Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"


H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, October 29, 2006

Personal Health Information Privacy – The Elephant in the Room.

It seems that on both sides of the Pacific there is increasing interest in, and increasing difficulty with, working out an approach, and the supporting technology infrastructure, to meet public expectations for health information privacy and security while at the same time permitting health care providers the access to information they need, quite legitimately, to provide optimal care. This short article aims to provide some talking points and base assumptions / positions that may be relevant in the very difficult policy area.

The key assumptions I would make are:

1. Technology can provide any level of information security and privacy that can be desired.

In 2006 it is perfectly possible, through techniques such as encryption, to secure electronic health information in such a way as to render unauthorised access virtually impossible. The military of most advanced countries, as an example, achieve this despite quite expert efforts to compromise their message integrity.

So what then is the problem? As I see it there are a few problems. First there are issues of cost. Military grade security comes with a military price tag. Second there is the issue of convenience. If a system is clumsy or difficult to use it will either not be used or the users will work out ways to make things easier for themselves by doing such things as using easily remembered passwords (which are easily compromised) or writing harder ones down in places where they are easy to find.

So while the technology is willing and able it is a truism that the weakest link are the users of system who either for convenience, speed and very rarely for malice will compromise the best designed security system.

The only satisfactory approach to address this risk is a combination of user education around the importance of complying with the rules along with regular audit, both passive via audit file review and active through deliberate attempts to subvert individual user discipline to ensure the educational program is actually working.

That users will take advantage of privileged access to information is well known with many stories of staff in the police, tax departments and hospitals accessing information out of curiosity or occasionally for more nefarious motives.

2. If the issue of privacy of personal identifiable health information is not frankly and honestly addressed it is likely most initiatives involving the sharing of health information will either fail or be severely compromised.

It is an article of faith with me, and I suspect with most readers of this blog, that an appropriate deployment of information technology in the health sector can improve the quality and safety of healthcare services. Central to this improvement being achieved is to put in place individual patient records on which clinical decision making can be based and on which decision support systems can operate.

If the target of our care are not entirely comfortable with the caring professions efforts to keep confidential their most sensitive secrets any electronic record initiative will face major, and probably fatal, implementation hurdles.

At present, as best I read the research, the key concern most citizens have is that, unknown to them, their private information will move out of their control and ability to access and correct as well as a fear of disclosure, profit from or use by unknown third parties.

Most seem quite comfortable with their GP recording information about them in his personal clinical system and most are pleased to be cared for in hospitals where they are not asked for the same details ten times a day.

Concern arises once there is the possibility the information moves out of the direct control of the GP or hospital.

For any such use and sharing of information citizens are very keen to understand just what is being shared, why it is being shared and that they will have an effective right of veto before it is shared.

There is already concern, on the part of some, that GP prescribing sets and the like are being shared, without the patient’s knowledge, with pharmaceutical companies for marketing purposes. One wonders just how the patient’s interests are being served with this sort of disclosure

3. It is important to recognise individuals have differing sensitivities associated with their health information.

Your correspondent is well past his physical prime and in the last few years have had a number of stays in hospital. Each of these stays was for investigations and procedures that are quite commonplace and frankly if anyone where to get hold of my full record the worst that they could conclude is that I should have stopped smoking thirty years ago and not twenty years ago. In a health sense I have nothing to hide and so do no care who has my records.

An individual who is their past has a mental illness, a genetically inherited risk, an abortion, an STD, HIV/AIDS, a cosmetic breast operation or whatever may feel entirely different and wish to either be able to exert very fine grained control on what information can be shared or indeed prevent any sharing at all. This is entirely reasonable and it is up to system designers to ensure such control is available. Again this is not a technical issue but rather a system design issue.

4. While one can design technology neutral Privacy Principles their implementation has to respond to a very different set of risks. In no sense does one size fit all in these circumstances.

There seems to be a view among policy makers that all that is needed are a correct set of Privacy Principles and all will be well for all. I believe this is naïve and wrong.

First there seems to me to be a very good case for ensuring that the level of protection provided for identified health information should be more robust and better enforced than say financial, purchasing or employee records. Not to say these should not be robustly protected but given the potential personal impact of disclosure of health information that even more care is warranted than may be justifiable for other information.

Second, as already discussed on the blog, the risks that are faced by electronic and paper records are different and do require different risk analysis and different responses.

Essentially what we need to recognise it that if private information escapes into hands that the owner of that information is not comfortable with the consequences can be personally and professionally devastating.

What is needed is the sort of education and auditing mentioned above and for breaches there needs to be a carefully designed regime of penalties and enforcement that is swift, has real teeth so it can act as a serious deterrent and which considers the impact on the victim of the breach properly.

Additionally real privacy experts need to be involved in system design and implementation. As well it is important that there be proper piloting and evaluation of privacy controls as they are practically implemented to ensure the outcomes citizens expect are actually being delivered in the real world.

Overall if I had one mantra it would be that “care must to be taken to establish and retain citizen trust”. If this is not achieved we ultimately may not be able to successfully implement and operate the systems the Health Sector so badly needs.



What is discussed above I would see as an ideal situation. What is happening in Australia falls far short of the ideal. The two most egregious examples that comes to mind is the apparent continued use of non-individualised and non role based security provided to protect information contained in the South Australian OACIS system. When I last heard – and I am happy to be corrected on this if things have moved on – a clinical user at one hospital, once logged on, could access any record of essentially any type for any South Australian on the system. When last I spoke with people in SA there was not even the capability for a patient to withhold results from the system. (Note an Updated Comment was posted on November 23, 2006 and should be read with the material provided here - David.)

I understand some similar issues also exist with the Healthelink trial in NSW. Here again there is a single level of access – you can find any patient on the system and see all that is held – or not if the patient has ‘opted out’. Patient have no capacity to segregate sensitive from other information and some will inevitably be disadvantaged by such poor initial system design.

The following two articles in the Australian of the 28th October 2006 make useful supporting reading.

Policing privacy

Plans to put the medical records of all Australians online face strong opposition from doctors and privacy advocates. Leigh Dayton reports

October 28, 2006

HERE'S the dream: your elderly mother suffers breathing difficulties. You take her to a GP who recommends a series of tests. The procedures are scheduled online, much like booking a flight to Bali.

When your mother arrives at the hospital for the tests, all her medical records are available to the specialists, again online. Results are added instantly to her "electronic health record" and a "cyber-script" is sent straight to her local pharmacist. The pharmacist checks the prescription against her other medications and has it filled when you drop by to collect it.

Meanwhile, your mother's doctor has reviewed her test results online and arranged a follow-up visit with a respiratory specialist who immediately has details at the click of a mouse. Online booking, online records, online service. Plus, neither you nor you mother has explained her problem numerous times, or waited for paper records to be sent by mail.

Here's the nightmare: you go to your doctor, seeking help for a drug and alcohol problem. There, you book online for specialist treatment at a discrete facility. The receptionist managing bookings at the facility recognises your name and tells a friend, your former – and very angry – spouse. Word reaches your employer's ear. You're fired.



Patient privacy must be governed by a unified national system

Mukesh Haikerwal

October 28, 2006

THE Australian Medical Association has for a long time been calling for an overhaul of Australia's privacy laws and the establishment of a unified national system governing the privacy of information in the health sector.

Continued …

Dr Mukesh Haikerwal is president of the Australian Medical Association


Thursday, October 26, 2006

What is Happening at NSW Health with Healthelink?

