NEHTA, with very considerable public funding, has now been developing the UHI service for almost 3 years, having initially been funded to undertake the work in around August 2006.
The following very interesting and carefully researched article appeared yesterday.
Medicare the base for e-health IDs
Karen Dearne | June 23, 2009
PATIENTS' medical records will be linked across health providers using the present Medicare number and card, under the $98 million Unique Healthcare Identifier (UHI) program being developed by the National E-Health Transition Authority.
Few details of the planned UHI service have been revealed to date, despite the January 2010 deadline for completion of the project's design and build. The work has been directed by the Australian Health Ministers' Council (AHMC) and funded by the Council of Australian Governments
Although healthcare providers - doctors, pharmacists, community clinics and hospital administrators, in both the public and private arenas - will be issued with highly secure smartcards using PKI-based identity verification, consumers' individual healthcare numbers (IHIs) will be accessed by linking through the old Medicare number.
The stronger credentials for medical professionals will be managed through the planned National Authentication Service for Health (NASH), an extension of Medicare's existing arrangements to securely identify doctors accessing the agency's systems for claiming or payment transactions.
Individual healthcare identifiers have been touted as a key building block in the nationwide shift to e-health systems, with the free-flowing exchange of people's health records set to revolutionise patient care through improved safety and quality outcomes, together with greater efficiencies, cost savings and a wealth of new opportunities through telemedicine, remote monitoring of chronic disease and public health surveillance.
Eventually, the plan is for each person to have an individual e-health record, which holds their personal details; a summary health profile that can be shared with the person's permission between treating doctors; event summaries such as hospital discharge reports, care plans and test results, and a self-care management record where people can add their own material.
But consumer and privacy groups may be disappointed by the barebones approach outlined to The Australian, in response to questions put to NEHTA, Medicare Australia - which is creating the UHI system under contract to NEHTA - and federal Health Minister Nicola Roxon.
It appears Ms Roxon has been mistaken in her recent comments that patients will access their health records through a smartcard.
Instead, doctors or staff members will have to call up a person's shared record via the Medicare number, together with the existing, additional family member number.
"The IHI is simply an identifier that will facilitate the secure transmission of health information," a NEHTA spokeswoman said. "The IHI will predominantly be retrieved using an individual's Medicare number as opposed to a 'look-up' system, but separate security and authentication processes will be put in place regarding the actual use of the IHI in relation to health records.
"If an individual does not have a Medicare card, their healthcare provider will be able to use demographic information to obtain an IHI from the service. A patient will normally be asked to provide only his or her name and date of birth."
This approach assumes Medicare's well-publicised difficulties with data quality - mailing out replacement cards to deceased persons, duplications and other errors, and fake cards circulating in the black market - have been fixed.
Another issue involves ensuring the proper separation of data in the new registration and record databases from Medicare's financial transactions and business operations.
Read much more detail here:
The way this whole project is being run reveals frankly an astonishing level of arrogance and failure of technical and public consultation.
NEHTA apparently believes Privacy Impact Assessments should be kept from the public. This is clearly an absurdity and deserves condemnation.
NEHTA has not even got to the stage of even the draftest of legislation which they admit will be needed. With the present government turmoil and hostile Senate what chance of legislation, which seems to be likely to be privacy invasive, getting through in other than geological time?
NEHTA apparently plans to have an operational service available at the beginning of 2010. What seems to be missing are the technical specifications that people who will use the service will need to develop to in order to use the service once it is operational. We have lots of business specifications but not much in the way of technical specifications.
See here for the presently available documents.
(Note in passing how most documents are nearly 2 years old!)
I wonder does NEHTA have a plan to pay software developers to interface with their service or is that another unexpected cost they plan to impose.
On the basis of what we all know about the data integrity of Medicare Identifiers who would trust this to be used to assemble and manage a clinical record. I certainly would not. The Medicare ID databases are just not ‘fit for purpose’ in this context (creating an aggregate trustworthy EHR). What is going on here is that we will very possibly wind up with a less than satisfactorily robust individual identifier and over time it will fall into disuse as it causes more misidentification and problems than it is worth.
I am sure additionally NEHTA has vastly underestimated the complexity and cost of issuance, maintenance and deletion of certificates and tokens to 500,000 health professionals. Frankly that is a huge task which is not done properly will also cause more problems than it is worth.
I also wonder who is going to pay to operate this service in the longer term and at what stage will the users be charged a fee for use to recover ‘costs’.
NEHTA needs to get the PIAs, Technical Specs and Draft Legislation out pronto so their plans can be reviewed and assessed publicly to prevent any continuing waste of money and effort. Sneaking around fobbing people off with vague details and timelines is really not good enough.
We need identifiers I believe to make patient records work optimally – but not developed in secret like this.