Surveillance Was In The DNA Of Breached Medtech

This blog post was written by EFA board member, Amy Patterson.

Two weeks into the MediSecure data breach fiasco there’s a lot that has been said about its causes.
There’s the obvious stuff.
Companies keep personal information they don’t need.
Venture capital pushes growth and profit at the expense of infrastructure and sustainability.
These things are important.

What remains unsaid — and is equally important — is that MediSecure was built with a very different kind of security in mind: it was, first and foremost, a technology of surveillance.
When the threat model conceptualises those the data belongs to as the primary risk, its unsurprising external risks are deprioritised or neglected.

When the startup was in its trial phase in 2009, what was explicitly being offered to doctors and pharmacists was a heightened capacity to monitor patients; pharmacists were promised they could also monitor doctors.

In 2009 the website promised “to allow Doctors to monitor their patient’s medication compliance; view medications from other prescribers; reduce red tape and save around a minute per consultation, as well as reduce doctor shopping”, with the additional benefit that “there is less chance of script forgery and doctor shopping; giving the Pharmacist better peace of mind in dispensing”.

This surveillance tech didn’t just fall out of the sky.
MediSecure was a commercialisation of Northern Territory Intervention technology.
Again from the 2009 website: “MediSecure® uses the proven technology of the eHealthNT e-prescription trial as implemented by General Practice Network NT”.

The Northern Territory Intervention, officially known as the Northern Territory National Emergency Response, was introduced by the Howard government in 2007 as a package of legislation that required the suspension of the Racial Discrimination Act 1975 and modification of the Native Title Act 1993. The pretext for its introduction was subsequently shown to be fraud, hidden in plain sight. 

The Intervention included compulsory leasing of land, significant budget increases to law enforcement and child removal, prohibitions on alcohol and pornography, and the introduction of compulsory income management. Many of these measures were adopted into and continued under the “Stronger Futures in the Northern Territory” policy from 2012; compulsory income management remains in place today within the NT and other parts of Australia. 

Australia has a long and ugly history of trialling medical treatments and infrastructure on Indigenous people; one that is clearly ongoing. When at-risk populations are used as guinea pigs — for health infrastructure or anything else — the risk of failure is always closer to catastrophic, because of the preexisting vulnerability. Statistically, Indigenous people in the Northern Territory remain the sickest people in Australia; misallocation of resources to surveillance and control and denial of agency cuts very close to the bone. And yet this is a pattern, in which marginal or vulnerable populations are used to shape and test technologies of surveillance and control that are then expanded.

The development of technologies like the eHealthNT e-prescription trial that became MediSecure in populations already subjected to invasive surveillance and control measures, such as those experienced by Indigenous communities during the Northern Territory Intervention, raises significant ethical concerns. This is a persistent pattern, where technologies of surveillance and control are trialled on marginal or vulnerable populations and then rolled out more broadly as extensive surveillance is normalised in healthcare and beyond.


MediSecure’s public-facing rhetoric has improved significantly — the logo lists “eScripts. Sent. Secure. Safe” and the website sells it as a means to “Improve Dispensing Speed and Accuracy” — but that’s window dressing. If you read the copy from 2009 the message hasn’t changed, it’s now just… easier to misinterpret in a favourable light.  MediSecure is a technology that was fundamentally shaped by its conditions of origin. The eHealthNT e-prescription trial foregrounded patient surveillance; it was then commercialised by a startup that sold this as its primary asset, a mindset that’s not compatible with prioritising the data security of any patients. 

Sick of surveillance in healthcare? Join EFA and help us make ethical technology practices the standard.

(Image credit: Marcelo Leal/ Unsplash)