Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Thursday, November 30, 2006

What are the Trends in Australian Hospital Information System Market?

The international research firm has recently released a report entitled Australian Hospital Information Systems Markets (Frost & Sullivan, March 2006).

The summary of the report makes some interesting points.

The first is that they see the key driver of increasing investments in Health IT as being driven by a growing demand for safer and improved healthcare noting there are ambitious plans underway in a number of states and at the Commonwealth level.

The second point they make is that there is a strategic shift in healthcare IT requirement that is expected to boost market growth. They go on to say:

“Hospitals in Australia are replacing legacy systems with sophisticated and integrated ones. Similarly, there is a strategic shift from the adoption of administrative systems to clinical systems and healthcare providers of various states and territories are looking at integrating their IT systems under programs such as the nation-wide electronic health records. Australia is slowly moving toward an integrated healthcare delivery structure, where healthcare agencies will be linked with each other, notes the analyst of this research service. Information systems are expected to play a vital role in this structure and there is likely to be an increased uptake of hospital information systems to allow seamless integration between the legacy and contemporary healthcare information systems.”

I must say that while the shift to more clinically based computing is certainly evident in most States I am less sure there could really be said to be a move towards “an integrated healthcare delivery structure” really underway as yet. As of 2006 the State / Commonwealth divides are as real and as damaging as ever in my view.

Integration between the legacy and contemporary healthcare information systems is also very much a work in progress I would suggest and is certainly not seamless.
The following would seem to be an important paragraph and I would read this as suggesting care is needed before making major investments by vendors of hospital systems in Australia.

“Nevertheless, despite these positive developments, participants must remember that there has been chronic under-investment in healthcare IT in Australia, leading to the adoption of fragmented and inefficient information systems by the healthcare providers. Further, there is also a huge level of penetration of legacy systems in Australian hospitals and migration to packaged software could pose considerable challenges.”

In the last section they say the market for clinical systems holds high growth potential. To quote:

“With hospitals replacing low-quality patient administration and financial systems with standardized and integrated solutions, the administrative HIS segment currently accounts for a majority of the market revenues. However, public and private hospitals are now showing considerable interest in clinical solutions and health departments are expected to allocate more funds for the adoption of clinical systems.

Consequently, there is growing interest in clinical systems such as radiology information systems (RIS), picture archiving and communications systems (PACS) and electronic medical records (EMR), which is expected to accelerate the growth of the overall Australian HIS markets.”

This is all true, however the next paragraph is more problematic.

“Considering the shift toward integrating the IT systems, huge contracts are expected to be awarded in the Australian HIS markets in the coming years. With the health departments of various states and territories planning numerous IT initiatives during the next few years, vendors need to enhance client relationships through better customer service and scheduled project completion, says the analyst. Also, with the increasing demand for clinical solutions, developing solutions tailored to local needs is likely to evolve as a market necessity.”

In recent times we have seen major decisions taken for clinical hospital software in the public sector in NSW, Victoria, Tasmania and South Australia. This really leaves only Qld and Western Australia to declare their hands. Qld is likely to be very conservative after the problems of the recent past (i.e. will probably follow NSW / Victorian approach if they are seen to be successful) and WA has developed its Health IT Strategy (HealthTec founded in January 2006) ) but as far as I know is probably a good way off making procurement decisions. WA does, however, need a refresh of all hospital systems sooner rather than later according to my WA correspondents.

Overall I see this report as being rather too optimistic as far as new prospects are concerned while having correctly identified the general trend to raised investments in the clinical sector. The major spending over the next few years I envisage as being focussed on implementation and integration services rather than software purchases.

Work on implementation will run for the next five to ten years so – other than Qld and WA - I suspect a quiet time will be had in the public sector for the next decade.

The private hospital sector, on the other hand, will gradually come under more pressure to provide clinical hospital systems, and I would expect this is where the major hospital market will be over the next five years in terms of new system sales.

David.

Tuesday, November 28, 2006

Questions for Minister Abbott to Ask – How to Decide whether to Continue NEHTA.

An article by Julian Bajkowski of The Australian Financial Review on the 28th Nov 2006 suggests that the AMA is seeking to have Health Minister Tony Abbott to create legally enforceable standards that govern the sale and use of electronic health systems.

Quoting an AMA position paper obtained by The Australian Financial Review we are told that medical practitioners remain deeply concerned about various state electronic health initiatives. We are also told the AMA fears the plans, if not properly governed, will recreate rail gauge incompatibilities - various state health systems will be unable to share critical patient data at a clinical level.

This will come as no shock to any reader of this blog who will be aware that for the last eight months I have been suggesting there is a critical pressing need for the development of a consensus based National E-Health Plan, Business Case and Implementation Plan. The AMA is dead right that nationally E-Health is in one serious hole and urgent action is required to correct the situation.

As my manifesto of last Friday made clear I hope we can lift from the present rather messy base. To quote

“My view is that right now there is a lot of unfocussed, uncoordinated activity going on (some good and some bad) and that it is the time to take a step back, work out, at a national level, what is needed and how best to get there. As a nation in 2000/1 we had some good ideas with HealthConnect but we then lost the plot and momentum by early 2005. We can’t afford another wasted four years.

In the blog I hope to alert and warn where I see mistakes being made and lessons we should already have learnt being repeated. Hopefully the assumptions above will point to those things which need to be assured before investments are made.

Overall I am hoping to foster the change from a heard of cats to a sleek shoal of fish all swimming towards real, practical and achievable goals.”

The article also goes on to say – as its second main point – that the continuing funding of NEHTA beyond 2008/09 is now under review by the Health Minister. This review is timely as NEHTA has now been operational for a decent period. As I stated previously “My view is that unless there are some really useful and practical outcomes within the next six months (i.e. NEHTA having been in action for just on three years (Authorised by COAG July 2004) serious questions will start being asked. The opportunity cost of all this inactivity is really astronomical in terms of patient suffering and lives lost.”

Before continuing funding there are a number of questions I suggest Mr Abbot should ask:

1. Has NEHTA developed and articulated the consensus based National E-Health Plan, Business Case and Implementation Plan which is needed to frame all other E-Health activity and investment? If not, why not?

2. With the effective gutting of both the E-Health Implementation Branch of DoHA and the Australian Health Information Council (AHIC) should NEHTA have been more aware of the strategic gap at the core of Australian E-Health an moved promptly to address this gap?

3. Have NEHTA’s interventions and work products contributed positively to the development of the E-Health industry in Australia through the provision of clear, usable advice and technical frameworks?

4. Have clinical users of E-Health system seen a perceptible improvement in the quality and availability of satisfactory systems which interoperate and also allow for the smooth and reliable communication of clinical information?

5. Has the agenda of improving Clinical Decision Support within E-Health Systems to assist with the quality and safety of patient care seen a significant advance since NEHTA’s inception?

6. Has access to critical clinical information in life-saving and emergent situations been improved in the last 2-3 years under NEHTA’s guidance?

7. Is the present governance of NEHTA with a CEO level board and advisory committees whose membership is not made public the right way to manage a critical national effort such as the National E-Health Agenda?

8. Has NEHTA’s cross jurisdictional nature lead to a much improved alignment of the E-Health initiatives in each of the States and Territories?

9. Are the stakeholders who are involved in the delivery of E-Health products and services finding it easier or harder to make progress with NEHTA’s presence in the arena?

10. Is the value obtained for the investment in NEHTA becoming clear to the extent that funding should be continued or is a major strategic re-assessment required?

11. Should Australia have both NEHTA and Standards Australia involved in E-Health Standards setting or should this role be clearly placed in one place of the other?

12. Is it realistic for NEHTA to continue to work on a National Shared EHR when the financial, technical and human aspects of such a project remain so uncertain and problematic?

13. Why is it that NEHTA has not addressed the issues around clinical software quality and certification despite significant clinical and industry concern that guidance is important and needs careful consideration?

14. Does NEHTA have adequate clinical input given its technical importance to the health system?

It seems to me that unless most of these questions can be confidently answered in the affirmative by the Minister then a serious strategic review is virtually mandatory.

The more astute reader may notice that the emphasis in the list above is on strategic rather than technical issues. This actually offers the Minister another approach. He could formally re-constitute AHIC and provide it with a strategically trained and aware E-Health secretariat and have NEHTA then change its role to a technical delivery arm for the AHIC strategy. This would be a very, smart choice. To leave things the way they are would not be.

David.

