Sunday, June 24, 2012

Is Our Democracy Up To Addressing Complex Technical Problems Sensibly? I Fear It Might Be Struggling.

Over last week I provided reports on the Hansard Record of the debate in the Senate and Reps on the PCEHR Legislation which saw the Bills passed last Thursday - 21 June, 2012.
There reports are found here:
and here:
and provide links back to the formal Government record.
In thinking about what went on I found myself asking is the adversarial political system we have well equipped to manage a topic so riddled with complexity, risk and expense as the PCEHR program.
At first blush you would have to say that maybe things could have been handled a great deal better.
The process of having the Government come up with a proposal that then is presented to the Parliament as some legislation (missing some important clarity around exact regulations etc. which are still causing considerable angst as recently as a few days ago) which then results in a brief enquiry and multiple submissions, which seem to have largely been ignored in terms of what finally becomes law, can hardly be an ideal way to handle issues of this sort I believe.
You can see how much concern there is about the heavy handed way DoHA has gone about things with recent articles like this.

Defiant doctors force e-Health backdown on PCEHR liability

TWO weeks before the introduction of the Gillard government's $1 billion e-Health scheme not one medical practice has signed up to use it, forcing Canberra to back down on a move to compel doctors to accept full liability for problems with the initiative.
The Department of Health and Ageing this week agreed to remove contentious contract conditions that would have made doctors liable if one of their employees leaked information contained in a patient's electronic health record.
It has also amended a clause that would have allowed government officials to raid surgeries and remove computers and records when a breach of the e-Health system was being investigated.
Full article here:
As late as Friday there was still no release of what is finally going be demanded that I am aware of.
What I find even more concerning is that there was no real process at the beginning of the PCEHR journey some two and a half years ago to properly research and frame an approach that might be ideal - despite having a well thought out National E-Health Strategy which at that point was unfunded and which did not in any way recommend what was then announced.
It is also a considerable worry that despite all sorts of concerns and recommendations from both the Opposition and the Greens that the legislation is just essentially ‘waved through’ without all the major concerns expressed both in submissions and by parliamentarians remaining, to my eye at least, unresolved.
I guess the issue is really whether this a systemic problem with non-experts attempting to manage complex technical and professional issues - in which case we need to work out how we can properly address highly technical matters via the present democratic processes - or is this just a poor Government which does not know how to correctly handle the resolution of stakeholder concerns in a reasonable way. Of course the third choice is that it is all fine, the system worked as it should and that the PCEHR Program is just ‘tickety boo’ in all aspects.  
In all this I would be the first one to admit I would be utterly clueless in trying to sort out issues like the Murray Darling Basin and the needed Nuclear Waste Dump where local vested interests seem to be able to endlessly delay and obstruct any real outcome. Both are clearly - among a host of others - clearly able to be rationally addressed based on the evidence but that does not somehow seem to be enough! Politics and very small sectional interests seem to be blocking the best overall outcome which is really needed.
What do readers think - is what we have fine - or do we, for complex technical issues, need a way to supplement the decision making capacities of Parliament for the good of all? If so how might this be done? You only have to watch European politicians trying to handle the aftermath of the GFC to see how technical and political complexity can lead to paralysis and potentially catastrophe.
David.

11 comments:

Andrew McIntyre said...