In the last couple of days there have been two reports on the ABC related to electronic health records in NSW. To date I am yet to see any other reports covering what was said in a couple of news bulletins.

The two items were, in chronological order, as follows:


Privacy group urges patients to opt out of database

The Australian Privacy Foundation (APF) says patients should ask their doctor not to put their records on a new electronic database, because the system is a breach of privacy.

The New South Wales Government says it will roll out the system, which will allow a patient's health records to be accessed from anywhere within the public health system at any time.

The chairwoman of the APF, Anna Johnston, says patients' records will be put on the database unless they opt out.

Ms Johnston says a trial of the system has failed to get the support of doctors.

"There are very real concerns amongst GPs that if they do participate in the system they will be in breach of federal privacy law which says you cannot collect health information about people without their consent," she said.

"The system has been designed in such a way that health service providers could effectively collect health information about every person in the state, not just those who are their patients."


Electronic medical record system can save lives: Iemma

New South Wales Premier Morris Iemma says the introduction of a new electronic medical record system will reduce hospital errors and cut costs.

The electronic system places patient details on an internal computer system for quicker access by clinicians.

Private company Cerner Corporation has won a $40 million contract to roll the system out for the state's eight area health services by 2009.

Mr Iemma says it will provide one integrated system.

"This can save lives," he said.

"It frees up the time of the health care professionals to provide health care and not administration."

Currently only 4 per cent of patients are choosing to opt out of the program.
In the future, the system could be centralised and connected to the records of general practitioners.

The Australian Privacy Foundation has raised concerns that expanding the system could breach privacy laws.”

The interesting aspects of all this are as follows.

1. The normally “I’ll announce something good every day” Health Minister in NSW John Hatzistergos was not the announcee of the news.

2. The Premier’s press release refers to Cerner Corporation (a very large US based listed Health IT provider of predominantly hospital systems).

I believe what the Premier’s announcement is about is the final wrapping up of an aborted RFT-IT 190. This tender was released in May 2005 to obtain what used to be referred to as Point of Care Clinical Software (PoCCS) and which has been relabelled as Electronic Medical Record (EMR) software.

As stated in the tender document:

“Potentially four Areas could be seeking EMR implementations through the period contract arrangements resulting from this RFT. These are South Eastern Sydney Illawarra, Hunter New England, Greater Southern and Justice Health”

Some 17 months later we now hear that Cerner is to take up the baton NSW wide as far as clinical systems are concerned for all Area Health Services. This is obviously a good thing as having as much of the current NSW market as Cerner already had – consistency across the whole State system will provide useful efficiencies in staff training and the costs of staff – relocation as well as in the consistency of operational data available.

The delays and costs in getting to this point are, of course, just ridiculous. Six months should have been more than enough time to test the market and confirm (or not) Cerner as the sole EMR provider for NSW Health for the next few years. No wonder the Health Minister left it to his Premier!

This software is specifically for internal Hospital use and has nothing really directly to do with the Healthelink project which I understand is still battling with the issues raised by the Privacy Foundation and which threatens to become a considerable white elephant.

Cerner’s approach to security and privacy, along with its internal hospital operational role, should provide much less in the way of privacy concerns. Systems such as Cerner's provide very considerable operational support for in-hospital care delivery and clearly are something one would not want to take advantage of when in hospital.

I would be curious to hear comments from any readers who have better information – noting the useful confirmation of the iSoft comments made here from a previous insider that has been posted recently.


Saturday, October 21, 2006

How Did iSoft Get into So Much Trouble?

The main news from iSoft’s Annual General Meeting last Tuesday is that the company is in discussions with possible suitors to be purchased and hopefully re-financed and stabilised. Unless a suitable suitor can be reasonably quickly located there is a real risk that many iSoft customers could find themselves “on their own” from an IT perspective. This would be a major distraction from the provision of patient care in those organisations and possibly even cost more than just money and inconvenience.

Anyone with any familiarity with the Health IT industry will be aware that this is not the first time there has been the need for merger and acquisition activity to bale out Health IT providers and regular readers will remember I pointed out the need for commercial due diligence as part of the vendor selection process a week or so ago.

Isoft’s history, from its web-site, is interesting.

Acquisition of Novasoft Sanidad S.A.
World-wide strategic alliance with Microsoft
Merger with Torex plc
Acquisition of Revive Group Limited
Acquisition of Paramedical Pty Limited
Acquisition of healthcare business of Northgate Information Solutions plc
Microsoft global launch partner, and the only European software partner for the Windows XP Tablet PC launch
Dedicated offshore development business established in Chennai, India
Acquisition of ACT Medisys Limited
Acquisition of Eclipsys Limited and Eclipsys Pty Limited
Full listing on London Stock Exchange
Only Microsoft SQL Server 7.0 launch partner in UK health
Acquisition of CSC’s Australian healthcare systems business
MBO by senior executives to create iSOFT
Founded a healthcare information systems business within KPMG

What I see in this history is a company founded by some Health IT consultants that took advantage of the dot.com boom to conduct an Initial Public Offering and used the resulting funds to grow by acquisition of a range of smaller Health IT companies.

The Management Buy Out was worth just £12m, but within six years the Manchester-based IT group had won a £300m contract and pushed itself to the brink of the FTSE-100 with a market cap of £950m. It’s now only £100m.

Of note, early on, is the purchase of the CSC Australian Healthcare Systems business. This purchase was of the support contracts for NSW developed hospital systems, among other things. These systems were at least a decade old at that stage and would hardly have been an ideal base to build a modern Health IT business.

The acquisition of at least five different companies to provide a hospital solution would have posed a very substantial integration task to have iSoft offer a coherent hospital system solution and, as far as can be told, that task has not, nor will never, be achieved. What iSoft has attempted, instead, is to continue to sell products from their acquisition phase with the promise that customers who purchase now would be able to transit to a newly developed seamless product based on modern and highly advanced technology.

To stay afloat and support the development of the new product – termed Lorenzo – iSoft has used the maintenance fees from the older products in both the purchased and newly installed legacy product base (products such a iPIM etc). The problem with this is that they find themselves support multiple patient management, laboratory and other clinical systems – all of which consume available skills and resources.

Lorenzo has been in planning and development since 2002/3 and is now not expected to be ready for implementation until 2008, if ever.

What has gone wrong with the Lorenzo development? Among the factors I would consider to be important are the following:

1. The technical architecture, when Lorenzo was planned, was quite “bleeding edge” (Microsoft .Net and SQL Server etc). Successful Health IT developers typically stay well to the back of the bleeding edge and are very technically conservative to assist with stability and reliability.

2. The complexity of developing a full function, fully integrated modern Hospital Information System was probably underestimated. The successful systems in this space have typically taken very large sums of money to develop and have required input from a large number of clinical experts working with software developers. The use of remote development in India may not have been as effective as it could have been.

3. The need to provide an upgrade path from products that were still being sold to the planned Lorenzo may have made development more difficult.

In addition to the technical and development complexity facing the company there is also a sense that there was at least some overselling of what had actually been achieved. My personal experience with an iSoft Lorenzo demonstration (late in 2005) certainly persuaded me the product was no where near ready for implementation, and would not be when my client needed it. It took some very pointed questioning to have this fact made clear.

The following press release also could be suggested to be a trifle exaggerated!

“7 July 2006
iSOFT successfully delivers to 29 hospitals in one weekend

In just one weekend, iSOFT has installed patient management and clinical systems at 29 hospitals and health sites across Australia and New Zealand for four different health organisations.

