6 July 2012

Liberals not convinced by Chiefly testimony. Is anyone else?

| johnboy
Join the conversation
23

The Liberals’ Jeremy Hanson is hot and bothered following Chief Minister Gallagher’s estimates interrogation yesterday in the wake of Auditor-General’s findings that health statistics at Canberra hospital were manipulated on an industrial scale (11,700 records altered) by (probably) multiple people of which only one (Kate Jackson) has been identified:

“Katy Gallagher has misled the community about the nature of her conflict of interest in this scandal,” Mr Hanson said today.

“Her relative’s direct working relationship with the individual at the centre of the scandal should have been fully disclosed from the outset. Instead, she has continued to be tricky with her words and keep the community in the dark.

“She’s continually changed her story, and up until today, hasn’t explained the full scope of her conflict of interest.

“Katy Gallagher was silent on any potential conflict until the Opposition started asking direct questions in April, and even then, she failed to disclose the full extent of the conflict of interest.

“It was revealed under questioning today, that not only does her relative have a personal relationship with the Manager who falsified emergency department data, they also work under them in an area associated with the Emergency Department.

“Katy Gallagher simply cannot be trusted to tell the full story on any health issue.

“These continual changes to Katy Gallagher’s story are precisely why we need a Royal Commission into this scandal,” Mr Hanson concluded.

The ABC reports that the Chief Minister’s solution to the problem is a “Director of Data Integrity” within the Health Directorate.

Will this Director be reporting to the as yet unidentified data rorters?

An internal position hardly seems like a real solution to an integrity issue. It looks a lot more like a position tasked with making sure they don’t get caught in the future.

She’s also commissioning old hand Professor Mick Reid to review governance in the Directorate. Professor Reid reviewed ACT Health in 2002.

Join the conversation

23
All Comments
  • All Comments
  • Website Comments
LatestOldest

PantsMan said :

And now the FOI dumps roll in!

In the two minutes I’ve looked at the “Triage Reform” FOI release today (http://www.cmd.act.gov.au/open_government/foi/hd/foi1239) I’ve noticed the following:

“If you use the override catorgory, do you triage up or triage down:

Up: 2 responses

Down: 17 responses”

Source: page 5 of this: http://www.cmd.act.gov.au/__data/assets/pdf_file/0007/325177/Released_Documents_Part3.pdf

Does anyone know what this means:

2. EDIS daily data review
In place since 2004. Time corrected daily for a number of set & approved criteria.
Eg time of commencement of medially approved and supervised protocol,
Chest pain pathway – ECG review, earliest Dr seen time in notes or on EDIS, etc.
Continue to ensure capture of earliest legitimate time seen.

And now the FOI dumps roll in!

In the two minutes I’ve looked at the “Triage Reform” FOI release today (http://www.cmd.act.gov.au/open_government/foi/hd/foi1239) I’ve noticed the following:

“If you use the override catorgory, do you triage up or triage down:

Up: 2 responses

Down: 17 responses”

Source: page 5 of this: http://www.cmd.act.gov.au/__data/assets/pdf_file/0007/325177/Released_Documents_Part3.pdf

pirate_taco said :

Copyright of the material broadcast belongs to the Australian Capital Territory and no unauthorised use may be made of that material. Persons or organisations who wish to broadcast or rebroadcast audio or visual material, including material available on the Assembly’s website must abide by the conditions of access set out below.

Broadcast material must not be used for:
* the purpose of satire or ridicule;
* advertising for or by political parties;
* electioneering; or
* commercial advertising or sponsorship.

And why shouldn’t it be used for satire or ridicule?

I can’t see any reason why this footage should qualify for copyright protection. There is no public benefit to it at all.

Surely satire and ridicule are in fact the only things it *is* actually useful for?

