Monday, April 18, 2016

The Australian Privacy Foundation Releases Its Commentary On The Draft National Digital Health Strategy.

I was given this to publish this week:
Submission to the Department of Health on the draft National Digital Health Strategy.
Australian Privacy Foundation
Date 14 April 2016
Contact
Dr Bernard Robertson-Dunn
Chair Health Committee
1.     Executive Summary
This response to the draft National Digital Health Strategy for Australia, July 2016 – June 2019 is predicated on our belief that all information systems containing personal data represent a potential risk to privacy. However, that risk may be worth taking if the value of the system to the individuals involved outweighs the risk.
Our primary concern is that the value and benefits of the My Health Record system to consumers have not yet been adequately demonstrated.
Furthermore, making the system opt-out means that a large proportion of the population will have a health record with little or no value and as such represents a significant and un-necessary risk.
With regard to the draft strategy document, we contend that, as a strategy, it is flawed for reasons we discuss below, but just as importantly, its scope is skewed to the My Health Record project, not a strategy for identifying useful outcomes and associated issues as well as integrating access and privacy controls across the national electronic health record space. The latter is what a digital strategy must address, with the My Health Record as a subset of the larger picture.
On the strategy document itself we have several comments to make:
There are no References to Earlier Initiatives
The strategy seems to have been developed without reference to earlier initiatives. We specifically refer to the previous National Strategy issued in 20081, the Royle Review2 and the large body of feedback on the eHealth Legislation in June 20153. A number of key participants in the health, informatics and privacy domains expressed some serious concerns about the system and the proposed opt-out trials which appear to have been completely ignored by the Department since then. The feedback certainly has not been referenced or incorporated into the draft strategy.
In addition, we also draw attention to the considerations by several Senate committees regarding the eHealth bill of 2015. The Parliamentary Joint Committee on Human Rights and the Senate Standing Committee for the Scrutiny of Bills each raised significant concerns about the bill, especially regarding the proposed change to opt-out. Not including references to these committees, the issues raised and the way the strategy has incorporated the views of these committees is a significant and unwise omission.
The Purpose and Audience are Unclear
The purpose of the strategy is unclear. At whom is it aimed? The Federal government and its agencies? State governments as managers of health care facilities? State run health care facilities? Private health care facilities? Software vendors? Hardware vendors?
We suggest that the purpose of the strategy be made very clear, along with how the stakeholders at whom the purpose is aimed will be involved in both finalising the strategy and delivering it.
Our advice is to ensure that the purpose is directly linked to ways in which health care is made more effective first and more efficient second.
The Document Lacks Flow, Coherence and Analysis
The various sections of the document do not form a coherent, logical flow of evidential information, analysis, conclusions and initiatives. The content of each of the sections bear little, if any relationship with the others.
In addition there is no relationship between Digital Health – a technology enabler - and the problems and challenges of information management. Furthermore, the aims and objectives of information management lie in the delivery of better health care.
Turning this around, the need to deliver better health care through improved information management should be the drivers of Digital Health. Technology may offer opportunities for better use of data but it needs to be shown explicitly that this will lead to improved health care without unwarranted risks to privacy and that unintended consequences are minimized and that an approach to dealing with them is in place.
What is mainly missing is the linkage through information management through to improved health care processes and outcomes. There are some references to Digital Health and improved administrative processes, but the high value outcomes are more likely to be achieved from better health care decisions – a phrase that occurs only once in the draft strategy and only then in the context of engaging the patient.
The result is that, without a linkage to improved health care, the contents of Section 6 - Digital Health vision and Section 7 - Key strategic areas of focus lack justification and any explanation of why the particular objectives and initiatives have been selected and how they will achieve the vision.
This means that making an assessment of the value of the Vision, Objectives and Initiatives to Australians very difficult. It is our preference that a strategy as important as that driving eHealth in Australia should be based upon evidence, logic and analysis.
We recommend a cost/benefits analysis of the system should be undertaken to answer questions about the financial returns on the investments of the federal government, state governments, software vendors and medical practitioners.
With an estimated total cost over the first ten year period of the operation of the system of between $1.5-$2.0 billion, we are skeptical that improvements in health care that match that expenditure and which could be attributed to the system are achievable.
We would be interested in seeing the government’s calculations and predictions as to when the financial benefits of the My Health Record system are expected to overtake the cost of the system.
Also missing in the draft strategy is any detailed analysis of capability or funding constraints or expectations. The draft strategy says that “government and the private sector is funding the development and delivery of local digital health systems”, however, the strategy should be structured and predicated on the capability of the various parties and stakeholders to participate, not just state who will pay for it. Participation requires resources, both skills and financial. If the stakeholders do not have available the necessary resources, then the strategy needs to be tailored appropriately. A strategy that is not integrated into a known and agreed funding model is most likely to end up as shelf-ware or only partially implemented.
A National Electronic Health Record Privacy and Security Framework is Needed
A high priority for a strategy aimed at establishing trustworthy electronic health record systems (the My Health Record system is only one) for Australia should be elevating the issue of privacy, information security, confidentiality and access control. This means formulating a widely-accepted national framework to assist in dealing with these issues, solving the major problems in this area, clarifying how different schemes and protections fit together -- with an initial focus on secure, reliable clinical system intercommunication.
We suggest that the strategy be expanded to include such a framework.
As part of this framework, a priority should be to recognise the urgency to finally pass the long-overdue improvements to legal protection in this area, particularly what is often called the Tort of Privacy law, and the Data Breach Notification law. Without these laws, which are ready to go, the framework will lack necessary legal foundations to give confidence to patients and others that if something goes wrong, they will find out about it and could hold those responsible to account. At present neither is true.
Conclusion
In our opinion, the draft we have been asked to review is a start, however it requires major work before it could be seen as a useful document. The APF is more than willing to participate in its development.
We see the strategy as badly distorted by too much emphasis on the My Health Record, rather than the primary unresolved 'safe and easy communication' issues for the larger national eco-system of clinically relied-upon EHR systems, but we cover the MHR in some detail.
We are not convinced that the value of a national opt-out health database, paid for by the Federal Government, (which implies a strong degree of control) has been justified.
Neither are we convinced that the primary use of the database is to improve health care or efficiency.
The fact that the concerns about the usability, purpose and risks of the system raised by many institutions last year in the context of the eHealth bill have not been addressed has left the lasting impression that clinical support is not the driving force behind the government’s intentions of the My Health Record project.
----- End Exec Summary.
You can read the full document here:
I had a small part in putting this together and am pretty happy with the work that has been done at pretty short notice by the Health Sub-Committee.
As ever comments are welcome.
David.