Monday, November 27, 2006

Personal Health Records – What a Good Idea Mr Hockey!

In this post I want to make a simple suggestion. That is that Mr Hockey should reward those people who register for their Access Card with the capability – rather than store health information on the card itself – for citizens to enter information on their health in a standardised form on a national Personal Health Record server access to which is provided by provision of the card.

The standard format to be used can be a matter of discussion but the basic elements of the contents could be as follows. Note: All content would be optional for each individual patient as would be use of the record as a whole be totally optional.

1. Very basic demographics (derived from the card record) – Name, Age, Sex, Current Address and a Date Last Reviewed by Patient, Pharmacist or GP.

2. Ordinary Regular GP with phone number etc

3. Allergies (simple record of what substance, what reaction and had a doctor confirmed the validity of the allergy (Y/N).

4. Important Family Medical History if individual wants to record it (e.g. heart attacks run in family etc).

5. Known Chronic Illnesses (e.g. diabetes, epilepsy, arthritis etc) and important past surgery.

6. Listing of Current Medications and Dosage and Frequency.

7. Results of Tests and Investigations – these would be sourced from the GP or specialist and placed on the record for the patient – and marked with the contact details of the source of the information

8. A recurrent simple record where the individual could record a date, time and measurement (e.g. a blood pressure reading, spirometry or patient measured blood sugar levels)

9. A place for notes of information such as appointments, immunisations etc as free text.

10. The capacity to store important health related documents in any of the standard formats as an attachment if needed for any specific reason.

The record would be only accessible if the card owner placed the card in a reader in the presence of an appropriate health professional – for initial creation or updating – or via the use of a secure one-time validated web site log-on. (e.g. you enter your ID, your e-mail or SMS phone number is already stored on the Access Card database – and that is used to send you back a one time usable password that expires in say one hour.).

Anyone trying to wrongly access your account needs to know your ID Number, your phone number or e-mail (not on the card) and to be expecting the password to arrive. This would be more secure than current internet banking which millions of people use daily.

I would envisage Medicare would provide an annual payment in the form of a standard Medicare benefit for your GP to review and update your record on an annual basis. A small fee could also be provided to pharmacists to update the medication record.

The advantages of this proposal are:

1. The user owns and is responsible for the record – but the record can be flagged as having been medically reviewed on a particular date.

2. Slightly more technical information is provided by the GP for the patient and again this process provides more review.

3. The system is totally voluntary and indeed other providers may be able to set up similar services (e.g. health funds, banks) (it would be important the format be standardised properly – perhaps NEHTA could own that problem).

4. A lot of the benefits potential of HealthConnect like proposals could be realised quite cheaply.

5. The proposal, intrinsically, ensures those with complex health issues are those who would set up such a record and it is those who we need the most information available for in emergent and multi health provider (team) situations.

6. The record is totally voluntary and avoids any privacy concerns – with a Government or other provider guarantee of strict security enforcement.

7. The system could make a real contribution to continuity of care of patients within the community.

8. It would be very easy to design the record to be downloadable to GP computing systems to provide very useful background information when a patient changes practice or location. Also has the benefit of providing an off-line backup of possibly important records.

It should be noted that this proposal would provide a very useful testbed for shared EHR possibilities, infrastructure and utility and, if sensibly designed, permit migration to a more clinically orientated system over time. There is also the possibility that an interested consortium could undertake the entire project with funding from a range of sources possible (Health Insurers, Users, Government or a mix of some or all.).

I wonder will the policy gurus give the idea a careful review. I hope so.

David.

Sunday, November 26, 2006

Healthelink – Trundling Towards Failure?

Its now been about eight months (March, 2006) since the NSW Health Minister announced the commencement of the Healthelink trials in the Hunter and at Westmead so it seems about time to consider what has been reported or leaked out about progress.

The concept of the trial is as follows:

Healthcare providers (hospitals, GPs, diagnostic providers and community services etc) in two specific areas treating two specific categories of patients (the 65 + in the Hunter and the young children in Westmead) have an encounter record created each time they attend a participating facility.

The idea is that over time a longitudinal health record on each individual will be built up.’

On each encounter both demographic and clinical information will be captured.

The encounter from the GP, for example, will capture the following information automatically at the end of a consultation. Quoting directly from an Healthelink information sheet.

“The following fields will be extracted from GP electronic health record systems following completion of each consultation:

a Patient demographic data
  • Surname, Given Names
  • Date of Birth
  • Medicare Number
  • Gender/Sex
  • Contact details (e.g. address, phone numbers)

b Consultation data
  • Provider/clinician – name, role and location
  • Diagnosis/reason for visit
  • Allergies
  • Pathology/radiology test results (when a GP associates a report with a patient record)
  • Medications - Prescription Order Information (Script number, GP name and ID), Prescribed Medication (Name, Route and Instructions) and Medication Administration Information

GPs will be encouraged to enter the data into the coded fields (e.g. reason for visit, medications) in their practice clinical systems as only these data will be sent to Healthelink. Free text information entered into the clinical notes for example will not be sent to Healthelink. The coded field only approach means that GPs can be confident that a sensitive free text comment entered into the clinical notes will not be sent to Healthelink and will not be available for other providers or the patient to view.”

With this background a few comments and discoveries made while researching the progress of the project are worth sharing.

First, the exclusion of the text notes and the expectation of using the coded information in the diagnostic fields is quite problematic. Experience from HealthConnect trials in the NT showed coded data was often not provided and this often led to the situation where it was impossible to understand just what a particular encounter was about. Healthelink looks likely to have similar data-quality issues.

Second, a review of the patient searching capabilities provided to users of the system confirm the worst fears of those concerned with privacy protection. A search on a partial name and approximate age (+/- 5 years) generates a weighted (for match) listing which contains a pretty full demographic record with full name, address etc. Just the sort of thing abused wives etc want to keep to themselves! The system should insist on a much higher level of initial knowledge – not that even this would help in the case of an abusive spouse.

Third, the system has no apparent concept of location etc – so if you are on the data-base and have not opted out you are findable. Extension of such a system state wide is clearly very problematic.

The record displayed by the system once the patient is located is also not segmented into more or less confidential information which means the patient has to make a choice to opt totally in or out on the basis of the most sensitive piece of information in the record as far as they are concerned.

All these issues are in addition to the lack of initial consent to having information stored as would be the case had ‘opt in’ been selected. For reasons best known to itself the NSW Department has decided to ignore not only its own earlier reports on the matter but also its own explicit Health Privacy Principle.

HPP15 Linkage of Health Records

Personal health information must not be included in a system that links health records in one service with health records in another health service unless the individual it relates to has expressly consented”.

A specific regulatory exemption from HPP15 has been provided for the Healthelink pilot. Whether this exemption should be retained after the end of the pilot will form part of the pilot evaluation.

The regulation provides for the use of an “opt out” consent model. This ensures health consumers will continue to be able to exercise the choice as to whether or not they participate in Healthelink and to exercise this choice at any time.”

I am aware that at least some physicians are by no means convinced this NSW regulation does not violate the Commonwealth Privacy Act.

Leaving the whole privacy issue aside there are a few other points to be made and question to be asked.

1. Just why has all this taken so long?

Taken from the March 2006 Project Outline:

"In March 2000, the NSW Health Council set an objective for the NSW health system to implement the Electronic Health Record (to be known as Healthelink) by 2010. Health Ministers also endorsed the proposal for a National Health Information Network, known as HealthConnect. The NSW Healthelink pilots were endorsed as one of the trials for the National HealthConnect program.

In May 2004 the Health Minister announced that the Care Junction Consortium consisting of LogicaCMG, Orion International and Healthlink had been selected to work with NSW Health to implement NSW electronic health record pilots – expected to commence operation in the first quarter of 2006.”

We now know what was then EHR*NET was the original proposal and the rename came a good deal later. We also must wonder why the whole thing should take six years from concept to pilot. At this pace 2010 does not look all that good for a total state roll out. (Note the 2002 implementation plan of EHR*NET indicated the project would be complete by June 2007 – time to really pick up pace!)

2. In a very recent (25/09/2006) GP information document we find the following:

“How would the Practice apply for the GP Testing Grant?

The Healthelink system is complex and although the components of the system will be thoroughly tested centrally, assistance will be required with testing the system once installed at practices and as used by GPs. Healthelink is therefore requesting that practices offer to assist the testing process and become early adopters.

