Australian News


My Health Record: the Government wants to access your data until 30 years after you die

16th July 2018

Unless you opt-out by mid-October, the Federal Government will create an online record of your health details that it can access for the rest of your life and beyond – even if you ask for it to be deleted.

The Federal Government has budgeted more than $370 million to make digital health records for all Australians by the end of the year.

But privacy advocates are warning people to opt out of the database and IT specialists say it’s impossible to completely safeguard the information.

Every Australian will soon have a My Health Record — an online summary of their health information — unless they opt out over the next three months.

From Monday, Australians will have until October 15 to tell the Government they don’t want one. Otherwise, a record will automatically be created.

The project aims to give patients and doctors access to timely medical information — test results, referral letters and organ donation information, for starters — but there are concerns about the safety of some of our most personal, sensitive data.

We asked for your questions about the project on social media, and they ranged from police access to the platform’s cybersecurity.

The ABC sat down with Tim Kelsey, the head of the Australian Digital Health Agency (ADHA) and the man in charge of the initiative, to get them answered.

The way the record works

As a patient, how can I know if my My Health Record information is being maintained by my doctor?

You can choose to opt out and have no My Health Record.

But once you have one, doctors can upload health information into it unless you ask them not to.

When you see a doctor, you can discuss adding (or not) documents such as an overview of your health, a summary of prescribed medications and referral letters.

Remember, it’s not a comprehensive picture of your health — it will only contain what you and your doctors choose to upload, and will depend on the quality of those records.

When you first access the system, you’ll be asked to decide whether you want two years of Medicare Benefits Schedule, Pharmaceutical Benefits Scheme, Australian Immunisation Register, and Australian Organ Donor Register data to be uploaded.

But if your doctor accesses your record first before you make the selection yourself, this data will be uploaded automatically — unless you’ve opted to have no record at all.

If you want, you can delete or restrict access to those documents later.

Not all Australian hospitals and health services are connected to My Health Record yet, so that’s something to check during your next visit.

When I get a prescription, how do I know whether I need to ask to make an update to my My Health Record? Does this vary by provider?

Doctors can upload information about prescribed medications, but as discussed above, it’s worth discussing this each time you see your doctor.

What happens to your My Health Record after you die?

My Health Record information will be held for 30 years after your death. If that date isn’t known, then it’s kept for 130 years after your birth.

Will any private health insurance companies have access?

Insurers shouldn’t be able to access your record — it’s reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.

There are plans to use aggregated, anonymised My Health Record data for research and other purposes — this is known as “secondary use”.

“My Health Record information can be used for research and public health purposes in either a de-identified form, or in an identified form if the use is expressly consented to by the consumer,” a Department of Health spokesperson said.

Currently, users of the platform can tick a box on the web portal to opt out of secondary use.

Secondary uses must be of public benefit and cannot be “solely” commercial, and insurance agencies will not be allowed to participate.

However, “the impact of this exclusion” will be considered when the Department of Health’s framework governing secondary use of My Health Record data is reviewed, according to the framework document.

Australian organisations (and some overseas, in certain circumstances), including Australian pharmaceutical companies, will be able to apply to access My Health Record data for approved secondary purposes.

“We don’t expect any data to flow until 2020,” Mr Kelsey added.

The opt-out period

How can I opt out?

There are three key ways:

  • By visiting www.myhealthrecord.gov.au and opting out using the online portal.
  • Over the phone by calling 1800 723 471.
  • Or on paper by completing a form and returning it by mail. Forms will be available in 2,385 rural and remote Australia Post outlets, through 146 Aboriginal Community Controlled Health Organisations and in 136 prisons.

What happens to the people who end up with a My Health Record, and then decide to opt out?

If you don’t opt out between July 16 and October 15, then a record will be automatically created for you.

After October 15, there will be a “one-month reconciliation period” before new My Health Records are registered. These new records will be created mid-November.

You can then cancel that record, but the data it contained will still exist (although inaccessible to you or health providers) until 30 years after your death.

Is a record automatically generated if a doctor uploads a document during the opt-out period, even if you did not create one yourself?

According to the ADHA, doctors can’t upload any clinical documents to the My Health Record system unless the patient record exists.

What about children who aren’t born yet — can they opt out?

