Sunday, August 11, 2013

The Australian Privacy Foundation Is Not Happy With The Government Advertising Of E-Health As Well As The Current Arrangements.

The Following appeared today.

MEDIA RELEASE

11 August 2013

PCEHR Promotion Misleads the Public

The 'Personally-Controlled' Electronic Health Record (PCEHR) has been the subject of a media blitz by the Commonwealth Department of Health and Ageing.
“Information on television, the print and online media and radio is designed to pitch the benefits of PCEHR system registration without fully informed consent”, said Dr Juanita Fernando, Health Informatics professional and Chair of the Health Committee of the Australian Privacy Foundation (APF).
"The APF has always strongly supported the appropriate application of information technology in the health care sector. However, the PCEHR has been designed to suit the needs of government, not patients", she said.
Patients demand a careful balance between their rights to privacy and the government's
insatiable desire to collect, control and exploit personal data.
Patients have been naturally very sceptical about the PCEHR. To overcome this, the Department has mounted an expensive advertising campaign and published many 'fact sheets'.
But these are incomplete and seriously misleading. They fail to properly inform, and hence people are being enveigled into consenting to participation in the scheme.
"Neither clinicians nor the rest of the community understand the system, let alone the full implementation details”, said Dr Juanita Fernando.
The Australian Privacy Foundation has prepared an antidote to the government's wilful misinformation.
The APF has published two FAQs:
• for Health Care Consumers, at
• for Health Care Clinicians
Contact: Dr Juanita Fernando, Juanita.Fernando@monash.edu.
----- End Release
The full release is found here:
You can also read more from a clinician perspective on this blog post.

The 2013 PCEHR Quiz for clinicians and managers

Reliable information about the issues surrounding the PCEHR is not easily accessible, unless you read the 93 pages of the PCEHR Act 2012. How good is your knowledge of the national eHealth records system and are you aware of the pitfalls and risks? Do the 2013 PCEHR Quiz to test yourself.
1. Who has access to the data in the PCEHR?
a. The consumer and their clinician(s)
b. The consumer, their clinician(s), the system operator, health care organisations, repository operators, portal operators and contracted service operators
c. The consumer, their clinician(s), and the system operator in case of emergencies
2. The PCEHR Act 2012 allows secondary use of PCEHR data for the following purposes:
a. Public health emergencies
b. Statistical analysis of de-identified health data
c. Law enforcement purposes, health provider indemnity insurance cover purposes, research, public health purposes, and any other purpose authorised by law
Many more questions here - as well as the answers.
This is all more than overdue. There are a lot of things that are not presently OK with the way the public and clinicians are being treated and being left relatively under-informed on what they are signing up for.
I note, in passing, that the AMA is still not all they happy as well.

Test results loaded on shaky e-health foundations

29/07/2013
The Federal Government is pushing ahead with the roll-out of extra functions for electronic health records despite concerns that it is yet to get the system’s fundamental design right.
In the face of calls from the AMA for it to focus on refining the basic functions of the Personally Controlled Electronic Health Record to improve its clinical usefulness, the Government has announced the allocation of $8 million to enable patients to upload pathology and diagnostic imaging test results to their shared health summaries.
Announcing the move – which has been a long-standing element in the rollout of the e-health record system - Health Minister Tanya Plibersek said it was the “landmark next step” in the evolution of the PCEHR.
“We expect both doctors and patients will find the new functionality useful, as it will reduce the need for them to chase down results or duplicate tests,” Ms Plibersek said. “In an emergency, having this kind of information on a patient’s e-health record could save lives.” 
The AMA said that although pathology and diagnostic imaging test results were important inclusions in electronic health records, the Government was yet to address fundamental problems in the design of the PCEHR that undermine its clinical usefulness.
Lots more here:
There is a long way to go in all this is my view.
David.

17 comments:

Anonymous said...

The 2013 PCEHR quizz is illuminating indeed. I think I'm well informed. As an ehealth expert I should be. 8 of my answers were. Of the incorrect Q1 I chose 'c' and Q10 I chose 'b'.

It beats me why any self respecting, risk averse medical practitioner would participate, more so given the answers to Questions 1, 3, 4, 5, 7.

Anonymous said...

