Thanks for the summary Bryan. I tried to access my MMH account a few days ago. I saw a notice telling me to change my password. I cannot do that as a captcha blocking access will not recognise me aa a human being. My account is inaccessible, I cannot change my password and I have had no communication from my GP clinic. I view MMH and the Ministry of Health equally culpable here. I think I should have been informed by my GP practice when I or they opened this account that it was run by a private company. I would have asked that my records be kept out of private hands but I was never given this choice. Simeon Brown might be sitting on his hands now but pretty soon he is going to have to accept liability for this fiasco. My surgery was delayed by about 2 years when the Waikato DHB was hacked. My health records are somewhere - probably on the dark web - and for sale to the highest bidder. DHBs cannot even access patient health data from each other. And in the end nobody will/can investigate these flagrant breaches of data and trust.
It IS the same-old, same-old. Underfunded public service, private sector steps in to fill a gap, takes shortcuts to maximise returns - and the public pay in every-which way. MMH now give (us) the option of 2-factor authentication, timely shutting of the stable door…
I contacted Mismanage my Health. I instructed them to remove my file, as I no longer had trust. Ended in a battle. They even blocked my polite but pointed emails and blocked me. Profit, profit, profit at any harm. I then utterly subjugated myself at their feet and finally they removed my file. I firmly suggest all of you who have your file with this corrupt private company, feeding off OUR health tax dollars, contact them and have you file removed and have no further contact with them. The power is in the hands of the people, please utilise it to put this rogue of private knows best out of business. All the best.
- two-factor authentication was available on ManageMyHealth - which I discovered after this issue had become public. It should be mandatory for any health portal. (If the less technically don't understand how to do this, there should be a simple video people can watch.)
- there is an IT protocol called ITIL that sets out how to manage basic incidents and full-blown crises. The reaction of the CEO suggests that he had not undergone training in IT service delivery and left it to his PR to write the press releases. The first rule is communicate, communicate, communicate. Surely a systems/data administrator could have hauled out names and email addresses of all customers and emailed them, particularly those who were affected in the hack.
It looks as if the government is going to have to lay down some rules for private companies managing health data. Generally speaking, government-held data is better managed, but a lot of the staff who managed IT systems were made redundant in last year's public service cleanout.
So thankful I refused all attempts to get me to sign up to this or the other "health" app. I manage my own health thank you! It seems the more we rely on these tech "solutions" and storing information/data "in the cloud", the less control we have over anything.
Absolutely spot on Bryan luckily my Doctors don't use it so I've dodged a bullet. Everything seems to be one great cock up in this country after another.
Some data perhaps need not be so very very secure: think travel bookings. Some must be: think heath details. Penalties for breaches? If we give them real bite it may break the company. Do we want to shut down the service? Think of the personal inconvenience - the health implications (for example). But anything less just becomes a cost of doing business. This ain't an easy one, people! And yes, maybe Health Data should be governmental. The plusses SHOULD be increased security and system stability and longevity, with reduced cost. But it ain't necessarily so. Anything built by humans is always, ALWAYS, imperfect and breakable. Simple, reliable systems can be built. Not so much by businesses, they want to add 'features' to make them more sexy, more attractive than 'the competitors'- and often more flawed. We don't have the answers, but we sure have the questions!
Well, never mind. None of it matters just as long as the wealthy few continue to make a profit... I wonder is this might ultimately at some future point see a return to older methods of record keeping. The privacy of Health records is surely one of the most important & anyone would think they'd be kept securely. This govt is a disgrace.
Not my info but potentially some of my children. I consider those whom this rests on the shoulders of are truly culpable of negligence in the management of the databases under their care! They ought to be held accountable!
Thank you for keeping us well informed Bryan. We need that so we could respond to the government with much more confidence having the facts in front of us and respond we will.
Thanks for the excellent and succinct summary, Bryan. It is concerning, this failure by the govt to impose decent penalties and ensure private companies are held to account. Simeon deliberately cut funding to health digital infrastructure and is clearly unbothered by this latest market failure to even get the basics right.
Thanks for the summary Bryan. I tried to access my MMH account a few days ago. I saw a notice telling me to change my password. I cannot do that as a captcha blocking access will not recognise me aa a human being. My account is inaccessible, I cannot change my password and I have had no communication from my GP clinic. I view MMH and the Ministry of Health equally culpable here. I think I should have been informed by my GP practice when I or they opened this account that it was run by a private company. I would have asked that my records be kept out of private hands but I was never given this choice. Simeon Brown might be sitting on his hands now but pretty soon he is going to have to accept liability for this fiasco. My surgery was delayed by about 2 years when the Waikato DHB was hacked. My health records are somewhere - probably on the dark web - and for sale to the highest bidder. DHBs cannot even access patient health data from each other. And in the end nobody will/can investigate these flagrant breaches of data and trust.