After the opt-out period, newly eligible healthcare recipients, such as immigrants to Australia and parents of newborn children, will be given the chance to elect not to have a My Health Record as part of their Medicare registration.

Protection of your data

Which service provider will manage the infrastructure to ensure it isn’t vulnerable to a cyber-attack?

The platform was built by the technology provider Accenture, however the ADHA is starting discussions about “re-platforming” it.

Independent third parties audit the system’s security and undertake penetration testing, according to Mr Kelsey, but security experts warn that it’s impossible to make any online database entirely bullet proof.

Remember too, that documents created or downloaded by your doctors may be stored in their local IT system too and depend on that system’s security.

If a doctor downloads files from My Health Record, what’s to stop her from sharing those files within the practice?

By default, your online documents will be accessible to your healthcare providers.

If you have privacy concerns, you can log onto My Health Record and restrict who sees it:

  • You can set a Record Access Code and give it only to healthcare professionals you want to access your record.
  • If you want to restrict certain documents, you can set a Limited Document Access Code.

These controls may be overridden in an emergency.

As mentioned above, if a document is removed from the My Health Record system, it’s beyond the reach of your access controls.

If a GP were to allow another staff member to access a record, what is the potential punishment?

If someone accesses your My Health Record without legal authorisation and the person “knows or is reckless to that fact”, criminal and civil penalties may apply.

Where can users see information about who has accessed their record?

My Health Record users will be able to see who has looked at their record by checking its access history online.

They’ll be able to see when it was accessed, which organisation accessed it and what was done — documents being added, modified or removed, for example — but not the individual doctor who accessed it.

You can also set up an email or SMS alert for when a healthcare organisation accesses your record for the first time.

The privacy commissioner recommends checking regularly for unexpected or unauthorised access. You can call the ADHA on 1800 723 471 if you think something’s gone wrong.

Several apps can connect to My Health Record. How will the ADHA ensure they are secure?

Apps such as Healthi and Health Engine, which recently ran into trouble, are authorised by the ADHA to “show” people their health record.

According to Mr Kelsey, third party app developers can only display your My Health Record — “at the moment, it’s view-only” — and cannot store that data.

OPT OUT HERE: 1800 723 471.  https://optout.myhealthrecord.gov.au/pext/optoutextweb/views/getStarted.xhtml

 

source/read more: http://www.abc.net.au/radio/programs/am/my-health-record-data-access-for-30-years-after-death/9989172

and

http://www.abc.net.au/news/science/2018-07-15/my-health-record-questions-answers-security-privacy-police/9959622

 

Welfare recipients to undergo face scan in order to get payments

2nd July 2018

A NEW controversial system may soon see welfare recipients required to have their face scanned and analysed before they can access their payments.

The system, which will also affect people trying access Medicare and childcare subsidies, age pension and pay tax online, is part of a new biometric security program that is set to begin in October.

Under the new strategy those trying to access these government services will be required to take photo to create a myGov ID, which will then be checked against driver’s licences and passports to confirm their identity.

Human Services Minister Michael Keenan has hopes the plan will see Australia become a world leader in “digital government” by 2025.

When fully rolled out the digital identity solution will allow users access to almost any government agency through one single portal, with the trial allowing 100,000 people to apply for a Tax File number online.

Currently applicants have to fill in a form online, print it out and take it to the post office so their identification can be verified.

But the introduction of the new system is causing some concern over the privacy of those taking part.

IT security expert Troy Hunt, who runs the website haveibeenpwned.com, told news.com.au that a biometric system — like the one proposed — wasn’t without its faults.

“One of the problems is we want to be able to access things in a secure fashion but passwords aren’t really great for doing that because a lot of us tend to use the same one for everything,” he said.

“Biometrics can be better in this aspect but on the flip side it is information that can’t really be changed if there is a security breach.”

Mr Hunt said that once a database is built up of this biometric data then there was the possibility it could be used for reasons other than it’s intended purpose. For example having a scan of people’s faces on file could make it easier to identify or track people through security camera.

He said it was up to the government to prove to Australians that the system wasn’t going to be abused.

“What we want to see from the Australian government is transparency about how this system is being used and where the information is going,” Mr Hunt said.