Finally some news on the privacy front.

Yes Dr Fernando and the APF, plus other privacy advocacy groups provide a great overview of the PCEHR and eHealth from a privacy and general perspective.

A couple of key points for clinicians is the medico-legal liability position that most would not be aware of and the fact that they must obtain the patient’s permission each time they upload details to the patients PCEHR record (civil penalties can be rather hefty for wrongful collection and disclosure).

A couple of key points for patients is that the government has the ability to do anything with your personal information that they like once you have registered and that the records in the PCEHR system are not totally secure.

If you work with eHealth, you need to have IT risk mitigation plans and strategies in place.

Especially when the data breach notification laws hit the decks in 2014.

Privacy Paul

Anonymous said...

David, as a clinician, could you please advice re. the AFP Q.6 for clinicians. In particular what is bothering me greatly is the following statement: -

“If clinicians add a new medication they must upload another Shared Health Summary to the PCEHR record to be accurate.”

What happens if the patient goes to two GPs? Can they both update the PCEHR?

Surely they don’t both have access to the same synchronized Shared Health Summary? If one GP uploads a new Summary after adding a new medication the other summary will disappear. The second GP wouldn’t be happy to see his Shared Health Summary disappear.

Or does the Patient have two Shared Health Summaries and if so which one can be relied upon?

Dr David More MB PhD FACHI said...

Here you see a key problem with a Shared Electronic Record where there is more than one person can upload a Shared Summary.

When you access the SHS the most recent one is what is displayed but earlier dated ones are also available.

Right now the system is relying on just one custodian for the SHS. With more than one the risk of confusion and error is obvious and clearly unsafe.

If two GPs are contributing SHSs then that is not good at all!

Remember, however, that SHSs are sent whole - the whole thing is sent as one document and is not editable. A whole new record is sent up each time an update is done.

David.

Anonymous said...

As you say David - "the whole thing is sent as one document and is not editable. A whole new record is sent up each time an update is done.".

So GP 1 updates with his summary, the GP two overwrites and updates with his summary. Both GPs see the world differently and have elicited some different information. GP 1 gets pissed off with GP 2 and vice versa. What a humungous muddling mess. Our practice won't be participating $50,000 of ePIPs or not. We will just keep practicing medicine until we can see some benefit for ourselves as doctors and the patients we care for.

Bernard Robertson-Dunn said...

re: "What happens if the patient goes to two GPs? Can they both update the PCEHR?
Surely they don’t both have access to the same synchronized Shared Health Summary?"

From


3.2.8.1 Nominated Provider

Individuals will have the option of nominating a healthcare provider to manage their Shared Health Summary and to ensure that other healthcare providers accessing the individual’s PCEHR have access to a clinically moderated summary of the individual’s allergies/adverse reactions, medicines, medical history and immunisations. Only the nominated provider may update an individual’s Shared Health Summary.

The nominated provider can either be an individual healthcare provider or a healthcare organisation. If the nominated provider is a healthcare organisation, any healthcare provider authorised by that organisation may, if they are providing health services to the individual, update the individual’s Shared Health Summary.

The establishment of a nominated provider can only occur in a consultation between the provider and the individual involved and requires the agreement of both parties. An individual may have zero or one nominated providers.


It doesn't say what happens if an individuals does not nominate a healthcare provider to manage their Shared Health Summary.

However, Table 4: Informational create, read, update, delete indicates that only a nominated provider can create of update an SHS.

A good Entity Relationship Diagram and and a Data Flow Diagram would have made this very clear.

The only descriptions of entities and relationships in the above architecture deliverable is diagram 3.2.8 Relationships Between Information Entities which doesn't even mention a SHS.

I'll ask the question again. Where are these architecture deliverables?

My guess is that when they decided what products to buy, all architecture work stopped and they have just accepted what's in the software that has been bought. Which is probably copyright and subject to IP constraints.

It also means that whatever was in the ConOp and architecture documents, regarding how the PCEHR is supposed to work, is at best uncertain, at worst, wrong.

Anonymous said...

Thank you Bernard, very helpful, as you point out --- If the nominated provider is a healthcare organisation, any healthcare provider authorized by that organisation may, if they are providing health services to the individual, update the individual’s Shared Health Summary.

