Macquarie Cloud Services, part of the Macquarie Telecom Group, has launched a new cloud service, purely for storing health information.
The company said its Macquarie Launch Health Cloud was developed in response to a policy decision by the Department of Human Services (DHS) aimed at protecting the integrity of the data it holds.
The DHS policy applies to third-party software connecting with the department to deliver online services, such as electronic claims payments for Medicare.
"These cloud environments connecting to the department's ICT systems are now mandated to meet the same standards of accreditation of those the department applies to itself," Macquarie said in a statement on Tuesday.
"Through the updated policy, the DHS is demonstrating how it is possible to transform ICT while at the same time elevating cyber security standards," Macquarie Cloud Services group executive James Mystakidis added.
"This is particularly relevant as there has been a lot of talk about how supply chains can create cyber security risks. This is an example of how the government can use its supply chains to push secure transformation through an industry."
Macquarie Government received accreditation from the Australian Signals Directorate (ASD) in September, allowing it to store highly classified government information up to "protected" level on its GovZone Secure Cloud platform.
Protected-level certification for cloud services is currently the highest security level approved by the ASD on its Certified Cloud Services List (CCSL), which also includes Sliced Tech and Vault Systems, who scored protected-level certification in March; NTT-owned Dimension Data; and most recently Microsoft for its Office 365 platform and specific Azure services.
The health cloud uses the same infrastructure as CCSL certified, Macquarie said, noting it opens the secure service outside the government to private health sector providers.
"This means that Australians will -- for the first time -- be able to be assured their data moving from a health software company's cloud services into the Medicare system will be protected end-to-end to the same standard," Mystakidis added.
"The health system is a case study of an industry delivering an essential service, but which is widely dispersed across private and public organisations of many sizes in many places. Private data in such situations is only as secure as the weakest link in the chain."
The announcement from Macquarie follows the Department of Health working with Vault Systems, alongside Agile Digital, on a proof of concept that uses blockchain to record who is accessing its medical data.
Fairfax reported that 53 percent of the 47,900 "positive" patient reviews on HealthEngine had been edited in some way, with many flipped to appear as positive customer feedback.
"Negative feedback is not published but rather passed on confidentially and directly to the clinic completely unmoderated to help health practices improve moving forward," HealthEngine CEO and founder Dr. Marcus Tan said in a statement.
"We email all patients about their reviews being published and alert them to having possibly been moderated according to our guidelines."
Tan continued by saying patients have on occasion requested the non-publishing of moderated feedback and that his company "happily" complies.
"We have not intended to moderate any reviews to mislead readers, and over the last three years, have received very few complaints about the way we have moderated the comments, including from the patients who submitted them," he said.
"User trust is paramount to us at HealthEngine and we are conducting an internal and external review of the HealthEngine Practice Recognition System to ensure clarity, compliance and best practice regarding the way in which we review and publish patient comments."
The Office of the Australian Information Commissioner has received 63 data breach notifications in first six weeks of the scheme's operation.
The Australian government's My Health Record data use guidelines require the data governance board to make case-by-case decisions on how the data can be used.
Australian secure cloud provider Vault Systems and blockchain startup Agile Digital have combined forces to provide the department with an immutable record for tracking health data research.
The Australian Privacy Foundation wants the government to develop security controls around sharing open data and provide the agency charged with investigating data misuse with 'adequate' resources.
Australia is charging headlong into a privacy disaster as government open data initiatives come online without considering how to properly implement privacy safeguards and data anonymity.