As I mentioned a few weeks ago, security questions have been raised about Australia's proposed AU $466 million national electronic health record system. According to a story in The Australian in August, nearly half of Australians may end up "boycotting the voluntary system when it launches in July next year amid concerns the government may find it impossible to guarantee private medical details remain private."
Adding fuel to the security fire was a story a few days later at CRN that quoted AusCERT general manager Graham Ingram saying that the security claims being made for the Australian e-health record system were not believable, to wit:
"That they [the National E-Health Transition Authority] think they have the security to safeguard the data is just a nightmare."
Supporters of the new national EHR system, however, remain confident that the ehealth system will indeed adequately protect and keep private a patient's medical information, but they also agree that the Australian government has to become more active in convincing citizens of that fact.
How are they going to do that?
Well, the latest approach is to announce that celebrities, politicians and victims of domestic violence will be given fake identities to foil potential hackers, a today story in The Australian reports.
In other words, the ehealth system is secure (enough) for the punters but not the pols.
Pointing out the obvious, the Australian Medical Association said such a move "would undermine public confidence in the security and privacy of ehealth records," The Australian story states.
The UK Labor government in 2009 did basically the same thing with its £224 million ContactPoint child tracking database. Politicians, celebrities, persons in witness protection programs, victims of domestic violence, as well as powerful and influential people - as the London Daily Mail termed them - would be able to keep their child out of the national database which was to track details on all children under 18 in England so that possibly abused children could be identified.
The Labor government also said at the time that the children's records would be secure, but then undermined their arguments by way of the exclusions (and also by a delay in the roll-out of the database due to operational "glitches"). The controversy surrounding the database - and its exclusionary privileges - helped spurred Labor's defeat in the 2010 election. The database was dismantled when the Coalition Government took over last year.
If the National E-Health Transition Authority really wants to sell the idea that its ehealth record system is "secure," it needs to rethink its two-tier security policy. Otherwise, expect the boycott of the system to grow. And if the current government wants to hold on to its slim majority, it may want to rethink the policy sooner rather than later.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.