Peter A Clarke

By far and away the most targeted sites for hackers are health organisations, hospitals and health insurers. Those bodies hold vast troves of personal information and traditionally have weak cyber protection.

Senate Bill 1851 is the Healthcare Cybersecurity Act of 2025. It directs the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate and work with healthcare to provide guidance and training on cybersecurity issues. It also directs the CISA to establish criteria to determine whether a covered asset may be designated as a high-risk covered asset.  This criteria is taken from the Critical Infrastructure Protection Act. Australia also has a critical infrastructure legislation.

The press release provides:

WASHINGTON – U.S. Senators Todd Young (R-Ind.) and Jacky Rosen (D-Nev.) introduced the Healthcare Cybersecurity Act to bolster the health care and public health sectors’ cybersecurity. The bill would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on improving cybersecurity and make resources available to non-federal entities relating to cyber threat indicators and appropriate defense measures. It would also create a special liaison to HHS from CISA to support cybersecurity for health care and public health sector entities. Read the rest of this entry »

The Information Commissioner’s Office in the UK has produced 2 interesting reports of data maintenance by independent fostering and adoption agencies and general practitioners and primary healthcare providers.  The reports highlight positives and negatives  on data handling and security processes in each industry group.  The general practitioners and primary healthcare providers seem to have been more compliant than foster and adoption agencies.

Given the soon to be expanded role of the Privacy Commissioner and a more assertive regulation of data management and data security the findings by the ICO should be noted, studied and implemented. Each jurisdiction may have particular issues however many good data management and privacy enhancing processes are universal.

Regading data management, security and privacy issues warranting concern and requiring improvement the ICO made the following comments:

• highly sensitive Read the rest of this entry »

Today I delivered a paper on Privacy and health records.

The topics I covered were:

Patient privacy and confidential record management Read the rest of this entry »

In yesterday’s Australian there is a report that software writers are yet to see full technical specifications for the planned healthcare identifier regime due to start on July 1 provided enabling legislation introduced by Health Minister Nicola Roxon last week .  According to the report the Medical Software Industry Association have yet to see the system developed by the National E -Health Transition Authority.  That is a worry.  The benefits of putting medical records on an electronic system are obvious.  The privacy concerns are equally obvious. Whether it achieves the former and deals with the latter depends on its practical implementation.  Just taking about it is not enough.  A classic example was a recent episode on the ABC radio program Australia Talks.  Lots of talking by the main proponents, includng Dr Mukesh Haikerwal, but it was all just that.