Sunday, July 30, 2006

E-Prescribing in Australia – Is there a New Plan?

Your humble scribe had another of those “choking on his Wheaties” experiences this week. Suddenly ‘out of a clear blue sky’ it was announced, following the recent Australian Health Ministers Advisory Council (AHMAC) meeting, that there was to be an end to paper prescriptions and we were to move to full electronic prescribing with electronic transmission of the prescription to pharmacists. The pharmacist is to obtain an electronic copy of the patient’s prescription by swiping the patient’s Medicare Card. (One imagines that ultimately Mr Hockey’s Access Smartcard will provide the same – but rather more secure – functionality).

This is hardly a new idea. Way back in 1996, your scribe and a colleague wrote a report for the Commonwealth Government which recommended that planning for such a system commence. We had concluded there was a compelling business case to implement e-prescribing even then. Some notice seems to have been taken of the suggestion as early this century we saw the commencement of the MediConnect trials in Tasmania and Victoria. These trials showed that e-prescribing could be done but that further work was required to make it all work well in order to achieve widespread adoption. There were also some issues around the potential costs of a national implementation being seen as quite high – as an isolated program.

It is noted in passing that e-prescribing is being widely trialled and implemented elsewhere in the world with much activity in the US,UK, Canada and Europe.

Here is the text of the announcement.

“Electronic Prescribing and Dispensing of Medicines.

Australians are set to receive improved healthcare following agreement today by all Australian Health Ministers to remove the legislative barriers to electronic prescribing and dispensing of medicines.

From 1 March 2007 the amendments will allow for all stages of the prescribing process to be completed electronically and provide an alternative to the present paper prescriptions system. Scripts will be able to be initiated electronically by prescribers, electronically signed, then transmitted securely and uploaded into the dispenser’s system without the need for re-keying. This will ease the burden created by paper-based prescription processes and allow healthcare professionals to spend more time with patients and their needs.

There are an estimated 400,000 adverse drug incidents that occur in Australia each year according to the Australian Council for Safety and Quality in Health Care's Second National Report on Patient Safety. Electronic prescribing and dispensing will help eliminate those incidents that occur due to poorly handwritten paper prescriptions and transcription errors.

The regulatory amendments to provide for electronic prescribing and dispensing will become effective on 1 March 2007. This gives all States and Territories sufficient time to make their own consistent legislative and regulatory amendments.”

This description makes it clear that what is envisaged is a national “store and forward” network where the doctor creates the prescription, sends it to a central repository from where it is retrieved by the pharmacist into their dispensing computer. Presumably the patient will also be given a written prescription (hopefully with a barcode containing all the prescription information in scannable form) as a back up and to handle the situation of the computer repository being unavailable.

The number of questions this AHMAC announcement raises are legion. Among them are the following:

Who is going to own and operate what will prove to be a rather large national network? (Will it be Medicare, another part of Mr Hockey’s empire or will it be outsourced?)

What standard(s) are to be used for secure messaging and prescription transmission and are there currently any GP systems with such capability?

What terminologies will be used, given that the Australian Medicines Terminology is still in an embryonic stage of development – not due for at least 12-18 months?

What levels and capability of electronic decision support will be offered at the prescribing point and at the central repository to reduce prescribing errors? (The reduction in error rates, and possibly the ability to bias towards the use of generic medication, is the key justification for the introduction of e-prescribing).

Where will the Government be sourcing the required guidelines and prescribing databases to ensure the prescribers get the most current evidence-based information?

Is the Government (or some agency) going to undertake certification and proof of functionality testing of GP client systems, to ensure they work as safely as possible and have up-to-date drug reference databases etc?

How are prescriptions, which are transmitted but not collected, to be handled? (e.g. the situation where the patient decides not to pay for the drug, or is given the prescription on the basis of “if you get worse get it filled”).

Who will have access to the commercially valuable prescribing data-base the system will create and under what circumstances?

Where do NEHTA, the medical colleges, the pharmacists, the Pharmacy Guild and consumers fit in all this. Have they been consulted?

Are hospitals expected to produce discharge prescriptions electronically?

What review has been undertaken of all the work done here and overseas to ensure we get the safest and most secure system possible from end to end (i.e. from the doctor developing the prescription all the way to the patient being handed their medication and appropriate clinical and safety advice)?