Very important points you raise Helen! The whole thing is a frightfully ineffectual fiasco! That’s All. Vote sensibly later this year!!!
That's a good conclusion and action regarding pretty much any issue at the moment, isn't it Judith!
Te Whatu Ora - in Northland at least - is still actively promoting the use of Manage My Health.
https://info.health.nz/hospitals-services/hospitals/northland/accessing-your-health-information
How many people enrolled in Manage My Health because of the recommendation by Te Whatu Ora?
How many people believed that if Te Whatu Ora was promoting Manage My Health that it must be a secure portal?
So if Te Whatu Ora was promoting MMH do they bear a legal responsibility for its mismanagement? I can see the lawyers lining up here.
It IS the same-old, same-old. Underfunded public service, private sector steps in to fill a gap, takes shortcuts to maximise returns - and the public pay in every-which way. MMH now give (us) the option of 2-factor authentication, timely shutting of the stable door…
Brilliant critique thankyou Bryan.
Yes I agree Susan!
I contacted Mismanage my Health. I instructed them to remove my file, as I no longer had trust. Ended in a battle. They even blocked my polite but pointed emails and blocked me. Profit, profit, profit at any harm. I then utterly subjugated myself at their feet and finally they removed my file. I firmly suggest all of you who have your file with this corrupt private company, feeding off OUR health tax dollars, contact them and have you file removed and have no further contact with them. The power is in the hands of the people, please utilise it to put this rogue of private knows best out of business. All the best.
Some further issues:
- two-factor authentication was available on ManageMyHealth - which I discovered after this issue had become public. It should be mandatory for any health portal. (If the less technically don't understand how to do this, there should be a simple video people can watch.)
- there is an IT protocol called ITIL that sets out how to manage basic incidents and full-blown crises. The reaction of the CEO suggests that he had not undergone training in IT service delivery and left it to his PR to write the press releases. The first rule is communicate, communicate, communicate. Surely a systems/data administrator could have hauled out names and email addresses of all customers and emailed them, particularly those who were affected in the hack.
It looks as if the government is going to have to lay down some rules for private companies managing health data. Generally speaking, government-held data is better managed, but a lot of the staff who managed IT systems were made redundant in last year's public service cleanout.
Another glaring failure of the Neo liberal experiment to benefit the few at the top
So thankful I refused all attempts to get me to sign up to this or the other "health" app. I manage my own health thank you! It seems the more we rely on these tech "solutions" and storing information/data "in the cloud", the less control we have over anything.
Absolutely spot on Bryan luckily my Doctors don't use it so I've dodged a bullet. Everything seems to be one great cock up in this country after another.
Some data perhaps need not be so very very secure: think travel bookings. Some must be: think heath details. Penalties for breaches? If we give them real bite it may break the company. Do we want to shut down the service? Think of the personal inconvenience - the health implications (for example). But anything less just becomes a cost of doing business. This ain't an easy one, people! And yes, maybe Health Data should be governmental. The plusses SHOULD be increased security and system stability and longevity, with reduced cost. But it ain't necessarily so. Anything built by humans is always, ALWAYS, imperfect and breakable. Simple, reliable systems can be built. Not so much by businesses, they want to add 'features' to make them more sexy, more attractive than 'the competitors'- and often more flawed. We don't have the answers, but we sure have the questions!
Excellent investigation Bryan.
Well, never mind. None of it matters just as long as the wealthy few continue to make a profit... I wonder is this might ultimately at some future point see a return to older methods of record keeping. The privacy of Health records is surely one of the most important & anyone would think they'd be kept securely. This govt is a disgrace.
Not my info but potentially some of my children. I consider those whom this rests on the shoulders of are truly culpable of negligence in the management of the databases under their care! They ought to be held accountable!
Bryce Edwards has just released another very pertinent article on this feudal fiasco. Transnational neoliberal/libertarian/ feudal econo-social structure. https://mail.google.com/mail/u/0/#inbox/FMfcgzQfBGkVzwhDkDWWbrXLTsZbPljr
Thank you for keeping us well informed Bryan. We need that so we could respond to the government with much more confidence having the facts in front of us and respond we will.
Thanks for the excellent and succinct summary, Bryan. It is concerning, this failure by the govt to impose decent penalties and ensure private companies are held to account. Simeon deliberately cut funding to health digital infrastructure and is clearly unbothered by this latest market failure to even get the basics right.