Blog Archives

Feedback on an ABC article questioning the security of the Personally Controlled Electronic Health Record (PCEHR)

Apr 17

Posted by

I saw the following video article on ABC news and took issue with it misrepresenting the security of the Australian Government’s new Personally Controlled Electronic Health Record (PCEHR) and so gave some written feedback to the ABC, which I’m posting here.

ABC Video “Experts question eHealth security”

My feedback to the ABC is as follows:

To whom it may concern,

I believe the video article “Experts question eHealth security” was misleading
of the extensive community consultation the Australian Government has
undergone to introduce an online system that is robust security wise and
increases the transparency and utility of medical records for all Australians.

For full disclosure I am a former employee of the Department of Health and
Ageing, but I’ve never worked on the Personally Controlled Electronic Health
Record (PCEHR).

The video made three main points, all of which I’ll refute: one, the security
on the system is poor; two, the government is rushing to get the system in
place instead of properly testing it; and three, there are potential means for
inaccurate information.

The video implied that security concerns had been identified, but never
identified why the people interviewed were qualified to comment on the
security concerns. The major reason cited for the security concerns weren’t
technology related, but user-behaviour related, suggesting that the
information was inherently insecure because “it will be up to patients to make
sure their information remains secure”. While this remains true of any
information system, it misrepresents the lengths the Government has gone to,
to provide multiple points of security.

In relation to end users of the electronic health record, the main point where
security is needed is at the point of access. Authentication to the system is
in accordance with the government’s security framework, the National
eAuthentication Framework (NeAF) and uses a range of safeguards for sensitive
transactions including: reminding users of the importance of security, using
challenge-response questions for sensitive transactions and keeping an audit
trail of access times and unsuccessful access attempts.

Rather than rushing to implement this system as the video implied, the
Government has taken the time to extensively consult with the public. It
released the “Draft Concept of Operations of the PCEHR” over a year ago. It
took submissions from many organisations and individuals including health
organisations, government departments, privacy bodies and security
organisations. It then responded to those submissions, in detail, with an
analysis of the key themes of the feedback. It also consulted on the
accompanying legislation, posting the legislation for feedback and made
changes to its concept of operations as a result.

AusCERT, the company interviewed in relation to security, have never made any
submissions on the public exposure draft of the PCEHR. If AusCERT has such
serious, constructive concerns, then it should have taken the time to comment
as an organisation when the opportunity was available.

The article also made the point that there was a potential for medications to
be recorded inaccurately or for allergies to be missed. This belies the fact
that the PCEHR is doctor-centric. Rather than it being a record that
unqualified individuals may make changes to haphazardly, the system is
designed so than individual works together with their nominated provider—
generally their family GP—so that togetherthey can fill out their shared
health summary. For example someone may have high blood pressure, identified
during a test several years ago before PCEHR was rolled out. By working with
their nominated provider, an individual can have this information updated in
their PCEHR. By using a nominated provider, clinically relevant information
can be verified as it is entered, providing assurance to other medical
practitioners as to its relevance and authenticity.

A simple search of the ABC website has revealed few articles on the way the
PCEHR will work. I think that so far the articles are unfairly biased and
tend toward fear mongering on the security, rather than provide a balanced
view on what will ultimately increase the openness and interoperability of
health information.

Yours sincerely,
Anthony Draffin
Senior Business Analyst

Posted in Business, Enterprise Architecture, IT Governance

Leave a Comment

Tags: , , ,

Comments Closed on the Draft Strategic Vision for the Australian Government’s use of ICT

Today was the final day for comments on the Draft Strategic Vision. The Department of Finance and Deregulation Secretary, David Tune, thanked participants for their comments and said that a finalised version is expected later in 2011.  He said that the number of comments were unprecedented.

I’m impressed by the number of comments on this post and the thoughtful suggestions that many of you have made. All of this has provided valuable input for the development of the final version of the Vision. This post has attracted the most … comments in response to our requests for your thoughts and ideas.

The final day stimulated a discussion on the relevance of using blogs to interact with stakeholders and use it as a feedback mechanism.  I made a suggestion to provide a facility for a more structured discussion on the blog.  Currently there is no easy way to give feedback as to which comments have wide community approval.  There is currently a simple voting system, however this is easily rigged, because a user can rate a post a number of times.

CEO of the Australian Information Industry Association, Ian Birks, expressed the reticence of his organisation to comment openly on a public forum on an AGIMO document as posts may be taken out of context. He also implied with further comments that companies may not give open feedback because expressing opinions on innovation may compromise their competitive advantage.

More widely, the AIIA does not consider that open commentary on a public blog is the best way for industry to engage with government around potential improvements to ICT service delivery. In a highly competitive industry such as ours it will not provide a forum that ICT industry companies will feel is workable for their best and brightest reform ideas.

You may read all the comments on the AGIMO blog.

Posted on

AGIMO’s Draft Strategic Vision for the Australian Government’s use of ICT has Promoted a Conversation

AGIMO’s Draft Strategic Vision for the Australian Government’s use of ICT has Promoted a Conversation

May 1

Posted by

While it’s important to have a strategic vision that is solid and stands alone, one of the reasons for releasing the draft to the public to comment on is to promote a conversation about the Government’s agenda for future use of ICT.  This vision has done both and it has done them well.  Shortly after the draft was released, IT opinion group Gartner released their take on the vision, coming to the conclusion that it was less innovative than they expected.  Based on a blog post from Andrea Di Maio, a Gartner analyst, I think they had anticipated more Web 2.0 initiatives to be outlined in the vision.  But that’s OK, in my opinion, Web 2.0 while a hot, sexy topic for the profit based sector of the IT industry, isn’t quite as relevant for the government sector.  The release of the draft also prompted a lot of conversation on the actual AGIMO blog where the vision was released and the official forum for feedback.  Some  of the feedback were encouraging notes, amazingly there was very little unsubstantiated criticism and most of the feedback was in the form of in-depth, constructive feedback.  So I think that AGIMO should congratulate themselves for promoting a conversation around how the Australian Government will use ICT in the next few years.