Mmmm so, I assume this means that the organisation (which may be a hospital) has its own copy of the SHS, and it may change some fields or add a few medications (and presumably delete other medications which are no longer applicable)then sends the SHS into the PCEHR to replace the one already on file!!!!

Mmmm. What happens if the organisation fails to delete (or doesn't appreciate the need to delete) the medications which are no longer relevant?

Anonymous said...

"Mmmm. What happens if the organisation fails to delete (or doesn't appreciate the need to delete) the medications which are no longer relevant?"

Well then, you can check (in another section in the PCEHR) whether:
The medications have been dispensed and claimed - they might just appear under the PBS Medicare section. No guarantee though that the patient is still taking the medication, or that the medication was not purchased over the counter and not claimed on the PBS.
Or you could look in the section which is populated by electronic prescription exchanges. But that will only indicate again what has been prescribed and what may have been dispensed and only if the GP and the pharmacy are using the prescription exchange, and have registered to participate in the PCEHR as well. Also, you need to consider that the consumer may have hidden the relevant document from general view, or just from your organisation.
Or why not look at the patient's own section of the PCEHR where they can list what they are taking, and hope that it is up to date? Just to check this, you could compare the date of the patient's own data entry against the other records so that you can piece together the "medication event steps".
There are so many sections that you can look for medication information in a PCEHR, a clinician is just spoilt for choice and variety!
If that all seems too hard - perhaps ask the patient what they are taking and when they last took it?

Bernard Robertson-Dunn said...

Anonymous said:
"Or why not look at the patient's own section of the PCEHR ..."

According to the ConOp September 2011 Release

4.3.10 Consumer-entered notes
The PCEHR System will provide an avenue for individuals to record notes
within the PCEHR via the consumer portal. These notes are provided as a
memory aid for individuals and their representatives and are not visible to
healthcare providers.

However, in the architecture document:
NEHTA_1002_2011_PCEHRArchitecture_HighLevelSystemArchitecture_v1.35.pdf

Table 4: Informational create, read, update, delete
row 4: PCEHR Structured Document - Consumer Entered Information
can be read by: Provider, Nominated Provider, PCEHR System and Provider CIS.

The PCEHR Act defines "consumer only notes" as
in relation to a consumer, means health information included by the consumer in his or her PCEHR and described in the PCEHR system as consumer only notes (whether using that expression or an equivalent expression).

and then makes very clear that nothing authorises a participant in the PCEHR system to collect, use or disclose health information included in consumer only notes.

This all means that health providers cannot "look at the patient's own section of the PCEHR" and that the architecture document on the NEHTA site is wrong.

But we knew that anyway, it's just the extent to which it is wrong that keeps growing.

So, here's another question. Why is that architecture document on the NEHTA site with the implications that it is officially sanctioned and both current and correct?

Anonymous said...

The patient died through a medication misadventure.

Following a root cause analysis the Coroner found the numerous options available for determining what medication the patient was taking confused the doctors leading to the patients demise.

Perhaps a solution has now been found to address the social impact of the rapidly ageing population growth.

Bernard Robertson-Dunn said...

I just went to http://www.health.gov.au/ and selected PCEHR from the "Information by health topic" drop down box.

That took me to a page that said:

Sorry, we cannot find that page...

It looks like you are trying to visit a web page that is either no longer available in our website or has been moved.


Has DoHA disowned the PCEHR?

Bernard Robertson-Dunn said...

Exploring the consequences of the relationship between a consumer (stupid term, I'll use individual), their SHS and their nominated health provider.

Here's a potential scenario that makes use of one of the major selling points of the PCEHR.

Fred, an individual, lives in Sydney. His local GP is his nominated health provider and together they create Fred's SHS. So far so good.

Fred goes on holiday to Melbourne where he is involved in a car accident and gets taken off to hospital. A&E access his PCEHR and SHS, patch him up, put him on a range of medication and ship him back to Royal North Shore hospital.

Fred's nominated health provider works miles from Royal North Shore hospital.
Fred is in a coma and can't take any part in managing his PCEHR.

Now for the questions.

Who can, and who actually updates Fred's SHS?

What health information can staff at Royal North Shore hospital see on Fred's PCEHR/SHS?