11,700 times …… wow

Ray Polglaze said :

It would be interesting to know the precise steps involved in altering each record and how much time it takes. If each record has to be altered separately and each alteration takes a minute, then altering 11 700 records would take 195 hours. That’s around 26 days of altering. That’s a lot of time on weekends, after hours or during work time. Also, is it likely that 11 700 records could be altered through the random actions of different staff members without some coordination or supervision?

The other possibility is that there is an obvious way of doing bulk alterations.

Yes, and how did the auditor investigate all 11700 in just 2 month (let alone find them in amongst the 300k odd entries for the 3 years they are investigating)
Must be magic

Ray Polglaze1:29 am 07 Jul 12

It would be interesting to know the precise steps involved in altering each record and how much time it takes. If each record has to be altered separately and each alteration takes a minute, then altering 11 700 records would take 195 hours. That’s around 26 days of altering. That’s a lot of time on weekends, after hours or during work time. Also, is it likely that 11 700 records could be altered through the random actions of different staff members without some coordination or supervision?

The other possibility is that there is an obvious way of doing bulk alterations.

johnboy said :

The first iron rule of politics is “protect politicians”

A rule I plan to break if I can do anything about it.

Physical security isn’t the issue. The current system (probably) meets the requirements of the ACT Government.

Information security is the issue. Having the incredulous issue of two user accounts with passwords the same as the login is, well, incredulous. Fix that, which would be a fairly strenuous exercise, and you’re halfway home.

pirate_taco said :

And why shouldn’t it be used for satire or ridicule?

I can’t see any reason why this footage should qualify for copyright protection. There is no public benefit to it at all.

The first iron rule of politics is “protect politicians”

PantsMan said :

While also noting the terms of use, which are as follows:

By using this site you accept the conditions of the ACT Legislative Assembly outlined below and agree to abide by them.

Copyright of the material broadcast belongs to the Australian Capital Territory and no unauthorised use may be made of that material. Persons or organisations who wish to broadcast or rebroadcast audio or visual material, including material available on the Assembly’s website must abide by the conditions of access set out below.

Broadcast material must not be used for:
* the purpose of satire or ridicule;
* advertising for or by political parties;
* electioneering; or
* commercial advertising or sponsorship.

The Legislative Assembly’s broadcasts are live and continuous and while in that complete and unaltered state may be protected by parliamentary privilege. Extracts or excerpts of the broadcast are protected if they constitute fair and accurate reports of proceedings. The ACT Legislative Assembly is not liable for any loss or damage arising from use of the material or from delays or interruptions to its publication.

And why shouldn’t it be used for satire or ridicule?

I can’t see any reason why this footage should qualify for copyright protection. There is no public benefit to it at all.

I’m not sure that the Chief Minister could have given much more information about the details of the potential conflict of interest without effectively identifying Jackson as the person under investigation.

One would hope that the “Director of Data Integrity” would be reporting directly to the Minister.

johnboy said :

If they actually wanted to identify who was at fault it wouldn’t be that hard to compare staff rostering to dates and times of record abuse. with thousands of records over three years it shouldn’t be hard to narrow the pool of potential suspects down to something some hard questioning would break down.

If the Government actually wanted to get answers of course.

Feasible but a large number of people at various levels have access to the software in question. At any given time, even weekends and after hours, quite a large number of people are actively using the software. (Most of them wouldn’t have anything to gain from altering data however.)

“staff at the hospital have to swipe passes in and out right?” A large number of those people do not have to swipe in and out. They work in the ED where access can be gained a number of ways including through the ambulance entrance where there is a numeric keypad entry and all staff use the same code.

Ohh goodie, generic logons, to health data, in an insecure area.

It gets better and better.

I wonder how many malpractice cases have failed because the record showed impeccable care that was not in fact delivered?

johnboy said :

Systemic tailgating would show up though and should be a huge red flag.