My Review of AGIMO’s Draft Strategic Vision

I think this is a very well constructed and rigorous document.  It is pitched at the right level for a vision without attempting to anticipate the means of implementation, as a vision should.  It also encompasses the current Government’s initiatives (namely the National Broadband Network) while still making adequate room for guiding the APS in improving the value it provides in serving the government of the day.

The vision is constructed around three strategic priorities: Deliver Better Services, Enagage Openly and Improve Government Operations.  These in turn are decomposed into strategic actions.  Holistically these priorities signal that the Australian Government is moving from its cost controlling (efficiency) perspective to a perspective of value management.  The Government is also attempting to be more transparent about its policies and its intent to execute them and to engage the public as early as possible.  The vision sees a consolidation of the earlier Declaration of Open Government. Finally the vision contains goals for technology-policy alignment and simplifying the access points that citizens may use to interact with the government in an online context.

AGIMO Strategy Excerpt

This is an excerpt from the figure used within the Draft to summarise the vision.

I’m very encouraged by the shift to the value management perspective.  John Thorp, arguably the founder of benefits management, has long been championing a move from evaluations based on cost to evaluations based on value. This shift is signalled by “Strategic Action Five: Investing optimally”

Government will invest optimally by targeting ICT investment to the areas that deliver the greatest value and enable a better, more effective implementation of policy decisions.

This is a much more mature approach to investment and promotes alignment with the Government’s priorities.   Value is well defined by the IT Governance Institute in their ValIT framework: “value is defined as the total life-cycle benefits net of related costs, adjusted for risk and (in the case of financial value) for the time value of money.”  Under this priority, programme and portfolio management will become more crucial and cloud computing options will be considered.

Improvements that Could be Made

By no means is this a perfect vision.  There are a number of improvements that could be made. Some of these are cosmetic like including better quality images and capitalising the word “use” within the title to show that it’s being used as a noun and not a verb.  Other improvements that could be considered are to give more thought to measures and KPIs for the success criteria of each action.   By being more specific with these criteria the current baseline measures can be quantified and the Government will have a good basis for determining future areas to focus on.  It wouldalso be great to see the AGIMO putting some more thought into governance of programmes of work that are large from an individual organisation perspective, but don’t meet the criteria to be forced to undergo a two-pass process or a Gateway review.

Overall this is a great document from AGIMO and I encourage you to take the time to read it for yourself and submit your own feedback.

Posted in IT Governance, IT Strategy

1 Comment

Tags: , , , , ,

Australian Government Releases its Draft ICT Strategic Plan for Comment

Apr 14

Posted by

In the interests of keeping this blog ticking over with posts, I’ve decided that in addition to posting my usual longer posts, I’ll start to post some shorter ones.

The Australian Government has started to engage the public in a much more interactive way recently.  It is slowly learning to use social media to promote not just information dissemination, but to create interactions with the public.  This is a trend that we can only expect to increase.  There have been a number of new initiatives recently to get public comment and to promote information re-use.

Recently the government released its ICT Strategic Plan for public comment.  The plan is available in a number of formats such as Word, PDF and RTF.  Comments are open till Monday 16th of May and can be accessed through the AGIMO website

Posted in IT Governance, IT Strategy, Uncategorized

Leave a Comment

Tags: ,

Management of Portfolios (MoP) Practitioner Guide Released

Apr 2

Posted by

It's been quite a long wait for the UK Government's Office of Government and Commerce (OGC) to release their practitioner guide for the management of portfolios, creatively called Management of Portfolios (MoP).  But it has finally happened!!  For a while now, programme managers and executives have known about the concept of several programmes being rolled up to an overall portfolio. However there hasn't been much in the way of formal guidance on managing that till now. Previously managers of portfolios have had to rely on conventional management theory and governance frameworks.  OGC's maturity model P3M3 has been of some assistance in managing portfolios with guidance for increasing portfolio management tutorial.  Nothing can beat a proper methodology however. 

I haven't acquired a copy of the guidance as yet.  So I can only comment on the content based on the marketing material. Portfolio management sits above project and programme management, however an efficient and mature practice of either or both is not required.  Merely by applying MoP, the organisation will start to invest in programmes and projects that are aligned to the organisation's long term objectives. More than any other of the P3 disciplines portfolio management requires strong executive support.  Executive have to understand the benefits of choosing the right programmes and projects.  Benefit management to ensure that benefits are aligned with the corporate strategy and harvestable is also a crucial area.  As is an understanding of risk mitigation and other risk management practices.

The concept of a portfolio is readily applicable to the public sector where the collection of streams are known as a portfolio.  Each government department then manages one or more portfolios as part of their remit.  I wrote last year of my department gaining another portfolio – the National Health and Hospitals Network.

To find out more about MoP refer to the new Best Management Practices website: http://www.best-management-practice.com/Portfolio-Management-MoP/

Posted in IT Governance, IT Investment

1 Comment

Tags: ,

← Older Posts
Follow

Get every new post delivered to your Inbox.

Join 583 other followers