Do you feel it’s important to keep some of your medical history or current medical conditions to yourself? Maybe you’re not ready to tell people? Maybe you just want to keep it between you and your medical professional?
It’s become fairly public that the Australian Government has been “reckless” with medical data, if you’re unsure of what I’m talking about researchers at the University of Melbourne managed to re-identify anonymous medical data, in other words patients identities and what their medical issue was. The dataset that is the hot topic contains historic longitudinal medical billing records of one-tenth of all Australians, approximately 2.9 million people. The team at University of Melbourne have found information such as child births and professional sportspeople undergoing surgery to fix injuries often made public.
The team, consisting of Dr Chris Culnane, Dr Benjamin Rubinstein, and Dr Vanessa Teague, have mentioned that they expect similar results with other data held by the government, such as Census data, tax records, mental health records, penal data, and Centrelink data.
“We found that patients can be re-identified, without decryption, through a process of linking the unencrypted parts of the record with known information about the individual such as medical procedures and year of birth,” Dr Culnane said.
“This shows the surprising ease with which de-identification can fail, highlighting the risky balance between data sharing and privacy.”
The only thing that could make this any worse is if they responded with a poor defence, oh that’s right, they did.
The Department of Health spokesperson began their response to ZDNET by saying “The Department of Health takes this matter very seriously,” I suppose we can take comfort that they aren’t sitting in their office laughing about the incident.
He then went on to say that the department has taken “further steps to protect and manage data”, but they didn’t exactly specify what these “steps” to “protect and manage data” were. The spokesperson then finished his response by saying “The department has not been aware of anyone being identified.” the problem is the dataset has been up for so long, it’s presumed to have been downloaded at least once before the Department took it offline.
A ZDNET reporter gave another example using the same sort of response “Imagine this: We take child safety very seriously. It is regrettable that there were no fire extinguishers in the kindergartens. We are not aware of anyone having been burnt thumbsup.gif.” after reading that I think you might be able to see how ridiculous the spokespersons response was to the entire situation.
This isn’t the first problem the Australian Government has had with their governance of data, many Australians were falsely told that they owed money to the Government, causing stress amongst many Australian families, according to ZDNET the minister “brushed off the huge false positive rate as acceptable collateral damage.”
Let’s hope that the Government really do take these situations seriously and come up with a solution so this doesn’t keep happening. All Australians deserve to have their privacy and if we are told that our medical records are confidential then we expect them to be.
Do you think this is acceptable and should just be brushed off? Or do you think it’s an issue that needs to be addressed urgently?
http://www.zdnet.com/article/australian-government-says-centrelink-robo-debt-will-never-log-off/ – problem the Australian Government
http://www.zdnet.com/article/re-identification-possible-with-australian-de-identified-medicare-and-pbs-open-data/ – re-identify anonymous medical data