Should they assume that, because of the case history, the status of the information in the PCEHR is not to be trusted?

If the SHS cannot be relied on to be current and accurate, what use is it?

What happens if a health professional uses information in the SHS that turns out to be incorrect and Fred's condition worsens?

How do I know this scenario has been well analysed and thought through and that the behaviour of the PCEHR reflects this analysis?

It seems that access to an individual's PCEHR during an emergency has been dealt with (system functionality and legislation) but what about emergency staff entering information into an individual's SHS and PCEHR during that emergency? There's nothing about it in the FAQ at http://www.ehealth.gov.au/internet/ehealth/publishing.nsf/Content/faqs-hcp-managing

Anonymous said...

From my understanding (which may be wrong because I don’t work for DOHA or Nehta), the scenario you describe would result in the following documents being sent to Fred’s PCEHR –in date order:
1) SHS from Fred’s normal GP in Sydney
2) Melbourne Hospital A&E event summary/discharge summary posted
3) Royal North Shore hospital discharge summary (only after Fred is discharged).
Answers to your questions:
No one can update the original SHS from Fred’s GP – it is a snapshot with a date. Fred’s GP or another GP or nominated provider can create a new SHS – at a later date, but only with Fred’s permission.
Staff at Royal North Shore who have access to the local hospital clinical system can see Fred’s PCEHR and (with emergency access) can see the original SHS and the Melbourne discharge summary.
They can trust the information in the system (as being simply snapshots in time), but they need to notice the dates – which event comes before the other (not when it was posted, but when it happened). With emergency access they can see these things. If they do a standard (non-emergency type of access), then they will still see the original SHS, but need to consider that there may be documents which are hidden – like the Melbourne Hospital event could be hidden, or that they themselves may be a blocked provider (by Fred who may only want them to see certain documents and not others). Clinically it is probably better to use the emergency access so you can see all the events.
Fred’s GP (nominated provider) at this point may not even know that Fred has been in two hospitals, (unless he bumps into Fred’s wife at the shops). Fred might get a message from Royal North Shore saying his patient has been admitted, but this will not come from the PCEHR. Once Fred has been discharged home from Royal North Shore, and he visits his GP again, the GP might decide to create a new SHS in Fred’s PCEHR, which will replace the last one. But if Fred says no, then the old SHS will still be there, as a dated snapshot in time before he had his hospital adventure.
Dates of events and documents are important, and the order in which they are presented is vital. If in the meantime while Fred is in hospital, Fred’s wife went along to the pharmacy to dispense some repeats for his regular prescriptions (which medication has been suspended for a few weeks while he is on hospital prescribed medication or pending an operation), then these dispensed item details may also display on Fred’s PCEHR (via the prescription exchange) with recent dispense dates, confusing the medication situation.
And this is all assuming that the Melbourne Hospital and the Royal North Shore system have software that has been enabled to access the PCEHR and the HI Service.

Paul Fitzgerald said...

Given the scenarios described above, can anyone tell me why we have spent over a BILLION DOLLARS on this piece of crap? I'm sorry, but there is software out there which could provide access to the original source documents (with permission or "break the glass" access) for much, much less money, and seemingly with much, much less risk and much, much more benefit to the patient and the clinician.

Anonymous said...

Perhaps some kind of summary of summaries or SHS SOS for short. I am sure Accenture have designed this whole strategy quite well.

NEHTA may not be perfect and probably needs to get ride of the last remnants of the PCEHR upper management, however the alternative will have NIO left as the Woolworths/ Coles mono pearly for e-health.

The way the specifications are being rushed out the door, the lack of useful engagements and lack of openness is doing no one any favors except certain shareholders

Bernard Robertson-Dunn said...

@Anonymous (8/13/2013 04:38:00 PM)

Thanks for that info.

Proper functioning of the system does seem to rely on quite a lot of assumptions and human intervention and even then may be confusing.

It also raises the question - on what occasions, and how many times, would it be advisable for health professionals to invoke emergency access in case there is hidden information? Just to be on the safe side.

Is there an official description of the system operation, including the roles of the various health providers and the individual, for this and all the other potential scenarios?

Are Health providers being trained in the proper use of this tool?

Anonymous said...

You are funny!