The following appeared on the NEHTA web site a few days ago, dated 22 July, 2009. To me what is important is not so much what is says, but what is missing. Maybe we could have a new version covering the issues I raise?
The original file is found here:
http://www.nehta.gov.au/component/docman/doc_download/764-ihi-consultaton-paper-qaa
While developing better responses to important questions they could also fix the typo in the link title.
“IHI Consultaton paper Q&A” is what we have now!
Q&A for Healthcare Identifiers
Setting foundations for a safe, secure and effective e-health System
The role of e-health is to provide those caring for a patient with access to the right information, about the right person, in the right place, at the right time.
E-health is essentially about delivering safe, quality patient-centred healthcare through the better management and sharing of health information, regardless of where or when healthcare is provided.
Unfortunately, communication within, between and across the myriad of private and government healthcare providers and systems has no single method of accurately and reliably identifying either the people getting healthcare, the healthcare providers or the organisations managing care.
Before Australia can create a national e-health capability it must ensure that everyone in the process – the patients, the providers and the healthcare organisations – is clearly and securely identified.
Australia’s peak body in the design and development of government e-health initiatives is the National e-Health Transition Authority (NETHA). NEHTA is a joint initiative of the national, state and territory governments tasked with leading the design of e-health initiatives, including identifiers for individuals and healthcare providers.
About Individual Healthcare Identifiers
What is an Individual Healthcare Identifier (IHI)?
An IHI is a unique 16 digit identifier that will be assigned to all Australian residents and others accessing healthcare in Australia. Each number will apply to only one person and will be used in health information records alongside the person’s name and date of birth. It is a simple, yet robust, indexing system.
Why introduce Healthcare Identifiers?
Communication of health information is a vital part of effective healthcare. The accurate identification of individuals and healthcare providers is critical in all health communication. Healthcare identifiers for individuals, providers and healthcare organisations, will reduce the likelihood of medical mix-ups and avoid information being assigned to the wrong patient or sent to the wrong service.
Using an IHI will ensure that healthcare providers are able to clearly identify the person they are treating. The IHIs will enable important health information about a patient to be more readily and securely linked with other information about that patient. This is particularly important for people who may have many healthcare providers involved in their care.
Why not use the Medicare number?
A Medicare number is not unique. Some individuals are members of more than one family and may be on multiple cards with multiple numbers. Also, not everyone who needs healthcare will have a Medicare number.
How will it work?
Healthcare providers may include an IHI in a person’s health records, along with name and current identifying information. If any healthcare information needs to be provided to another healthcare provider, such as in a referral, hospital discharge summary, pathology test or pharmacy prescription, the IHI will provide clear identification of the patient, the referring provider and the healthcare service or organisation receiving patient information.
The IHI will enable a person’s health information to be linked uniquely to them, and continue to be linked, no matter how many different health care providers they see and how many times they change address or other details.
This will improve the safety and efficiency of the care they receive.
Are IHIs needed to receive healthcare?
An IHI is not a requirement for accessing healthcare in Australia, although all Australian residents who are enrolled in the Medicare system will automatically be allocated a number. People who are not initially given an IHI will be allocated a temporary IHI when they receive healthcare.
The IHI will not alter the way in which anonymous healthcare services are currently provided. Nobody will be refused treatment if they do not have an IHI.
What do people need to do to get an IHI?
People who are enrolled for Medicare will receive an IHI automatically. Those not enrolled in Medicare will be provided a temporary IHI number when attending a healthcare service. This temporary number can be validated through the service operator (initially Medicare Australia) and will become that individual’s unique IHI. If a person already has a unique IHI number, then this temporary number can be merged into their existing IHI.
When will IHIs be allocated?
IHIs will be available from mid 2010. In the lead-up to implementation comprehensive testing will be conducted to ensure the legislation, processes and security is fit for purpose.
How will the IHI improve healthcare communication?
There are four key areas where immediate benefits will be derived through the use of IHIs:
Discharge summaries, i.e. patients’ ongoing care needs can be effectively communicated to their healthcare provider/s when they leave hospital.
Pathology Tests, i.e. patients’ will be accurately linked to their test results and their care provider.
Prescriptions, i.e. pharmacists can clearly identify the range of medications a patient may be receiving – allowing better monitoring for possible contra medications, as well as safely filling electronically lodged prescriptions.