I think you might be confusing Canberra Hospital with the new ASIO headquarters. From personal experience of working in a number of governmental and commercial buildings “systemic tailgating” is pretty much standard operating procedure: you all get out of the lift in a group and the first person opens the door and lets everyone in, you see someone coming the other way and hold the door open for them, you wave at the receptionist and they buzz you in, you go home down the fire escape (yeap my building has no alarms on the escape stairs) …. Most swipe card systems are just security theatre.

My main point is that when the system first went in it was probably designed to collect some operational data that was used to put some nice stats on p.300 of the annual report and not much else. Over the years more and more money and job status has been attached to them increasing greatly the incentive to tamper with the system but there has been no change in the corresponding security of the system.

dtc said :

As far as I can tell, when the investigation started KG excused herself citing a personal conflict. Its not like KG herself was involved in any of the activities, and until the investigation was concluded I’m not quite sure what she was meant to do other than not be involved.

From the estimates hearing, Katy’s family member has the same access to the computers with generic logins as Kate Jackson.

You can watch the hearing here http://committees.parliament.act.gov.au/speeches

The links are crappy, so you can stream directly here:

rtsp://streaming.parliament.act.gov.au/COMMITTEE%2005-07-12%20#1.mov
rtsp://streaming.parliament.act.gov.au/COMMITTEE%2005-07-12%20#2.mov

While also noting the terms of use, which are as follows:

By using this site you accept the conditions of the ACT Legislative Assembly outlined below and agree to abide by them.

Copyright of the material broadcast belongs to the Australian Capital Territory and no unauthorised use may be made of that material. Persons or organisations who wish to broadcast or rebroadcast audio or visual material, including material available on the Assembly’s website must abide by the conditions of access set out below.

Broadcast material must not be used for:
* the purpose of satire or ridicule;
* advertising for or by political parties;
* electioneering; or
* commercial advertising or sponsorship.

The Legislative Assembly’s broadcasts are live and continuous and while in that complete and unaltered state may be protected by parliamentary privilege. Extracts or excerpts of the broadcast are protected if they constitute fair and accurate reports of proceedings. The ACT Legislative Assembly is not liable for any loss or damage arising from use of the material or from delays or interruptions to its publication.

johnboy said :

wristbands as used by your average pub to authenticate to the till?

Money is involved, the system was designed to resist attack.

johnboy said :

staff at the hospital have to swipe passes in and out right?

Yes. I, for one, have never tailgated another cardholder so I don’t have to find mine 😉

Systemic tailgating would show up though and should be a huge red flag.

As far as I can tell, when the investigation started KG excused herself citing a personal conflict. Its not like KG herself was involved in any of the activities, and until the investigation was concluded I’m not quite sure what she was meant to do other than not be involved.

johnboy said :

If they actually wanted to identify who was at fault it wouldn’t be that hard to compare staff rostering to dates and times of record abuse.

Err, if I was cooking the books I’d be doing it when I wasn’t rostered on and using the “generic” login.

I think the problem is that the system was designed to collection operation statistics and not for collecting evidence. The system probably needs a redesign to build in some resistance to attack, things like: auditing, two-factor authentication, CCTV of the terminals, etc…..

wristbands as used by your average pub to authenticate to the till?

staff at the hospital have to swipe passes in and out right?

Why do they want a Royal Commission? By the time you set one up the election will already have been and gone. As Sir Humphrey would say “never hold an inquiry unless you know what its outcomes will be”, imagine how much fun it’ll be for the new Liberal government when the Commission reports suggesting a lot of very expensive and difficult fixes.

I would have thought the best approach would be:

1. Send the case to the police for investigation.
2. Fix the IT system so it has real security.
3. Have the records audited on a regular basis. Perhaps the Commonwealth should be doing this this since they’ve chosen to tie funding to the stats.

If they actually wanted to identify who was at fault it wouldn’t be that hard to compare staff rostering to dates and times of record abuse. with thousands of records over three years it shouldn’t be hard to narrow the pool of potential suspects down to something some hard questioning would break down.

If the Government actually wanted to get answers of course.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.