and this is why I opted out of MyHealthRecord.
There are good reasons to opt out of MyHealthRecord, but this case isn't proving your point. What we have here is a private health provider having their database compromised. A private database that will have a percentage of patients opting out of MyHealthRecord. Their data was still breached.
What are the odds of MyHealthRecord itself being breached? That's super difficult to say as someone totally unconnected with that database. I will say though that health providers are notorious for being bad at IT; because their first focus is health stuff and IT has been a bolted-on afterthought. IT systems and database(s) tending to get added to ad-hoc as a needed administration requirement and not designed upfront with potential hacking in mind. It's practically a meme in IT professional circles - look up what "WannaCry" did to British hospitals. They're also getting a lot better on this front.
A centralised government database would (should) have been built from the ground up with data security and integrity as it's primary and singular objective. With no first-hand knowledge on the specific health database, but plenty of experience working with other government IT agencies, I believe they'll have approached this content with decent protections. The bigger fear with the centralised database is that clinics and hospitals around the country can access that data. So instead of someone hacking the central database, they compromise South Cairns medical centre (example) and use their permissions to access your data. While I'm sure any single set of credentials would get locked out of the API if it were to try to slurp everything up, the risk remains that your records could be sniffed out from that vector before that cut-off.
There was also an independent audit of the MyHealthRecord implementation that was pretty good - sadly it pre-dates the Essential Eight maturity levels, which is a shame because I'd love to know how compliant they are, and the fact that they haven't published their Maturity Level is actually a bit of a yellow flag (if not red). Not that I am aware of any government agency anywhere attaining Maturity Level 3, but I'd love to hear that MyHealthRecord was at least Maturity Level 2.
So, leaving your health record on a private database can be dangerous, and leaving it on MyHealthRecord can be dangerous. What's the solution, then? Something the architects of MyHealthRecord did that is a good idea is giving patients the ability to set a Record Access Code. Basically, your health records are encrypted without you providing a PIN. Hop onto the MyGov app and set a RAC. Then if your record is downloaded, the data is encrypted/useless to whoever has it without you giving them your RAC.
So, what are good reasons for/against having your data in MHR?
For opting in: You actually have a significant medical history. You want the myriad of health data in your history to all be available to the doctors in Emergency in the event that you are hospitalised.
Against opting in: You haven't got much of a health history. There's no advantage to you in having your (lack of) health data being simple to access for a doctor. You can just tell them that you don't have a significant medical history.
Ive been ruminating on the idea of having a phone pin number that you can set for people contacting you. make it a four digit number, say your doctors surgery you can set to 2345 and when they call you, they just dial your number and add the pin to the number and it will go straight through. You attach a name to the pin, when you are called you know its from the surgery. if you get a spam call from the surgery using that pin, you can call them and tell them their records have been compromised and set a new pin. All numbers that have been assigned are allowed to ring your phone and have it ring loud if you so wish.
I think making any valuable dataset more comprehensive/complete makes it a bigger target for attempts to compromise it. Any time the data is more split up the less attractive it is. I know a single medical centre which may have worse data security practises is more vulnerable, but I'd still prefer not to keep it all in one place.
Australia
A place to discuss Australia and important Australian issues.
Before you post:
If you're posting anything related to:
- The Environment, post it to Aussie Environment
- Politics, post it to Australian Politics
- World News/Events, post it to World News
- A question to Australians (from outside) post it to Ask an Australian
If you're posting Australian News (not opinion or discussion pieces) post it to Australian News
Rules
This community is run under the rules of aussie.zone. In addition to those rules:
- When posting news articles use the source headline and place your commentary in a separate comment
Banner Photo
Congratulations to @Tau@aussie.zone who had the most upvoted submission to our banner photo competition
Recommended and Related Communities
Be sure to check out and subscribe to our related communities on aussie.zone:
- Australian News
- World News (from an Australian Perspective)
- Australian Politics
- Aussie Environment
- Ask an Australian
- AusFinance
- Pictures
- AusLegal
- Aussie Frugal Living
- Cars (Australia)
- Coffee
- Chat
- Aussie Zone Meta
- bapcsalesaustralia
- Food Australia
- Aussie Memes
Plus other communities for sport and major cities.
https://aussie.zone/communities
Moderation
Since Kbin doesn't show Lemmy Moderators, I'll list them here. Also note that Kbin does not distinguish moderator comments.
Additionally, we have our instance admins: @lodion@aussie.zone and @Nath@aussie.zone