The public sector uses the data to save your life, google sells your medical search history to your insurance company.
I do work in the public sector, and I’m obviously biased, but really, I’d prefer an efficient public sector to a dysfunctional one hindered by data security.
I mean, if we took the GDPR at its strongest interpretation, then you’d need to consent when the ambulance hands your information over to the hospital, and if you’re unconscious, well though luck, then you’ll just have to die. In what world does that make any sense?
lol nope. GDPR does address this. It's one of the bases for processing - vital interests.
Read here for more if you're interested: https://ico.org.uk/for-organisations/guide-to-the-general-da...
GDPR is far less vague & excessively strict than people seem to think. It's sensible and pretty well-defined imo. You just need to take a little bit of time to read it and consider how it reasonably applies to you.
Wait, what!? Where is this coming from?
(Disclosure: I work on ads at Google, and while I can't speak for the company this is very much not something I think we do.)
Thus, not opting out does give all your medical data to the private sector anyway. Because they will have large breaches of data. And insurance companies will use it.
There was a study in the 00s that looked at major IT system implementations, and I can’t remember the exact number, but it was around a 77% failure rate for business and around 85% for public sector systems.
Which frankly make a lot of sense. Because the public sector buys its systems from the same software companies that the private sector does.
I don’t necessarily think giving up is the best sollutuon though, I think it would be better if we demanded a higher priority on IT from our political leadership than we do now. I mean, we’re seeing some with the GDPR, but did we really have to rely on the EU to do the right thing?
But opting out of a broken system (many GPs are refusing to use the system as they, in their general computer illiteracy, still find it to be insecure), is not the same as just asking for the government to do better.
You should opt out now, system is broken.
You should ask for it to be better in future - we are. Our government rejected a commission investigating why the last large-scale architecture deployment, NBN, was such an atrocious failure. A year later (under a different controlling party), a different government branch did launch an investigation, and found that it was an utter failure, at pretty much every level.
But again... That doesn't mean opting out isn't wise.
1. GPs think it's insecure.
2. If you have a MHR, then the police, Centrelink, Medicare can access it without a court order or subpoena (not the case if the clinic holds the records).
3. Finally, MHR accept no responsibility for if they do get a breach. In fact, their security disclaimer suggests that the user will be considered at fault if it happens.
Opting out was meant for people who aren’t capable of accessing a digital mailbox, but because of the reputation of public IT some people opt out for no reason other than they don’t want to be part of it.
That’s their right, sure, but those 1-3% of the population are now costing the government as much as the other 97% times four.
The typical person to opt out isn’t old by the way, seniors are among the most happy users, no, it’s middle aged men who think they know better than the system.
Ironically around 80% of them would like to cut the public funding. I guess we could start with all the money they are wasting by opting out.
mygov, is  not  secure . Therefore, MHR is not secure. I have no reason to believe the situation has changed (2FA is still SMS only for starters) - and I cannot see any reasonable effort being made by our government to change that same situation.
Their past response  has been to ignore security problems.
I don't care how much they're paying for this brand-new insecure service. I'm irritated that they're asking Australia to pay for something that wasn't requested (people asked for an easier way to transfer records - not for their records to be housed in a known, insecure facility), and I'm irritated that after complaints of insecurity began surfacing across the nation, they started a campaign on TV calling it secure.
So no, the bigger perspective isn't a nation paying a lot for a system that isn't getting used - the bigger perspective is the nation is paying the government to allow enterprising individuals to steal and sell their data.
Not just against malicious attackers, but "legitimate" abuse like insurance companies or employers getting access without you knowing!
Is there some dire pressing need where people are literally dying because doctors can't access prior medical history in time? I've not heard anything of the sort.
Do you think the Australian government is proficient with IT and IT security?
In the perfect world, you could design an architecture for sharing data, so patients would own some sort of medical card with their history.
In the real world, your doctor and your eye doctor bought different IT systems that can’t share data without someone manually typing them in.
Hell, the hospital probably runs around a thousand different IT systems and maybe two of them have APIs, but one is SOAP and the other is Graphql and there isn’t any middleware to make them speak with eacother. So the hospital can’t share your journal between your ward and the X-Ray room, unless there is a centralised journal.
