Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"


H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, February 15, 2009

Report Watch – Week of 9th February, 2009

Just an occasional post when I come upon a few interesting reports that are worth a download. This week we have a few.

First we have:

New Best Practice Report on Post Implementation Released

MTC/NEHI engaged CSC (formerly the First Consulting Group) to conduct a national survey of hospitals facing the operational challenges of newly implemented CPOE systems. The specific issues that are covered include:

  • Ongoing Support
  • Optimizing CPOE
  • Ongoing Management of Order Sets and CDS
  • CPOE and Medication Reconciliation
  • Downtime Procedures

The report includes a combination of onsite and telephone interviews with community hospitals that have a large number of physicians using CPOE. The report will be released in early February and distributed to all Massachusetts hospitals and available on our website at www.masstech.org/ehealth.

Access the full report is here:


This is a useful review of lessons learnt on the operational issues faced in CPOE Implementation. Very useful indeed.

Second we have:

PHRs are operating systems

Posted by Dana Blankenhorn @ 9:07 am

User Centric has a white paper out comparing the usability of Google Health and Microsoft HealthVault. (Picture from Tecni-Blog, a Spanish-language tech blog.)

The news is not good. Both rated poorly in terms of user experience. User Centric has followed up with a set of recommendations.

It occurs to me all this misses a rather important point, namely that Personal Health Record software is not really an application.

It’s more like an operating system.

A PHR has to do many different things for many people. It must be able to take in data cleanly and seamlessly, sometimes automatically. That requires interfaces with hospital records, and with a host of consumer devices. It may also require taking input from alternative therapists, like chiropractors.

Full article here:


The paper, "How to Select an Electronic Health Record System the Healthcare Professionals Can Use," is available at usercentric.com.

Third we have:

AHIMA Calls for Data Stewardship

The American Health Information Management Association is calling for establishment of a National Health Data Stewardship Entity. Supporting the exchange of health information, the entity would promote standards for uniform and consistent data.

"This NHDSE would coordinate the bodies that support the life cycle and collection of data exchanged over electronic and other health information exchange systems and the data stored in a variety of repositories or registries," according to a statement from Chicago-based AHIMA.


More here:


For the complete AHIMA statement, which covers principals and guidelines; data access, use and control; and recommendations, click here.

A useful working document that should help consideration of similar matters here in OZ.

Fourth we have:

Ontario’s eHealth Strategy

On February 5, 2009, eHealth Ontario published Ontario’s three year eHealth Strategy. It is a working draft created by eHealth Ontario’s leadership and Board of Directors with input from the healthcare sector.

From February 5-19, we invite you to provide feedback to the Strategy, which will be used to finalize the plan that will:

  • Guide investments and operations during the Strategy time frame of 2009-2012
  • Enable/fulfill the government’s strategic healthcare priorities
  • Provide a framework for measuring and reporting progress and results

More here:


Download the Draft Strategy here:


A very useful document – note the similarity to many aspect of the Deloittes Strategy. The lessons learnt section – pages 6-10 – is well done and spot on!

Fifth we have:

Call for co-ordination on ID card security

04 Feb 2009

ENISA, the EU agency and responsible for assessing Europe’s digital security, has published a position paper highlighting problems with current and planned European electronic ID card schemes.

ENISA (The European Network and Information Security Agency), based in Heraklion, Crete, describes itself as Europe’s centre of expertise for information security, with the mission of ‘defending the future’. The centre operates as a hub for exchange of information and best practices in the field of Information Security.

The new EHISA paper gives the first overview of the differences between privacy features in eID cards across Europe.

There are currently ten national electronic ID card schemes already in use across the EU, with thirteen more in the pipeline.

Electronic ID cards and health smart cards form a key part of the e-health initiatives in European countries including Germany, Austria and France.

More here:


The report can be found here:


It is useful to have a discussion of card security and privacy protection for these cards given the level of penetration of these cards around the world.

Sixth we have:

HIPAA Privacy Rule Fails to Adequately Protect Patient Privacy and Hampers

Health Research; A New Approach to Privacy Protection Is Needed in Research

WASHINGTON -- The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule does not adequately protect the privacy of people's personal health information and hinders important health research discoveries, concludes a new report from the Institute of Medicine.

Congress should authorize the development of an entirely new approach to protecting personal health information in research, separate from the HIPAA Privacy Rule, said the committee that wrote the report. This new approach should apply privacy, data security, and accountability standards uniformly to information used in all health-related research regardless of who funds or conducts the research.

If policymakers decide to continue relying on the current rule to protect privacy in health research, the committee recommends a series of changes to improve the rule and the guidance that the U.S. Department of Health and Human Services (HHS) gives on how to comply with it.

In addition, the report urges all institutions conducting health research to strengthen their data protection. Security breaches are a growing problem for health information databases. Among the measures that should be taken, encryption should be required for all laptops, flash drives, and other portable media containing such data given the potential for these items to be lost or stolen.

The committee's recommendations recognize the valuable societal benefits that both ethically conducted health research and privacy protections provide. Without such research, society would lose the benefit of new therapies, improved diagnostics, and more effective ways to prevent illness and deliver care. Privacy helps protect individuals from harm, such as discrimination and identity theft, and permits research and public health activities to be carried out in ways that preserve their dignity.

