Breached as, bro

Once upon a time, as all the oldest stories start, data was kept in peoples brains. This data wasn’t clearly visible and could only be accessed via direct download from the source. The person had to tell you what was in their brain. This is how the oldest stories were passed on, with an oral tradition. There were secrets. Some things were private. There was value in this. Secrets have always been valuable – and many methods have been tried to extract this value, from persuasion, coercion, interrogation, and worse. Lots of secrets equals big value equals a big incentive to try some of these methods. That said, it’s a lot harder to use these methods to find a lot of little secrets in a lot of places, when you don’t really know where to look.

What if someone took a lot of secrets, including your secrets? What if that someone took those secrets and put them all in the same place? Is this sounding familiar? What we have in this situation is motive (lots of valuable secrets – data), opportunity (you know where it is – a big database), and then all you need is the means…

We all know that more mistakes can be attributed to stupidity than malice and I suspect poor systems have led to the situation below. Big health databases are big targets, and data breaches, where your data, your secrets, become public, are becoming more and more common. One big database belongs to Ambulance Tasmania.

The private details of every Tasmanian who has called an ambulance since November last year have been published online by a third party in a list still updating each time paramedics are dispatched.

Key points:

  • Ambulance Tasmania uses a paging system in initial communications between the dispatch team and paramedics on the ground
  • Pager messages dating back to November have been uploaded to a website, which is still live and continually updating
  • The health union has described the data dump as “horrific”

The breach of Ambulance Tasmania’s paging system has been described as “horrific” by the Health and Community Services Union, which has suggested the data dump could leave the Government open to litigation.

The biggest health database in this country is MyHealthRecord. The website states that ‘My Health Record lets you control your health information securely, in one place. This means your important health information is available when and where it’s needed, including in an emergency’. There are some issues with this – many hospitals and health service providers neither use nor access MyHealthRecord and, as I’ve said above, big databases have a big target on them. Hackers and criminals see this target. So do governments and non-criminals.

2018 saw the Federal Government quietly release its long-awaited framework for secondary use of information contained within the my health record. It was controversial. The release of the framework to guide the secondary use of My Health Record (MyHR) system data came just months before the participation rules for the Australian national health record change from opt-in to opt-out. Consent for secondary use is implied if consumers don’t opt out of the MyHR. In other words, people need to take action if they don’t want their health data to be used for purposes other than direct clinical care.

What does this all mean? For patients and individuals it means being mindful about your data. Only give what you need to give, for good reason, and consider time limits and limiting further usage of your data for unconnected reasons.

For doctors, consider clinically appropriate data entry – never forget who you serve and why, and work in and with good practices and practitioners who will take the same care and attention with patients data as you do.

For practices, good policies and solid hardware and software solutions are the key!

For a little bit of further reading:

John Stronner is a guru in this area – a Certified Data Protection Officer, and CEO of Loftus Technology Group. I had the pleasure and privilege of speaking after him on a recent podcast from This Pathological Life! Another podcast I found super useful was the story of the white hat hacker turned protector, Bastien Treptel of the CTRL Group.

Be mindful with your data and your health – we can help with both (with your medical data at least!). Just one little example of how your data can help you is here, where I explain how your GP can upload your immunisation details to MyHealthRecord, allowing you to prove your vaccination status – super important in 2021! You can make your appointment with us conveniently online right here – or call our friendly reception team on 82953200.

Where to now?

Photo by Miguel u00c1. Padriu00f1u00e1n on

For everyone, we believe that having a usual GP or General Practice is central to each person’s care and recommend that people with any health issues that come to the attention of other health professionals should be advised to attend their usual GP or General Practice rather than a specialised service (ie a place not providing the holistic care a specialist GP would).   If  they say that they don’t have a usual GP or general practice, they should be helped to find one and to actually attend it. Call PartridgeGP on 82953200 or make an appointment online here.

(Hat tip: Dr Oliver Frank)

(TL;DR – Get a regular GP or General Practice and use them!)

Photo by Miguel u00c1. Padriu00f1u00e1n on

If you’re employed, get a side hustle and get into business. If you’ve already got a business, get a network. Want to get started? Find your tribe here!

Photo by Miguel u00c1. Padriu00f1u00e1n on

If you are a great GP or a great Allied Health Professional, and you want to serve your clients or patients to the best of your ability, without worrying about all the non clinical things that get in your way, lets talk. Call Mrs Hayley Roberts on 8295 3200 and have a coffee and chat with us as to how PartridgeGP can help you to help others.