A grant of $10,000 will be available to these practices subject to signing up to participate, meeting the eligibility criteria and being in a position to install the Healthelink software by 30 November 2006 or a date otherwise agreed with Healthelink. More details are available in the GP Testing Grant Agreement. “

I wonder how the announcement of this largesse was missed by the press and when the decision was made to be so generous!?

It seems to me this is a sign of desperation on the part of the project to have practitioners concerned about liability and indemnity to get moving.

3. It seems to me there will some real issues involved in the scalability of this system in a technical and user sense. Having a search operate across million people data-bases may turn out to be a real challenge.

4. There is also a real issue about just what impact the system as presently conceived will have on practice work flow and what value the practitioner will receive. The lack of proper integration between Healthelink and the practice management system may prove to be very difficult to use in practice - switching between one system and another. To have the system used properly it needs to be quick to access and consistently provide useful and relatively complete information.

5. The project's approach of making records unavailable for 30 days clearly makes very little sense and needs to be reviewed in the context of an overall privacy approach review.

I am afraid this project has all the signs of a project that is on the ropes. I hope not since it has taken so long to get this far. In many ways I am not surprised. As those who have read this blog for a while will know I have always been convinced that the complexities and difficulties associated with shared summary electronic health records have been very underestimated.

Maybe a strategic re-think and revision of the privacy approach can grab victory from the jaws of defeat. I hope so.

David.

Friday, November 24, 2006

The AusHealthIT Manifesto – What is the Blog On About?

Since starting the blog in March I have written getting on for a hundred posts and have seen interest in the blog and comments slowly increase over that time. It has seemed to me that, with the research and thinking that has required, I now need to crystallise what I am trying to say and make sure I am achieving clarity in the objectives I have for all this. In doing this I want that the reader be under no illusion as to my background, perspectives and views.

As to background, its pretty simple. I am (was) a specialist in anaesthesia, intensive care and emergency medicine who has been working one way or another for the last 23 years to improve the use of information technology in the health sector.

As to perspective I am operating from the following assumptions which I am convinced are true.

First, Health IT is a potential major enabler of quality and safety in the delivery of health services, but is not the whole answer to safer, higher quality health service.

Second, the possible added value in increased deployment of advanced Health IT throughout the Health Sector is very large and delay is resulting in a very large opportunity costs in terms of both lives and dollars.

Third, while health service delivery is an information intensive activity which is able to be successfully assisted with Health IT, failure to involve and work with all types of health professionals and other stakeholder in the planning for and implementation of new Health IT is a catastrophic mistake.

Fourth, the deployment and use of Information Technology in the health sector in Australia is presently largely inadequate, underspent and ineffective.

Fifth it is clear that personal identified health information is seen by the public as something they want to have control over and any plans or implementation approaches that do not recognise this fact are for all practical purposes ultimately doomed.

Sixth, and somewhat paradoxically, what is needed is a carefully developed consensus based National E-Health Plan, Business Case and Implementation Plan which is then delivered in local contexts which respond to local needs but which conform to a national overall Framework (this is especially important regarding the selection and implementation of systems).

Seventh, there is pretty common agreement that most Government initiatives at both Federal and State level have not delivered as well as might be hoped. Most would also agree that at present there is little in the way of Federal Government leadership or direction being provided for the E-Health sector.

Eighth, there is a very large skills gap at both user and Health IT levels which needs to be addressed nationally with some urgency.

Ninth the lack of openness and transparency regarding both HealthConnect and other major Health IT project outcomes and failures has limited the learning that has been possible from the mistakes made so far. NEHTA appears to be replicating this mistake at the time of writing (November 2006). It is vital all lessons are learned – especially from the projects that have not worked out as desired

Tenth, it is important to recognise that commercial providers of Health IT have expertise and skills which should be exploited but equally health organisations need to bring comprehensive project management and change management skills as well as business understanding to any Health IT implementation.

Eleventh, in the words of the late Milton Friedman as far as Health IT is concerned there is “no such thing as a free lunch” (i.e. you have to pay for value received).

Twelfth, it is clear, largely because of the way benefits from Health IT are not recouped by the users of the technology, that there be mechanisms to have those return the benefits they receive to those who do the work.

Thirteenth, it seems highly likely that the major payoff from Health IT is to be found only in very advanced systems which improve clinical decision making and minimise errors both of omission and commission.

Last, there are proven and deployable Health IT solutions which can be successfully deployed today with the right project and change management. It is important to get on with it.

My view is that right now there is a lot of unfocussed, uncoordinated activity going on (some good and some bad) and that it is the time to take a step back, work out, at a national level, what is needed and how best to get there. As a nation in 2000/1 we had some good ideas with HealthConnect but we then lost the plot and momentum by early 2005. We can’t afford another wasted four years.

In the blog I hope to alert and warn where I see mistakes being made and lessons we should already have learnt being repeated. Hopefully the assumptions above will point to those things which need to be assured before investments are made.

Overall I am hoping to foster the change from a heard of cats to a sleek shoal of fish all swimming towards real, practical and achievable goals.

David.

Thursday, November 23, 2006

Correction to Comments on South Australian Oacis System Security.

It seems I have been misinformed regarding the level of security offered by the Oacis.

John Mleczko, Director Projects Branch ICT Services, Department of Health, South Australia has informed me of true security status today. I quote from his note.

“In response to statements made in your article "Personal Health Information Privacy - The Elephant in the Room" posted 28 Oct 2006 10:04PM CDT you ask for correction in regards to access to the Oacis system implemented in South Australia's major metropolitan public hospitals.

You suggest “a clinical user at one hospital, once logged on, could access any record of essentially any type for any South Australian”. The security model is facility based hence this is incorrect which means a user at a hospital can access the records of their patients at that hospital. You also suggest that access is “non-individualised and non role based”. Access to Oacis has always been individualised and role based.”

He then goes on to explain, in detail, the various steps taken to ensure the logged on users stay within the correct bounds – including warnings, audit trails etc.

This is good news.

In response I have asked the following questions by e-mail.

“Hi John,

Thanks for that...Just so I am clear this means that the access privileges for a medical registrar who is in charge of a hospital over night has his/her privileges changed according to the time of day (own service versus whole hospital) and that the intern in Emergency only sees results undertaken at that hospital - even if there are results at IMVS etc for the same patient done recently?

When I last chatted to people involved (a year or two back I admit) it was suggested to me that once you had medical or other high level access to the database it was essentially "open slather" - or is that only for those providing information into Oacis who clearly would seem to need to be able to access the whole results data base - for historical comparisons if for no other reason.

As you know audit trails and warnings have hardly been 100% effective at the Tax Office and CentreLink

If it has always been true that there were no group log-ons to Oacis I am happy about that!

I will happily place an edit noting your comments once I am clear.

On a related issue, given Oacis is a shared database just what control does the individual patient have about the recording of data on that database and who can see the data. This becomes an obvious issue as soon as any information is made available in a shared way. Does a patient admitted to an Oacis using facility have the choice of what is shared from say previous admissions (e.g. they may want to suppress a pathology report mentioning products of conception etc)?

Cheers

David.”

One of the Oacis brochures from 2004 has an intern saying how useful it is to be able to access information from previous admissions so clarity is important I believe.

I will keep everyone informed as information becomes available.

David.

Tuesday, November 21, 2006

A Do Nothing E-Health Minister – Incapacity, Inactivity or Just Bad Advice from the Department?

Its getting to the time of the year when the Health bureaucrat starts to think of all things Christmas and congratulate themselves on a year well spent.

How is the report card looking this year I wonder?

In this context I guess it would be about time to remind Minister Abbott of what he said to the Sydney Morning Herald on September 6, 2005 and to use that as a benchmark.

See:

http://www.smh.com.au/news/next/erecords--a-healthy-chart-buster/2005/09/05/1125772438601.html

Abbott's patience runs out

Federal Health Minister Tony Abbott admits to "a great deal of slippage" with the Federal Government's $128million national electronic medical records program but says he is working to ensure that patients get benefits within 12 months.

"I will do everything I can to meet these deadlines and I will be disappointed if we don't," he says.

His comments come after he told a breakfast briefing at Parliament House that he was "sick of trials and studies and working groups", and wanted to see electronic health records making a difference in patients' lives by the middle of next year.”

What do we see 14 month later?