“They need to convince us that we can be confident in this system and trust them [with] this kind of data.”

The new system will be implemented on a voluntary basis but those who refuse to take part won’t be able to access government services online.

This means they will have to queue up at Centrelink to access these services in person.

For those who do use the new system they have been assured that their digital face image will be deleted as soon as it is checked against the other identifying documents they provided.

A media release published on Mr Keenan’s website states that “privacy and security will be at the heart of any of the changes we plan to make”.

“Consultation will also be vital with both industry and relevant interest groups to ensure we deliver services that people will want to use and also trust,” the statement reads

 

 

 

source/read more: https://www.news.com.au/technology/online/security/welfare-recipients-to-undergo-face-scan-in-order-to-get-payments/news-story/9ca653201454c0f64c5b331a36564cf5

Shocking government plan to access citizens’ bank statements, health data and phone records revealed by bombshell leaked letter

29th April 2018

Ministers are planning to make it easier for the government to spy on its own citizens, a leaked document has revealed.

As it stands, the Australian Federal Police and Australian Security Intelligence Organisation need a warrant from The Attorney-General to access Australians’ emails, bank records and text messages.

But ministers are reportedly planning to amend the Intelligence Services Act of 2001 to allow Home Affairs Minister Peter Dutton and Defence Minister Marise Payne to give the orders without the country’s top lawyer knowing.

The intelligence – which could include financial transactions, health data and phone records – would be collected by a government spy agency called the Australian Signals Directorate.

The plan was revealed by a leaked letter from Home Affairs Secretary Mike Pezzullo to Defence Secretary Greg Moriarty.

The top secret letter, written in February and seen by The Sunday Telegraph, details a plan to ‘hack into critical infrastructure’ to ‘proactively disrupt and covertly remove’ cyber-enabled criminals including child exploitation and terror networks.

In March, the plan was outlined in a ministerial submission signed by Mike Burgess, the chief of the Australian Signals Directorate.

It states: ‘The Department of Home Affairs advises that it is briefing the Minister for Home Affairs to write to you (Ms Payne) seeking your support for a further tranche of legislative reform to enable ASD to better support a range of Home Affairs priorities.’

But a proposal to change the law has not yet been made

A spokesman for the Defence Minister Ms Payne said: ‘There has been no request to the Minister for Defence to allow ASD to counter or disrupt cyber-­enabled criminals onshore.’

‘It would give the most powerful cyber spies the power to turn on their own citizens,’ the source said.

 

 

 

source/read more: https://www.msn.com/en-au/news/australia/they-could-turn-on-us-shocking-government-plan-to-access-citizens-bank-statements-health-data-and-phone-records-revealed-by-bombshell-leaked-letter/ar-AAwtlpM?ocid=spartandhp

Family violence ‘perpetrators’ to be fitted with tracking devices, regardless of conviction

4th Feb 2018

The worst of Tasmania’s family violence perpetrators will soon be fitted with tracking devices, regardless of whether they have been convicted of a crime.

New laws mean Tasmania Police can apply to courts to force offenders to wear ankle bracelets that monitor their movements around the clock, as a condition of a Family Violence Order.

Victims can also volunteer to be monitored, in a bid to increase their safety in public spaces.

“This can act as a deterrent but also if an offence is committed they can provide evidence,” Inspector Robert Blackwood said.

Spain and Portugal are trialling a similar idea and New South Wales recently started putting the trackers on some perpetrators who have exiting Family Violence Orders against them, as they leave jail.

But Tasmania is taking it further.

In an Australian-first, police can now apply to a magistrate to have a tracker put on people who have never been convicted of an offence – an allegation or a history of violence (even without a successful prosecution) could be enough to see some people tracked.

“It’s certainly the more serious family violence perpetrators that we’d be making application to,” Inspector Blackwood said=

“They’re going to need to have a history of family violence, they may be charged with a family violence offence as well,” Inspector Blackwood said.

It means that police can proactively monitor known offenders and act to intervene when they get too close to their victims rather than scramble to respond once a protection or restraint order has been breached.

Previously they could only act after they were notified of a breach, which in some cases meant the victim had again been assaulted by their abuser.

Unlike the NSW initiative, victims can also opt to carry a GPS device so police can monitor where their abuser is in relation to them and warn them if they get too close.

