The company’s Annual Report 2017–18 recognized that “42 data breaches (in 28 notifications) were reported to the Office of the Australian Information Commissioner (OAIC)… concerning potential data security or integrity breaches”, however with “no purposeful or malicious attacks compromising the integrity or security of the My Health Record system”.
Of the 42 situations, one breach resulted from unauthorised entry to a My Health Record because of an incorrect parental authorised consultant being assigned to a baby.
Two breaches resulted from suspected fraud in opposition to the Medicare program, the place the inaccurate information appeared in the My Health Record of the affected person and have been seen with out authority by the person endeavor the suspected fraudulent exercise.
The ADHA report additionally recognized that 17 breaches have been a results of data integrity exercise initiated by the Department of Human Services to “identify intertwined Medicare records (that is, where a single Medicare record has been used interchangeably between two or more individuals)”.
The remaining 22 breaches have been from suspected fraud in opposition to the Medicare program involving unauthorised Medicare claims being submitted, and the inaccurate information showing in the My Health Record of the affected prospects.
An ADHA spokesperson confirmed that in all situations, the Department of Human Services took motion to right the affected My Health Records.
“Errors of this type occur due to either alleged fraudulent Medicare claims or manual human processing errors, as was the case for the breaches reported during the 2017-2018 financial year. There has been no reported unauthorised viewing of any individual’s health information from a notifiable data breach,” the spokesperson stated.
“In each case, the affected individuals have been contacted and the OAIC has examined the circumstances of the breach and no unauthorised breach has been determined.”
The ADHA spokesperson added that there are greater than 6.3 million individuals with a My Health Record, however in the six years of its operations, there have been “no reported unauthorised views of a person’s health information”.
“When a person’s health information is stored in different places – hospitals, doctors’ offices, filing cabinets, computers – they don’t know who is accessing it or when. In a My Health Record, every access is listed in a person’s record access history. A person can be notified by text message about who is accessing their record or restrict access to all or parts of their record,” the spokesperson stated.
On 26 November 2018, the Federal Parliament handed laws to strengthen privateness protections in My Health Records Act 2012 with out debate or division.
The new laws signifies that Australians can choose in or choose out of My Health Record at any time in their lives. Records will likely be created for each Australian who needs one after 31 January and after then, they’ve a option to delete their document completely at any time.
“At the time of writing, almost one quarter of all Australians have registered for a My Health Record. That figure is expected to change dramatically with the transition to an opt out system early in the 2018–19 financial year,” ADHA CEO Tim Kelsey stated in the report.
“Once this useful resource turns into virtually ubiquitous throughout the Australian well being system, scientific workflows and client behaviours will regularly and irrevocably change to benefit from its many advantages.
“For many people the benefits of digital health will be realised gradually, as health and medical data gradually accumulates to form a comprehensive medical history,” Kelsey stated.
This article first appeared on Healthcare IT News Australia.