A Department of Health and Ageing Report Card

Well it has been a year of focused but quite secret activity. The E-health Program from DoHA seems to be divided into five areas:

1. E-Health Business Development.

The emphasis here is on Managed Health Network Grants for development of health networking. They were announced December 2005 and the funds must be spent by June 30, 2007. Sadly no winners have yet been announced so the spend fest is likely to be amazing.

The earlier Eastern Goldfields Regional Reference Site, where amazingly expensive broadband access was provided to practitioners. The viability of the network is now questionable without the government subsidy

2. E-Health communications

This provides access to the HealthConnect Archive which has been pretty stable since February 2006. The June 2006 E-Health Newsletter has been reviewed earlier.

3. E-Health Governance

Progress here has been that the Council of Australian Governments (COAG) has announced that:

“From February 2006, governments will accelerate work on a national electronic health records system to improve safety for patients and increase efficiency for health care providers by developing the capacity for health providers, with their patient’s consent, to communicate safely and securely with each other electronically about patients and their health. This requires:

• developing, implementing and operating systems for an individual health identifier, a healthcare provider identifier and agreed clinical terminologies; and
• promoting compliance with nationally-agreed standards in future government procurement related to electronic health systems and in areas of healthcare receiving government funding.”

The strength of this commitment was emphasised by the disappearance of the Australian Health Information Council which is meant to be the peak advisory body to COAG on such matters. Clearly E-Health governance isn’t actually happening as best one can tell.

4. E-Health Major Programs

There are four major programs:

1. Broadband for Health.

Giving practitioners broadband internet access – clearly practitioners can’t find the $40 per month to pay for it them selves (tax deductible business expense of actually less).

2. HealthConnect

Said to be as follows:

“HealthConnect is an overarching national change management strategy to improve safety and quality in healthcare by establishing and maintaining a range of standardised electronic health information products and services for healthcare providers and consumers.”

Not much change seems to be happening federally (I will review the State HealthConnect initiatives in a separate post) and no one knows, or at least I don’t, what the “standardised electronic health information products and services for healthcare providers and consumers” are.

As most know, the E-Health Implementation Branch (previously responsible for all this including HealthConnect) has been wound down, after Dr Brian Richards and then Tam Shepherd left. Now it is being led Lisa McGlynn (who is ex NSW Health – but not an expert e-health or technology I am told).

I am also told all the original staff (with any corporate knowledge of e-health which they may have built up) have moved on, and the incoming staff are all people who have never worked in health and know nothing about e-health or IT. Apparently the States and Territories can’t get any sense out of them at all now. Many commentators have suggested to me they think that this tactic is deliberate to wind down the branch to nothing.

3. HealthInsite.

An excellent idea and well implemented. By far the best initiative of DoHA. Pity they have not had a few more good ideas since this service began in mid 2002.

4. NEHTA.

It is very hard to comment on NEHTA since it is a privatisation of Government accountability to ensure that if it does not work the Minister can't be blamed and that the truth will never be known as Freedom Of Information does not apply.

Sadly NEHTA is not an outsourced e-Health Government strategy - or the Government would have had an outsourcing contract with all the usual performance hurdles and rewards.

The NEHTA Directors must be hoping some concrete results will be delivered soon since the organisation now has over sixty staff and, as yet, it is hard to see that much has been delivered other the FUD (Fear, Uncertainty and Doubt) on the part of all the other actors in the E-Health space.

My view is that unless there are some really useful and practical outcomes within the next six months (i.e. having been in action for just on three years (Authorised by COAG July 2004)serious questions will start being asked. The opportunity cost of all this inactivity is really astronomical in terms of patient suffering and lives lost.

5. E-Health Strategic Policy.

This section comes direct from the DoHA web site

“Information regarding e-Health strategic policy and how it is being implemented is found in this area of the website.

Strategic policy alignment takes a strong focus on the monitoring and analysis of trends and technology, in order to drive the Australian Governments' e-Health agenda. The work involves the provision of advice on Departmental, other government and independent e-Health related activity and the establishment of appropriate regulatory frameworks to enable e-Health nationally. Much of this work is linked with the National E-Health Transition Authority (NEHTA) work program. Further information about NEHTA and the work program can be found at the following site: www.nehta.gov.au

Page last modified: 21 April, 2006”

Sadly there is not a word about policy other than it has been passed to NEHTA, and can be understood as a work-program!

What does this all amount to?

I would contend it amounts to a virtually total abdication of central government involvement in E-Health. We have seen no significant concrete progress and the National E-Health Strategy, Business Case and Implementation Plans remain non-existent and the relevant Federal bureaucracy seems to have essentially imploded.

I hope next November I can write a happier report. I suspect our Health Minister must be very disappointed and frustrated in the progress made in the last twelve months!

David.

Sunday, November 19, 2006

The Drug Pricing Scandal and How the Sick are Ripped off in Australia.

First, apologies to the die hard Health IT readers. For once I am going to stray from the chosen Health IT path, due to a deep sense of gob smacked outrage.

In the last week or so we have had the Federal Health Minister – Mr Tony Abbott – claiming he has just done a wonderful job negotiating a great reduction of the cost of generic prescription medicines and how grateful we all should be.

Without putting too fine a point on it that was just total codswallop.

A day or so the Wall Street Journal made available the pricing for Generic Prescription Medicine from Wal-Mart – the US retail chain. I grabbed the seven page price list document to see just what was on offer.

Essentially what is available is one months supply of a very large range of life saving medicines in a wide range of therapeutic classes for $US4.00 – i.e. $A5.30 per month.

Included in the list are Anti-Allergy, Anti-Inflammatory, Anti-Anxiety, Anti- Depressant Anti-Psychotic and so on medicines. Also included are a wide range of antibiotics (including Penicillin, Amoxycillin, Bactrim, Cephalosporins and even Ciprofloxin), 2 statins drugs, some hormones (e.g. Thyroid Replacement Therapy and Prednisone) and even multi-vitamins and Prozac.

The only major class of drug I could not find were the proton pump inhibitors for which the H2 Receptor Antagonists are nearly as good and just as safe. The PPIs will be off patent very soon I am sure (They are in Australia I believe) or it might be they are a bit more costly to manufacture.

The stand out saving for me was that Meloxicam – an anti-inflammatory for osteo-arthritis that I take was available for $5.30 a month rather than the $29.50 I presently pay! Without going into details my monthly $100 prescription costs could be adjusted down to about $20 a month with little or no change in the quality or safety of my treatment.

This really is a huge con with the drug companies and the pharmacists getting rich off the back of those unlucky enough to need prescription medicine. With this fix in a huge number of people are being ripped off and many, I am sure, are missing out on effective medicines that could make a great difference to the quality and quantity of their lives due to costs they may not be able to afford.

Our much vaunted Pharmaceutical Benefits Scheme looks to like a wonderful cosy drug company – pharmacist – government cartel to me. Transparent it certainly is not and how – with these sort of savings possible – one can justify keeping the supermarkets out of the area is beyond belief.

We will now return to our usual program with that off my chest.

David.

Note – Please e-mail me if you want a copy of the list – its only about 50Kbyte so easy to e-mail.

Wednesday, November 15, 2006

Clinical Software Certification – What’s Practical, Necessary and What Makes Sense?

In the last few months there has been some correspondence in the Medical Journal of Australia and elsewhere on the topic of the safety of clinical software and the possible need for certification of such software.

In this commentary I want to consider this suggestion from a range of perspectives including practicality, barriers to implementation, likely impact on quality of care and so on. I would also like to point out that from my perspective, while I believe it is vital, certification of clinical software is likely to prove clinically challenging, technically complex as well as commercially contentious.

Before going any further it is important to say that I recognise the inherent difficulty and complexity of the topic and need to take a perspective that ignores the system user – recognising the unreality of pretending areas such as user skill, attention, competence and experience are not important in the overall outcome. What I seek to achieve here is to try and identify the different components of an approach that may address the issues around having the practitioner be confident that the system they are using is providing the best possible aid and support for their care delivery.

What attributes are needed for the purchaser and user to be sure this to be so?

I would suggest the following are important.

1. Data Model

The target system needs to have a sufficiently rich data model to support both the usual data capture required in a clinical EHR system as well as the detailed – and hopefully structured information required for automated decision support. This means that at the very least crucial laboratory results (e.g Haemoglobin, Creatinine etc) will be captured in atomic form.

Clearly there is also the need to address coding / terminology in appropriate areas (e.g. diagnoses, medications etc) to ensure useful values are held and are computable to support clinical decision making.

