Troy Hunt Profile picture
Jul 16, 2018 13 tweets 3 min read Read on X
I've had a heap of press and individual queries on Australia's #MyHealthRecord over the last week. This is essentially centralised electronic health records that everyone will get unless explicitly opting out. Here's my thoughts:
Firstly, we need to acknowledge there's upsides and downsides; I want the right people to have my health info should they need it (especially in an emergency), but clearly I don't want that info falling into the wrong hands either.
On the upsides: it's crazy how manual the processing of our health records is today. Think about the amount of paperwork in your GP's surgery or the material you literally carry around to specialists if you need them. Then consider how easily accessible this is in an emergency.
Electronic health records can make a big difference to the quality of information healthcare professionals have and that's damn important. Then there's access by carers and family which can be enormously valuable, so long as it's the right people accessing the information...
Which brings us to the downsides: there WILL be breaches. That doesn't always mean security flaws in the system (although certainly possible), that can also mean mistakes by healthcare professionals or people abusing privileged positions (i.e. Medicare data being sold last year).
Yes, there are access controls people can set but do you know how hard it is to even get someone to set a PIN on their phone let alone configure role-based access controls? Permissions will likely either be default or excessive.
Ultimately, we're all left with a decision: do we think the upsides might one day be beneficial enough to justify the risks. But we don't know what health events might happen or how useful the data will be, nor do we know how likely it is to go wrong and what the impact would be!
And the impact of it going wrong is important: if an unauthorised party has your health records, what happens? It could be social stigma if you have an STD, employment impact if you have HIV or just embarrassment if you have haemorrhoids!
The thing is, everyone's health record and their tolerance for disclosure (which is the real risk we're talking about here) is different. It's a deeply personal thing and I couldn't fault anyone for either staying in or opting out. I can't tell you what you should do.
Personally, I won't be opting out. But I'm conscious I also have the luxury of not presently having anything on my record which would harm me in any way should it be leaked. Paradoxically, those with complicated health issues also have the most to gain by NOT opting out.
Finally, I do feel the press I've seen is overly biased on the negative side (which is not unusual for the media!) We've seen so many recent data breach incidents that we're conditioned to expect the worst so I do get that, but I read very little about the important upsides.
References to gov system failures such as the 2016 census are rife and I get that (although that was an availability issue rather than one of disclosure), but of course only the BAD systems make the news and the successful ones go largely unreported. This leads to a biased view.
In summary, recognise both the positives and negatives, acknowledge the influences on how it's being reported and make your own call on it. It's your health record and you have control over your involvement in the program.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Aug 11, 2018
I've had a heap of people pointing me to this post by @meyerweb and I want to add some thoughts in a tweet stream. Start by reading the post because it really is excellent and should remind us all of how different things are in other parts of the world
I want to make sure people don't see this as a reason not to do HTTPS so I've had a good chat to @meyerweb and want to put a few things in context. The first is this: caching in this fashion is the very definition of a "man in the middle" and has serious privacy ramifications.
It's clear why it's being done, but let that not cause us to lose sight of everyone's right to have private and secure communications. That said, there are a bunch of other angles to this:
Read 11 tweets
Jul 1, 2018
Alrighty, let's tear this apart because the FUD from the CA Security Council is deafening. We'll start with this short video:
The CASC includes some of the world's largest commercial certificate authorities and is pushing hard to drive the adoption of EV certs in an era where it's increasingly hard to make any money from DV
It's a very marketing-centric consortium including the likes of Comodo, Entrust and GoDaddy, all of which have some rather "notable" history as it relates to marketing certs
Read 15 tweets
Jun 27, 2018
Crunch time: Pwned Passwords is getting big so I have to look at costs. Over the last week, I've served over 54M requests to the service from a rapidly growing number of consumers.
However, @Cloudflare has fielded 92% of those for me and @AzureFunctions has only had to process just over 4M of them. It's done that in an average time under 30ms and a 50th percentile of 22ms. There have been no failures.
Over that week, the service consumed 84B function execution units measured in MB/ms which is about 82K GB/s. There's also the 4M executions count.
Read 7 tweets
May 19, 2018
I've seen some absolutely crazy comments on the debate about changes to HTTPS indicators and EV over the last few days to the point that I've actively muted discussions that have gone off the rails. Let me shine a critical light on the whole thing:
Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying "Hey, it would be good if traffic wasn't eavesdropped on or modified". This is fixing a deficiency in the web as it has stood for years.
The web is still insecure by default; browsers default requests to the insecure scheme and visual indicators default to insecure being normal with HTTPS being explicitly flagged. In the coming years, HTTPS will become the norm and the value of explicitly flagging that will wane.
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(