I agree that there is a problem and there is no easy way for government to manage highly technical issues like eHealth. I think the only solution is for government is to stop trying to manage them.
The reality is that internationally and locally even the standards process is weighed down by the same issues of poor participation and management and the only way to manage technical issues well, is to find a way for technical people to manage them.
In reality there is way too much government money on offer in both areas and this is the problem. Technical Committees should have technical people on them and in the early 90’s they did. In places like the US it is hard to find really low level technical people at meetings and there are way too many managers and public relations people involved. This has come about because so much government money is on offer that the trough becomes crowded.
The government’s role is to regulate the market and not to create it or steer it and this is what they are doing. The rise of Nehta has meant they are keen to be the only game in town, even though they have yet to develop a single standard or piece of software in real use. Rather than an industry where talented IT professionals are keenly sought after we have a proliferation of smooth talking consultants, often with very little real experience in the market, and limited proven skills in medical software. The $$ that are on offer, with no success in the real world required mean that doing real work is a mugs game,.
We do require interoperability, and that requires standards and compliance with standards. The standards that work come from years of trial and error at the coal face and not the Nehta white board. Any funding for standards should be just for the administrative infrastructure and the government should not develop software, as they have been proven to be hopeless at this again and again. They should mandate compliance for standards developed by industry, which are actually being used, rather than try and mandate some unproven monstrosity. There needs to be some decisions in regard to terminology, but not government control of it and the funding should be directed to the users to allow them to purchase software that meets current standards, and their needs.
This is one area where a real market, with appropriate governance wrt standards compliance would actually work and encourage people with IT skills, to actually apply their knowledge and advance the cause. The government should not create or select standards, and not create software, but simply mandate compliance with Australian standards. What we have currently is a very expensive fa├žade of a eHealth system, a problem that is worldwide, it’s an eHealth bubble.

P said...

Is what you're talking about here a national leadership vacuum? Inspired leadership would be responsible for painting the broad principle-driven brush strokes, while a small army of technocrats, bureaucrats, academics and entrepreneurs filled in the detail. I can't help thinking that that's what NEHTA was supposed to be part of in the first place?
In the end, NEHTA, and the bulk of the PCEHR's procurement seems to have been a ham-fisted attempt to copy the far more rigorous and successful Singapore approach, as exemplified by their MOHHoldings Ltd. (a private company owned by the Ministry) and their National EHR project (Accenture + Orion).
And to conclude, you're not the only one questioning democracy's relevance in the modern world. Have a look at The Insiders "Poll Of Polls" segment for some eye opening numbers on what the (younger) Australian public think of democracy: http://www.abc.net.au/insiders/content/2012/s3531991.htm
A fascinating time, or should that be interregnum?

Anonymous said...

In short, the Polity gets the government it deserves, and has been, and will be, always the case.

Extract from a very famous document that has, as its principles and core suggest, long since been abandoned:

When in the course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain inalienable rights, that among these are life, liberty and the pursuit of happiness.

That to secure these rights, governments are instituted among men, deriving their just powers from the consent of the governed. That whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.

Prudence, indeed, will dictate that governments long established should not be changed for light and transient causes; and accordingly all experience hath shown, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.

But when a long train of abuses and usurpations, pursuing invariably the same object evinces a design to reduce them under absolute despotism, it is their right, it is their duty, to throw off such government, and to provide new guards for their future security.


So who is keeping the eHealth b@#%ards honest?

Certainly not the opposition, greens or fearless and frank bureaucrats.

Anonymous said...

An alternate view might be that there is a problem in getting anything done in Health. I remember some years ago when I first worked in health (I was out of health for a while) going to a conference, and sitting next to a crusty old guy. It was a health informatics conference, talking about communication standards. I was young and enthusiastic, I remarked to him that this stuff all looked pretty good, and we should be able to do this quickly. He replied that he'd been coming for 20 years to this same conference, and he reckoned we were almost getting there. That's when I decided that my interests lay outside health.

The problem isn't that government cannot resolve these objections. The problem is that there are too many purists who aren't happy unless _their_ exact solution is implemented. And those purists don't agree with each other. So irrespective of what solution you pick there are a large group of people who are disgruntled and snipe from the sidelines. Not because it cannot work, but because a choice was made and it didn't pick their favourite option.

So long as the health market continues to be more about religion than about getting on and creating a patient outcome, it will continue to be the case that places like Senate enquiries can easily find a list of people with deep expertise who'll expound on why the world is ending.

Cris Kerr said...

The problem is that the basics have not been considered important enough to implement.

Think of ehealth as your home and consider how much you value your privacy.