2. Functionality

The functionality of the EHR system that is required for quality care delivery has been the subject of much work over the years and is quite well understood. The requirements contained in the General Practice Computing Report in Australia and the HL7 and CCHIT specifications for the US provide quite reasonable guidance in this area.

Clearly the full scope of these requirements including clinical decision support and clinical pathway management and tracking are required.

3. Knowledge Database(s)

While vital, here we arrive at a major difficulty. This is at least one area where the quality, scope and depth of what is required is likely to prove less than straight-forward to define.

4. Interoperability

As attractive as ‘vendor lock in’ may or may not be to commercial software providers it is anathema to software customers and users. For this reason all information stored in the EHR should be exportable in a standard – and preferably standardised form to any certified competing product.

5. A Commercial Future

With use over time the value of the information held in a clinical system becomes progressively larger. The purchaser / selector of a system, which will be expected to be operational for ten years or longer, needs to be confident of the commercial viability of the software provider in terms of maintenance, updates, recurrent costs and so on.

6. Messaging and Communications Capability

Systems these days do not live in a vacuum and they need to be able to securely transmit and receive both clinical and administrative information in a seamless and standardised fashion.

7. Usability

It is important any systems should be engineered to be both easy to use and also to be designed using the principles applied to aircraft-cockpit design where the important information cannot be overlooked easily or without warning.

It should be noted that while the emphasis in this article has been on ambulatory systems all the forgoing is just as relevant to the hospital and other larger provider sectors.

The next issue is how is assurance obtained that these attributes are indeed present and are of the quality etc required.

Given the current political situation it seems to me that what is required is a CCHIT (Certification Commission for Healthcare Information Technology in the USA) like organisation, funded by, but at arms length from, Government that can work with users and all the other stakeholders to develop the requirements and criteria in each of these areas and then offer incremental and reasonably in-expensive paths to certification.

The CCHIT approach of developing roadmaps of requirements and capabilities to be delivered over a known time-frame I see as remarkably sensible and pragmatic and well worth adoption.

Clearly the Australian CCHIT would need to work collaboratively with both system developers, academia, clinicians and standards bodies to develop and then assess systems against the agreed criteria. This said it would also be important to have very professional leadership of the commission in place to ensure there is no easy route for less than high quality systems to be certified. A half baked process would be far worse than no process at all.

My guess this would be of the order of a five year project to get where we need to be with initial certifications possible in two to three years.

To not go down this path will leave individual purchasers and vendors possibly, indeed almost inevitably, liable for possible errors of omission or commission. The Government must really act to provide appropriate coverage for all those in the E-Health sector.

The other step I believe is required is that there be financial incentives for the clinical users to both install and then use the advanced systems as we know from the study reported yesterday that it is only the actual use of capable quality systems that makes a real quality and safety difference.

The business case for the Commonwealth to do this in the Ambulatory Sector I am sure would be totally compelling!

David.

Tuesday, November 14, 2006

A Vision of E-Health Nirvana - We Know What is Needed!

It seems that, given my advanced age and galloping decrepitude, that I will not last to ever see the E-Health nirvana. However, today, HIMSS Analytics has published the report that will allow me to slip off to the grave a “very happy Vegemite” knowing, at least, nirvana is possible!

Today, the following appeared in the overnight issue of the Health IT Strategist (HITS) – the Health IT publication from Modern Medicine in the US.

"Greater benefits seen in advanced apps: study

There are few substantial correlations between improved healthcare outcomes and "incomplete" electronic medical-records systems, according to a new white paper from the Healthcare Information and Management Systems Society and its not-for-profit subsidiary HIMSS Analytics, but the more sophisticated the EMR system, the more it improves the quality of care.

"Perhaps it’s appropriate to borrow a line from the addiction-recovery industry," the report stated. "When it comes to the electronic medical record, it appears that half measures avail us nothing."

On the other hand, along with improving quality of care, the white paper stated that advanced applications such as computerized practitioner-order entry and clinical documentation can also increase hospital revenues related to pay-for-performance initiatives.

The findings are based on a study of 107 University HealthSystem Consortium hospitals that looked at how well hospitals did on 63 quality measures developed by the Agency for Healthcare Research and Quality and how advanced the hospitals’ EMR systems were. The study split the EMR systems into eight different stages of implementation, but no hospital in the study had implemented a system in the highest stage, and less than 1% had implantations in the levels five or six. In fact, most hospitals were still in stages zero, one and two.

The report concluded that there was a significant increase in quality scores between the 39 level-three hospitals and the 22 level-four hospitals. A main difference between the two levels is that level-four hospitals have implemented CPOE. According to the report, stage-three hospitals had six slight positive correlations between their EMRs and AHRQ’s quality measures and only one strong positive. Level-four hospitals, however, had nine strong positive correlations and 11 slight positives. The strong correlations included the areas of acute stroke, heart failure in-hospital mortality percentages and gastrointestinal hemorrhage in-hospital mortality percentages.

-- by Andis Robeznieks / HITS staff writer"

The report, which makes very interesting reading, and draws, I must say, quite conservative conclusions, can be found at the following URL.

http://www.himss.org/content/files/UHCresearch.pdf

The core conclusion, re-stated is that to make a real difference with clinical systems what is needed is both Clinical Physician Order Entry and Clinical Decision Support based – not just on simple error checking but on ensuring that evidence based clinical protocols are being adhered to as frequently as possible. Obviously this makes perfect intuitive sense and supports the studies mentioned previously on the blog that show at the real benefits of clinical computerisation are really only to be had when advanced systems are deployed. (See the blog article Saturday, August 26, 2006 Interactive Electronic Decision Support Benefits - Keys to the Literature).

The findings of the report have a number of important implications.

1. There is more to assessing the value of a clinical EMR system than Return on Investment (ROI).

2. We are further assured that the major investments suggested by this blog are, in fact, necessary and that half measures are a waste of time and money. The UK has it right to at least attempt a quantum leap in the level of health system automation – the debate now is only really around are they going about it the right way!

3. The identification of the need for advanced systems to achieve real clinical outcome improvements makes a mockery of the penny pinching approach to Health IT being adopted by the present Australian Government.

4. The transformation task to get Australia from where we are now to where we need to be to really improve health outcomes and patient safety is a really, really big one that is not being helped by the lack of a National E-Health Strategy.

5. It is largely pointless attempting to develop benefits models and benefits realization approaches unless you make clear assumptions about the advanced nature of the systems required and ensure the business case recognises the scale of both the cost and the benefits.

6. It is no longer sensible to not have clear guidelines as to the capabilities and functionality that should be delivered to ambulatory (GP and Specialist) and hospital practice.

NEHTA needs to change focus and really start addressing these implications if it is not to become part of the problem rather than part of the solution.

David.

Monday, November 13, 2006

Identity Management – The References.

It occurs to me, following a couple of e-mails from some of those interested, it might be worth providing a few pointers to where some useful further information can be found for further research and reading.

The topics and URLs are as follows:

1. Australian Office of the Access Card

http://www.accesscard.gov.au/

This is a new site and has the work of Professor Fels and his taskforce as a sub area at the following URL

http://www.accesscard.gov.au/consumer_privacy_task_force.html

The full press release is worth a careful read as is the Government’s response which is also available at the site.

Media Release

Access Card Consumer and Privacy Taskforce Recommends Safeguards

08 November 2006

Safeguards to protect personal privacy and security and to maximise consumer convenience have been recommended by the Access Card Consumer and Privacy Taskforce.

“Comprehensive legislation to define and regulate the role of the card and associated databases is needed. This will build public trust and confidence, and establish safeguards regarding current and any new future government uses of the card”, Professor Allan Fels AO, Chairman of the Taskforce and Dean of the Australia and New Zealand School of Government said.

“The card is a health and social services access card. It should not be allowed to develop into a national identity card by virtue of “function creep”. Legislation should ensure the card is not a national identity card nor an electronic health record nor have any link with tax records nor be required to be carried by individuals.

The legislation should also prohibit anyone requiring individuals to produce the card (except when they are accessing defined Commonwealth benefits and services).

“The legislation needs to define what the card will and won’t be”, Professor Fels said. More details of the recommended legislation are in the report of the Taskforce.

“Function creep” can be minimised by requiring any new future government uses only being permissible by legislation. Function creep can also be reduced by limiting the ultimate capacity of the card.

Australians should own the card. This will give individuals better control and limit the scope for government and others to determine future uses. There should, however, be some limitations on inappropriate usage of the card e.g. tampering with it, or altering prescribed information on the card.

