Technical design documents for data deletion from MHR including backups
Justin Warren made this Freedom of Information request to Australian Digital Health Agency
This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.
Dear Australian Digital Health Agency,
If possible, please treat this as an informal or administrative request. Otherwise, please treat this as a formal request for documents under the Freedom of Information Act 1982.
I request a copy of documents that contain the technical explanation of how the My Health Record system ensures that when a person cancels their My Health Record that any record that includes health information that is included in the My Health Record of the person is destroyed, including any backups, copies, or previous versions.
I restrict my request to finalised (not draft or work-in-progress) documents as at 1 Feb 2018.
I request that the documents be provided in electronic form.
I am available to discuss this request via the telephone if you provide me with a number to call.
Yours faithfully,
Justin Warren
Dear Mr Warren,
Freedom of Information Request no. 190218
Good morning. I refer to your request for access to the Australian Digital
Health Agency (the Agency) for documents relating to deletion process of
cancelled My Health Records under the Freedom of Information Act 1982. I
have taken your request to be for:
“As at 1 Feb 2018, the technical explanation of how the My Health Record
system ensures that when a person cancels their My Health Record that any
record that includes health information that is included in the My Health
Record of the person is destroyed, including any backups, copies, or
previous versions.”
The Agency received your request on the 18 February 2019 and the 30 day
statutory period for processing your request commenced from the day after
that date. You should therefore expect a decision from us by 20 March
2019.
The period of 30 days may be extended if the Agency needs to consult any
third parties, to impose charges if the information is not personal or for
other reasons. The Agency will advise you if this happens.
Please note that information released under the FOI Act may later be
published online on our disclosure log, this includes personal information
that is treated under the FOI Act subject to certain exceptions.
The Agency will contact you using the email address you provided. Please
advise if you would prefer us to use an alternative means of contact.
If you have any questions, please contact me at
[1][ADHA request email].
Yours sincerely,
Cecilia
FOI Officer
FOI Officer, FOI Team
Strategic Service Design and Delivery
Australian Digital Health Agency
Scarborough House, Level 6, 1 Atlantic Street, Woden ACT 2606
Phone [2]+61 22230780
Mobile [3]+61
Email [4][ADHA request email]
Web [5]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
1. mailto:[ADHA request email]
2. file:///tmp/tel:+6122230780
3. file:///tmp/tel:+61
4. mailto:[ADHA request email]
5. https://www.digitalhealth.gov.au/
Dear Mr Warren,
Good afternoon. Please see the attached signed decision letter in response
to your FOI request.
Regards,
Cecilia
FOI Officer
FOI Officer, FOI Team
Strategic Service Design and Delivery
Australian Digital Health Agency
Scarborough House, Level 6, 1 Atlantic Street, Woden ACT 2606
Phone [1]+61 22230780
Mobile [2]+61
Email [3][ADHA request email]
Web [4]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
1. file:///tmp/tel:+6122230780
2. file:///tmp/tel:+61
3. mailto:[ADHA request email]
4. https://www.digitalhealth.gov.au/
Dear Australian Digital Health Agency,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Australian Digital Health Agency's handling of my FOI request 'Technical design documents for data deletion from MHR including backups'.
Enterprise systems of this complexity typically have multiple technical documents describing the systems functionality, such as requirements specifications, high- and low-level designs, test plans, etc. It is very surprising to me that only a single document was found. I would expect that an explanation of the mechanisms would have been made available to senior management or the Minister's office due to the public pressure to have the permanent deletion capability added to the system which required changes to legislation.
Regarding the decision to exempt the entire document, the FOI Act provides for documents to be edited per section 22 in order to remove exempt or irrelevant material.
Regarding the use of s47E as justification for exemption, the OAIC FOI Guidelines explain at s6.101 that the predicted effect must be reasonably expected to occur. The Guidelines explain in some detail from s5.15 what 'reasonably expected' means.
You claim that "The information regarding the technical operation system for the deletion processes contained in this document is such that, if it were released, the Agency’s My Health Record (MHR) and ICT systems would be vulnerable to potential exploitation and other cyber security risks." This is alarming.
It suggests that the system is so poorly designed, so fragile, that the mere knowledge of what is contained in this document would render it instantly vulnerable to attack. In fact, it is already vulnerable, and in a way already known to ADHA, and this vulnerability is being used as justification for secrecy. This rather increases the public interest in learning more about the technical design of the system, since it aims to contain the private medical information of the vast majority of the Australian population. All of their private information is apparently at risk should this single document ever be seen outside of the several dozen (hundred?) staff who operate the system. External scrutiny would give the Australian public some assurance that the vulnerability of the system is being addressed.
It is entirely possible to explain how a process of deleting data from primary systems and backups works without compromising the security of that process. No attempt was made at contacting me to discuss how the technical description could be disclosed while still protecting sensitive information irrelevant to understanding the process (such as specific host names, IP addresses, etc.). s22 of the FOI Act exists for this very purpose.