The roll-out of iSOFT’s i.PM patient management solution to Greater Western Area Health Service (GWAHS) in NSW continued with 17 new sites going live. Calvary Healthcare Group at Hurstsville NSW becomes the ninth site within Little Company of Mary Health Care to go live with i.PM, completing phase two of its national roll-out.

In New Zealand, i.PM was installed and went live at three hospitals and one health centre as part of the contract with the West Coast District Health Board.

Waikato District Health Board in New Zealand was supplied with new advanced clinical functionality to its HealthViews electronic health record system for 250 users across seven sites to produce detailed clinical documents. Also, 500 users within the Mental Health ‘SMART’ programme can now access the documents in line with its goal to improve reporting of mental health cases across the district.

”This represents a significant commitment of our skill and resource capability over this period of time,” said Nigel Lutton, iSOFT’s Managing Director, Australia and New Zealand. “Given all of the systems went live on time and with high levels of success, it is a testimony to the skill and experience of not only our iSOFT staff, but also the customers that we have worked in partnership with to achieve these milestones.

“This not only demonstrates our significant industry commitment, but also shows the commitment of our customers to achieving healthcare improvement through the smarter use of information technology.”

iSOFT Project Manager Linda Gracie says West Coast DHB was a “dream” site: “I have never worked with customers that were so willing to take responsibility for the project and work hard to achieve their goals. This project was a true collaboration and a joy to work on.”

Wayne Champion, West Coast’s Chief Financial Manager, agrees. ”The dedication and professionalism of iSOFT’s people is impressive,” he said. “The company constantly hits some very demanding project milestones.”

The latest roll-outs at GWAHS bring the total number of hospitals there using i.PM to 35, with another 18 due shortly. The area health service is confident it will see the benefits of its IT investments in continuing decreases in the time patients spend waiting for elective surgery or emergency department treatment.

“Ready access to patient details and theatre appointments, for instance, is vital in minimising waiting times,” said GWAHS Chief Executive Dr Claire Blizard.

Meanwhile, West Coast DHB has also committed to using iSOFT’s clinical systems, with the first implementations due in August.”

I, for one, know of no patient management software, for something worthy of the name hospital, that can be installed on a weekend!

All in all the sad thing in all this is the bad name the likely failure of iSoft will give the Health IT industry and the additional work that many already stretched clinicians will have to undertake to make good replacements and so on.

One can only hope the new owners make the needed transitions as painless as possible.

The lessons from the post a week or so ago on how to avoid a "software lemon" seem even more important with the apparent failure of iSoft. It can happen to you!


Friday, October 20, 2006

New Matilda Article on Health IT

The following is an article I wrote in response to the New Matilda (www.newmatilda.com) document "A Health Policy for Australia. It basically asks for more consideration to be given to the place of Health IT.



'A Health Policy for Australia': response #2 By: David More
20 October 2006

New Matilda is to be congratulated in taking the bold step of developing a health improvement strategy for the health sector based on rational and appropriate policy perspectives and values - values which I for one am extremely comfortable with. If ever there was a sector of our Commonwealth that requires a fundamental re-think health is it.

With that said, and whilst I am aware of the risk of being described as a hammer who sees the solution to all problems as a nail, I would like to suggest that the role of information and knowledge and the technology required for their effective management have been substantially underestimated in New Matilda’s present policy formulation.

Over a decade and a half ago the then NSW minister for Health, Peter Collins, described working in the health system as being similar to “operating in the dark” and despite all his efforts, as the Board Chair of the Australian Institute for Health and Welfare, little has really changed for those operationally engaged in the sector although there have been steady improvements in the gathering of statistical health information. Delivery of clinical health services is an very information intense activity with all service providers needing both patient related (current patient problem, current treatments, previous illnesses, family history etc) and technical clinical information (disease descriptions and symptoms, drug information, the evidence base for treatments and so on).

A core issue that has been emerging over the last few decades, at an accelerating rate, is the amount and complexity of the clinical information required for good (and safe) clinical and management decision making. The knowledge management task involved in delivery of quality, safe, up-to-date, evidence based patient care is rapidly exceeding the capabilities of practitioners and is having a negative impact on clinical outcomes. This recognition is part of the rationale for the push in the US, UK, Europe and Canada to provide clinicians with advanced computer systems (electronic health records (EHR) with decision support) and to ensure treatment errors are picked up at the point of care delivery before the patient comes to any harm rather than later. It is now clear such systems can save countless lives each year but to date we see no thrust to sponsor adoption of such systems in Australia. (Indeed the Australian Health Information Council – the peak body in the area – has been recently disbanded as far as anyone can tell.)

Evidence from overseas very strongly suggests that implementation of advanced Health Information Technology (HIT) can achieve improved quality of care, greater patient safety and less risk of patients “falling through the (inter-sectoral and internal) cracks” in the health system. The evidence that, on most occasions, less than half of appropriate patients receive the best care for their condition based on the best available evidence is alarming in the extreme and needs to be remedied. Technology can help with this!

Additionally the costs of care and the overall efficiency of the health sector can be improved with the possibility of very significant savings being diverted to delivery of improved services (A recent study conducted in Ireland suggested the impact of better information flows and co-ordination of care could reduce the overall cost of the their health system by more than fifteen percent and there is no reason to believe the same is not true in Australia.)

Health IT can also play a significant role in empowering patients to better control their health information through the use of electronic Personal Health Records (PHR). The PHR can be used by the patient (possibly with their clinician carer) to record their clinical information in a secure fashion which the patient can then make available to other clinicians as they choose to ensure accurate communication of information between those involved in their care.

The use of EHR and PHR technology can also, overtime, improve the quality of managerial information available in the health sector and, with appropriate privacy and confidentiality controls, assist in optimising the decision making in resource allocation etc. Additionally such information can assist in the prompt detection of changes in disease patterns which may indicate unanticipated drug side effects or even bio-terrorism.

Lastly, Health IT in more mundane areas such as the supply chain, financial and human resource management computerisation offers well understood advantages which have yet to be anywhere near fully exploited in the health sector, especially in the private hospital, office practice and aged care sectors.

In summary, there exists a very compelling business case both in terms of financial and clinical outcomes for a much larger investment in Health IT (as is acknowledged by the investments being made in the US, UK Canada and Europe) to assist in delivery of the goals of the New Matilda health policy. Australia has neither undertaken to discover if the same is true for Australia (as it surely is) nor recognised the strategies developed in the late 1990’s have, with few exceptions, been comprehensive failures and wastes of money.

To not have fundamental importance of Health IT as a key enabler of improved Health Sector efficiency, equity, quality and safety explicitly stated is, I believe, a significant weakness in the present document.


Tuesday, October 17, 2006

And Now for Some Really Good News!

In January 2005 the European Commission established a project to conduct a Study on Economic Impact of e-Health. The following summarises the approach adopted:

Study on Economic Impact of e-Health

Presently, despite the availability of e-Health systems and services, they are not yet widely used in real-life medical or health situations. A major reason why European and national policy goals have so far not been achieved with respect to e-health is that very little reliable evidence is available on the positive (economic and other) impacts of these innovations. The objectives of this project are:

• to develop a generic assessment and evaluation framework and method, including measurement tools for quantitative indicators, for e-health products and services, focusing on optimising economic resource allocation;
• identification of good practice examples of e-health applications across Member States which have relevance in the domain of this study (hospitals, regional networks)
• integrating the experience and lessons learned from these examples into the method;
• applying the method and measurement tools developed to 10 application sites reflecting the regional and health system diversity of the Union in the fields of hospitals and regional networks;
• making the assessment method and tools generally available online.”

