrated health care is sorely needed. The status quo could be vastly improved upon.
But the question is to what extent #MyHealthRecord delivers on that promise. And people need to consider carefully whether its associated risks are acceptable.
People are discovering they already have a #MyHealthRecord they didn't know about. #Privacy
Yes, it as initially opt in but it wasn’t getting enough take-up. #MyHealthRecord #Privacy
A problem not unique to #MyHealthRecord but a huge part of why it’s problematic. #Privacy
This whole thread seems to raise more questions than it answers because it contradicts things we’ve already been told. #MyHealthRecord #Privacy
So it’s possible to delete the record at a later date? That’s contrary to previous answers, who should we believe? #MyHealthRecord #Privacy
‘Bank grade security’ isn’t an actual thing so what exactly does ‘better than the bank’ mean? #MyHealthRecord #Privacy
Exactly. The reason banks are considered to have good security is that the whole system works on the pricing of risk. You couldn’t compensate me enough if my medical records were leaked. #MyHealthRecord #Privacy
Okay, I'm going to catch up with this @RNDrive segment from last night where @PatsKarvelas interviewed Steve Hambleton who is the Deputy Chairman of the My Health Record Expansion Program Steering Committee. #MyHealthRecord #Privacy
From @RNDrive tweets last night I can't see how some of the things he said could be true given previous government responses. And even an FAQ thread by @MyHealthRec from (very) late last night appears to contradict him. #MyHealthRecord #Privacy
First thing to note is that security and privacy aren't the same thing, but they're getting conflated a bit in this discussion. #MyHealthRecord #Privacy
He says that 6 million have already opted-in. This 6 million existing records is a number we've heard from the gov't a lot, but doesn't that number include records created as part of opt-out trials? health.gov.au/internet/main/… #MyHealthRecord #Privacy
A point he immediately confirms. So 6 million people most definitely have not opted-in. A portion of those are people who have either chosen not to opt-out or were unaware they could. #MyHealthRecord #Privacy
This quote isn't quite accurate—he says "if you want to shut-down your record, you certainly can". But the difference is important. Shutting down your record won't remove it. Whatever is in the record will be retained for up to 130 years. #MyHealthRecord #Privacy
Now we're onto the process of opting out and the delays, etc. #MyHealthRecord #Privacy
Steve Hambleton points out that you can use a paper form to opt-out 'because not everyone will have a computer'. Which presents real problems for managing what privacy settings are available—where the default is to share everything #MyHealthRecord #Privacy myhealthrecord.gov.au/for-you-your-f…
Steve Hambleton says 'absolutely not' to insurance companies getting access to the data, but the problem with that is they're actively lobbying for it and future governments can change the rules. afr.com/business/healt… #MyHealthRecord #Privacy
"If anyone looks at your record … you can actually look at it on your record."

Except you can't. Record access logs only available by organisation—a fact left out of the FAQ but uncovered by diligent reporting by @arielbogle abc.net.au/news/science/2… #MyHealthRecord #Privacy
'You can set controls so that when someone opens your record you get a text message.'

But the bit that's left out of that is that it only happens the *first* time a new *organisation* accesses it. #MyHealthRecord #Privacy myhealthrecord.gov.au/for-you-your-f…
'Less than 2 per cent of people opted out' in the opt-out trials in Qld and NSW. Has there been any research done on how many people new they could? #MyHealthRecord #Privacy
Steve Hambleton notes (with a bit of positive spin) that two years of previous Medicare and PBS data are attached to your record when it's created. #MyHealthRecord #Privacy
Doctors have been incentivised (i.e. paid) to add data to the records. This is where he tells the bald face lie that 'the government doesn't get the data'.

Except that the entire scheme is run by the government.

#MyHealthRecord #Privacy
The agency has repeatedly made clear that other gov't agencies can get access.



#MyHealthRecord #Privacy
The law authorises this access for a variety of organisations in a variety of circumstances that are not only health related.