The argument made against the public interest is made on the wrong basis. I have asked for factual, operational information, not deliberative material. Operational information is specifically required to be disclosed as per s8(2)(j) and s8A of the FOI Act. The decision to exempt is therefore fatally flawed.
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/t...
Yours faithfully,
Justin Warren
Dear Mr Warren,
Freedom of Information Internal Review Request no. 190303
Good morning. I refer to your request for access to the Australian Digital
Health Agency (the Agency) for an Internal Review under the Freedom of
Information Act 1982.
I have taken your request to be for documents concerning:
'Technical design documents for data deletion from MHR including backups'.
The Agency received your request on the 3 March 2019 and the 30 day
statutory period for processing your request commenced from the day after
that date. You should therefore expect a decision from us by 2 April 2019.
Please note that information released under the FOI Act may later be
published online on our disclosure log, this includes personal information
that is treated under the FOI Act subject to certain exceptions.
The Agency will contact you using the email address you provided. Please
advise if you would prefer us to use an alternative means of contact.
If you have any questions, please contact me at
[1][ADHA request email].
Yours sincerely,
Cecilia
FOI Officer
FOI Officer, FOI Team
Strategic Service Design and Delivery
Australian Digital Health Agency
Scarborough House, Level 6, 1 Atlantic Street, Woden ACT 2606
Phone [2]+61 22230780
Mobile [3]+61
Email [4][ADHA request email]
Web [5]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
1. mailto:[ADHA request email]
2. file:///tmp/tel:+6122230780
3. file:///tmp/tel:+61
4. mailto:[ADHA request email]
5. https://www.digitalhealth.gov.au/
Dear Mr Warren,
Good morning. Please see the attached Internal Review response to your
application.
Regards,
FOI Officer
FOI Officer, FOI Team
Strategic Service Design and Delivery
Australian Digital Health Agency
Scarborough House, Level 6, 1 Atlantic Street, Woden ACT 2606
Phone [1]+61 22230780
Mobile [2]+61
Email [3][ADHA request email]
Web [4]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
1. file:///tmp/tel:+6122230780
2. file:///tmp/tel:+61
3. mailto:[ADHA request email]
4. https://www.digitalhealth.gov.au/
Dear Ronan,
Thank you for your response, however there appears to be some confusion.
Firstly, my request for internal review referenced my original request and the decision made by ADHA using the title of the request for convenience. I do not understand why you have chosen to interpret this reference as a modified request as this was not my intent. Rather than affirming the original decision, and providing an explanation of why you believe it was correct, you have instead elected to make a new decision.
Secondly, the exemption used to deny my original request was s47E(d). The deliberative processes exemption is s47C, so you appear to have mistaken which exemption was applied to the document and affirmed the decision on a s47C basis, rather than explaining why the original decision was correct on a s47E basis.
Thirdly, you have also argued on a s47C basis to justify a s47E(d) exemption of the second document (a Technical Design Manual) that you discovered when you decided to re-interpret the scope as part of the internal review.
Essentially, you don't appear to have actually done an internal review on the request I made, but on some new request that you have invented.
Finally, you have neglected to include the right to appeal to the Office of the Australian Information Commissioner in your list of appeal options, so your FOI processes could do with some tweaking.
Would you like to try again?
P.S.
To argue there is no public interest for an aspect of the My Health Record system that caused so much public outcry that legislative changes were made—changes that specifically required the process my request is about to come into existence—is breathtakingly arrogant. I put it to you that it is very much in the public interest to ensure that ADHA has actually implemented what the legislation requires; millions of Australians will end up with a My Health Record, and they were so concerned about having the ability to delete this data from the system that they got the law changed.
Yours sincerely,
Justin Warren
Dear Mr Warren,
Good afternoon. Thank you for your email.
On the 3 March 2019 you stated:
"I am writing to request an internal review of Australian Digital Health
Agency's handling of my FOI request 'Technical design documents for data
deletion from MHR including backups."
Your request then went on to critique data systems operations, the FOI
process and OAIC Guidelines:
"Enterprise systems of this complexity typically have multiple technical
documents describing the systems functionality, such as requirements
specifications, high- and low-level designs, test plans, etc. It is very
surprising to me that only a single document was found. I would expect
that an explanation of the mechanisms would have been made available to
senior management or the Minister's office due to the public pressure to
have the permanent deletion capability added to the system which required
changes to legislation.
Regarding the decision to exempt the entire document, the FOI Act provides
for documents to be edited per section 22 in order to remove exempt or
irrelevant material.
Regarding the use of s47E as justification for exemption, the OAIC FOI
Guidelines explain at s6.101 that the predicted effect must be reasonably
expected to occur. The Guidelines explain in some detail from s5.15 what
'reasonably expected' means.