"We believe there is synergy between the goals of safeguarding privacy and enhancing health research and that it is critically important to our nation's health to strengthen privacy protections and still facilitate research," said committee chair Lawrence O. Gostin, professor of law and director, O'Neill Institute for National and Global Health Law, Georgetown University Law Center, Washington, D.C. "Our recommendations aim to boost regulations and practices that effectively protect personally identifiable health information, while changing provisions of the HIPAA Privacy Rule or its interpretations that have proved to be ineffective."

The HIPAA Privacy Rule regulates what uses and disclosures of personally identifiable health information are permitted by health plans, health care providers, and other entities covered by the regulation. The goal is to ensure that individuals' health information is properly protected while allowing the flow of data needed to promote high-quality health care and health-related research.

However, the HIPAA Privacy Rule is difficult to reconcile with other federal regulations governing research involving people and their personally identifiable information. Moreover, organizations that collect and use health data vary greatly in how they interpret and follow the rule, and the rule does not apply uniformly to all health research. The committee's review of published reports, testimony from patient and privacy advocates and the health research community, and other sources of information led it to conclude that the way the rule is currently interpreted does not adequately protect privacy and impedes important health research.

HHS and other federal agencies should develop a new approach to regulation that focuses on best practices in privacy, security, and transparency, the report says. The new framework should facilitate use of health data in which personally identifiable information is removed and should provide legal sanctions against unauthorized re-identification of individuals. It should provide ethical oversight of research in which use of personally identifiable information without individual consent is necessary. This oversight could be accomplished by local ethical review boards that assess proposed projects on a case-by-case basis, or institutions could be certified at the federal level to carry out this kind of research, having proved they have policies and practices in place to protect data privacy and ensure security.

If the current HIPAA Privacy Rule continues to be the means for safeguarding privacy in health-related research, the committee recommended several ways to revise the rule and its guidance on compliance. For example, HHS should make it clear that people can grant permission in advance that samples or data collected from them for one research project can be used in future research. And the agency should simplify and clarify the criteria for making decisions about waiving requirements to obtain permission from every patient whose personal health information will be used in study.

The study was sponsored by the U.S. Department of Health and Human Services, Robert Wood Johnson Foundation, American Cancer Society, American Heart Association/American Stroke Association, American Society for Clinical Oncology, Burroughs Wellcome Fund, and C-Change. Established in 1970 under the charter of the National Academy of Sciences, the Institute of Medicine provides independent, objective, evidence-based advice to policymakers, health professionals, the private sector, and the public. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. A committee roster follows.

Pre-publication copies of Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research are available from the National Academies Press; tel. 202-334-3313 or 1-800-624-6242 or on the Internet at http://www.nap.edu. Additional information on the report can be found at http://www.iom.edu/hipaa. Reporters may obtain a copy from the Office of News and Public Information (contacts listed above).

More here:


The report information is found here:


A free summary of the 300 page report is found here:


Well worth a browse.

Last we have a useful link to a range of EU Reports on e-Health.

This page will get you started.


All sorts of interesting material to browse.

Here is a list of the most recent

2009-02 Study report eHealth in Action - Good Practice in European Countries

2009-01 Project report Semantic Interoperability for Better Health and Safer Healthcare

2008-12 Study Robotics for Healthcare report and Robotics for Healthcare leaflet

2008-12 Conference ICT-BIO 2008 Report

2008-12 Conference WHIT2008 EC Procurement workshop report

2008-11 Communication Telemedicine for the benefit of patient, healthcare systems and society

All these reports and associated materials are worth a close look.


1 comment:

Anonymous said...

The Ontario eHealth strategy is a great read and it's clear that there are indeed some similarities to the local DeLoitte strategy.

However, a couple of differences that jump out straight away:
1. The focus on specific clinical outcomes in just a small set of scenarios. Just look at pages 14 to 17. They pick out the challenge of diabetes management and set goals of # of prevented deaths, avoided hospital costs, etc. This is what the DeLoitte strategy failed to do - it failed to make the connection between solid implementation approaches and real clinical outcomes that could be understood by politicians and ordinary people. Without that connection, it has remained a technically interesting but almost irrelevant document.

2. In just the second paragraph, the report outlines the funding behind this work - some $2.1billion over four years. Just think, Ontario has about half the population and GDP of Australia and it can see that a significant investment in Health IT can make a big difference. Shame on the Australian bureaucrats and politicians who can't (a) put forward a sufficiently sound business case for investment, (b) can't see beyond short term maintenance of status quo towards investments in long term reform.

Interestingly, one of our best leaders in health with the capacity to drive reform, Stephen Duckett is soon leaving Australia to drive reform in Alberta, a neighbouring state.

Considering the very significant similarities between the health systems of Australia and Canada in so many regards, it is quite amazing that there is such a contrast in their respective progress on eHealth. Canada is leading the world - Australia is severely lagging, squandering both opportunity and capacity.

But if we want to turn it around, then maybe we should ask the simple questions that were obviously asked in Ontario:

If we do nothing more than we currently are doing, how many people with diabetes will suffer avoidable blindness? How many will suffer from diabetic foot that could have been picked up in a more regular primary care review? How many avoidable hospitalisations will occur, and how much will those hospitalisations cost? Ultimately, how many avoidable deaths will occur and how many lives afflicted with disability could have been of higher quality?