“They’re not actually fitted with a device permanently, they just carry a device and what that allows us to do is monitor where the victim is in proximity to where the family violence perpetrator is,” Inspector Blackwood said.

“An example is the victim is within a shopping centre and the offender, aware or unaware that the victim is at that location, is approaching that shopping centre.

“We could then notify the victim that the perpetrator is within a certain proximity of them and activate that safety plan that’s already been established and also arrange a police response.”

Surprise support

Victims will not be able to monitor their abuser themselves.

“The victim does not have access to any information about the location of the perpetrator, they just carry a device, so the monitoring centre becomes aware when they are in proximity of each other and we can take action,” Inspector Blackwood said.

 

 

 

source/read more:http://mobile.abc.net.au/news/2018-02-04/tas-family-violence-perpetrators-to-be-get-tracking-devices/9394340

Sydney University students to be taught to obtain ‘enthusiastic yes’ before sex

30th jan 2018

New students at Sydney University will be taught to obtain an “enthusiastic yes” before they engage in sexual activity such as kissing or touching on campus or it’s “sexual assault’’.

A mandatory online module has been introduced at the university, requiring students to achieve a 100 per cent score in order to pass the course, The Daily Telegraph reports today.

Complete with gendered stick figures arranged in a variety of positions, the Consent Matters: Boundaries, Respect and Positive Intervention module outlines the basics of sexual consent as well as factors that can impact on a student’s ability to gain consent, such as drug or ­alcohol use.

But the course, which is also offered at Charles Darwin University and ANU, has not ­impressed students and experts, who claim the exercise is “stupid” and would not adequately address problems with sexual harassment

According to Sydney University’s website, the course was developed in a collaboration between British and Australian academics and involves interactive activities and scenarios that highlight the importance of consent when participating in “kissing and touching”.

“This means that everyone is entirely comfortable with the situation and freely able to agree, give permission or say ‘yes’ to participating in a sexual activity (this includes kissing and touching),” the website says.

“If someone is not able to offer an enthusiastic ‘yes’ to questions about sexual activity you do not have consent.”

 

soiurce/read more: https://www.theaustralian.com.au/higher-education/sydney-university-students-to-be-taught-to-obtain-enthusiastic-yes-before-sex/news-story/6e1aec72df2e1ed2273778c0b136b017

Experts sound alarm as biometric data from driver’s licences added to government database

 

15th Jan 2017

Your face is becoming the latest weapon in the world of digital surveillance, and the humble driver’s licence looms as a game-changer in tracking individuals through both the real and virtual world.

Experts warn your biometric data may already be vulnerable to misuse by criminals and terrorists, as the proliferation of mobile cameras combined with social media and ubiquitous CCTV feeds mean we’re caught on screen more than ever before.

Driver’s licences will be added to the Commonwealth Government’s already vast biometric databases after it struck an agreement with the states and territories, handing authorities access to an unprecedented level of information about citizens.

A system known as “the interoperability Hub” is already in place in Australia, allowing agencies to take an image from CCTV and other media and run it against a national database of passport pictures of Australian citizens — a process known as “The Capability”.

But soon driver’s licences will be added to the system, allowing both government and private entities to access your photo, age and address.

It is a $21 million system being sold as a way to tackle terrorism and make commercial services more secure.

But experts warn people now risk losing control of their biometric identity entirely as commercial interests, governments and organised crime gangs all move to capture more personal metadata for their own gain.

Driver’s licences change the biometric gamw

Technology and legal expert Professor Katina Michael said about 50 per cent of the population already had some kind of visual biometric stored in a nationally-accessible database, but the inclusion of drivers licenses would see the proportion of Australians scooped up in the net swell to about 80 per cent.

She said one of the biggest risks of the collection of biometric data was not deliberate misuse by the AFP, ASIO or another government agency, but rather vulnerabilities in the way biometrics work.

“It’s not like a one-on-one match, where you put (in) an individual’s face and say: ‘they’re a suspect’,” Professor Michael said.

“But rather what you get returned is a number of possibilities … you might get back 15, or 20, or 30, or 50 matches.

So you might have 50 innocent people being suspects, rather than the person that you’re trying to catch.

