I am wondering when the first major pharmacy court case involving a privacy breach will occur in Australia.
Considering the lack of privacy around faxes (the main communications method in health) and the current spate of disasters surrounding e-mail (virus and spam), it must only be two minutes to midnight at this point in time.
We have now progressed from just spam to spam "bullying".

We have all probably received those e-mails asking us to verify our account details with our bank.
Unwitting participants in this fraud have had their bank accounts drained, and collectively, this has amounted to millions of dollars.

Most of us would still be receiving the Nigerian scam letter asking for assistance to transfer a large sum of money for a fabulous $ commission (your Internet banking details required first of course).
It is hard to see people falling for this, but it evidently still occurs.

Bullying occurs in a number of ways.
Recently, a UK Internet operator had a business website which contained anti-spam software, to filter out mail houses relaying spam.
He had his livelihood destroyed, when a fake e-mail, allegedly sent by his organisation, was circulated as a spam mailing.
Fileservers around the world automatically blocked his domain, and his income plummeted.

Another method, commonly employed by porn site operators, is to circulate their unwanted material using the e-mail addresses attached to anti-porn websites.
The victims have their communications disrupted by anti-spam software, but the porn operators get their message out a number of times before a block is enforced.

Recently, a Sydney Jewish school had their site hacked by an anti-Semitic group, with the result that government agencies began receiving false e-mails, accusing them of bringing down the site.
More worrying are the cases where e-mails have been sent to anti-paedophilia groups, accusing them of being involved in the very acts they are opposed to.
In the UK, on three separate occasions, British men had their faces splashed across TV, until it was realised that they had been set up.

Even though government departments and agencies, as well as major corporates, have strict protocols on the use of their e-mail systems, there is still potential for misuse.

The digital footprints generated by illegal e-mails can be traced, but it requires some expertise to unravel sufficient evidence to present to a court of law. With the current epidemic of spam, local investigative resources would be overwhelmed. Large volumes of spam have recently affected Telstra Big Pond Internet service, where the system simply stopped because of the sheer weight of numbers. Telstra initially would not admit to the problem, and we had the flow-on where e-mails were lost totally, or not delivered on time, causing major disruption to a range of businesses.
Telstra lost a lot of business over this particular problem, even having to refund some of its clients

The current Australian legislation, in the form of the anti-spam bill before the Senate, is seen to be a token only.
Criticised by various experts, it seen by them as being doomed to fail, because it does not support standards to create a secure digital framework. It is simply developing policies around spam, which will not prevent it from happening.

Now, given the climate in which this inadequate legislation is being produced, plus the daily epidemic of virus and spam, how long will it be before health systems will be penetrated and disrupted?
This has already happened to the NSW Health e-mail system within hospitals, with valuable IT personnel being pinned down for up to two weeks trying to eliminate two viruses, and hospital employees becoming frustrated, because their system was down for the same period of two weeks.
Penetration of a major electronic health system has the potential to be life threatening (if information is altered or omitted) and to cause loss of consumer confidence (if spurious information is circulated about the character of individual health professionals).

Privacy can be breached inadvertently through virus infection.

Already we have seen the "Bugbear" virus being initially able to penetrate most of the popular anti-virus software and then setting about corrupting the e-mail address book to forward documents that you thought were safely stored on your desktop (to adresses not entitled to have that information).
What if a new super-virus is developed to do the same thing, but much better, and you find that your medication reviews and care plans are circulated and recirculated, to e-mail clients around the globe?
Accompanied with the virus attached, it would keep on infecting until eventually eliminated by a new anti-virus protection, but possibly too late to prevent privacy and legal damage.

Even electronic prescriptions will be at risk when they eventuate through PBS Direct, sometime after 2005.
Although government health systems will have encryption to protect the information, some experts are saying that the standards are compromised, even before they are launched (insufficient key strength, key circulated from a central point giving access to others, plus new, and more powerful number-crunching computers available for hacking).

Local Divisions of General Practice have been consulting with a number of security experts before committing to a system.
The advice received to date is not to be part of a major network i.e. to keep any communications network limited and local.

The reality is that commercial e-mail is usually generated between a small, but select group of people.
In the case of a pharmacy, it would be between local doctors, nursing homes, hospitals, HIC, other pharmacists and perhaps accountant, solicitor and stockbroker.
In other words, the total number of recipients for your communications could be contained in a relatively small address book.
For business purposes, the primary electronic communication system should not be connected to the rest of the world, and it should not be e-mail.
E-mail should be reserved for other communication and should be a secondary system.

Just think about it.

E-mail has to be propped up with a number of supportive systems, which adds to system costs considerably.
We have the first line support as anti-virus software (without e-mail we would not have the need for this software), the second support system is the mail filter or "washer".
This is so you can tag spam or other unwanted e-mails and at least edit them before you have to download from the fileserver.
Now we see Microsoft adding a security program (Smart Screen) to protect the Microsoft Operating environment.
The first module is aimed at spam, while future modules will look at ways to prop up corporate networks.

And so it goes on.
E-mail, despite its popularity, is on the road to redundancy.

It's a bit like a doctor prescribing a drug that needs a range of additional drugs to control the side-effects of the primary drug. Eventually, you need a full medication review which may resolve the problem by suggesting a better choice of primary drug.

This analogy should not be lost on pharmacists, and I am trialling a piece of software which may provide the answer to most of the problems above.
It is an Internet document exchange, and while it has physical similarity to e-mail, it is definitely not e-mail.
It uses a high level of encryption, and once encrypted, a document cannot be altered.
The system also provides document registration, which means it can be accepted as evidence in a Court of Law (e-mail cannot, because of the problems already noted).
The private key is generated on your own desktop, offering absolute security.
The software is designed to act as a virtual private network among a certified group of users, therefore it satisfies the criteria of being able to create a small, local network, with a high degree of security.
All documents and files can be accepted, and be in any format (including HL7).
What is received in the system is delivered at the other end, so already it has the technology to provide a seamless connection between two unrelated systems e.g. a script writing system and a dispensing system.
Spam is unable to enter the system, and even if a rogue member of the system wished to abuse the privilege, global sending of messages and documents can only be done with permission by the system administrator.
Otherwise, it is just one-on-one.

There are many other features involving storage and searching of documents, also the ability to manage internal communications using shared keys. A shared key is a key that can be given to a trusted employee to assist you in your communications management.
Documents sent or received using a shared key can be viewed by a proprietor/manager, but the employee cannot see documents generated by the proprietor/manager.

While this system may be a little in advance of current requirements, pharmacists should be looking towards securing all their internal communications and looking to eliminate the fax machine completely (it is now "old technology").
A whole new line of activity, termed "Information Management" (IM) is about to cause more activity in pharmacy. Coupled with Information Management is Security Management, and your business will require a security audit.
Better now than after the first attack.

Concern should exist, because this is extra work.
But get the right IM system in place, and communication begins to work for you.
The right system should have the capacity to reduce total workload, save on costs, and interface with as many other IT systems as is possible.
This will take time, but it is worth investigating now so that you have sufficient information to base future Information Management decisions on.

Anyone interested in the document exchange software should contact admin@computachem.com.au
for information.

Have a Merry Christmas and a Happy New Year

...Peter Sayers