* Posts by Bernard Robertson-Dunn

3 posts • joined 17 Apr 2013

TAFE's troubled tech terminated

Bernard Robertson-Dunn
FAIL

According to Accenture, this project was a success years ago

https://www.accenture.com/us-en/success-new-south-wales-department-education-communities-learning

Says a lot about both Accenture and Dept Education.

Oz e-health privacy: after a breach is too late

Bernard Robertson-Dunn

And that's not all.

As primary author of the APF submission, I'd like to point out there was far more to what we said than the issue of Australian laws not stopping overseas criminals and cyber-terrorists.

The main gripe we have with the system is access to the data.

1. It's accessible from the internet. Just stupid.

2. The claim that it's personally controlled and that patients can see who has accessed their data. This is totally and absolutely untrue. As the government's own website says, patients can block certain institutions from accessing their record and can see which institutions have accessed it. That is a long long way from "who". The scenario we used to demonstrate the risk was

"... if a patient goes to see a dentist and there are potential health issues if undergoing dental treatment and the patient grants access, then the dentist, their nurses as well as ancillary and administrative staff all have full access to a patient’s health record. This can include aspects of the patient’s health care that have no relevance to the practice of dentistry, such a mental health issues."

3. That last bit refers to the fact that anyone who can see the record sees all of it.

4. In the enabling legislation is Section 70 which says, in part:

The System Operator is authorised to use or disclose health information included in a consumer’s PCEHR if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:

• the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

• the enforcement of laws relating to the confiscation of the proceeds of crime;

• the protection of the public revenue;

• the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;

• the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

These accesses are not logged for the patient to see.

So much for personally controlled.

The whole architecture of the system is a disaster. There are other issues such as data can leak out into other eHealth systems quite legitimately, but then the provisions of the legislation no longer apply. So much for "strong security and privacy controls" as claimed by te government.

I won't bore you with even more, but, IMHO, it's a train-wreck waiting to happen, unless they do something they have never done before - think it through and make changes.

Why hacking and platforms are the future of NHS IT

Bernard Robertson-Dunn
FAIL

What a load of techno rubbish.

How do you know if a solution is any good? Only if it solves your problem. Vendors don't understand the government's problems, even if they claim they do.

Mind you, the government doesn't understand its own problems. They think the problem is IT. It isn't. The problem is all about information.

That article makes the same mistake as the government, hence the title "Why hacking and platforms are the future of NHS IT" The future of the NHS lies in the NHS working out what information it needs, how it is gathered and how it is managed. Only then can anyone decide if a solution (or platform) is any good.

The platform approach outlined in the article is a bit like going to a builder because he has all the right builder's tools. And then finding out you need a back-hoe and crane, which the builder hasn't got. The builder (and his tool "platform") is useless.

Working out the value of a solution means understanding what problem you are trying to solve. That's where the value of solving a problem lies, not in the solution space. Solutions just cost money.

Platforms are all about solutions, not problems. The government will only make progress when it realises that solutions are cheap and plentiful - every vendor has lots of them. The government owns its problems and will get value from solving them; it's about time it started to understand its problems - starting with information, not technology.

Biting the hand that feeds IT © 1998–2019