“Motherhood statements of reassurance” by the Government simply will not cut it, in the wake of the Guardian’s revelation of Medicare card details being sold on the darknet, according to a peak health group.
The Government reportedly was not aware of the practice until journalist Paul Farrell’s investigation; a subsequent statement by Human Services Minister Alan Tudge said he had been assured personal health records could not be accessed.
Alison Verhoeven, CEO of the Australian Healthcare & Hospitals Association, writes below that the Government must act quickly and proactively to restore trust.
Alison Verhoeven writes:
The availability of Medicare data for purchase is concerning because of the privacy issues related to individual data, and also because of the erosion of trust related to electronic records collected and managed by governments, particularly health records.
Medicare cards are used as proof of identity for multiple purposes such as opening bank accounts, obtaining driver’s licences – so while the Australian Government has sought to reassure cardholders that their personal health records may not be accessible, it remains a very serious breach of personal information.
Governments must act quickly and proactively to identify the sources of data breaches, to address these (including any system design weaknesses in government IT infrastructure), and to communicate the steps they have taken transparently to regulators and consumers. This should include direct contact with any individuals who have been affected.
An independent assessment of these actions should be taken by the Office of the Australian Information Commissioner, and learnings from this used to improve government management of data.
It’s not sufficient to provide motherhood statements of reassurance – erosion of trust has the potential to wind back significant work which has been undertaken by successive Commonwealth and state governments to make government data more available and to leverage the power of big data for positive social good such as better coordinated health care.
Government agencies should be drawing on the experience of sectors such as the banking sector to enhance their technical capabilities in managing data; and national and international innovations in data security (including blockchain and the new German health data model which stores individuals’ master data on personalised cards).
The pace of change in data management and security requires government agencies to adopt more agile approaches than they currently demonstrate – this requires financial and technical resourcing and must be prioritised.