Breach leads to review of access to Medicare card data system

An independent review of security and access to Health Professionals Online Services will report by the end of September.
Written by Chris Duckett, Contributor

The Australian government has commissioned a review into Health Professionals Online Services (HPOS), which will focus on security and access to the system.

HPOS is currently used 45,000 times daily, and allows medical practitioners and health providers to look up Medicare details when a person does not have a Medicare card on them, the federal government said in a statement released on Monday morning.

"The system has had, and continues to have, the strong support of the AMA [Australian Medical Association] and GPs due to its convenience and ability to provide immediate patient care," the government said. "It provides an alternative avenue to the existing telephone network for a health professional to identify a patient's eligibility for Medicare benefits."

The government added that the system has not been significantly changed since its introduction eight years ago.

The review will look into HPOS and examine its balance between convenience and security.

Heading the review panel will be professor Peter Shergold, who will be joined by president of the Australian Medical Association Dr Michael Gannon, and president of the Royal Australian College of General Practitioners Dr Bastian Seidel.

The review will begin immediately, and will report back by September 30.

The government admitted that the review arose as a result of a report last week that Medicare card details are being traded online.

On Tuesday, Minister for Human Services Alan Tudge downplayed the cyber aspects of the data leak.

"The advice that I've received from the chief information officer in my department is that there has not been a cybersecurity breach of our systems as such, but rather it is more likely to have been a traditional criminal activity," Tudge said.

The minister said the department had referred the matter to the Australian Federal Police, and refused to comment on whether the information leak was a result of an employee with access to Medicare data selling the information.

Trent Yarwood of Future Wise said the problem with the latest breach occurred when it was added to already available data.

"For people like Alan Tudge to say there is no data security issue is obviously incorrect, and I think reflects a very poor understanding of what the power of these sorts of linked datasets is," Yarwood told ZDNet.

"[A Medicare card] is a valid form of identification, so the potential to actually be able to use that data to then go on and then apply other details -- it's the ability to be able to link all this stuff together.

"It's an amazingly intrusive level of detail on people's lives that could be reassembled."

Editorial standards