Card holders should not be required to have their legal name on the face of the card if they have a preferred name they commonly use. There are legitimate reasons why consumers would want to have a name displayed on the card which differs from their legal name such as those who use Australianised names, middle names, changes of name in indigenous communities and maiden names. Their legal name, however, would be stored on the chip and on the register.

The Taskforce accepts that there needs to be a photo on the face of the card (as well as in the chip and stored in the secure customer registration system). This will minimise fraud, increase convenience for card users and government agencies and improve its capability for proof of identity (where consumers choose to use it for that purpose).

“Regarding the storage of the photo on a national photographic database, there is merit in considering the storage in the form of a template rather than in the form of real photos. This would reduce possibilities of fraud and misuse”, he said.

“However, this must be weighed up against cardholder and government convenience. If a card is lost, as frequently happens, the cardholder would have to be rephotographed if the photo was not stored in real form”, he said.

“If there is to be a real photographic database, it is critical that there be maximum security precautions. This should be held separately, within the register, from other cardholder data and there should be stringent special controls to prevent unauthorised access and improper usage”, he said.

The Taskforce is sceptical for the need for a digitised signature to appear on the card. The signature seems to be of limited use and it increases the dangers of identity theft and fraud. Again, whatever the outcome, digitised signatures should be subject to rigorous controls to prevent unauthorised access and improper usage.

The Taskforce accepts that there needs to be a number associated with each card, even though this means that each cardholder then has a unique number assigned to them.

“The taskforce considers that the number should not appear on the reverse of the card”, he said. If the card number is not displayed it reduces the risks of the card slowly developing into a “unique personal identifier” number for the Australian population (that is, each Australian eventually has a unique number assigned to them). Also, if the card number is displayed it increases the risk of fraud. This risk outweighs some advantages for government administration and user convenience. In the alternative the government should give consideration to making the inclusion of a unique number on the reverse of the card a matter of genuine choice for the card holder.

When consumers register for their card they will bring documentation to verify their identity. Should copies be taken of these documents and retained on file in accordance with existing practice?

The argument for the copying and retention of proof of identity (POI) documentation relates to measures taken to detect and control fraud.Such records are accessed by relevant Departments where there is some suspicion of illegal behaviour or identity fraud, or in cases where original documents are subsequently lost or destroyed. Such a procedure may, in some instances, also be required under statute.

The Taskforce supports capturing proof of identity documentation for the purposes of establishing identity and verifying their authenticity but has recommended that they should not be scanned, copied or kept on file after they have been verified.

The Taskforce notes statements by the Government that the card is only to be used for access to health and welfare services. The Taskforce notes that the Government is also in the process of considering the adoption of a National Identity Security Strategy which aims to require a very high (“Gold Standard”) proof of identity.

However, the Taskforce does not believe that the ‘Gold Standard’ being considered for a National Identity Security Strategy is necessarily appropriate for use by to facilitate delivery of health and social services benefits. The most disadvantaged and marginalised members of the community who may be unable to provide sufficient documentation to establish their identity should not be unnecessarily burdened by this process.

The Taskforce has recommended an extensive public information campaign explaining the nature of the card.

The Taskforce makes a number of recommendations to the Government for the ongoing design and implementation of elements of the card. Fundamental to further consideration of these elements by Government is the continued process of consultation that needs to occur between the Taskforce, the Government’s Lead Advisor and Chief Technology Architect.

The Taskforce is committed to ensuring that the views of all Australians feed into the design of the access card system.

The Taskforce is currently working on the second discussion paper, which will consider the Registration process and will seek to ensure that there is continued consultation with consumer and interested groups. This paper is expected to be released for discussion in November 2006.

The Consumer and Privacy Taskforce

The Consumer and Privacy Taskforce, was established in May 2006 to report on consumer and privacy issues arising from the Government’s announced plans to introduce a new health and social services access card.

The Taskforce released an initial discussion paper released on 16 June 2006. The Taskforce has met with 120 representative groups and received over 100 written submissions.

The Taskforce’s believes that all decisions about the design of the card should be made in as transparent a fashion as possible and be informed by public consultation.
The Report makes 26 recommendations.

A copy of the report can be found at www.australia.gov.au/accesscard. The report is titled Issues and Recommendations in Relation to Architecture Questions of the Access Card.

The Government response is found here:

http://www.accesscard.gov.au/publications.html

2. Report from the UK House of Commons: Identity Card Technologies: Scientific Advice, Risk and Evidence

This can be found at the following URL.

www.publications.parliament.uk/pa/cm200506/cmselect/cmsctech/1032/1032.pdf

3. A Blog on Identity by Kim Cameron.

Kim Cameron is Architect of Identity and Access in the Connected Systems Division at Microsoft, where he drives evolution of Active Directory, Federation Services, Identity Integration Services, CardSpace and Microsoft’s other Identity Metasystem products.

See http://www.identityblog.com/

Of particular interest are the Laws of Identity found here.

http://www.identityblog.com/?page_id=354

In very brief high level summary these seven laws are.

1. User Control and Consent:
Digital identity systems must only reveal information identifying a user with the user’s consent.

2. Limited Disclosure for Limited Use
The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.

3. The Law of Fewest Parties
Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.

4. Directed Identity
A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. Pluralism of Operators and Technologies:
A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.

6. Human Integration:
A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

7. Consistent Experience Across Contexts:
A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.

4. The Australian Attorney General’s release on Identity Theft of May 2006 which refers to the still unpublished National Identity Security Strategy (NISS).

http://www.ag.gov.au/agd/WWW/ncphome.nsf/Page/Identity_Theft

5. The Information Commissioner’s Office of the UK Government.

Has a broad range of material on privacy, ID fraud, identity cards and surveillance including the very recent and terrifying report revealing there is now one CCTV camera for every 14 UK citizens.

http://www.ico.gov.uk/

6. The Office of the Australian Privacy Commissioner.

This is a vital site which in the last year or two under Karen Curtis is really producing some excellent work in my view

http://www.privacy.gov.au/

7. The Australian Privacy Foundation.

Putting the case that the Access Card is just a stealth ID card. It is unclear at this point of Minister Hockey or Ms Anna Johnston are winning the debate. Probably the peak Australian privacy lobby group.

http://www.privacy.org.au/


8. Roger Clarke’s Dataveillance and Information Privacy Home-Page.

A well thought out set of Australian resources from an academic who has been thinking about this area for many years.

http://www.anu.edu.au/people/Roger.Clarke/DV/

I hope these are useful.

David.

Sunday, November 12, 2006

The Australian National Identity Security Strategy – Unknown, Critical and Possibly Flawed!

In the November / December issue of the IEEE Internet Computing Journal Daniel J. Weitzner from MIT has written what I see as a very important article entitled “In Search of Manageable Identity Systems”.

The DOI Bookmark is: http://doi.ieeecomputersociety.org/10.1109/MIC.2006.127

The key insights and the reason why I think the article is important is contained in the following two paragraphs from the paper.

“Although no doubt exists about current identity mechanisms’ weaknesses, our efforts to design and successfully deploy network-based identity management systems have been so frustratingly unsuccessful that a new approach seems necessary. Elements of the new approach come into view when we compare Internet identity protocol designs with systems used in financial services.

Traditional computer security systems begin with a nearly metaphysical design goal of associating a single identifier with a single identity (whether a person’s name or pseudonym). Once the system verifies the identifier, all privileges associated with it become available to whoever possesses that identity. Rather than taking this unitary approach, however, credit-card authorization systems take a composite approach, in which the binding between an identifier (a credit-card number) and the associated privileges (access to credit) is established only after the system has completed statistically based antifraud checks. In other words, you aren’t actually recognized as the card holder simply for presenting the card or even after verification that the card token itself is genuine. You’re recognized as an authorized party only on the basis of traditional security checks combined with statistical verification that you’re likely to be who you say you are.”

What is being said here and in the rest of the paper is that the simple concepts of a unique identifier may not be appropriate or workable in the networked world in which we now find ourselves. Indeed the paper suggests we do not yet have “manageable identity systems” as yet.

The paper describes how, in real time we now have credit card providers, having been given an identifier (the card number and expiry date etc), running sophisticated analysis on the card’s transaction history to ensure the purchase looks to fit within the individuals known spending patterns as so on. Unexpected transactions (larger than normal, bigger than normal, from an unexpected location) are either flagged for later review or declined.