We’re working toward a better architecture, but it’s not easy, and if only 500 of your 1000 systems adopt it, then you’ll still need a way to handle those 500 systems.
Things are made worse by the political decision organ and it’s variating agendas.
For a decade you may have political leadership that enforces an open architecture in which systems have to be able to share data. And you get maybe 10 major systems build on it, and they work, and you build some middleware and use RPA for some of the other systems.
Then the political landscape shifts, and maybe lobbyists play a part. Because open architecture for data is making companies less money since they can’t sell you data extractions. So they spend money on politics, and the conservative side listens and starts making the open APIs and public ownership and management illegal because it “steals” jobs.
Then you have another decade where you change another 10 major systems, except now they are silos and you fire your local IT developers so you can’t build RPA or middleware.
Then people realise that was stupid, so it shifts back to open architecture. Except now 20 years have passed, so we design a new open architecture that doesn’t fit with the old one. And then we buy another 10 major systems on the new architecture.
Now, after 30 years of good intentions, you still need a centralised way to share patient data, and when it fails, people do die.
> Is there some dire pressing need where people are literally dying because doctors can't access prior medical history in time
People definitely do die from that.
Not to a sufficient level.
So I'll opt in when I need to.
IF there was a track record of success, then this might be fit for purpose. The chances are extremely low though.
It seems like once we give any data to any company/entity/organization in this age that it will likely be around, somewhere, forever :(
I'm not saying someone didn't mess up or that the security breach wasn't preventable, I have no knowledge of that, but I hope no one on HN is surprised that building a site that on the frontend handles traffic from a significant fraction of the US and on the backend interfaces with basically every insurer in 30-some states is something that might take hundreds of developers a few years to develop.
(Which again, is not meant to imply that there wasn't any waste or that the project was completely as efficiently as possible, but when people say they could have done it in a quarter with 5 people, I say, what is wrong with you?)
> On October 16, 2018, we found that a number of agent and broker accounts engaged in excessive searching for consumers, and through those searches, had access to the personal information of people who are listed on Marketplace applications.
At this point hackers could be a better source of credit rating given that they could combine info from hacks like this and the other credit agency (experian?) hacks with other insurance hacks (anthem?) -
I wonder if my signup app info is still in this system from a couple years ago or has been removed?
For months I kept receiving e-mail reminding me that my application was incomplete, and cajoling me to finish.
I wonder if the hackers got my partial information, or if it was only stored in affected systems after completion.
I'm putting my money on brokers/agents having weak passwords and someone did some guessing like email@example.com/<password>
Will give a few more tomorrow, when I have something more than a phone.
(Asking because I'm starting a new data-heavy project and I'm considering generating code from UML.)
One of my favorites was the way they serialized the POJOs. Data object turned to XML. Send to a process that added more stuff. Send to another process, lose all the non-base stuff. Lots of data corruption. The model being wrong required them to try and tack on all sorts of extra stuff... but the framework really did not support it.
They tried to match a handful of A players with a bunch of C grade developers. Then they pulled all the A players into never ending meetings. I saw little to no code review of what was actually going on. Folks literally copied switch blocks, because the code worked, and left in the old case statements. Exceptions eaten. Text book example after example of what you might expect in the daily wtf type code.
The correct answer is to encrypt all demographic data (PII) at rest using translucent database techniques.
Just like a properly salted, encrypted password store.
Because of data interchange, individuals will need globally unique identifiers, eg Real ID.
(These systems still require access & audit logs.)
"The original budget for CGI was $93.7 million, but this grew to $292 million prior to launch of the website. While estimates that the overall cost for building the website had reached over $500 million prior to launch, the Office of Inspector General released a report finding that the total cost of the HealthCare.gov website had reached $1.7 billion."
Here's the report claiming $1.7B total cost: https://oig.hhs.gov/oei/reports/oei-03-14-00231.asp
Maybe people should stop thinking software is cheap.
Of course CGI is better than ever! Working on multitude of “successful” government projects ;)