Not super keen on the government storing all of your personal information in its e-health system? No problemo, just provide the government with all of your personal information — on an unencrypted website.
Or at least that was the plan, until those meddling kids on Twitter shamed the government into encrypting the site — badly at first, and then finally up to proper standard.
Late last year, Health Minister Sussan Ley announced an overhaul of the e-health record system. Patients would be automatically signed up to the record system unless they specifically requested not to be included. At the start of this year, the Department of Health with the Department of Human Services began its trial in north Queensland and western Sydney for about 1 million patients, which would cost about $41 million.
On Monday, Twitter user Geordie Guy posted that the opt-out page required those opposed to the government storing identity information about them to hand over identity information to the government, including driver’s licence, passport or immigration card, as well as name, date of birth and Medicare card number. Worse still, the form to opt out of the system was not encrypted, meaning that it could potentially be vulnerable to a security breach.
Within hours of the tweet, the Department of Health rectified the issue by adding encryption to the page — but was initially using weak encryption that resulted in the department being given an F rating on the SSL Labs site-security checking service. This was rectified overnight by changing to a different domain that now has an A-rating.
A spokesperson for the department claimed it was “an administrative error” to leave encryption off the opt-out page, and that, as a result of the issue, “additional checks will be added to the overall quality assurance processes to ensure that this cannot happen again”.
Security expert and the man behind the “Have I been pwned?” website, Troy Hunt, told Crikey it was alarming that the page went up unencrypted in the first place.
“Clearly, something fundamental was amiss when a page requesting such sensitive information was stood up without any encryption. It’s alarming that this might happen in the first place, but at least they got onto it quickly.”
Information management specialist and the chair of the Australian Privacy Foundation’s health committee, Bernard Robertson-Dunn, said he was worried that it could even happen.
“This is an enterprise-class application. Have they never heard of System Development Life Cycle processes? Any important application development process, especially one that involves highly sensitive data like that on the opt-out page, should follow standard, well tried and practised processes. The worry from a professional IT development perspective is that this didn’t seem to have happened.”
He said encrypting all communications should have been part of the standard development process, and if it wasn’t specified in the development, or not tested, it indicated poor process, and potentially a result of inter-departmental collaboration between Health and Human Services on the trial.
“It shows very poor governance and project management. For Health to say that ‘additional checks will be added to the overall quality assurance processes to ensure that this cannot happen again’ indicates that they don’t properly understand quality system development. Quality needs to be built in to all processes, not just a check the end.”
Another potential issue facing the My Health Record website is that it is incompatible with up-to-date browsers for the consumer portal, while on the provider portal, Chrome and Mac are not supported at all.
The opt-out system is aimed at boosting enrolment in the e-health record system, which the government — under both Labor and Liberal — has spent more than $1 billion implementing, with just over 2.5 million patients registered. As of February there were 300 GPs using the system each week, with an average of 10,900 consumers accessing their records online each week. There are 74,805 “health summaries” — information on the health of a patient — uploaded to the system as of February 11.
The rebranding from Personally-Controlled E-Health Record under Labor to “My Health Record” under the Coalition was revealed to be $1.48 million, in a department response to a question on notice from the last round of Senate estimates hearings.
I believe the technical term for this is a Clusterf**k.
Such a scary lack of the most basic O/L security.
I *do* hope the census is better at securing our data.
But I’m not holding my breath.
Worse still, the form to opt out of the system was not encrypted, meaning that it could potentially be vulnerable to a security breach.
While wholeheartedly agreeing that the connection between client and website should have been secured with SSL, the absence of that encryption doesn’t really have anything to do with risk from security breach. A better statement might have been that the data would be vulnerable to exposure on the network.
It is dismaying, to say the least, that no provision was made for secure access during the system design. I can’t imagine a competent team not covering this in design discussions, so I really have to wonder what happened there, procedurally speaking.
In defense of the department, and without any inside knowledge, I do wonder if there is anyone left in the department with the capacity and knowledge to get this right. Years of outsourcing and staff cuts in general have possibly left them bereft. I suspect it would have been outside contractors or bought-in software from people with no “skin in the game”. They might have hired a temporary “project manager” with minimal real computing skills. (I have seen this happen, in another context, more often than I can count. I have even heard one such “project manager” proclaim that technical skills are unnecessary in such a role.).
That said, I do find it appalling that such a website could ever be brought online and is a perfect illustration of why I would not trust this government with my health information.
Hey! $1 billion already been spent another billion dollars is going to be used to conscripted doctors to sign up. It will make a $1 billion Queensland health fiasco seem like money.
Your GP has already been threatened with deregistration from vocational registration if they don’t sign up, the government is totally supported in this tactic by the same RACGP that was responsible for yesterday’s article on women drinking.
The reason for this system, which is useless and unworkable, is for the government to collect more data and this data link can be used as a revenue stream by selling the statistics to insurance companies.
Basically it boils down to this do you want your wife’s vaginal itch recorded in Canberra computers as part of government records.
Finally a health will then be sold to a public company to raise another few billion the same way as Medicare private has been.
It is symptomatic that the journalists have not analysed the malignancy of this expenditure and the social side effect-they have merely parroted that health departments press releases.
I look forward to seeing a print out your health records whenever you apply for a job. Seeing that they will be only on one database and not in your doctor’s records.
Oops! correct that –
1 It will make $1 billion Queensland health fiasco seem like pocket money
2 finally e health will then be sold …. Medibank Private
– not Medicare [perhaps that is next, also] as money is tight –