#MyHealthRecord #Privacy
Again he says "the government does not get access to this data." This is simply not true. radio.abc.net.au/programitem/pg…

#MyHealthRecord #Privacy
Says there is 'another opt-in or opt-out process' for secondary use of the data. But as we've already covered. It's not a separate process, it's bundled with this and you're in by default. myhealthrecord.gov.au/for-you-your-f… #MyHealthRecord #Privacy
Health practitioners are also being incentivised to upgrade software since the 'front line' is the biggest vulnerability in the system. Is that enough? Updated software is only the first most basic step in operational security in IT. #MyHealthRecord #Privacy
I finally got to the 'better than the bank' security bit. I covered this last night.





#MyHealthRecord #Privacy
Third party apps: @PatsKarvelas asks exactly the right question here—how can they guarantee the apps won't store the data they have access to. The answer is 'contracts'. I would phrase that as "we can't". #MyHealthRecord #Privacy
He goes on to say the authorised apps are monitored proactively for changes in how they work. I'd like to know what that monitoring involves. #MyHealthRecord #Privacy
Access to records by law enforcement is subject to 'court regulations and orders'. Does that mean a warrant? #MyHealthRecord #Privacy
That no records have been requested or supplied during the trial period (an assertion we have to take at face value) doesn't really have any relevance. #MyHealthRecord #Privacy
Nor do any assertions around 'intent'. What's actually authorised—how it *could* be used in the future—is what's at issue. #MyHealthRecord #Privacy
"None of the medical information should be needed" by law enforcement or the courts. (I think they might dispute that.)

But if that is the case, why does the law authorise it?

The patient would be informed 'if it was relevant'.

#MyHealthRecord #Privacy
And there ends the interview with Steve Hambleton.

Time to eat something.

#MyHealthRecord #Privacy
That answers my question from earlier. The phrase 'court regulations and orders' was obviously used by Steve Hambleton advisedly in this interview: radio.abc.net.au/programitem/pg… #MyHealthRecord #Privacy
Any doctors who have an MHR system setup in their practice and would be open to showing me—please get in touch. #MyHealthRecord #Privacy
Steve Hambleton mentioned that compliant software is required to access records. Presumably that means this list? #MyHealthRecord #Privacy
Now *this* is interesting. I suspect administrative errors like this won't be uncommon on a population scale. I hope the OAIC has been funded appropriately to deal with this new influx of data breach reports.

#MyHealthRecord #Privacy
As I've said already—there are obvious and important benefits to an electronic health system. We can do much better than the status quo. The question is whether #MyHealthRecord is appropriately implemented and avoids introducing unacceptable risks. In my estimation it doesn't.
And you won't know because the access log is only exposed to users by organisation—you can't see which individual people view your record.

And you have to monitor it manually because alerts are only sent for the *first* access via each organisation. #MyHealthRecord #Privacy
Reminds me of this now (in)famous @tumblr interface they so helpfully introduced to comply with #GDPR. #MyHealthRecord #Privacy
Only it's worse! Six clicks for each document instead of one. How lovely. #MyHealthRecord #Privacy
@NRHAlliance Were you encouraging rural doctors and patients to use #MyHealthRecord when it was being run under an opt-in model? If not, why not?
Just like 'bank-grade security', 'military-grade security' isn't really a thing either.