It is easy to see how such technology (were it to become widespread) could also be applied to verification of a health or social service identifier, of the sort now being proposed in the Access Card, before a benefit is paid or a clinical record is linked with others.

I wonder are such approaches part of the technology architecture being developed for the various Government identity initiatives?

In late 2005 the following announcement came from the Council of Australian Government.

http://www.coag.gov.au/meetings/270905/

Identity Security

The preservation and protection of a person's identity is a key concern and right of all Australians. COAG agreed to the development and implementation of a National Identity Security Strategy better to protect the identities of Australians. The strategy will enhance identification and verification processes and develop other measures to combat identity crime. The strategy will be underpinned by an inter-governmental agreement.

COAG also agreed to:

• the development and implementation of a national document verification service to combat the misuse of false and stolen identities; and
• investigate the means by which reliable, consistent and nationally interoperable biometric security measures could be adopted by all jurisdictions.”

Further clarification came in May, 2006 in a press release from the Attorney General.

“The national strategy aims to strengthen identity security through rigorous enrolment and authentication processes while ensuring personal privacy. The national strategy is based on a cross-jurisdictional, whole-of-government approach to maximise its effectiveness and interoperability across all governments.

The key objectives of the strategy include:

• improved standards and procedures for enrolment and registration including identifying key Proof of Identity (POI) documents to be used by all appropriate organisations for the purposes of identifying and registering clients for services;
• enhancing the security features on these documents to reduce the risk of incidence of forgery;
• establishing mechanisms to enable organisations to verify the data on key POI documents provided by clients when registering for services;
• improving the accuracy of personal identity information held on organisations’ databases;
• enabling greater confidence in the authentication of individuals using online services; and
• providing appropriate legislative support.”


It is understood that this strategy relies on the concept of a “gold standard” proof of identity - via the so called Document Verification System – where Proof of Identity (POI) is established by confirmation of the validity (via checks of relevant sources such as Births Deaths and Marriage Registers etc) of the documents presented to confirm the POI.

Were this to be the case one is forced to wonder just how sophisticated the approaches being adopted are and whether there is the risk of the waste of a great deal of money in pursuit of a “gold standard” of identity proof which turns out to be chimera.

A number of things seem clear.

1. Even if an identifier is available and has been obtained with extreme levels of verification that may not be enough to provide certainty as compromise is always possible.

2. The level of certainty required for different transactions is different in different circumstances. (e.g. borrowing a video requires less certainty than linking clinical patient records).

3. Judgements as to the required level of certainty as to identity should be made on a pragmatic and reasonable ‘fit for purpose’ basis.

4. The approaches planned by the Access Card team, the NEHTA Identifier Team and those in the DVS team really need to be aligned, made consistent and fit for purpose and suitable to the application planned. It is hard to see how they are at present.

5. For at least some in the community POI will be very difficult to achieve and any systems implemented need to be sensitive to that fact.

Professor Fels makes relevant points in his November 8, 2006 press release entitled “Access Card Consumer and Privacy Taskforce Recommends Safeguards”

“The Taskforce notes statements by the Government that the card is only to be used for access to health and welfare services. The Taskforce notes that the Government is also in the process of considering the adoption of a National Identity Security Strategy which aims to require a very high (“Gold Standard”) proof of identity. However, the Taskforce does not believe that the ‘Gold Standard’ being considered for a National Identity Security Strategy is necessarily appropriate for use by to facilitate delivery of health and social services benefits. The most disadvantaged and marginalised members of the community who may be unable to provide sufficient documentation to establish their identity should not be unnecessarily burdened by this process.”

It seems to me that while purely identifier based systems seem to have met with some success in places as diverse as Germany, Malaysia and Hong Kong we need to make sure the distinction between enabling access to services and an identity card is not blurred so severely as to become meaningless.

The general unease regarding the melange of identification systems being evolved is only heightened by the recent reports of the extent of individual surveillance happening in the UK and now moving to Australia at an apparently unstoppable speed.

One really begins to wonder whether it may be better overall to tolerate a little CentreLink and Medicare fraud and inefficiency rather than surrender so much control of our individual autonomy and freedom.

Comments, as always, welcome.

David.

Saturday, November 11, 2006

AusHealthIT Blog – Where to From Here?

The blog has now been on-line for a little over eight months and it seems like a good time to take stock of where it has come to and where it should now go.

What I know is that for a topic as absurdly arcane and Health Information Technology in Australia there is more than a little interest. The blog has two counters of activity. One counts the page views and visitor numbers on the main site. The other counts the number of reads and visits generated by e-mail alerts and RSS feeds.

To my amazement – since setting up the feed - there have been 6,413 views of the 62 different items published. This excludes all the direct view from the actual blog site – which is also seeing about 100 page reads per day on average.

In summary it looks like each article is now being read by at least 100 different people with the more “interesting” articles being read over 200 times.

Interestingly the origin of readers is international with a very strong Australian bias. (Australia 70%, US 11%, UK 9% Ireland 2% Rest 8% (India, Macedonia etc!)

On the basis of the feed activity the following ten articles (in order, so far) have been the most popular.

• E-Mail Security and Clinical Practice

• E-Prescribing in Australia – Is there a New Plan

• Oh HealthConnect! – You Have Done it Again

• How to Really Fail at Health IT Strategy

• What is Happening in Electronic Decision Support?

• Just Who Do They Think They are Fooling?

• Electronic Prescribing – What is Needed?

• Clinical Decision Support - A Major Contribution

• An Australian e-Health Strategy - The Outline

• NEHTA's Approach to Privacy V 1.0

This leads me to believe the readers of the blog are most interested in the strategies to be adopted in developing and implementing e-Health and in reviewing possible solutions and approaches. It is also clear many of the readers are interested in what is going on under the NEHTA and HealthConnect banners as well as the progress with the Access Card.

What is now needed are two things.

1. Suggestions as to what other topics should be addressed in the future.

2. Information and feedback on what is going either well or badly in the E-Health space in the “wide brown land”. In this context I am particularly interested in success stories that can be cited or emerging problems that could maybe be rectified.

I already am getting e-mail from places as diverse and Hong Kong and Canberra and the more I receive the better I can tailor the blog to meet people’s interests and needs.

Contact me with tips, news, comments etc (anonymously is fine via a fake Hotmail or Yahoo account if needed) at davidgm – at – optusnet.com.au. (substitute the “– at –“ with “@”). No information on correspondents will be made public without explicit permission!

David.

Sunday, November 05, 2006

HealthConnect Scottish Style – Cheap, Quick and Effective.

I can say I was more that a little pleased to see the following appear this week. It shows the canny Scots have not lost their touch and with decent planning and care good things in e-health can happen really quite quickly.

http://www.ehiprimarycare.com/news/item.cfm?ID=2238

Scottish emergency care records to be electronic by 2007

02 Nov 2006

The Scottish Emergency Care Summary is to become paperless by spring 2007, according to leading members of the Scottish Clinical Information Management in Practice.

Initially launched across Scotland last summer as a hybrid system, including paper and faxes, the Emergency Care Summary has already helped make out-of-hours communications more efficient effective.

Scottish health minister Andy Kerr said of ECS: “This new shared record means that NHS staff who need it to look after you can get important information about your health, even if they can't contact your GP. Health workers will also have a more complete picture of a patient's health and medical background.”

The minister added: "In the future, all health records will be stored and linked electronically and that will bring great benefits over the old paper files kept in different places and electronic records that are not linked up."

Libby Morris, chair of SCIMP told E-Health Insider Primary Care: “Following a public information campaign about the ECS, through leaflets delivered to all 2.5 million households in the country and a further 400,000 copies of the leaflet distributed to GP practices, primary and secondary care services, we were able to successfully go-live across all 14 NHS boards.”

The ECS contains important basic information such as name, date of birth, Community Health Index (patient ID number used in Scotland), medication prescribed by a GP and any adverse reactions to prescribed medicines.

The summary currently covers 2.5m patients, using a password protection system which is protected using the "highest standards of security". NHS staff will have to ask the patient's permission before they can look at the ECS, except in the event the patient is unconscious or unable to give consent.

Morris said of the early experience of the summary record: “ECS has made life so much easier for out of hours and accident and emergency staff. They can now have access to important information on the patients’ clinical history. Doctors, nurses and receptionists in out of hours medical centres; staff at NHS 24 involved in the patients care and staff in accident and emergency departments can all view records quickly and avoid risks to patients.”

