deleted by creator
That’s actually exactly what I said when I read the headline
This is exactly why I refused a “My Health Record”. Why would I let these incompetent fools create a centralized database of my entire medical history? It’s only a matter of time before it’s hacked or sold off by conservative or neoliberal vultures.
Fucks sake
deleted by creator
I’m surprised they had data on that many people.
Until November last year, MediSecure was one of only two companies awarded government contracts to supply electronic prescriptions. I’m honestly surprised the number isn’t bigger.
Time and time again we’re seeing companies that are allegedly being held to a high bar (in terms of regulatory oversight) failing to meet even minimum standards of service to protect the Australians that are forced to trust them with our data, and sometimes our lives.
Optus, MediBank, Latitude, MediSecure - the list goes on. Until we start jailing directors and CEOs for letting this shit happen, things aren’t going to change.
- ASIC is bloated and slow, with the most recent inquiry suggesting it needs to be split into two smaller, more agile organisations. Yet the federal government is all but ignoring the report’s findings.
- The ACCC has had its teeth practically filed down to nubs. It remains to be seen if they get bullied into giving Chemist Warehouse/Sigma a green light or not, but I have a horrible feeling a modified deal will somehow pass, and competition will be harmed in the process.
- ACMA doesn’t have anywhere near enough powers to hold our telcos to a higher standard of security and resiliency. We had a major chunk of the population that couldn’t dial triple 0 for fuck’s sake. How is a director or CEO not facing charges for that?
We talk a big game in Australia about having legislation that supposedly protects ordinary Aussies from being fucked by big companies, but we fall short of taking meaningful action when it actually happens. If we jail just one of the cowboys at the helm, the others will very quickly fall into line, or fuck off and make room for someone who will.
These breach incidents all serve to highlight the lack of a solution for patients that want to retain ownership (ie. exclusive control) over their data. Currently the only effective way to do that is a non-solution - by not interacting with the service at all.
Imagine there was one copy of your health information, and it was encrypted, and it lived on a server/flash drive/device under your control. In order to receive treatment, the provider has to access that source and request your permission or authenticate in some capacity. That would be an enduring, user-respecting solution that showed people that each loss of data was more than merely a publicity nightmare for the abetting company. Managing personal healthcare like this isn’t for everyone, but it should be an option for patients with the means and inclination.
The fact that service providers neither want to co-operate with something like this, nor are required to by law, is a problem. There’s currently no individual agency permitted whatsoever in this domain and I’ve been fed up with it for a long time.