Privacy concerns won’t stymie e-health uptake: NSW Health

Privacy shouldn't be confused with security

People concerned about the privacy implications of a move to transferable electronic health and medical records should not be dissuaded by doubt as the benefits outweigh potential drawbacks, according to health industry executives.

Dr Tim Smyth, deputy director-general of NSW Health, said it is very interesting times in NSW as the state is “beavering on” with the rollout of electronic medical records and is undertaking a business case for the provision of an electronic prescribing service.

Smyth is adamant privacy concerns around electronic medical records are overstated and can lead to unnecessary concerns.

“I’ve never seen privacy as an obstacle and it’s often used as an excuse by some players not to do anything,” Smyth said.

“Healthelink in NSW was all opt-in and about 90,000 people are using it. Only a small percentage have left the service.”

Speaking at an AIIA CIO eHealth forum in Sydney, Smyth says privacy is about the information a person wants other people to know about him or herself and it is often confused with the security of information.

“Being able to transfer information is critical [and] e-health has the potential to reduce errors,” he said.

In the case of Healthelink, only authorised health care providers are able to view records and health care providers given access to Healthelink must sign an agreement to “respect the privacy of records and to maintain confidentiality of the information”.

Privacy group Civil Liberties Australia (CLA), in a letter to the federal health department, said in 2009 it supports the use of new technology to improve patient health and safety, provided a patient’s ownership and control of the information is safeguarded.

The CLA believes only a patient should be able approve the use of his or her data, except in a medical emergency, and any alleged breach of ownership, control or privacy of a patient’s data is subject to both civil and criminal legal processes.

St Vincent’s & Mater Health Sydney CIO, David Roffe, said in his experience, people in chronic care generally want to share their health information.

“E-health systems for medication management does reduce errors [and] NEHTA-compliant secure messaging is the way forward,” Roffe said.

Roffe said the prospect of public software vendors entering the realm of electronic medical records is not necessarily a conflict with government-funded or private medical care initiatives.

“There is a good opportunity for providers like Google and Microsoft to allow people to manage their own health records and not just ‘leave it to the system’,” he said, adding people are unlikely to adopt an e-health system without some form of mandate.

Deloitte e-health consultant, Adam Powick, said 80 per cent of Australians don’t understand we have a problem with e-health.

“People place a great deal of trust in the health system and for good reason,” he said. “You can’t advertise e-health as being a ‘good’ thing. It will be need to be targeted at problem areas and the generational change.”

Regarding information security, Smyth said passwords remain a problem and can “drive people crazy”.

“In NSW if you are a doctor and you move from Blacktown hospital to one in the city you have to change your password because they run on different systems. I am working to get that unified,” he said.

Privacy Commissioner calls for multi-faceted e-health framework

Australian Privacy Commissioner Karen Curtis says the office has maintained a long-standing interest in the development of e-health initiatives as they relate to the collection and handling of personal information.

“Ensuring that privacy is adequately addressed is fundamental to achieving community trust in e-health information systems and gaining consumer acceptance and take-up of the new systems,” Curtis said. “Having said that, my office welcomes the government’s assurances that a personal electronic health record scheme will be developed on an ‘opt-in’ basis.”

The commissioner recommends governments adopt a multifaceted approach to privacy which is “essential in building a robust privacy framework for a national e-health information system”.

“A comprehensive framework for privacy protection should be built into an e-health initiative based on design, technology, legislation and oversight,” Curtis said.

Join the CSO newsletter!

Error: Please check your email address.

Tags civil libertiesNSW healthSt Vincent'sprivacy commissionere-healthprivacy

More about Australian Information Industry AssocGoogleIIAMicrosoftNSW Health

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rodney Gedda

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place