Professor Michael said this meant that while over time a person’s name might be cleared, their data could remain in a database linked to a criminal investigation.

“And then I’m thinking, what happens to their level of innocence as time goes on, because they accidentally look like a minority group?” she said.

She said real criminals and terrorists would opt out of the system, choosing not to have passports and driver’s licenses in a bid to escape the net.

“Of course, if you’ve done nothing wrong, the old adage says you’re fine. But increasingly, we don’t know if we’re fine,” she said.

The rise of ‘uberveillance’

Professor Michael said modern surveillance methods employed by law enforcement were not just limited to CCTV — they now incorporated vast amounts of metadata and social media, leading to a concept known as “uberveillance” in which people were constantly monitored.

“What we have now are digital footprints that we all leave behind,” she said.

“Phone call records, internet searches, credit cards and even the data on your electronic train or bus ticket can be used to track your movements and activity.

“It brings together all these various touchpoints, telecommunications records, travel data via tokens, facial recognition on federal databases, your tax file number … that’s accessible depending on the level of crime and social media.

“You’ve got this very rich almost cradle-to-grave kind of data set that’s following you.”

Photo Even transport cards like the NSW Opal card can reveal your personal data.

Organised criminals want your identity

Stephen Wilson runs Lockstep Consulting, a Sydney-based firm which researches and tracks trends in biometrics in the corporate and government spheres, and advises clients on best-practice.

He said at the moment very secure biometric systems took quite a long time to process images accurately.

Problems arose when consumer convenience, such as being able to unlock a phone or access a bank account with a quick face or fingerprint scan, trumped security.

“No police force, no public service, no business is ever perfect, there is always going to be corrupt people,” Mr Wilson said.

“The more exposure we have to electronic databases, the more exposure we have to biometric matching, it’s only a matter of time before these bad actors succumb to temptation or they succumb to corruption and they wind up using these systems inappropriately.”

Your biometric twin is out there

Photo New technology can more easily track people’s faces in crowds.

Mr Wilson said biometrics were creeping into consumer services like bank accounts and online betting facilities, with customers asked to send a picture of their licence and a “selfie” that will be run through an identity matching service.

“The real risk is that bad actors will take people’s photos, ask for a match, and get back a series of matches of people that are kind of like your biometric twin,” he said.

“We’ve all got doppelgangers, we’ve all got people in public that look just like us.

“If you’re trying to perpetrate a crime, if you’re organised crime, and you’re trying for example to produce a fake driver’s licence, it’s absolute gold for you to be able to come up with a list of photos that look like ‘Steve Wilson’.”

Technology companies like Apple and Samsung have championed the use of biometrics such as fingerprints, and this has taken a step further with facial recognition becoming more common thanks to the release of the iPhone X.

Photo Apple’s iPhone X has championed facial recognition technology.

However Mr Wilson said a key difference was that information stayed on the phone, while banking and other commercial interests trying to use your biometrics to confirm your identity could be storing it on a server anywhere.

“Do you really want your photo, which is a pretty precious resource, sent off to a company perhaps on the other side of the world just so you can get a quick bank account or quick betting service set up?” he asked

What will happen next?

An annual industry survey conducted by the Biometrics Institute, known as the Industry Trend Tracker, has nominated facial recognition as the biometric trend most likely to increase over the next few years.

Respondents believed privacy and data protection concerns were the biggest constraint on the market, followed by poor knowledge of decision makers, misinformation about biometrics and opposition from privacy advocates.

The Australian law reform commission says biometric systems increasingly are being used or contemplated by organisations, including in methadone programs, taxi booking services, ATMs and online banking, and access to buildings

Dr Michael said governments needed to be very cautious about how they applied this rich new source of data in the future.

She said governments were building these agreements between themselves and corporations in a bid to stamp out fraud, but that goal was not always achieved and the potential for mistakes was vast.

“What we have is this matching against datasets, trying to find the needle in the haystack,” she said.

“Often what happens is we don’t find the needle.”

A statement from the Department of Home Affairs said the Australian Government was exploring making the Face Verification Service available to the private sector, but nothing had started at this point.

It said arrangements for private sector access would be informed by an independent privacy impact assessment and those using it would need to demonstrate their lawful basis to do so under the privacy act and where they had gained consent to use a person’s image.