The results are strongly positive and make fascinating reading.

In summary a press article states:

“With Europe's population ageing rapidly and the demand for healthcare growing, healthcare services need to become more efficient. However, little hard evidence is available on the contribution of eHealth solutions. Now one EU project, eHealth Impact, has demonstrated that eHealth can provide enormous benefits – if the technology is properly implemented.

Electronically enhanced healthcare promises to reduce costs, improve quality and efficiency and treat more patients with the same resources. However, to date, no reliable data has been available to support this claim.

Now that data exists. The eHealth Impact project, which finished in May 2006, conclusively demonstrated that there is over a 2:1 ratio between economic benefits and costs. In other words, the benefits gained from implementing eHealth systems are more than two times greater than the additional cost of implementing them. "An eHealth system might cost more, but the benefits far outweigh the costs," says Alexander Dobrev of the project team.

"But that ratio needs to be treated with caution," he warns. "This is the cumulative average from ten of the best eHealth implementations we could find in Europe."

The full set of reports can be accessed under the download section at the following site:


The documentation provides very useful analysis and some recommendations for policy makers.

Policy recommendations

The eHI findings point to a few important recommendations to policy makers at all levels: local, national, and EU. In strategic terms, the overarching conclusion from the ten detailedsite analyses is that effective eHealth in support to meeting citizens’ healthcare demands can have substantial economic impacts and benefits, and is therefore worth encouraging. Key success factors to achieve such outcomes where identified above.

However, to pursue and accelerate the realisation of these benefits, health system policies as well as healthcare providers and third party payers must implement polices which foster such results. Policy makers, healthcare providers and other actors must ensure the right mix of eHealth applications in order to achieve the goal of increasing benefits at stable costs. The following specific recommendations towards this goal are made:

1. Support investment in eHealth because of the significant and sustained positive economic impact possible:

- Provide incentives, such as tax breaks, regulatory and other advantages
- Invest directly, with co-funding, or even full funding, by governments or third party payers for national and other eHealth applications benefiting society, but not sufficiently benefiting an individual private investor
- Integrate eHealth strategies into overall healthcare strategies
- Promote proven eHealth applications and effectively disseminate lessons learnt.

2. Ensure the investment is appropriate:

- Monitor the mix of existing applications and adjust efforts in order to achieve the virtual eHealth economy result. Otherwise, there is a risk of overall costs rising at a rate similar to the rate of increase of benefits, which might not be affordable or desirable in the medium to long term
- Analyse and treat eHealth alongside other investments in healthcare systems and provision, both as complementary and substitutive
- Base eHealth investment decisions on clear business cases that focus on the benefits to be gained and the needs that will be addressed
- Reflect eHI findings in eHealth strategies and investment decisions, especially realism in time periods allocated for achieving net benefits, setting realistic goals to be realised in progressive stages, and committing the resources needed for essential enablers
- Invest in training and education to create stable multi-disciplinary teams with several multi-disciplinary individuals, and extend this to structured training to expand the personnel available.

3. Ensure meaningful investment is allowed to work by providing the appropriate frameworkand environment:

- Invest in relevant RTD and innovation research, education and curriculum development, Continuing Professional Development, and a better understanding of the organisational change processes
- Support the professional development and retention of eHealth ICT expertise in health systems and provider organisations
- Disseminate case studies and develop application models of successful eHealth dynamics for healthcare providers and cooperative health systems at the local and regional level
- Ensure solutions are thought through, yet pragmatic, so implementation can start within a reasonable time period of no longer than 5 years, depending on the application
- Encourage, and actively organise working partnerships between suppliers of the ICT component, HPO and third party payers’ managers, and most importantly users: healthcare professionals and non-professionals, citizens and administrative staff.
- Use the eHealth Impact methodology to monitor performance of investments and identify corrective actions
- Continue to analyse more applications and services in diverse settings to validate and improve the method developed, and to compile more evidence about economic performance from other healthcare settings across the Union, and include financing implications, possibly with users and suppliers working in partnership.”

It is truly refreshing to see work of this type being undertaken. There are a number of ideas found here that NEHTA should carefully review in its Benefits Realisation Studies.

Download and reading of the published material is highly recommended to those with an interest in the Benefits area.


Sunday, October 15, 2006

How To Safely Select Hospital Clinical Software – Lessons from the Past.

The process of selection of software to assist in the management of a Hospital is not something to be undertaken lightly or without expert help if there is not strong internal expertise available. The following series of suggestions are gleaned from rather more experience of difficulties and complexities than I would be all that keen to admit. They are passed on in the hope that some of the mistakes I have seen, or worse still may have been involved in, are not repeated by my readers. If they do repeat them they will not be able to claim they weren’t warned!.

Firstly it is vital to recognise software is an enabler of improved and streamlined clinical processes. It is not an end in itself and this needs to be clearly realised right up front. The implication of this is that there is a large amount of pre-work even before a selection process is begun. In an ideal world the selection of software would be preceded by the development of a strategic plan for hospital operations and then a plan of the priorities for the deployment of information technology to support the hospital’s desired way forward.

This plan needs to be quite future orientated and to recognise that organisations change and evolve over time. There is not much point automating five year old business practices or business practices that are about the be re-engineered. If there is organisational clarity on the hospital’s current situation and future direction then is the time for the development of the Health IT Strategy, Implementation Plan, Business Case and Benefits Realisation Plan to suit that direction.

A few important things to remember here include the critical need to ensure quality genuine clinical (medical, nursing and ancillary) involvement in the planning process and the early identification of the sponsors and champions who will be needed to contribute to the work of implementation and to assist in the change management involved. If the plan is not genuinely owned by those who will be impacted it will fail. Education of and communication with the hospital staff in general as to why and what is crucial at this point.

Also, before selection processes can begin, it is important to be clear just what is being sought. True greenfields sites are rare so consideration of how the new and old will interact and be phased in and out will be important. It seems typical these days for Hospitals and Health Systems to decide to acquire a total system in two, three or more lumps. These most usually are a Financial Suite (+/- Billing) and a Clinical / Patient Management Suite. (Frequently Human Resources etc are a third chunk). It makes very good sense to only be undertaking one of these projects as a time to avoid overwork of support staff etc.

For the purposes of this short discussion I will now focus on the selection of a Hospital Clinical Information System of the sort that has within scope Patient Management, Order Entry / Results Management, Nursing, Clinical Services (Labs, Radiology, Pharmacy etc) as well as the necessary scheduling and reporting tools to make the system useful.

At this point two decisions are typically required. First will the system be home-grown or purchased and second will the purchase be of best of breed components and system integration services or a fully integrated clinical suite covering all the applications that are needed. These days it seems the most common approach is the purchase of integrated systems, and this is now largely the norm, so I will focus on this approach.

The approach I suggest, once the decision has been made to go with an integrated clinical suite, is as follows.

Step 1. Conduct a market scan of possible providers who have some credibility in Australia or are major players internationally. If compliance issues are a key concern a public Expression of Interest (EOI) requesting the information below be provided is reasonable and can be quickly and simply done. These approaches will identify your possible long list of providers and next we ask each of them for the following:

1. A list of at least five satisfied customers who have operational and fully integrated what you are planning to install. The key words here are “have operational and fully integrated” and “what you are planning to install”. This will exclude those who are still inventing their system (such as iSoft) or those who have a mish-mash of legacy systems which are partially integrated and which will never be fully and seamlessly integrated (It makes no sense to buy a non-integrated suite. If you do that you might as well buy a best-of breed solution.).