I suppose I could go on but in the absence of the AHMAC providing publicly available detailed minutes there seems little point. All we have – from the Government and AHMAC – is that which has been provided in the above announcement.

Before wrapping up, I must say I think a properly developed and considered national e-prescribing implementation would be a very good thing and would save a significant number of injuries, indeed lives. It does of course need to be undertaken in the context of that National e-Health Plan we have all yet to see.

However, it seems to this observer that, despite some rumours to the contrary, this hare has a good deal further to run and a good deal more work to be undertaken before something useful makes it to the light of day. Pity about that. It all seems far to “spur of the moment’ to be real.

David.

Sunday, July 23, 2006

E-Mail Security and Clinical Practice – What’s Sensible?

In The Australian last week an article appeared reporting that a large teaching hospital in Melbourne has been using standard e-mail to send discharge summaries to GPs. Further it was reported that this had been approved by the hospital following a decision by the hospital's privacy committee that the benefits of rapid communication outweighed the risks to patient confidentiality.

The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.

The essential facts are these.

Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.

Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.

Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.

For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.

GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.

The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.

In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.

Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.

David.

Major Success for the CCHIT

This week the Certification Commission for Health IT (CCHIT) announced it had approved 18 providers of ambulatory EHR systems as being fit for purpose, and suited to play their role to develop a functionally rich and interoperable EHR environment in the United States.

Since the CCHIT was only established in late 2004 this is indeed an impressive achievement – made even more so by the fact that it was founded with seed funding from three leading industry associations in healthcare information management and technology – the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology (Alliance).

Only after establishing a track record did the US Federal Department of Health and Human Services (via ONCHIT) grant $7.5M (over three years) to assist in and accelerate the work.

In less than two years certification standards for ambulatory EHRs have been developed and systems have been evaluated against quite robust test scripts. Additionally work is now well advanced in the development of certification requirements for Hospital Information Systems and work has also begun to consider Health Network Infrastructure Certification.

Given that each vendor was charged only $28,000 for the evaluation, it seems clear that the total cost, to get to this present point, of 18 certified commercially available EHRs, has been well under $US5.0M.

This successful outcome shows two things. Firstly it is possible to certify, in less than two years, the quality of ambulatory EHR systems (what we would call office practice systems or GP systems) to what, on my reading, seem to be quite advanced specifications. It is simply not too hard to do despite the claims of many to the contrary.

Secondly it can be done for a sum that is quite modest. Even if the Australian industry could not afford the certification fees – the process could be funded by Government and the same outcomes reached.

One has to ask why this is not happening in parallel with the longer term initiatives being sponsored and funded by NEHTA. There is a clear need, it is doable and affordable and it would make a significant difference.

Let’s just get on with it.

David.

Thursday, July 13, 2006

NEHTA's Approach to Privacy V 1.0

On July 4, 2006 NEHTA released a document entitled NEHTA's Approach to Privacy V 1.0. This report can be found at the following URL:
http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,141/Itemid,139/

In general the document provides a useful, if rather high level, introduction to the privacy issues faced by all those who plan to implement e-health in the real world. We are also told that NEHTA plans to develop Privacy Blueprints (whatever actually they are) for the Provider and Individual Identifier initiatives as well as a later one for the Shared EHR.

In response to the paper I feel the need to make one key criticism and offer a few observations on the traps and pitfalls that lie in wait.

The criticism is that talk of privacy neutrality is naïve. It is critically necessary to distinguish between conceptual privacy neutrality and practical (or privacy as it is actually implemented) neutrality. Preserving the privacy of a patient’s written record is a very different thing from preserving the privacy of a patient’s record when stored, typically with hundreds of others, in a computer system. The threats from leakage and exposure are different as are the methods of auditing access and use. These differences must be clearly recognised and effectively addressed. An example is the ease with which 10,000 records can be stolen on a USB key compared with the same ‘truck-requiring’ effort with paper records.

NEHTA rightly recognises any perceived failures to protect ‘private information’ will have severe consequences for e-health adoption and use.

The crunch will come for NEHTA in ensuring that the Common Principles for the Collection and Handling of Health Information are implemented as robustly and effectively as the public expects.

