Tuesday, February 05, 2013

A Comment Trail That Seems To Offer Some Concerns About the NEHRS / PCEHR System Integrity.

In response to this blog post there has been a good deal of discussion.
The comment that triggered the concern is this one:
Anonymous said...
On the note of inappropriate access to personal health records, I have accessed my PCEHR and run the audit log. I was shocked to see that my record had been accessed by the role of "external provider" (no further details given about who this is). The type of access included reading and updating of documents, reading of my emergency contact details and even updating of my access controls. Most of these accesses occurred in July/August 2012. I am guessing that this was a time when the system was not very stable and was being fiddled with by the system operator. But is is very disconcerting to see that some sort of "external provider" has been messing with my record. If it is the system operator it should clearly show that - not pretend to be a provider. Has anyone else tried this? And is there an explanation? I don't feel comfortable ringing the help desk - I don't want anyone else messing around in my record. Also, I did not get any emails or notifications that an external provider had accessed my record, even thought I set this up in the record. Not happy.
This is the direct link:
As discussed a day or so ago it does seem there are a few issues with the way the audit trail is working. See here:
Here is a short extract of the Audit Trail from today.
10/01/2013 03:25:21 AM   Add Document      DHS Medicare       External Provider                      Create  DocumentID                  
10/01/2013 03:25:21 AM   Add Document      DHS Medicare       External Provider                      Create  DocumentID                  
10/01/2013 03:25:20 AM   Add Document      DHS Medicare       External Provider                      Create  DocumentID                  
10/01/2013 03:25:18 AM   Add Document      DHS Medicare       External Provider                      Create  DocumentID                  
These records label each record as having come from DHS Medicare and when clicked on I get a prescription record dated 16 December, 2012. Oddly one data element is repeated incorrectly according to my prescription and what I received in the form of 3 rather than 4 boxes of medications.
It will be very interesting to hear what is displayed when more providers other than the user and Medicare are contributing to the final record.
On the issues raised in the comments above(now 23 of them)  it seems to me the best approach might be to e-mail the Chief Health Officer mentioned below with the concerns. That will at least force a (slow) response.

Clinical safety audit program for the Personally Controlled Electronic Health Record (PCEHR)

The Commission has established an independent Clinical Governance Advisory Group (CGAG) and a clinical safety audit program for the Personally Controlled Electronic Health Record (PCEHR).
This national clinical governance function complements and strengthens the work being performed by the National E-Health Transition Authority in assuring the safety and quality of the standards and specifications supporting the PCEHR and will provide external assurance on PCEHR clinical safety issues.
The CGAG meets quarterly to consider the clinical safety audits of the PCEHR and other clinical safety issues relating to the PCEHR and provide advice to the Department of Health and Ageing. The CGAG comprises experts from across Australia, and is chaired by the Chief Medical Officer Professor Chris Baggoley.
See full page here:
An e-mail to here marked attention CMO would be a good start:
Yet again all this reflects on the really poor way e-Health Governance has been set up in Australia with a lack of leadership and transparency and with maximum complexity in finding out ‘who to call’ - as one of the other commenters pointed out!
I wonder who is actually on the CGAC and what their expertise is?
For this blogger there is no doubt that the NEHRS is, as they say, the gift that just keeps on giving.


Anonymous said...

Suggest submitting this and tabling this at the next Senate Estimates hearing on eHealth, with DOHA and NEHTA present and already prepared to respond there and then, and not avoid by taking the question "on notice"!

The BLOG readership as we know already includes DOHA and NEHTA resources so they shouldn't be surprised at all when this issue comes up in the line of questioning, in the spirit of accountability.

Anonymous said...

AFAIK, the blog readership includes a number of industry members and associations, along with more than a few political staffers.

What gets said here gets heard, although not necessarily fully understood, being a bit technical at times.

Re questions on notice, some of the answers to previous questions are, IMHO, grossly disrespectful and arrogant:

Question (E12-356): Do you acknowledge that there have been a series of outages in the E-Health architecture – PBS, HI, Accenture/PCEHR, and the vendor PCEHR test environment?
Answer: Yes. All Information Technology Systems, including the personally controlled electronic health record (PCEHR) system and the Health Identifier Service have outages to allow for system maintenance and upgrades

Question (E12- 357): Can you confirm that the number and duration of these events are well outside the acceptable times in any industry, let alone health? If you disagree can you supply the detailed service standards that support that view?
Answer: The personally controlled electronic health record (PCEHR) system availability target is similar to targets set for other Australian government and hospital systems and also the Singapore ehealth record system.

Question (12-361): The National Partnership on E-Health expired in June this year, what will replace it and will it include remedies for the above (Q E12- 360)
Answer: The eHealth Memorandum of Understanding, which replaces the National Partnership on E-Heath, was agreed by the Standing Council on Health on 9 November, 2012.

It's almost as though they have something to hide.

Anonymous said...

The main thing they have to hide is for their unimaginable "incompetence"!

There's also a strong argument for corrupt behaviour on their part but their incompetence would no doubt save them as they plead ignorance and hide behind orchestrated "plausible deniability".

Unfortunately with a lack of informed and motivated "follow-up questioning" by our appointed elected representatives at Senate Estimates hearings, accountability will be MIA and the Sir Humphries and QANGO stooges will remain arrogant and disrespectful of the public purse in the extreme.

Anonymous said...

Your audit log contains a number "8003640002000019" that is in the format of the numbers from the HI Service, but is not one of the assigned ranges. The HI Service number can be identified from the first 6 digits. The assigned numbers AFAIK are 800360 for IHIs, 800361 for HPI-Is, 800362 for HPI-Os and 800363 for CSPs.

Some transparency around this would be good.