1 in 10 Aussies' health records exposed
The federal Department of Health has inadvertently exposed the private health records of 1 in 10 Australians by releasing them as de-identified patient data that can be re-identified without decryption, researchers have found.
Researchers from the University of Melbourne’s School of Computing and Information Systems have published a report detailing how published historical health data from the Medicare Benefits Scheme and Pharmaceutical Benefits Scheme released last year can be used to identify patients.
The process involves linking the unencrypted parts of the record with known information about an individual, such as the date of individual medical procedures and year of birth.
For the study the unique patient records were matched against online public information of seven well-known Australians, including three current or former MPs and an AFL player.
Confidence in matches can be further improved by cross-referencing data with a second public dataset of population-wide billing frequencies, as well as commercial datasets such as bank billing data.
According to report co-author Dr Vanessa Teague, the incident highlights that there are important technical and procedural problems to solve before the release of de-identified data can meet its potential in facilitating research, innovation and public policy development.
“Open publication of de-identified records like health, census, tax or Centrelink data is bound to fail as it is trying to achieve two inconsistent aims: the protection of individual privacy and publication of detailed individual records,” she said.
“We need a much more controlled release in a secure research environment, as well as the ability to provide patients greater control and visibility over their data. Legislating against re-identification will hide, not solve, mathematical problems, and have a chilling effect on both scientific research and wider public discourse.”
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...