2. Phone contact details and calls to confirm details of implementation status, responsiveness to problems and satisfaction and a half day demonstration to a sensible number of key staff of the overall look and feel of the system will quickly obtain a reasonably short list of realistic prospects.

3. Development Plans and Timetables and what their history on on-time development and successful deployment is.

4. Financial Situation including the level of R&D spend as a fraction of revenue as well as profitability and balance sheet over the last 3-5 years. Software development companies have the possibility of being very profitable and it is a bad sign if they don’t have a reasonable ongoing profit margin.

It is also a good idea to make it clear in the EOI or request for information that any vendor “smoke and mirrors” in the answers will lead to instant disqualification from the ongoing process.

Consideration of the responses from those on the long list should allow the development of a short list of four or five reasonable possibilities. This sets the stage for the next step.

Step 2. The next step is to develop a Request for Tender which is given to each of the short list which covers business, technical operational and functional requirements. This should be designed to form the basis of an implementation contract and be designed for structured evaluation. The scale of the work involved in doing this quickly and successfully – with the right amount of user consultation on their expectations – may mean some consulting and expert legal help could be useful at this stage. (It is important the process not drag out as the momentum for change can be lost.).

On the basis of the tender responses the two top providers should be selected to undertake scripted evaluation of their product. (Lower ranked vendors can be brought back into the process if one of the top two falls out for some reason.) The scripts should be developed by the users of the various aspects of the system and intended to exercise the key functionality that is to be provided – as well as the intangibles such as the quality of the user interface, the skills of the demonstrating staff etc.

The provider should be asked to configure a system to look like a hospital similar to the purchasing organisation and to be loaded with a small test data set which can be exercised in real time to confirm the reality, functionality and integration of the candidate system.

The aim is to see the system actually do what is needed by users in a reasonable way. It must, however, be realised that the major advanced systems (Cerner, Epic, IBA etc) are very flexible and are designed to be built / configured individually for each organisation to maximise the quality of the functional fit to the organisation’s needs. These systems are not package software (like Microsoft Word) and fixed in what they can do – complex though that may be. This means the script demonstration process needs to be interactive and flexible and they point out the number of different ways the seemingly same thing can be done.

The system which has a significant number of satisfied user clients – of the software that is being purchased – and which best passes a scripted evaluation (which is not disclosed until the day of testing) has to be a very safe candidate for purchase (assuming all the technical issues (availability, response time etc) and the contractual issues can be worked through).

If Steps 1 and 2 are negotiated successfully – and the feeling among script evaluators and the technical staff is that the best system is appropriate, is real, works and is a good fit it is pretty safe to proceed. If not, great care is warranted.


Friday, October 13, 2006

What Qualities do we Need in a New Australian Health Information Council?

A few weeks ago your humble scribe was told that the Australian Health Information Council (AHIC) was not dead but that it was, as we were told in Monty Python, “just resting”! More recently I have heard that there have been soundings taken regarding the membership of the new improved AHIC and who might be a suitable chair. It thus seems just possible there will be some good news soon and that AHIC will have only suffered a “near death experience”.

For those who came in late AHIC is the peak advisory body for Health Ministers in the domain of Health Information and E-Health and so has a critical role in developing a sensible national E-Health Agenda. If any serious progress is going to be made on a National E-Health Agenda and Plan AHIC will be an important player.

It is interesting the note that in the US, there is also a peak E-Health body whose acronym in AHIC. In the US AHIC stands for the American Health Information Community. This body was established about a year ago and has already commenced work and established very productive working parties in a large number of key areas (Privacy and Security, Quality, Biosurveillance, Consumer Empowerment, Chronic Care and Electronic Health Records).

Refreshingly the US version conducts monthly public meetings that are available both in transcript and web-cast with a lot of industry, consumer and technical input. The Community is also chaired by the Secretary of Health and Human Services (HHS) Mike Leavitt who is a member of the Bush Cabinet and who is responsible for the disbursement of one quarter of the Federal Budget.

With this in mind it would seem to be reasonable to hope the new improved AHIC might have the following attributes:

1. Be chaired by a Cabinet Level person (The Federal Minister for Health would be the obvious choice) so its importance is clear.

2. Operate in public with public testimony provided by relevant domain experts on a monthly basis so progress can be properly tracked.

3. Be made up of members with relevant senior specific E-Health or Health Service Delivery expertise on the Committee as well as having appropriate “super-expert” sub-committee’s to develop policy and plans in areas of need.

4. Have a clear charter and set of objectives around the need to better use Information Technology to provide patients with safer and higher quality care.

5. Be commissioned to develop a National E-Health Business Case and Implementation Plan within nine months.

6. Have a substantial secretariat to ensure the routine detailed work can be achieved quickly and with high quality.

7. Have a good mix of old and new blood to ensure the failed strategies of the past (and we have had nearly a decade of those) are not repeated.

8. Have NEHTA directly accountable, in public, to the new AHIC for all its recommendations and decisions.

I wonder what we will actually see when the new AHIC is announced – if it ever is?


Wednesday, October 11, 2006

The Risks of Paper Records!

The following short article appeared in the Canberra Times a few days ago.


Dumped files a 'break of faith'
Danielle Cronin
Thursday, 5 October 2006

The dumping of sensitive medical records and personal health information at a Canberra recycling centre was a serious breach of patients' right to privacy, a consumer group said yesterday.

The discovery is detailed in the new annual report from the ACT Community and Health Services Complaints Commissioner who recorded a 13 per cent spike in complaints about the health sector in 2005-06.

Health Care Consumers' Association of the ACT president Russell McGowan said the incident involving health records was a "break of faith" with patients and should not be tolerated.

"Appropriate penalties should be in place for those who do breach that privacy of those consumers," he said.

A spokeswoman for Health Minister Katy Gallagher said the commissioner's recommendations were fully accepted and implemented by the Health Department.

Yesterday, acting Commissioner Roxane Shaw would not disclose where the files had come from or exactly where the documents were found because this could compromise the privacy of those people who were affected.

In her report, Ms Shaw said 28 folders - including two containing sensitive health records and personal health information - were found at a recycling centre.

She launched an investigation but could not determine who last had hold of the folders and how the documents ended up at the recycling centre.

The commissioner's office received 580 inquiries that resulted in 276 complaints in the past financial year - up 13 per cent on 2004-05.

But the number of cases closed was down 13 per cent from 302 in 2004-05 to 262 in 2005-06.

Each complaint could cover up to three issues and there were slightly more grievances about the private health sector than the public system.”

I thought it would be worth having a look at the original report – here is what I found.

Case study 12 – Disclosure of personal health information

Twenty-eight folders were found at a recycling centre and passed to the commissioner.

The folders contained a variety of papers, which included sensitive health records and personal health information. An investigation into the circumstances surrounding the discovery of the folders was undertaken and found that, whilst it was not possible to determine who last had possession of the folders or how the folders came to be at the recycling centre, there were two folders that contained personal health information that had been in the control of a health service provider.

The Acting Commissioner considered that information in light of the Health Records(Privacy and Access) Act 1997 and concluded that, in its arrangements for safeguarding those files, the health service provider appeared to have contravened the Health Records Act and to have acted in disregard of the generally accepted standard of service delivery expected of a health service provider. The files had been lost to the health service provider as the record keeper, and were accessed in a public place by an unauthorised person. The health service provider did not have adequate file tracking systems in place.