#MyHealthRecord #Privacy
This isn't really #MyHealthRecord related, but for Alistair MacGibbon to say there was no breach here is a little rich. Just because it's misconfiguration and not malicious activity does not mean there was no breach. #Privacy amp.smh.com.au/technology/gov…
I didn't download the data there, but given the file names, I would be very surprised if there was *no* information about the site's visitors stored there. #MyHealthRecord #Privacy
Well that's encouraging. I was relieved to see this morning that the contact page doesn't have a form. And I'm sure they're thanking their lucky stars that the 'subscribe' function is still 'coming soon'. #MyHealthRecord #Privacy
It's worth pointing out again that the gov't and various health organisations have repeatedly used the ~6 million odd records that already exist as a selling point for #MyHealthRecord. Including variations on '6m people opted-in during the trials.' This is not true. #Privacy
The relative silence from politicians on #MyHealthRecord over the past couple of days has been, well, deafening. So this is an interesting development. But IMO, the worst outcome here would be for this to become yet another partisan political football. #Privacy
This is the first group of health organisations I've seen actively recommend opting-out of #MyHealthRecord. #Privacy
No. You can prevent the record from being further updated or accessed by medical practitioners, but you can't delete it. The record will be kept until 30 years after your death. myhealthrecord.gov.au/for-you-your-f… #MyHealthRecord #Privacy
I also haven't seen any info about whether 'canceled' records are still available for secondary uses or not. Does anyone know? #MyHealthRecord #Privacy
I assume this is correct. I haven't seen any confirmation or denial of this from gov't and as far as I can tell, the Act doesn't specify. #MyHealthRecord #Privacy
"I think one of the issues that you have right now is that you've spent about $2 billion and over a decade developing a piece of software without a clearly defined set of needs that it meets, either for the practitioner or for the patient."—@paul_shetler #MyHealthRecord
The possibility of this may be less remote than people realise. There will be literally tens of thousands of people with access to nearly everyone's health record. #MyHealthRecord #Privacy
A simple way to mitigate this particular risk would be to change the defaults so that nobody has access until it's explicitly granted by a patient.
Default privacy permissions are very powerful, an issue explored at length by investigations into Facebook.
#MyHealthRecord #Privacy
I should have posted these pieces from @ConversationEDU sooner.

The case for opting-out: theconversation.com/my-health-reco…

The case for opting-in (i.e. doing nothing): theconversation.com/my-health-reco…

I might post some analysis of each piece tomorrow if I get the chance.
#MyHealthRecord #Privacy
Hi media—please stop using constructions like 'people opting-in' to #MyHealthRecord. If people fail to opt-out, that does not indicate their willingness to be part of the system. Maybe it does, but maybe they just didn't know (or couldn't figure out how) to opt-out. #Privacy
I have no reason to doubt that ‘insane levels of security’ is accurate. But I’ll say again that it is important not to conflate security and privacy. Especially here because privacy controls are, by all reports, very badly designed. #MyHealthRecord #Privacy
Hijacked by idealogues or mismanaged by a government with a history of IT project failures and a poor regard for citizen privacy? Yes, e-health records have big potential benefits but the potential risks need to be considered. #MyHealthRecord #Privacy
But let’s assume there isn’t a break-in and there isn’t a hack—that is, all the security works perfectly. With the paper situation, maybe a dozen people have access if the practice is relatively large? With #MyHealthRecord tens of thousands of people have access. #Privacy
A little heavy on the hacking front imo, but a good summary covering many of the issues with #MyHealthRecord. #Privacy
Does the #MyHealthRecord operator (and/or participants) have a specific exemption from #Privacy Act obligations?
Looks like @OAICgov has even more work is not properly funded for.
But the Australian government is heaps good at cyber, so l’m sure it will be fine here. #MyHealthRecord #Privacy
Wow, the #MyHealthRecord #Privacy policy comes in at nearly 8 thousand words.
There are too many incredible details in this piece from @juliapowles to adequately summarise it but I think this is the takeaway. theguardian.com/commentisfree/… #MyHealthRecord #Privacy
tbh, I've been surprised at how few people have proposed this @ me. Blockchain is categorically not the answer for health records. #MyHealthRecord #Privacy
Okay, I'm going to try to follow up on this (while trying not to be a totally neglectful parent on a Saturday morning).

I'll start with the case for doing nothing, because it will be the longest. #MyHealthRecord #Privacy
The start is mostly a history lesson, but I'm not sure the right conclusions are drawn. It's good that previous failures are acknowledged, but to present the current system as a solve for those failures, without presenting any evidence is dishonest. #MyHealthRecord #Privacy
Remember, this system has been in the works for a decade and the cost is estimated at more than two billion dollars. healthcareit.com.au/article/gps-an… #MyHealthRecord #Privacy
This is where the erroneous conclusion is drawn from history.

I don't see how anyone could claim this isn't a 'top-down "grand plan"'.