The number of recent incidents where tens of thousands or patient records have been exposed by a number of healthcare organisations in the US (including the US Department of Veteran’s Affairs), and the public concerns regarding identity theft that have emerged, shows the basis of public concern has moved beyond having their secrets kept to anxiety regarding personal financial loss.

I also offer the following observations based on consultations I have had over the years with consumer and patient advocate bodies.

1. Persecution and discrimination involving the improper use of a range of private health information is not an infrequent experience among those with stigmatizing diseases (AIDS, Hep C, Mental Illness etc), particularly in the fields of employment and in the individuals access to various services. Thus the need for high levels of confidence and certainty against unauthorized disclosure is easily understood, as is the quite reasonable use of multiple identities to avoid exposure – computer systems must allow for this – or risk rejection by users.

2. The right to not know some things (e.g. possible genetic “doom”) is valued and must be respected.

3. People vary widely in the value they place on being able to keep some information secret (e.g. that they have had an abortion or an STD) and systems have to be sensitive to this variation to succeed.

4. Careful consultation with those on the outer (e.g. the mentally ill, the poor and the homeless) is vital to ensure a privacy underclass with little or no access to services is created.

5. Trust is not a commodity that is as widely available as it used to be – especially of government – and communication of what is happening in the area of Health Information Privacy is vital. Also there needs to be a high level of conservatism and a measured pace of change for success in implementation.

6. Most in the community support secondary use of information for research as long as they are aware the use is happening. This needs to be fostered by openness by the information holders about what research is being done and what the benefits may be.

The privacy issue is a serious ‘hot potato’. Every effort needs to be made to get it right in order for e-health to succeed. We can only hope NEHTA will adopt a sensitive, careful and consultative approach when it comes to implementation.

David.

Sunday, July 09, 2006

How to Really Fail at a Health IT Strategy.

To those of us in the Health IT community who genuinely care about health sector reform and the ongoing sustainability of our health services, it seems that we will need to get mobilised in order to try to change the directions that NEHTA is taking.

Before expanding on why I think this is so let me first say that I would really like NEHTA to succeed, but their approach however is, I believe, setting them up for failure before they start. A big call? I don’t think so, not after having been involved in and observed large scale Health IT implementations from all over the world for over 20 years.

How do you make a program like the one NEHTA plans fail? The things you do are as follows:

1. You don’t have a well considered, fully stakeholder consulted and clearly articulated program plan.

2. You don’t have a publicly persuasive and credible and robust business case supporting your plan.

3. You avoid detailed consultation with stakeholders, such as the software industry, on the impact of your activities so they are unsure of just what is happening and why?

4. You imagine grass roots clinicians (doctors, nurses and ancillary providers) will just accept what you offer when you choose to offer it.

5. You don’t have a well developed and open communication strategy that anticipates the information needs of your stakeholders.

6. You take advice from sources who are so unsure of their ground they seek anonymity.

7. You ignore, or redo, the work which was previously well done.

8. You have your implementation organisation operate with a culture of secrecy and non-disclosure.

9. You provide no clear outcome based indications of what will be achieved and by when.

10. You ensure the survival of the implementation organisation (NEHTA) by pursuing a non-transparent, complex, failure prone long term vision (if one actually exists), at the expense of the clear needs of the health system, which is to have decisive and doable projects undertaken promptly and focussed on assisting health care delivery.

The lessons of history are that clinical systems initiatives have never worked if the workers at the coal face - the doctors and nurses - are not convinced and keen to adopt.

I leave it as an exercise for the reader to work out how much NEHTA is doing right. My guess is that if even three of the above are not addressed, let alone ten, NEHTA will fail.

How many points do you think NEHTA has right on its present course?

David.

Sunday, July 02, 2006

What is Happening in Electronic Decision Support in Australia?

There has been a recognition in Australia for a number of years of the importance of electronic decision support (EDS) in improving the quality and safety of healthcare services. This recognition lead to some significant national work being undertaken in the late 1990’s and early 2000’s which cuminated in the creation of a very comprehensive national strategy entitled “Electronic Decision Support for Australia’s Health Sector - Report to Health Ministers by the National Electronic Decision Support Taskforce” which was published in November 2002. This report provided a comprehensive review of the then state of the art and a comprehensive set of recommendations.

