Monday, July 2, 2012

We Are Seeing The NEHRS / PCEHR Introduction In Really Amazing Disarray. It Is Pretty Sad And Public Confidence Destroying.

I have to say I could not have made up just how the first few days of all this have unfolded!
As reported over the weekend there was a July 1 update on the site late in the afternoon that provided a link to application forms. There was nothing provided that could be described as an on-line registration application.
Here is the link to that blog.
Then out of the blue we had a claim from a blogger (who is sponsored by NEHTA) that there was an on-line registration process via
You can read about this from this link.
Interestingly this route of access to the PCEHR System now seems to have been closed down - having been open for only a few hours.
Then, this morning we have had the following reports.

The federal government's e-health platform hacked at birth

THE federal government's e-health platform was hacked while being developed but the incident went undetected for several months.
The revelation comes after Accenture, the main contractor for the personally controlled e-health record program, delayed delivery, resulting in only 40 per cent of the system being ready by its July 1 launch date.
The hacking incident raises issues of reliability and security of the system as people start to register for an e-health record that would contain their personal details and health information such as medications, allergies and immunisation details.
The PCEHR is intended to be a secure electronic summary of people's medical history that is stored and shared in a "network of connected systems".
According to sources close to the Department of Health and Ageing, the hacking incident occurred while the PCEHR system was being built late last year, but Accenture discovered it only four months ago. The sources declined to be named.
Lots more details here:
and this report:

Answers to identity verification questions not sufficiently secure

THE security of the government's e-health records are under question a day after they were launched because those registering have to provide only a Medicare card number and names and birth dates of family members to verify their identity.
Security experts say answers to the identity verification questions are so widely known it would allow a person to set up an e-health record for someone else by telephone if they wanted to access that individual's health details, such as medication or medical procedures.
"My advice is not to join until the security issues have been resolved," said Graham Ingram, general manager of AUSCERT, Australia's emergency response team for computer security incidents.
More details here:
What is also interesting is that in the Application Guide On-Line Registration is an option provided.

eHealth registration guidebook

A guidebook is available to help you understand the eHealth record registration process. The document explains the terms used, your eHealth privacy safeguards, details about how your information is handled, and where and how you can apply for an eHealth record.
See page 10. Clearly it is not present on the site yet:
See here:
Even worse - consider this section of the written Application Form found here:
(Page 2)
The System Operator, who is the Secretary of the Department of Health and Ageing, is collecting the information in this form to work out if it can register you and/or your dependant(s) for an eHealth record, and for managing your and/or your dependant(s) eHealth record if your application is accepted.
 If applicable, the information will also be used to work out whether you are an authorised representative for your dependant(s).
 If you are registered, the System Operator will collect other personal and health information about you and/or your dependant(s) when that information is uploaded by healthcare providers or by you, or where permitted by law.
This is authorised under the PCEHR Act and the Healthcare Identifiers Act 2010 (HI Act).
The System Operator usually gives some or all of this information to the following as part of the normal day-to-day operations of the eHealth record system:
  •  registered healthcare providers involved in your and/or your dependant(s) care where this is consistent with any access controls you set, or in the case of a serious threat to an individual’s life, health or safety or to public health or safety
  •  your nominated representatives, if you choose to have any, consistent with any access controls you set
  •  repository operators, portal operators and contracted service providers that are registered to participate in the eHealth record system
  • the Chief Executive Medicare as the service operator under the HI Act, and
  • the Australian Government Department of Human Services and, if applicable, the Department of Veterans’ Affairs.
Your and/or your dependants’ information may be given to some other entities but only where this is required or authorised by or under law. Where information is given to other entities, those other entities may collect, use and disclose that information as required or authorised under the PCEHR Act, the HI Act and other laws.
The information provided in response to parts of this form is collected by the System Operator on behalf of the Chief Executive Medicare (within the Australian Government Department of Human Services) or the Australian Government Department of Veterans’ Affairs. The collection of this information is authorised by the PCEHR Act and is for the purpose of the Chief Executive Medicare carrying out functions as a registered repository operator under the PCEHR Act.
The Chief Executive Medicare (as the service operator under the HI Act and, separately, the holder of Medicare and PBS records) may disclose information to the System Operator about you and your dependants to help the System Operator to make decisions about registration and authorised representatives. These disclosures are authorised by the HI Act and the PCEHR Act.
Further information about how personal information is handled in the eHealth record system is described in the Registration Booklet and Privacy Statement. The Privacy Statement can be accessed by you at or you can request a copy by calling 1800 723 471.
----- End Extract.
If you go here to check the understand-ability of the above:
you get the following:
Indication of the number of years of formal education that a person requires in order to easily understand the text on the first reading
Gunning Fog index : 20.52
i.e. 6 years post high-school - i.e. 2 degrees or so!
So what we have so far is failed delivery on undertakings, irregular access routes to the PCHER system being made public and incomprehensible documentation needed for application.
And all this in just 3 days. I can’t wait for the next exciting instalment.