No evidence is advanced for the assertion that it's more responsive to needs of consumers and health professionals. #MyHealthRecord #Privacy
If it was 'extensive education and training' that improved the uptake rate with GPs, and not the change to an opt-out model, why not deploy that strategy under an opt-in model. #MyHealthRecord #Privacy
All of this is true, but the same thing could be said of an e-health record designed to limit the privacy and security issues that #MyHealthRecord has in spades.
This is also true. Unfortunately we know *very little* about how the data will be used. Especially when it comes to the 'secondary use' provisions in the system.

health.gov.au/internet/main/…

#MyHealthRecord #Privacy
What we *do* know is that your health records can be used by law-enforcement and many other government and semi-government agencies for a variety of purposes that are unclear. A point the gov't has been deceptive about #MyHealthRecord #Privacy
We also know that your records will be made accessible for research purposes.

But what kind of research is undefined.

You can opt-out of that but you have to take an explicit action to do so. #MyHealthRecord #Privacy
The next section is about privacy and security, and again it starts with a statement that is true. Yes, it must be built on trust, but many are rightly pointing out that the gov't has created a sizeable trust deficit, especially in IT/data/privacy in recent years. #MyHealthRecord
The next paragraph has quite a few problems.

First, this is simply untrue.

PCHR was the subject of at least two data breaches assessed by the Privacy Commissioner theregister.co.uk/2014/10/29/aus… #MyHealthRecord #Privacy
Rather than providing reassurance, this second sentence rings alarm bells. Legal penalties for perpetrators won't retrieve your data once it's been inappropriately (or illegally) commercialised. #MyHealthRecord #Privacy
These are really important points, but the system design has done so little to address these concerns it ends up counting as a point against staying in the system. #MyHealthRecord #Privacy
The next paragraph too.

It's correct that there are a lot of potential benefits from linking systems and data, but there are already well known privacy failures around this data. oaic.gov.au/privacy-law/co…

#MyHealthRecord #Privacy
And the response by gov't to previous privacy failures has been ill-conceived to say the least. They have ignored their own failures while seeking to criminalise those privacy advocates who point out issues. zdnet.com/article/austra… #MyHealthRecord #Privacy
A good start would be making it opt-in. Convince patients it’s worth it, don’t coerce them.

Secondary use should also be explicitly and separately opt-in for each case.

Privacy controls should be private by default. Don’t give 10s thousands access by default #MyHealthRecord
This is almost certainly the weakest part of #MyHealthRecord security and #Privacy controls.
For real, please someone attempt to mount an actual argument for this case. Right now I can’t see any reason providing individualised health data to private health insurers on a population scale could have the positive outcomes put forward here. #MyHealthRecord #Privacy
I’m assuming ‘high volume’ is relative to staffing level, but still. #MyHealthRecord #Privacy
I’ve been saying tens of thousands of people will have automatic access to your #MyHealthRecord unless you opt-out. This article in @smh says it’s more like 900,000. smh.com.au/business/consu…