15 comments:

Anonymous said...

Wow. There are so many good points in this entire document it should be obligatory reading.

Comment 3. Digital Health Vision and Objectives was a standout. “We do not understand why these (Vision) statements have been chosen as a Vision for a National Health Strategy for Digital Health. They are difficult to relate to anything in the document either before or after”.

and ….

The digital Health Vision is followed by a set of objectives that, like the vision, have no obvious or logical relationship with anything mentioned previously in the draft strategy.

and

The Digital Health Vision and the Objectives are statements of motherhood, lacking in context, logic, or any indication of the value to the government, consumers or the health industry.

and

“The vision SHOULD be the CORNERSTONE of the whole document”.

Anonymous said...

The best bit is pointing out that Health has totally ignored the feedback it got last year before the eHealth Bill was passed.

Anonymous said...

David do you know whether there are other submissions available to read like MSIA, RACGP or whoever? I think the APF's submission makes some excellent points. Let's hope the Department reads it.

Dr David More MB PhD FACHI said...

I do not believe any of the others - if they exist - are being made available. The consultation was meant to be closed and non-public and so it seems the submissions will be kept secret from us.

If anyone wants their submission made available send it along!

David.

Anonymous said...

So when they state 'more public consultation is the future' they mean through Dr David More

Anonymous said...

The Business Dictionary defines TRANSPARENCY as:

- Lack of hidden agendas and conditions, accompanied by the availability of full information required for collaboration, cooperation, and collective decision making.

Given that the Department is running a closed consultation process one has to conclude that the Department does not wish to be TRANSPARENT. That is their prerogative.

However, I would argue that history has repeatedly shown this does not engender any level of trust or confidence in the process.

What does the Department not understand?

Anonymous said...

"What does the Department not understand?"

It might be quicker to answer if it was "What does the Department understand?"

Anonymous said...

What disappoints me is that over the years so much time and resources have been invested by so many in preparing well considered, sensible, submissions. Yet it would seem that quite a lot of what has been submitted has been discounted by those who called for submissions in the first place as part of the ‘apparent’ consultation process. It doesn't make any sense to me.

Bernard Robertson-Dunn said...

You can always tell a project manager, but you can't tell them much.

Anonymous said...

Re: April 20, 2016 4:54 PM I would give the benefit of the doubt and put the reason down, not to the fact that submissions were not looked at, nor to the fact that the contents and recommendations contradicted some predetermined views held by those who called for submissions, but rather because the contents of the submissions simply were not understood because those who were reviewing the submissions did not understand what it was that they were trying to achieve in that they were conflicted by multiple opposing objectives.

Anonymous said...

Analyzing submissions requires some understanding of what is being proposed in the submission and relating that to the project's objectives. In other words it's not a simple clerical task. Perhaps those who were tasked with assessing the submissions lacked the necessary depth of understanding to be of any value.

I like to think this accounts for the root cause of many of the problems encountered in the project today. If nothing is done it is reasonable to expect the project will continue to rattle along into the future on a warped railway line until it comes to a grinding halt or crashes.

Anonymous said...

The Consultation List is made up of 3 in the Jurisdictional Working Group and 12 in the E-Health Working Group; a total of 12. Their experience in HealthIT is very average; 5 have nil experience.

It really is a farcical state of affairs to have such an important document coddled together by a cohort of bureaucrats where their combined experience in healthIT is limited to put it politely.

Why, when there are more than enough people in the health IT space with the expertise required to put a document of this kind together, does the Department descend to such a simplistic level? It is difficult to explain. Is it incompetence, ignorance, shortsightedness - it makes no sense at all.

Surely the Department can do better than this.

Anonymous said...

April 21, 2016 5:16 PM you ask Why? It really depends on whether the Department's agenda is clinically or administratively focussed. It's not the former.

The strategy is more akin to that of a fishing trawler with a massive net cast far and wide to scoop up huge schools of fish in one pass.

Anonymous said...

Looking at the consultation list you have to conclude that it would seem one of the fundamental issues healthcare has in Australia is that not only is failure tolerated but those responsible are the only ones left in the system. If you also recognised many as either not having the skills or knowledge they are there precisely for that reason. Those able to critique/ask hard questions have left or have been weeded out.

Bernard Robertson-Dunn said...

re: "It really depends on whether the Department's agenda is clinically or administratively focussed."

There's another possibility - the government's agenda (not the department's) is to snoop.

Health data is the most sensitive and revealing about people. Medicare claims are not as intrusive, they don't show the results of tests, only that tests have been performed; PBS data don't say why someone is taking the drugs, only that they have been prescribed.

Most other government data is nowhere near as detailed.

Considering the total expenditure on the MyHR (feds, states and health professionals) is well over $2billion for no reported return*, there must be something else the government wants for all that money.

*there have been no reports on who has ever downloaded a MyHR and how much money it has saved.