The Acting Commissioner concluded also that the health service provider had acknowledged the deficiency in its file management system and had taken steps to implement an appropriate file tracking system to prevent a recurrence. The Acting Commissioner returned to the health service provider the two folders that contained personal health information.

The Acting Commissioner recommended that the health service provider advise the subject(s) of the personal health information found at the recycling centre of the disclosure.

The folders that did not contain personal health information were entered on a register and then disposed of by the Acting Commissioner.”

The reason for raising this report is that it highlights just how insecure, and open to possible leakage and abuse, paper records are. This incident is just the latest I have heard of. Over the years there have been an endless series of stories about records from practices that have closed being found in dumpsters or on a council tip, records that have been faxed to the wrong telephone number, records that have vanished through misfiling and so on.

Those that see the electronic record as a risk have to address the following.

First it is well known that in most major paper based hospitals at least 10% of patient encounters are not undertaken with the complete paper record to hand. The reasons for this are legion and include the record being lost, being locked in someone’s office for completion while the patient has presented to the emergency room and so on. The consequence of the lack of the record on patient treatment, safety and the ability to respond correctly in an emergency is obvious.

Second the paper record can only be in one place at a time. It is either here or there whereas the electronic record can be accessed and updated from as many sites as needed. This means the radiologist can report on the films with full rather than ½ a line of information and so do a much better job.

Third there is really no such thing as a back-up of a paper record. If it is lost, destroyed or stolen it is gone. At least a pretty current copy of the electronic version will always be available on the backup tape.

Fourth the paper record has no intrinsic privacy control mechanism of any sort. Once it is in your hand you can read or copy with no one ever knowing. Not so properly implemented electronic records that provide an audit trail of who read what and when etc.

We need to be clear that paper records have a very great potential for harm, error and simply being un-available. All this cannot improve patient care and should not be tolerated in the 21st Century.


Sunday, October 08, 2006

Even the Irish Recognise the Need for Better Health IT!

In a recent editorial the Editor of the Irish Medical Times (Colin Kerr) found himself lambasting the status quo in Irish E-Health and being frustrated at the lack of progress and the dismally low level of investment.

His remarks were as follows:



Ireland needs an E-health Minister

Colin Kerr says Ireland needs a Minister for E-health to work closely with the Minister for Health and with other Government departments. We are a nation of pioneers led by Luddites. While, individually, Irish people have been responsible for major breakthroughs in science and technology, this has been in spite of, rather than because of, the assistance they have received from their political leaders. With one or two notable exceptions, our politicians have shown a lack of vision, concentrating on short-term gains at the expense of long-term strategy.

Over the last 20 years, they have paid lip service to making healthcare more accessible through better use of information technology, but have failed to deliver on their promises.

In Ireland, public funding makes up approximately 78 per cent of all the money spent on healthcare. Private funding, through insurance arrangements, makes up approximately another 8.5 per cent of funding.

The balance is what individuals pay in ‘out-of-pocket’ expenses — for example, the fees non-medical cardholders pay for general practitioner and other therapy services. In concrete terms, as a sector, health accounted for 28.7 per cent of the Government’s voted revenue expenditure last year.

At €11.36 billion in 2005, health was the single largest cost to the State. It should be pointed out that the health system, as it is now structured, is very people-intensive, with over 70 per cent of the health budget made up of salaries and pensions. Savings might be made if the Government and Health Service Executive (HSE) honoured their commitment to reduce health service staffing — but that’s an argument for another day.

According to the interim Health Information and Quality Authority (iHIQA), and based on international studies, Ireland spent at least €2.8 billion in 2005 on procedures that duplicated one another and on other inefficiencies in the system.

Last November, the Minister for Health and Children, Ms Mary Harney announced overall funding of €12.64 billion for the health services in 2006. This represented an underlying increase of over €1 billion, or 9.25 per cent, over 2005.

As the Minster for Finance said in his Budget Speech (December 2005): “The spending on health at this stage amounts to €3,000 for every citizen in the State or over €9,000 for every taxpayer.”

Negligible spending

When it comes to IT development, Government spending is negligible. The amount that is actually available for capital spending on IT in 2006 (as per the Official Estimates), including Information Society monies, is set at €70 million.

That represents no increase on 2005, or indeed on the figure allocated in 2004. In a recent European study, it emerged that Ireland spends less than 0.5 per cent of its health budget on IT, compared to more than 4 per cent in the Netherlands. There are two main reasons for this.

First, IT spending has never enjoyed a high profile and has traditionally been a poor relation in healthcare funding allocations.

Second, the well-publicised ICT healthcare problems of 2005 have made it even less attractive, politically. As a proportion of total health expenditure, ICT only consumes in the order of 1 per cent. This low level of investment in ICT has left the health system in a very weak position with respect to its ability to manage itself and obtain value from the remaining 99 per cent of health spending. An analysis by the former HeBE (Health Boards Executive) indicated a need for a four to six-fold increase in expenditure in ICT for the health system over the years ahead.

An e-healthy State?

A study on e-health in Ireland was published by the Information Society Commission in December 2004.

The report found that Ireland spends less on ICT in healthcare than (i) investment levels internationally and (ii) accepted ICT investment levels in other economic sectors. It recommended a significant increase in Government spending on ICT in the healthcare sector, to deliver benefits and savings to all stakeholders in the healthcare system.

The strategy was supposed to have been published before the end of 2001. In the event, it was published in July 2004.

The majority of doctors and patients would welcome substantial investment in e-health. The implementation of a well thought out ICT policy should ultimately make our patients happier and healthier.

It will be interesting to see how much money is allocated to e-health in the next budget, but it is not enough to throw money at the health service as has been shown time and time again.

We need somebody in the Government to take personal responsibility for a comprehensive and deliverable information strategy. We have the money now (unlike in the 1980s and most of the 1990s) to do something substantial about remedying the major inequalities in health care services, especially access to services.

We have had the opportunity to learn from our own and others’ mistakes. We have an incredibly skilled group of people working across the private and public aspects of the health system (including the academic and research institutions).

We need a Minister for E-health, who will work closely with the Minister for Health and with other departments, to improve patient mobility.


I must say reading this was much like reading “a guide book to the town of my birth” such was the familiarity of what was being said and how much it parallels the Australian progress to date.

(For background Ireland has a population of just over 4 Million and has a per capita GDP that is $US41,000 vs Australia at $US31,000 and 20 Million souls give or take a few)

The health budget is – scaled and corrected for population – looks to be about $A90 Billion (similar to ours) and the growth rate is, worryingly, even a tad higher than Australia at 9.0%+ per annum.

The inefficiency in the Irish system (and information systems) appears to be of almost epic proportions – amounting, when adjusted to $A24 Billion or a good quarter of the budget.

I know of no comparable figures for Australia however even if we are twice as good as the Irish – a very big ask – the opportunity costs of the non-deployment of Health IT in Australia are just enormous – conservatively say $A10 Billion per annum. Note the problems mentioned – duplicated tests, lost information, inadequate information etc - are all familiar to us in the Antipodes!

Even at half this figure I would suggest the idea that a Minister for E-Health is also needed in Australia is pretty compelling. Only with strong and co-ordinated political leadership can the available benefits of Health IT be realised. Imagining the spending $A130 Million over 4 years through NEHTA, without really effective political (read focussed and dedicated Commonwealth Ministerial leadership) commitment and leadership, will make any major difference is pure fantasy. (It is simply not enough)

We need the leadership, a plan and Federal Government insistence that progress be made to get the efficient (and safe and equitable) health system we all want!

