Medicare review recommends “expeditious” move from PKI to PRODA

The independent review panel set up to look into healthcare provider access to Medicare card numbers following reports of the sale of numbers on the “dark web” have recommended a move from current systems of authentication for the Department of Human Services' Health Professional Online Services (HPOS) system.

The panel has also recommended a limit on the quantity allowed in batch requests for Medicare numbers and the phasing out of telephone channels for provider organisations to access or confirm their patients' numbers.

Posted in Australian eHealth

Tags: Medicare, HPOS, PRODA

Comments  

# Henry Konopnicki 2017-10-17 07:28
Interesting to note common sense prevailing but not from within DHS
Need to get the convoluted my health record and SMD embibed with common sense and 21 century process ...so convoluted ...the process itself is a barrier to use
# Peter Gee 2017-10-17 09:28
There are some interesting uses of block chain in this area:
https://www.forbes.com/sites/reenitadas/2017/05/08/does-blockchain-have-a-place-in-healthcare/#76587d391c31
An immutable record of all 'medicare' numbers could be shared to everyone in an encrypted format, then users would have access controls on viewing/searchi ng personal data. and all searches could be immutably stored for audit afterwards.
# Martin Steel 2017-10-18 10:29
DHS-Medicare has instigated the transition from PKI Individual to PRODA since early 2016. The obsolescence of PKI technology to provide authentication and authorisation of users to accessing and transacting in a B2B and B2G can't come quick enough given PKI technology has served this purpose since the early 1990's. One of the issues I have with the media, the review, and it's findings, is the linkage between Medicare and My Health records (which are entirely different services). A person may be eligible for Medicare subsidies and not have a MHR. Medicare is all about the money, MHR is about clinical information.
I have viewed the access to Medicare claiming and to a persons MHR only being possible via compliant practice software and relying on the practice and their healthcare professionals correct use of that software.
The use of PKI certificates has been the cornerstone of secure transactions in a B2G system. That a practices' PKI can be used to access HPOS has always been a curious anomaly to me given all stakeholders should know who is doing what and for whom when accessing a web based portal. In this PRODA serves well since a healthcare professional who uses HPOS will have their Medicare provider details linked to their PRODA account. Furthermore, if a healthcare professional delegates specific tasks to a delegate, that delegates PRODA account is linked to the provider.
The next challenge is for a replacement authentication and authorisation function to be built for B2G and B2B transactions that replaces PKI's in a software environment.

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2019 Pulse+IT Magazine
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.