(1) your ehealth record will contain all your personal health information, xrays, blood type, blood tests, diagnoses, etc, etc and that of all your loved family members and friends

(2) it will contain information about where to find your advanced care directive

(3) it will contain your organ donor status

(4) it will contain your name, date of birth, address

If you go to your doctor, they will have a good reason to be viewing your ehealth record. Same if you go to a hospital.

Your ehealth record will have an audit log you can view.

But you will not be privy to the name of the persons who have viewed your record.

You will not be told 'who' they are. You will only know where they work (healthcare organisation), and what their role is.

If your audit trail lists 15 views by a GP linked to your local healthcare organisation or your local hospital, you will not know if those 15 views were performed by the same GP or by 15 different GPs unless you make a formal request for the names.

Anonymous said...

Cris, I don't think that you're asking quite the right question. The important question is what is the granularity of the organization. If the HPI-O dentifies my local clinic, this a very different proposition then if the HPI-O identifies a state-wide health jurisdiction.

What is the granularity limitations of organisational access logging?

I'm interested in a different question - what happens when the person identified in the logs claims to be not responsible? How can you rule out malicious mis-use of their resources?

Andrew McIntyre said...

Anonymous said...
"An alternate view might be that there is a problem in getting anything done in Health"

There is a problem with purists, and the biggest purists are the ones backed with a billion dollars of public money and no real experience on the ground.

We need to eliminate the government funded purists and allow people with a genuine interest in making things work fight it out. The only credible standards are based on working code and the only time that government should get involved is when a standard gets real use, as then its a safety issue. If they followed this idea we would be streets ahead and eHealth conferences would be populated by technical people who are doing real work. Introduce billions of dollars of poorly targeted government money and every hollow man and his dog wants his say.

Cris Kerr said...

Anon, I'm glad you're asking the right consumer questions. I wish more would. I too have been asking the right questions.

If you're interested in the PCEHR audit log from a consumer rights perspective and want to know what the consumer will be given capacity to see, please visit the publiclearning ehealth.gov.au website.

From memory, early versions of the privacy and security pages stated consumers would be able to see which 'healthcare provider ORGANISATIONS' had accessed their PCEHR.

Being able to see the role of the person associated with the healthcare provider organisation (eg GP, physio, radiographer, dietician, etc) is a more recent inclusion... but still no name.

I can't see much chance a person will need to claim they're 'not responsible'.

For that to happen, they'd first need to be 'detected' as someone 'inappropriately accessing a PCEHR'.

The consumer is in the best position to know who is and who is not involved in their own care, who does and who does not have a legitimate reason for viewing their PCEHR, but they can't detect what they can't see.

Anonymous said...

Chris,

I think the audit drives off telling you which organisations are accessing your record. The question for the consumer is whether that organisation is one that you expected to be accessing your record.

If that organisation is one that is appropriately accessing your record, then the question is whom within that organisation might have access. That is not something that can be centrally audited, as the documents within the record can be downloaded by those organisations (or, in fact, printed by those organisations). So the person in the audit log may not be the only person who saw your file.

This isn't dissimilar to what happens today. Your GP holds records about you, and the only place you can find out who saw them is to ask your GP organisation. The eHealth record is similar - at a central level it isn't possible to tell who your GP shared it with.

Cris Kerr said...

Sorry Anon, but...

Clearly you value your privacy highly because you won't reveal your name, but you then expect me and others reading this blog to believe you are happy for any person within any organisation to view all your personal health information within your PCEHR without you knowing who?

I have been transparent with my name and interest, and everything I have written is correct and can be easily checked on publiclearning ehealth.gov.au.

You're not advocating in the consumer's best interest so I'm now curious... what's your name and personal interest in the PCEHR?

Anonymous said...

Chris, no, not happy. Just pointing out a simple technical limitation.

If I go to a library and get out a book, the library can audit that I took the book out. They cannot audit who I showed it to. It's a pretty simple concept.

Do I love that? No. But is it a new risk in the health system? Also no. If you went to a hospital in NSW Health, then they have records about you. Do you know who in the hospital looked at those records without asking NSW Health?

The thing that can be audited is who took a copy. As to who then looked at that copy - that cannot be audited centrally.