Implementation of the recommendations was passed to the National Electronic Decision Support Steering Committee which is a subcommittee of the Australian Health Information Council (AHIC). Since that time an evaluation methodology for EDS has been developed and published by AHIC in 2003 and a work plan for 2004 has also been published.

However, after that, as best as can be determined nothing of consequence has happened and indeed only one of the fourteen high priority recommendations appears to have been actioned (the evaluation methodology) in the last three and a half years.

This is an amazing example of the ball simply being dropped due to what can only be stupidity and the inability to understand what benefits could be derived from following the roadmap.

Four years later we see the US produce, via the American Medical Informatics Association (AMIA) a similar plan. AMIA brought together experts from all over the US and convened a number of workshops and conferences in the following twelve months leading to the development of “A Roadmap for National Action on Clinical Decision Support” which was published on June 13, 2006. I can sadly report the US document reaches the same conclusions and suggests similar actions to the earlier Australian report.

Wake up Australia! You are being very badly served by the present crop of e-Health bureaucrats.

AHIC should either get on with it or resign in protest!

David.

Just Who Do They Think They are Fooling?

Earlier this week an eight page brochure entitled “e-Health NewsLetter” June 2006 appeared in my e-mail inbox. A nicely produced eight page brochure which was suggesting all was absolutely wonderful with all the e-health projects being sponsored by the (what was thought to be up until now the defunct) HealthConnect program.

Oh joy…all will be well in e-health I thought – such a professional polished brochure can only contain good and exciting news.

Sadly it is not the case. What is in fact contained in the Newsletter, which for some odd reason was not found with a Google search for ["e-health newsletter" healthconnect] on July 2, 2006, is a sad illustrated repeat of all the failures and lack of progress we have seen over the last six years.

I finally located an on line copy at http://www.health.gov.au/ehealth/. It was made available on 28 June, 2006 according to the download page. Quite odd that there is not even a pointer to it on the HealthConnect web site itself. Clearly this brochure is meant to be very low key indeed in its public exposure.

What do we learn from the contents?

Firstly we discover the national consumer health information line (Healthinsite), after 5 plus years of operation receives less that 12,000 unique visitors a day. Hardly usage that Google or Yahoo would see as a commercial threat. (I must say however the site is valuable and really should be much better marketed to the public – pity the good work is not more widely known.)

Secondly we hear that a few months ago the Council of Australian Governments provided $130 million over 3-4 years to identify patients and health providers and progress clinical terminologies. Still no idea how the identity systems will relate to the proposed Access card of course.

Next we get a recital of all the various HealthConnect Trials that have been conducted over the last 4-5 years.

We discover that South Australia is implementing a proof of concept care co-ordination system because SA has the oldest patients in the country and need it most. No specific technology, patient groups, time lines, outcomes etc are discussed so we will all just have to wait and see.

In the Northern Territory is seems the Shared EHR has been such a success that it has needed to be supplemented with point to point (P2P) messaging of clinical information (i.e. secure e-mail between doctors). The discussion also has real issues regarding tense. Part of the document implies a lot is up and working and then further on there are comments saying that what is being done will comply with yet to be finalised standards. I know the evaluation of the initial NT trials were very negative and have no certainty much is really happening at present either.

The latest news from the Townsville trial is that everyone thought it was a good idea. Again, no discussion of what difference it made, how many better outcomes achieved etc

From NSW we hear that the Health-E-Link project began a pilot implementation in March and is a great success because only five percent of patients have opted out. Commentary recently suggests the trial is not going all that well technically – and certainly there have been no public claims of progress I have seen. Again we need to wait and see – a franker discussion of numbers enrolled, access made to records would provide a few facts to support the brochure assertions.

In Victoria and Western Australia there have been broadband implementations which may improve regional communications and provide VoIP and e-mail etc. Clinical benefits are not yet apparent and the costs of service provision are a major issue in the WA project continuing after Commonwealth Funding ends.

Lastly, in Tasmania Hospital Systems have been modified to send an e-mail or fax, based on patient administrative system data, when a patient is admitted or discharged. Possibly useful – but rather a far cry from the Shared EHR vision which HealthConnect was meant to be about.

In essence this brochure is simply an admission of failure, after what is said to be $200 Million spent, to demonstrate a single improved clinical outcome.

It is really quite serious when a government publication is so carefully crafted to conceal the lack of progress and to provide quotes and commentary which are frankly untrue.

David.