MyABDR privacy and security
From the HFA and National Blood Authority MyABDR teams
With privacy and cyber security in the news at the moment, it is a good time to have a reminder of the security and information protection arrangements in relation to MyABDR.
Firstly, there is no link between ABDR and My Health Record, which are completely separate systems. MyABDR links only to the Australian Bleeding Disorders Registry (ABDR), the system used by Haemophilia Treatment Centres (HTCs) for the clinical management of their patients.
How is my health data protected with MyABDR?
MyABDR and the ABDR have been developed to have an extremely high level of data protection. They have one of the highest levels of security available in Australia and are not connected to any other database.
When you add information about your or your child’s treatments, bleeds, inventory and contact details to MyABDR, it is encrypted and transferred to the ABDR through a secure gateway, like those used by banks. The ABDR holds the clinical records of HTC patients, including the data you contribute through MyABDR.
The data security and privacy protections within MyABDR and ABDR include the following:
- Secure communications between the MyABDR and ABDR
- Secure backend components for managing and storing MyABDR user accounts
- Applying the principle of least privilege (ie, users and administrators have the minimum access rights needed to perform their roles) using fine grained Access Controls (each data item has its own security policy and the person wanting to access the item must provide their credentials to access it)
- Periodic Security Penetration Testing for MyABDR and ABDR applications and remediating any identified issues
- ABDR infrastructure hosting in highly secured data centres in Australia with strict physical access controls.
- Highly secure user passwords, and a PIN for the MyABDR app
- Encryption for data transfer between MyABDR and the ABDR
- Three levels of firewall for the ABDR and 24 hours security monitoring
- Very limited direct access to the ABDR and only to authorised users.
- User access and activities logged and monitored
- Data stored in highly secured data centres that meet both the strict Australian and International Security standards and guidelines
- Restricted physical access to data centres
- Fully audited database transactions.
- Personal data is transferred using secure channels
- MyABDR and ABDR data adheres to the NBA Data Governance Framework and MyABDR and ABDR Privacy Policies
- Utilising the principle of least privilege and fine-grained access controls (see Security above).
What third party apps can connect to MyABDR?
No third party apps connect to MyABDR or ABDR and there is no third party involvement in the management or operation of MyABDR or ABDR.
Who can access my personal information?
Only authorised staff from your HTC, the National Blood Authority (NBA) and the Australian Haemophilia Centre Directors’ Organisation (AHCDO) can directly access your data and only to perform specific roles. Authorised staff from the NBA and AHCDO must have a security clearance before they are permitted to access the ABDR.
- The haemophilia health care team at your HTC can access your data and contribute to your ABDR record to give you the best care and treatment for your bleeding disorder
- Authorised AHCDO staff help co-ordinate data entry at HTCs, and support good healthcare practice and research to improve the health and wellbeing of patients
- Authorised NBA staff provide technical and user support for the ABDR and MyABDR, assist in managing the integrity of the data entered into the ABDR, and extract information for approved reports and research.
If you have consented, your HTC team may send some of your personal health information and treatment plan from the ABDR to other health services involved in your care, if relevant - for example, if you are having surgery and your surgeon and haematologist are liaising about treatment to prevent bleeding. This process is also very important if you need emergency treatment for a bleed and go to a different hospital to your usual HTC hospital.
What about research and other reports?
Research is currently limited to developing clinical guidelines and undertaking benchmarking to improve treatment and care for people with bleeding disorders. Data reports used for research and benchmarking only have limited, de-identified and/or summary information where all information that could identify the patient is removed to protect patient privacy. This includes, for example, the Australian statistics for the World Federation of Hemophilia Annual Global Survey.
Who oversees this?
The ABDR Steering Committee manages the security and access to the ABDR to make sure that only authorised users that they approve have access to the data. This Committee is made up of representatives of AHCDO, NBA, a State or Territory Government representative and HFA.
Access to the ABDR and MyABDR is limited, controlled and managed to make sure the data is reliable, that the ABDR is used correctly, and the data is managed carefully in the reports that are provided for quality assurance and for research.
How much of my personal information is shared with the government?
The NBA is a Commonwealth government agency. As explained above, the NBA manages MyABDR and ABDR very carefully, and is required to adhere strictly to the Australian laws that protect your privacy and security. The only staff at the NBA who can access your personal information are the authorised staff who provide technical and user support for the ABDR and MyABDR.
None of your personal information is shared with other government departments or agencies.
Some statistical information from the ABDR that does not identify individuals may be used by the government to estimate the demand for treatment product in the future.
Why is it so important to record with MyABDR?
Your entries in MyABDR are an important way of communicating with your HTC about your treatments and bleeds and the stock in your home inventory. They are added to the ABDR and help your doctor and other health professionals in your HTC treating team to understand your care and treatment needs. They are also used to check which treatments work best for you to improve your health and wellbeing.
If you travel, or move interstate, you can say if you want your ABDR medical record to be available to specified staff in HTCs around Australia.
Collated statistics from the ABDR can help specialist clinicians, researchers and advocates like Haemophilia Foundation Australia to study trends and patterns and work to improve treatment and care. Statistics from the ABDR also helps Government to plan so that there are enough treatment products in Australia to meet the needs of all patients with bleeding disorders.
Where can I find more information?
For more information about MyABDR and the ABDR
If you have any concerns about MyABDR and ABDR data, don’t hesitate to speak to your HTC team, HFA (T: 1800 807 173 or [email protected]
) or the NBA MyABDR Support team (T: 13 000 25663 or [email protected]
There are great benefits for your health and wellbeing to recording with MyABDR and it is important to us that you feel confident using it!
Date last reviewed: 31 July 2018