You claim that "The information regarding the technical operation system
for the deletion processes contained in this document is such that, if it
were released, the Agency’s My Health Record (MHR) and ICT systems would
be vulnerable to potential exploitation and other cyber security risks."
This is alarming.
It suggests that the system is so poorly designed, so fragile, that the
mere knowledge of what is contained in this document would render it
instantly vulnerable to attack. In fact, it is already vulnerable, and in
a way already known to ADHA, and this vulnerability is being used as
justification for secrecy. This rather increases the public interest in
learning more about the technical design of the system, since it aims to
contain the private medical information of the vast majority of the
Australian population. All of their private information is apparently at
risk should this single document ever be seen outside of the several dozen
(hundred?) staff who operate the system. External scrutiny would give the
Australian public some assurance that the vulnerability of the system is
being addressed.
It is entirely possible to explain how a process of deleting data from
primary systems and backups works without compromising the security of
that process. No attempt was made at contacting me to discuss how the
technical description could be disclosed while still protecting sensitive
information irrelevant to understanding the process (such as specific host
names, IP addresses, etc.). s22 of the FOI Act exists for this very
purpose.
The argument made against the public interest is made on the wrong basis.
I have asked for factual, operational information, not deliberative
material. Operational information is specifically required to be disclosed
as per s8(2)(j) and s8A of the FOI Act. The decision to exempt is
therefore fatally flawed.
A full history of my FOI request and all correspondence is available on
the Internet at this address:
https://apac01.safelinks.protection.outl....
The internal review application was responded to on 21 March 2019 and
answered.
The FOI letter you received gives you the details for the Office of the
Australian Information Commission (OAIC) and the Internal review
application gives you further review mechanisms in details for the
Administrative Appeals Tribunal (the AAT).
The FOI area would like to assist you.
What exactly would you like the Australian Digital Health Agency to do?
Would you like another internal review? Or are you actually requesting
another FOI application about a different matter?
Could you please specify your request as you have mentioned many issues.
If you could get back to me, I will try to help you sort out what
documentation you may actually be seeking.
Regards.
Cecilia
FOI Officer
FOI Officer, FOI Team
Strategic Service Design and Delivery
Australian Digital Health Agency
Scarborough House, Level 6, 1 Atlantic Street, Woden ACT 2606
Phone [1]+61 22230780
Mobile [2]+61
Email [3][ADHA request email]
Web [4]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
1. file:///tmp/tel:+6122230780
2. file:///tmp/tel:+61
3. mailto:[ADHA request email]
4. https://www.digitalhealth.gov.au/
Good afternoon Justin
I understand you called the Australian Digital Health Agency today. If you
could respond in writing with a description of what you are after I will
get back to you as soon as possible.
Regards
FOI Officer
Information Office
Strategic Service Design and Delivery
[1]cid:image003.jpg@01D3951D.74AE5A50
Australian Digital Health Agency
Phone My Health Record Help line 1800 723 471
Email [2][ADHA request email]
Web [3]www.digitalhealth.gov.au
The Australian Digital Health Agency acknowledges the traditional owners
of country throughout Australia, and their continuing connection to land,
sea and community. We pay our respects to them and their cultures, and to
Elders both past and present.
Important: This transmission is intended only for the use of the addressee
and may contain confidential or legally privileged information. If you are
not the intended recipient, you are notified that any use or dissemination
of this communication is strictly prohibited. If you receive this
transmission in error please notify the author immediately and delete all
copies of this transmission.
References
Visible links
2. mailto:[ADHA request email]
3. http://www.digitalhealth.gov.au/
Dear Anonymous FOI person,
I called to discuss FOI request FOI.190218 and the subsequent internal review IR.190303, in response to your email dated 3 April 2019. I left my contact number, and yet you have chosen not to use it to call me.
To answer the question of what I want: I want ADHA to release the documents, in full, that fall within the scope of my original FOI request. Failing that, I am happy to receive edited documents, as per s.22 of the FOI Act, with genuinely irrelevant or exempt material redacted or removed.
The response to my request for internal review suggests that it was not done properly, for the reasons I outlined in my email inviting ADHA to reconsider its review decision.
At no point did ADHA attempt to consult with me about my request, either before making its initial refusal decision, or during the process of internal review, despite the FOI Guidelines encouragement to do so at [3.72]. We might have saved a lot of time and expense if ADHA had bothered to do so.
I have attempted to engage with ADHA in good faith on this matter. ADHA has not extended me the same courtesy.
I will now escalate to the Office of the Information Commissioner for an IC review of both the initial refusal decision and the internal review decision to affirm the initial decision.
Yours sincerely,
Justin Warren
B. Edlam left an annotation ()
How is the request for architecture artefacts any different to all the technical specifications and conformance profiles published on the public domain covering more critical aspects of the digital health system and MHR?
The argument by ADHA seems flawed.