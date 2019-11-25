A report by Australia’s national audit office revealed that the implementation of My Health Record system which consisted of $1.5 billion records failed to manage the cybersecurity and privacy risks. The auditors said that My Health Records needs to be continuously monitored in which the network is shared with the third party sites.

System lacks cybersecurity, privacy protection

According to the Australian National Audit Office which reviewed the system said that the cybersecurity and privacy were not managed as required. There are also criteria to match the security levels provided by the Australian Digital Health Agency which is responsible for managing overseas national electronic health records. According to the review, the system implemented was ‘largely effective but however, there was no surety that it could provide legitimate data for the ‘emergency access’ on the request of individuals. The system was implemented in 2012 and was depended on the doctors and medical practices to upload the medical information of the patients. The system is expected to provide centralized information of the patients. But recently the system was opted-out.

Capable of managing cybersecurity threat within itself

The figures reveal that 90 per cent of Australians were dependent on My Health Records despite security and privacy issues. There are four more privacy assessments that are still incomplete, that were conducted in October 2017 and June 2019 estimating to a cost of $3.6 million. The audit office said that they reviewed the implementation while it was under the “opt-out” model, and they found that the system was capable of managing the cybersecurity threat within itself but it failed to protect the data if shared with third-party sites, apps, and health provider organisations.

The system requires regular supervision

The report said, “Registered healthcare providers and other participants can use an emergency access function to override user-set accesses and view someone’s records, but only if the circumstances involve a serious threat to an individual’s life, health or safety, or a serious threat to public health or public safety. The report revealed that the cybersecurity risk could be stronger. The auditors said that there was a requirement to monitor the requests made by third parties who are using My Health Records.