How long will we have to wait?


Wednesday, October 04, 2006

Health IT Project Failure – What can be Done to Reduce the Risk?

The following article appeared a day of so on the web. It contains some useful ideas but, as far as Health IT is concerned I suspect there are a few other factor that need to be considered.



Why Public Sector IT Projects Fail
Sue Bushell

03/10/2006 15:44:47

What makes big-ticket public sector IT projects so uniquely predisposed to fail? Two new recent reports from the UK highlight political expediency and the constant state of flux within governments and government departments as sharing a big part of the blame.

For instance, during the 10 years from 1995 to 2004, UK central government departments endured on average 16 reorganizations a year, including (counted as only one each), Scottish and Welsh devolution.

And while it's axiomatic that "events, dear boy, events" will change government policy, having large projects that spread across years only increase the chances of the project being affected by a change in Ministerial, governmental or a departmental reorganization, says Quocirca Principal Analyst Elaine Axby in a new opinion piece for Robin Bloor's IT-Director.com.

Axby points to the very nature of the public sector to pinpoint some of the other leading causes of failure. Looking at the key project management criteria of time, performance and cost, she says people in the public sector are not very driven by time. With a culture that offers little pressure to get a project out of the door by Christmas, or before a competitor does, public servants find it hard to accurately assess how long things will take.

Performance, or what the project should deliver, is often derailed by hastily introduced policies, and the very wide array of stakeholders who need input into most public sector projects.

"Given that the estimates of time and performance are not very good, then is it surprising that cost estimates are often wildly inaccurate?" she asks.

Moreover government IT projects struggle with the concept of ownership, and frequently do a poor job of managing stakeholders, Axby says.

Axby repeats the tired old line about good project management not being rocket science, and goes on to suggest that really embedding it in the public sector would make a big difference, as would getting proper business ownership and being able to manage scope creep. She also says smaller projects can help.

But she says while all of these measures can ensure public sector IT projects do better, it is the very nature of the business that government organization and priorities will change.

"I can't easily see any end to the stream of negative National Audit Office (NAO) reports - but really adhering to some of the basic principles of project management such as getting the business case right, clear ownership and better stakeholder management would be a big step forward," she concludes.

Meanwhile Butler Group senior research analyst Mike Davis asks: "If you know that your new computer system, designed to process many millions of pounds for hundreds of thousands of people has 52 critical defects, 14 of which cannot obviously be fixed, and that of the 40 previous audits during the development period, 70 percent had identified serious concerns, would you deploy? Well, of course, it depends on the risks vs the expected benefits. For, if even with the faults it is better than the previous system, then there may be an advantage to deployment.

. . . However, what if three years later your staff have to use 600 manual 'workarounds' to the system to get their job done, and productivity has fallen? Then, in my opinion, it wasn't fit for purpose."

That's not just Davis' opinion, he says, but also that of the NAO in its report about the development and implementation of the systems for the UK Child Support Agency (CSA), released in June 2006. The CSA systems were developed by EDS during a three-year period, and went live in March 2003, after getting the "green light" from the UK Treasury's "independent" Office of Government Commerce (OGC).

Davis says he is concerned by the apparent failing of the OGC to recommend the stopping of the project, and concludes it all demonstrates yet again that in public sector IT, project management disciplines are often rejected for political expediency.


The key point made is that managerial and organisational instability is a major cause of failure. I agree this is important, and indeed, when one reflects on the Public Health Sector it is really a relative rarity to have an Area Health Service CEO or CIO serve out their full five year contract. This flux is due, in part at least, to a combination of Government and Ministerial changes, changing policy priorities, some being perhaps promoted beyond their capabilities and the unexpected events that precipitate management change.

However there are a few others factors I would rate even more highly in Health IT.

First, especially in the public sector, there is often a disconnect between the managerial responsibility placed on a project manager and the freedom to act they are accorded. At times this leads to the “wrong” staff being retained in roles for which they are no longer suited to the detriment of the project as a whole. The disconnect (and budget inflexibility) also often leads to difficulty in attracting and retaining suitably skilled staff as well as excessive delay in staff acquisition. The other problem that is almost universally encountered in Hospital projects in my experience is the “drip feed” of funds and the difficulties in getting suppliers paid. More than once I have seen competent project managers just resign in disgust when they realise they have neither the spending authority, money or the staff to deliver the project they are required to make happen.

Second, because executive health-care management often have a degree of anxiety related to Health IT, often associated with a fairly limited understanding of what is required, at an executive level, for project success, the quality of project sponsorship and support is less than is needed. Senior executives, like everyone else, prefer to stay within their “comfort zone” and if the Health IT project is not within that zone real difficulties are almost inevitable. The project manager has a real responsibility to carry the project sponsor along on the journey, and to make it clear what they must do for the project to be a success on their watch!.

Third, clinicians inevitably see a new system as a very low priority in their “caring for their patients” activities. This will lead to all sorts of difficulties with change management, training and effective use of a new system, unless both executive management are fully committed and real “clinician” evangelists and enthusiasts are recruited to work with their peers.

Fourth, involvement of all relevant categories of clinicians in the selection and later configuration of systems is crucial. The clinicians really have to be confident the system will work for them and be convinced of its value and utility or the project will be at extreme risk before it even starts.

Fifth, there is a real tendency to underestimate the complexity of and the effort required to implement say a new laboratory or patient management system – to say nothing of clinician facing systems such as Computerised Physician Order Entry or Computerised Nursing Documentation which involve virtually all key staff changing the way they work. Careful planning and an really adequate emphasis on education are vital as is developing real clinician ownership of the project.

Lastly is it clear that all organisations need to develop organisational competence and teamwork with Health IT. I think the best way to do this is to choose one or two easily “doable” projects and get them done on time and within budget. Only once this capability is proven should an organisation try the larger and more complex implementations. Success, as they say, builds on success.


Sunday, October 01, 2006

Privacy Issues Related to the Proposed Access Card.

The following is a very draft discussion paper I and a few colleagues have been working on for the Privacy Assessment of the proposed Commonwealth Access Card. All the views have been developed my me and are NOT ACHI policy at this point in any way at all. I would be interested in any comments any reader may have.


Privacy Issues and Facts Related to the Proposed Access Card.

Discussion Draft – October 1, 2006

Background to the Submission.

The Commonwealth Government is planning to introduce a smartcard based Access Card which will be used as proof of identity for all adult individuals who wish to access services provided by the Commonwealth Department of Human Services. Among other things use of the card will be necessary to obtain payments from both Medicare and Centrelink.

The card is intended to replace 17 health and social services cards, including the Medicare card, health care cards and veteran cards.

Because of concerns regarding the possible impact on individual’s privacy the Professor Alan Fels AO has been asked to chair the Access Card Consumer and Privacy Task Force to address consumer and privacy issues related to development of the health and social services access card by Minister for Human Services Mr Joe Hockey.

The Australian College of Health Informatics (ACHI)

The Australian College of Health Informatics is Australia's peak health informatics professional body. As such the College is concerned that information technology be effectively and successfully implemented in support of healthcare service delivery.

Because of this core interest, and ACHI’s recognition that lack of trust in the ability of information technology to manage private information correctly and securely on the part of the populace could risk successful Health IT implementations, ACHI has an interest in ensuring that the implementation of the Access Card addresses patient privacy appropriately.

ACHI’s View on the Overall Access Card Proposal.

