Temperatures run high in IT health security debate

The author of a study into firewalls prepared for general practitioners under the Broadband for Health program claims it has been dumbed down so much by federal health bureaucrats, the document is now virtually useless as an IT security guide.

The author Dr Horst Herb, director of the Dorrigo Medical Centre in NSW, is demanding his name be stripped from the final report.

Once a systems auditor, penetration tester and mainframe security analyst for Siemens, Dr Herb spent the last five months advising the government on minimum firewall standards for GPs.

Horst said he believes the government is not serious about IT security when it comes to e-health.

Although Herb's work has been published as part of the GPCG (General Practice Computing Group) Security Firewall Guidelines, he said many core technical aspects and product-specific analysis had been stripped out of the recommendations.

As a result, he said, the document prepared as an IT security guide for GPs has reached the point of irrelevance.

A Department of Health and Ageing spokesperson, asked to respond to Dr Herb's allegations, said the submitted report was "overly-technical" and had to be "simplified extensively" so that could GPs understand it.

"The original document was very technical," Herb said. "But that was the whole point, to raise interest and technical understanding of what is involved for GPs. Even if the doctors were to commission out implementing firewalls they would still need to emulate skills of the person that set it up, because generally, there is no formal qualification for implementing firewalls or formal liabilities for firewalls," Herb said.

Herb also warned many IT security products are not strong enough to protect highly sensitive, personal information.

"The main problem I had was with personal firewalls, which is just software on a computer which is, in my opinion pointless in a surgery scenario because they have too many vulnerabilities - all it takes is downloading software to disable it. GPs need a dedicated firewall where no user can dabble with it," he said.

"Surgeries should not rely on basic or personal firewalls. This [detail] was edited out of the original report, mainly so [telecommunications vendors] can just push a default firewall setting as acceptable - it is just pure nonsense."

Herb said while the strong security message was being lost on GPs as a result, though he is glad some security information has been released. However, Herb is insisting his name be stripped from the report, because he does not want to be held liable for anyone considering a personal firewall as a viable IT security solution for doctors.

Since the report was published, the federal government has axed funding for GPCG, which provided IT support and advice for doctors and clinicians. It ran for eight years under an annual, million-dollar government grant.

The Department of Health and Ageing spokesperson said all doctors involved with the now defunct General Practice Computing Group considered the original document to be far too complicated. However, when it was "simplified extensively", they gave it their full endorsement.

The department claims the document has since been well received by doctors, despite the GPCG being disbanded.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Department of HealthHISSiemens

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Michael Crawford

Latest Videos

More videos

Blog Posts