NHS Scotland spent half a million pounds on publicising the new system, giving full details of how patients could opt-out of the scheme if necessary. To date, over 5 million records have been uploaded onto the system and only 174 patients in total have opted out of the scheme.

The system makes it possible to check who has looked at the patient's ECS. Patients can ask their GP to show them the information in their own summary.

…….

Plans are now in place to begin the switch over to electronic records and NHS Scotland is aiming to store and link full health records electronically by 2010 – beginning implementation in spring 2007.

A Gold Standards Framework Scotland (GSFS) IT development project has been established which aims to provide electronic patient records in one place helping those with cancer and palliative care needs in particular.

Staff will be able to fill in the patient record forms using the system, which can be saved electronically and then accessed by authorised staff. These will replace current paper-based tools and be integrated into existing practice IT systems.

Ian Kerr added: “GSFS will support clinicians to do the right thing at the right time, making it easy to have the best possible information available for forward planning, team review, consistent communication and sharing critical information.”

He also said that future work on the ECS will help to ensure that there is full integration with the NHS 24 advice centre and ambulance service databases. More data will be put onto the system over time, including lab results and statistics from nurse checks.

Morris told EHI Primary Care: “Patient-clinician interaction is important. Patients should know what is going on and who knows what about them. They must give explicit consent for information to be released, and trust the clinician not to abuse details which can be sensitive.”

The ECS has been piloted by various trusts, accident and emergency units and focus groups since its initial launch in October 2005. Kerr believes that the success of its national launch is thanks to the large amount of feedback received from patients, clinicians and administration staff. “

It would appear that virtually all the key issues that could block a successful implementation including proper public consultation and communication, a sensible approach to consent and privacy, having a clear implementation strategy and system wide technology approach and keeping it simple and quick have all be undertaken. The outcome seems to be great.

Well done to all those involved! Seems to me DoHA and NEHTA could learn a few things from this exercise.

David.

Privacy – The Global Perspective and Australia’s Position

The following report on global respect for individual privacy and the levels of surveillance of citizens in most developed countries and some others was released this week.

http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-545223

Privacy International and EPIC launch Privacy and Human Rights global study

02/11/2006

Each year since 1997, the Electronic Privacy Information Center and Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of technology, surveillance and privacy protection.

The most recent report published in 2006 is probably the most comprehensive single volume report published in the human rights field. The report runs to almost 1,200 pages and includes about 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from law students studying privacy to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice.

This year Privacy International took the decision to use the report as the basis for a ranking assessment of the state of privacy in all EU countries together with eleven benchmark countries. This project was first considered in 1998 but was postponed pending availability of adequate data. We now have the full spectrum of information at our disposal and we hope to publish the rankings on an annual basis."

The e-health perspective in this report centres on the impact the findings might have on the possibility of implementation of electronic health information sharing. With our Australian focus the specific notes provided on Australia are of interest. The highlight findings were:

“AUSTRALIA

The Australian Capital Territory became the first jurisdiction to incorporate a bill of rights that includes a right of "privacy and reputation.

New amended legislation has eliminated the warrant requirement for accessing stored communications (email, SMS, and voice mail), allowing non-law enforcement government agencies to access this information without a court order.

The government is considering launching biometric RFID passports at the end of 2005.
A new law allowed the motor vehicle and driver licensing agency to issue photo ID cards to non-drivers and retain personal information about them. A privacy group campaigned against the law, likening it to a State-based universal ID card.

National census administrators proposed to alter the nature of the national census to make it the most extensive data collection tool on any person. An immediate outcry from civil liberties groups caused the proposal to be dropped.”

Also disappointing is the Australia rated only 2.4 out of 5 on its efforts to protect personal privacy and manage unwarranted or intrusive surveillance. This score has us in the category described as having “Systemic failure to uphold safeguards” for privacy.

Areas where Australia was clearly deficient included:

1. Constitutional protection

2. Privacy Enforcement

3. Data-sharing

4. Visual surveillance

5. Communications interception

6. Law enforcement access

7. Travel, finances, Trans-border Data Transmission (especially bad)

8. Leadership

The entire report is worth accessing and a detailed review. In the downloadable .pdf files there is a very full report on all aspects of the Australian situation. The current state of our privacy approaches suggests we will face major barriers in making individuals comfortable with electronic health information management without very major reform.

David.

Thursday, November 02, 2006

NEHTA’s Annual Report – What We are Not Being Told!

The Australian National E-Health Transition Authority (NEHTA) (The peak government e-health entity) released its 2005-06 Annual Report a couple of days ago. It is an impressive 24 page document that is clearly designed to let us know as little as possible about what is going on. A good two pages are wasted, at least, on the smiling faces of the directors and CEO for example – rather than some useful information (Indeed we get two identical photos of the chairperson – just different sizes!).

The document contains riveting information on the organisational structure of NEHTA, two puff pieces (from the chairperson and CEO) saying what a success it has been so far, two and a half pages outlining all the stakeholders who have been “engaged with”, and a two page 2006 – 6 update of all the projects they are undertaking.

The rest of the document gives is a graph of the exponential recruitment process (to now about sixty people) and two pages of guff on directorial movements and changes.

It then concludes with the usual statements of audit independence and a “concise financial report” – the real report seems to be secret – and an auditors statement that the accounts are unqualified and accurate. (This takes seven pages with only two pages of figures provided).

The 24 page report thus provides a totally inadequate two page report on what NEHTA has achieved with the almost $10 million it has spent this financial year.

Those interested can access the report at the following URL.

http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,92/Itemid,139/

As with all such documents it is not what is in the document, but what is left out that really matters.

Left out is enunciation of any real e-Health Vision or Strategy for Australia.

Left out is any indication of how the interoperation between the Private (read the GP, investigative and Specialist sectors), and the Public Health System is going to or could be made to work.

Left out are any performance measures and any statements as to how NEHTA is performing against these benchmarks.

Left out is any analysis of the business risks faced by NEHTA – especially those around not being able to get funding for the Shared Electronic Health Record and what would then be done with all this work.

Left out is any clear forward plan as to just what is to be delivered and when – with a staff of 38 then and 60 now – most having project management skills – one wonders why? (All there are a statements that some things have to be done by mid 2008 and others by mid 2009 – all a long way off compared with the pace we see in the US and the UK right now!)

Left out is any explanation of just what a little over $1.7 million spent on administration has achieved. Given that the total operational expenses were a little over $9 million it would seem a lot was spent administering.

Left out is any listing of, or rationale for the selection of, the clinicians and consumer representatives who have been consulted with a small number of time.

Left out is any evidence of a single improved clinical outcome or improved information flow to result from NEHTA’s two years of work so far.

Left out is why $7 million plus of member contributions were not spent this financial year. Work in this are is urgent and the opportunity cost of inactivity is high. Why so slow to get moving when the funds are available?

Left out is an explanation of the $4.5 million in receivables at the end of the year which is mostly members contributions owing. Seems some States are not paying promptly?

Among the interesting tit-bits to be found in the report are the following quotes:

“The company operates predominantly in one business and geographical segment being the development of methods to electronically collect and securely exchange health information throughout Australia.” (p21). Its nice to know what they are meant to be doing at least!

“The full financial report is available to Members free of charge upon request.” (p20). That means we want to keep the public away I would suggest – the members being the jurisdictional CEOs are to be the only ones who know what is going on!.

“NEHTA believes it is exempt from income tax as a public authority for the purposes of s.50-25 of the Income Tax Assessment Act 1997. This assessment will be confirmed by an application for a private ruling from the Australian Taxation Office during the 2006 - 07 financial year.” (p20). One is amazed this has not been sorted out by this – but delay is consistent with the apparent slowness of the organisation getting ramped up in general.

“The company’s major liability of trade and other payables ($3,086,023) comprises goods and services tax payable on member contributions and general trade payables.” I really wonder why NEHTA would pay GST on its member contributions – they are grants from State to Federal Governments are they not?

I know bureaucrats thrive on letting nothing out that could result and any controversy or criticism – but this so called “Annual Report” has set a new bar for obfuscation and concealment.

NEHTA is a publicly funded entity which has now expended well over $20 million in its initial and now corporate manifestations. The public is entitled to a much clearer statement of just what has been achieved and what is planned in my view.

The total lack of any sense of the need to provide more than the scantiest accountability or openly discuss and consult on future plans and directions is amazingly arrogant and borders on a scandal.

David.