ACHI has no firm view on the policy correctness of the introduction of the Access Card (and the large and complex technology infrastructure needed to support it) as it is presently proposed.

ACHI does however note that a project of this scale does carry very significant implementation risks, due to both its scale and complexity, which will need to be very carefully managed if the current estimates off costs, benefits and timelines are to be met.

Additionally ACHI does have concern that the Access Card is not as voluntary, in a practical sense, as Government has stated. The inability to access Medicare, Centrelink and similar benefits would place significant cost on most citizens who chooses not to have the Access Card. For those with major medical expenses or those on Centrelink income support it is essentially compulsory in all but name. This point is raised because the virtually compulsory nature of the Access Card has significant privacy implications as will be explored below.

Note: This submission assumes that only identification data will be held on the Access Card. The issues that arise if the card functionality extends beyond this (i.e. the card becomes a partial electronic health record) are very complex and would require more detailed review (covering data segmentation on the smartcard, currency of information, primary and secondary data use, emergency, de-identification, pseudonymisation and so on) and are beyond the scope of the Access Card as we presently understand it.

Comments on Privacy Aspects of the proposed Access Card

The Australian College of Health Informatics (ACHI) would like to offer the following for consideration in regard to possible privacy issues surrounding the proposed access card.

1. ACHI is a strong supporter of the Australian National Privacy Principles as a framework for consideration of privacy issues but also believes that Identifiable Personal Health Information requires protection and handling beyond what is offered in the NPP because of the potential sensitivity of such information.

This point has been recognised by the existence of specific legislation in both the Commonwealth and a number of State Jurisdictions specially focussed on preservation of Health Information Privacy and Confidentiality.

The complexity and sensitivity of the issue can be appreciated by recognising that the National Health Privacy Code, whose development was begun in by Health Ministers in 2000 has yet (in October 2006) to be finalised, and that the only evidence of this work being undertaken in now not on the DoHA web site but in the National Archive.

The lack of agreement on this code would argue for care in the storage of Health Information on the Access Card or its attendant backup repository systems until this code is finalised.

2. ACHI is of the view that unless the possible privacy issues surrounding the proposed Access Card are carefully and rigorously framed and developed, and that public opinion is satisfied with the privacy management outcomes developed, there will be substantial public resistance to the adoption and use of the Card.

3. ACHI believes that the threats to personal privacy from electronic records and paper based records are sufficiently different as to require separate consideration, despite the similarity of the objectives to be met with each type of record. As an example 10000 paper records require a major logistic effort to steal whereas 10000 complete electronic patient records could easily be stolen on a 25gm USB Key.

ACHI also recognises that there are also efficiency and process advantages possible with well designed identity management systems. It would be of great value to the health sector if a trusted and privacy enhancing identifier were available to support Electronic Health Record initiatives.

4. ACHI understands the importance of accurate identification of individuals for both patient safety as well as fraud control and is concerned that any system that is devised has sufficient safeguards and protections to ensure extremely low risk of mis-identification. ACHI also recognises that any identification system is only as robust and reliable as its weakest link and that the processes around enrolling, maintaining and securing the identity information held must be very reliable indeed. This means that any temptation to cut cost corners that lead to compromise of the integrity of the system need to be strenuously resisted.

ACHI also recognises that healthcare, unlike other industries must also be flexible in it's direct communication with individuals and be able to reflect the name/s by which the individual is comfortable (preferred name). In this context the issues of identification become more complex than in other environments,. Accuracy must 'vie' with human requirements as well as the need for identification in emergency.

5. ACHI is concerned about the proliferating array of individual person identification systems and believes there should be rationalisation of all these different efforts to minimise cost and maximise data quality. (i.e. the NEHTA identifier and access control initiatives, Minister Abbott’s Health Smartcard, the Access / Smartcard Initiative, Passport ID, the Document Verification System for Attorney General's and Medicare / Centrelink's current ID systems.). The impact of the intersection of these various systems in the future is very hard to predict and may be very damaging to public confidence and trust.

6. ACHI supports the apparent current direction to restrict the information content on the Access Card to just that required for identification to minimise scope creep and the potential abuse of other data which may be held on the card. The scope creep in the uses of the Canadian SIN and the US SSN should be taken as a serious warning as to the risks of permitting un-authorised use of strong individual identifiers and should be specifically legislated against.

7. ACHI believes that it should be recognised that as the Access Card provides access to all Government Benefits (including Medicare and Centrelink Payments) it is, for all practical purposes, a compulsory Identity Card, despite Government claims to the contrary. ACHI would like careful consideration to be given to provision of some granularity in requirement for use of identity in certain circumstances. Simple denial of access without the use of the Access Card may impose unreasonable additional costs on some small segments of the community.

8. ACHI is concerned that there are a significant number of people in the community who, quite legitimately, feel they need multiple “functional” identities to avoid discrimination or persecution and to obtain a degree of peace of mind regarding their access to care. An example of this is the patient with a potentially stigmatising disease (e.g. HIV/AIDS, an STD or mental illness etc) who wishes to preserve their confidentiality regarding that illness while being able to access ordinary care locally.

Unless two “practical” identities are possible the individual is unable to be confident their very sensitive information will only be disclosed when they want it disclosed. (There is good evidence of significant prejudice and persecution when such material is involuntarily released to make these concerns more than reasonable, as does the potential choice individuals may make to not seek necessary care.) ACHI believes development of an approach to meet the needs of such individuals with regard to their avoiding discrimination and prejudice needs to be carefully considered, while recognising the inherent difficulties this poses.

Consultation with the bodies representing those living with HIV / AIDS, Hepatitis C, Mental Illness and Genetic Risk is vital before the operational and privacy frameworks are finalised.

9. ACHI believes that prior to implementation there should be a comprehensive privacy impact assessment, as recommended by the Privacy Commissioner, in her office's submission. This will ensure the whole (including the Access Card, supporting systems and potential uses) , current, proposal gets a fully detailed privacy review. We would also like to see the complete KPMG Business Case for the Access Card be released for public scrutiny, review and comment before the Access Card is finally given the go-ahead. Such release would clarify a range of aspects of the Government’s business case for the Access Card which are presently unclear.

10. ACHI believes there must be legislative controls to ensure all forms of record linking and secondary use based on the Access Card identifier(s) is fully transparent and subject to careful privacy review.

11. ACHI believes there must be legislative controls to ensure the production of the Access Card will never be required by any entity other than the appropriate Government Agencies. (Strict prohibition of use of Access Card for video hire etc).

12. ACHI believes, as does the Privacy Commissioner, that there must be very tight controls on the use of the Access Card identifier for data-linkage and data-mining purposes. Given the Access Card database will be a virtual repository of identification for 16 million Australians it is clear there will be temptations by some agencies to use the Access Card system for linkages which the public would find highly problematic from a privacy perspective. The governance structures set up to manage the overall system must be robust enough to ensure such any use is strictly regulated and in the individual as well as national interest before being approved. (The approach taken to separate Medicare and PBS data is a useful model in this regard).

13. ACHI is concerned that the IT Infrastructure that will be required to support the Access Card will ultimately require a very considerable and quite high risk project be undertaken. The quality of the management of the security and privacy controls built into the system will be vital to the overall project success.

14. ACHI understands the importance of identification in the e-Health environment and would be interested to understand whether the Public Health Sector could reasonably leverage the work undertaken with the Access Card to assist the effectiveness of E-Health implementations which are in the interest of both patients and their carers.