With the issues at Waikato, Managemyhealth and other attack issues we’ve been facing - is there any thought to a top layer health security run by Govt - then all health apps are essentially published under it - so SSO is controlled at the top layer - and then rights assigned by the app that’s being logged into?
I think it’s almost at the stage where Health information should be all held with encryption where the last piece of the puzzle is the patient themselves, with their own form of ID - so the encrypted file needs a health professional ID and the Patient ID in order to unlock that data.
With the issues we’ve just witnessed - it’s coming down to the point of smaller Health IT Providers will simply not be able to allocate the funds to provide the same levels of security - so where’s that going to leave us? - Only the big guys will survive?
Has anyone got any ideas on how this might work? a ‘Health Portal’ login - that then leads into the Health Applications - and the health portal is primary security, then App having secondary security, and then the data encrypted and requiring both set of security to be authenticated to decrypt?
Hoping to spark a discussion on this sort of thing - as it’s only getting worse..
The wider issue is no one “compells” others to use it, consistently meet the standards, and private entities always want a government subsidy or quotes ridiculous amounts to scope and pay for integration. More will come from the https://www.tewhatuora.govt.nz/health-services-and-programmes/digital-health/digital-services-hub but it still doesn’t solve the issue with some parts of the picture. Any application security is only as strong as the weakest link, which may be human manipulation, human authorised account negligence practices, or a third party plugin not being compliant, even though the core app is fully compliant.
Completely agree - hence the idea of having multiple layers eg - if it needs a dr and a patient to authenticate - who can we talk to about integration with it?
I’m keen to look at integration into a bigger picture, and not after govt subsidy to cover what we already to but having the govt oversight of security would provide the smaller guys with that additional backup. I’d rather work with some experts to make things better and more secure - than work on my own and do the best I can - which might not be…
If you want provider authentication and application org authentication, digital services hub is your first step.
My Health Account workforce is being rolled out nationally for major public health, regulatory products and ACC Provider Hub authentication needs. https://workforce.identity.health.nz/