Nearly a million people will be able to access your record without asking. #Privacy
This looks like an attempt by Mark Fitzgibbon from NIB to tell the public we’re over reacting to the vast misuse of our personal data. People are not ‘more sensitive’ but more aware of the disregard large corporations have for our privacy. smh.com.au/business/consu… #MyHealthRecord
What assurance do we have that this won’t change since it is not restricted by legislation? #MyHealthRecord #Privacy
This is a question worth asking your healthcare providers. Ask about maintenance and update procedures, security audits and penetration tests. Ask about encryption and when and how is used. #MyHealthRecord #Privacy
It’s a relief that this one person out of the 900,000 who will now have access to everyone’s #MyHealthRecord says they won’t abuse the power they will now have. But only because they’re too busy. #Privacy
Yeah, not everyone does the right thing. Or are even aware of the risks. #MyHealthRecord #Privacy
There are many way an e-health record could be implemented to minimise the risks that #MyHealthRecord creates. Just because there are very real problems #MyHealthRecord might help solve, does not justify introducing new very real problems that poor #Privacy controls will create.
TV news is necessarily superficial, but this glossed over so much it tips over into being seriously misleading. #MyHealthRecord #Privacy
Quite a contrast to the position of the current AMA (and its) president. #MyHealthRecord #Privacy
Correct-o. This is a very good read on the spurious claims of 'bank' or 'military' grade security. And demonstrates clearly how 'defence tested' is a nonsense phrase that Greg Hunt would be well advised not to use again. afr.com/technology/why… #MyHealthRecord #Privacy
Not only is the claim 'there have been no breaches' nonsense for the reasons in this article (i.e. how would you know), it's also nonsense because it's not true. At least two breaches *are* known. theregister.co.uk/2014/10/29/aus… #MyHealthRecord #Privacy
This really needs repeating: nearly a *million* people will have default, unchecked access to your medical data if you don’t opt-out. #MyHealthRecord #Privacy
Far out. Why not couch this in terms of 'breach the privacy of patients' rather than making it all about the reputation of ADHA? abc.net.au/news/2018-07-2… #MyHealthRecord #Privacy
A There is an incentive program for doctors to participate (myhealthrecord.gov.au/for-healthcare…) but the efficacy of this has been unclear (news.com.au/lifestyle/heal…). The benefits for practitioners also aren't without costs (doctorportal.com.au/mjainsight/201…) #MyHealthRecord #Privacy
Looks like some influential doctors are starting to take the privacy problems seriously. #MyHealthRecord #Privacy
This is an #FOI to follow. Greg Hunt and @AuDigitalHealth continue to assert that a court order is required before they can provide access to other agencies, but that's threshold not required by the Act. #MyHealthRecord #Privacy
What technical controls are in place to prevent access from non-treating clinicians? Unless @AuDigitalHealth can show the technical documentation for how these access controls work, it's fair to call this a lie. #MyHealthRecord #Privacy
How does one 'choose to have' the two years worth of Medicare / PBS data automatically loaded when a record is created 'kept of the system'? #MyHealthRecord #Privacy
"I said to them, 'I will opt out now', and they said, 'Don't do that, because then we can never correct your record and that will remain'." abc.net.au/news/2018-07-2… #MyHealthRecord #Privacy
The Queensland Police Union is specifically warning their members that investigators will be able to access medical records of officers under investigation. Greg Hunt and @AuDigitalHealth have repeatedly (and incorrectly) denied this is the case. #Privacy #MyHealthRecord
Another important point to draw from this is that only 2 out of every 1,000 people (0.2%) of current users are changing the default privacy settings.

The power of defaults to unexpectedly compromise privacy should not be underestimated.

#MyHealthRecord #Privacy
There are just so many ways in which #MyHealthRecord is chipping away personal #Privacy, especially for people who may have little awareness of the implications. And by chipping away I really mean "ripping a gaping hole in".
It looks like #MyHealthRecord developers have never heard of pagination.
I'm going to start a new #MyHealhRecord and #Privacy thread because the original is now getting a little unwieldy. But this is where I'm picking up from:
There hasn't really been main-stream discussion of #GDPR in Oz.

#MyHealhRecord is now another big example of Au gov't project enshrining poor privacy in law and practice.

Follow for good insight into #Privacy issues.

@SalingerPrivacy @DrMoniqueMann @VTeagueAus @LiamPomfret
This would be a good start. I hope more prominent medical practitioners start calling for similar action on #MyHealhRecord and #Privacy.
Despite submissions to a PCEHR (which became My Health Record) consultation highlighting all the major concerns now plaguing the #MyHealhRecord system, the report summarising them downplays issues at every turn. crikey.com.au/2018/07/26/my-… #Privacy /via @joshuabadge
Presumably the @ParlLibrary will be releasing a statement on this post haste? #MyHealhRecord #Privacy
For the tech minded, @AuDigitalHealth is using GitHub to host code libraries and other resources related to development of software that integrates with #MyHealhRecord. github.com/AuDigitalHealth
Has anyone pushed back on Turnbull about the claim of no beaches? I’m aware of two that @OAICgov has investigated. #MyHealthRecord #Privacy
This makes sobering reading. oaic.gov.au/about-us/corpo…. If anyone is making the claim that the #MyHealhRecord system has be never been hacked, that *might* be true, but it is obfuscating the fact that there *have* been data beaches by deliberately conflating security and #privacy.
But by saying “there have been no privacy beaches” the PM just gets it flat out incorrect here—doesn’t even manage to use the weasel words correctly. #MyHealhRecord #Privacy

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Simon Elvery

Simon Elvery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(