Referrals, i.e. patient records and case history can be communicated safely to and from the referring healthcare provider and the required service or specialist.
What about the identification of doctors and clinics?
Authorised healthcare providers, healthcare centres and organisations will also be provided with unique identifier numbers. These will provide enough detail to clearly identify the individual provider, centre or organisation, include the provider’s business contact details if requested, and also operational information, such as the types of services provided.
About Protecting Privacy
Privacy is paramount in the development of legislation governing healthcare identifiers. Where current laws are applicable they are maintained. Where new laws are required they are being developed in the new legislation.
How will information be protected?
Specific Commonwealth legislation is being drafted to detail the governance, privacy and approved uses for the Individual Healthcare Identifiers. As well as this, access to the IHI and the limited information it contains, is protected by state and national privacy laws. Penalties apply if any of these laws are breached.
Who can access my IHI?
Access will be restricted to authorised healthcare providers or workers who can only use it to accurately identify an individual or information that relates to the individual. No other clinical or health related information is stored with the IHI. The information will accessible through Medicare Australia, individuals will be able to access their own IHI.
What can the IHI be used for?
The IHI is specifically designed to improve information management, both in the storage, retrieval and transfer of patient information and in communication across the health sector.
Who will store and look after IHI data?
Medicare Australia is to be the initial operator of the Healthcare Identifiers Service. As a dedicated provider of health related services, Medicare has the national infrastructure, processes and industry and community relationships needed to securely deliver and maintain the Healthcare Identifiers.
The Healthcare Identifier Service will be a separate and new Medicare business, not linked to its funding or claims for payment functions.
As a statutory agency Medicare Australia will be governed by national legislation that prescribes the scope of the functions it will perform and the privacy and security it must maintain.
About the Healthcare Identifier Consultations
Why are consultations on privacy being held?
Consultations with key healthcare and consumer stakeholders will contribute to making the legislation robust and effective – balancing the privacy of personal information with the healthcare benefits that can be gained through better sharing of health information.
How can I contribute to the discussion on healthcare identifier legislation?
People wanting to view and or comment on the discussion paper can do so at
www.health.gov.au/ehealth/consultation (TBC)
Where can I find out more about IHIs and the National e-Health agenda?
The National e-Health Transition Authority (NETHA) maintains a comprehensive website. You can get more information by visiting www.netha.gov.au .
----- End Document.
This document requires careful reading to see just how little justification is provided for this program and the scope of what is being consulted upon.
What the consultation is NOT about are questions like “do you think this is a good idea?” or “here are the range of possible ways of addressing the problem – which one do you prefer?”
We are told this identification is a problem and this is the way it will be addressed – by giving everyone in the community –and remember being in Medicare is about as voluntary as breathing – a new number. It seems it is not enough that we have a Tax File Number, a Car License Number, a Passport Number etc but that we all need yet another number!
Are there options? Then answer is yes but they are not mentioned or considered. (As an example the US National Health Information Network (NHIN) is being developed explicitly without a Unique Patient Identifier and right now it is going rather better than we are here in OZ).
See as an example:
http://www.tmcnet.com/usubmit/2009/07/22/4284824.htm
CAeHC Demonstrates NHIN-enabled Gateways Among Five California Health Information Exchanges
We are also told:
“In the lead-up to implementation comprehensive testing will be conducted to ensure the legislation, processes and security is fit for purpose.”
Since the legislation has not yet been developed, the technical shape of the system is not public, and there is no proof at all the ID is fit for its proposed purpose it would be good to have some criteria made public against which the testing will be conducted.
Better still we could be actually given proper details of the whole proposal so we could decide just what questions need to be answered!
Additionally there are no suggestions as to how those people who wish not the be enrolled can opt out of the system. If we have entered the world of compulsory Ids then the public should be allowed a serious discussion on the topic – and be told that is the case.
It is not clear from this FAQ just what the ordinary citizen can do to avoid abuse of the number by it being accessed and then used to provide demographic details to third parties (perhaps for a bribe) to potentially facilitate unwanted contact, abuse or worse.
You are also not told how much all this will cost now and into the future and what the cost benefit case is for doing this –even if you are convinced it the right thing to do.
It is also not explained just who is going to use this service, how it will be implemented to preserve privacy and just what the case is for actually using this identifier at all.
Last there is no discussion of the impact on the overall system of looking this ID up every time you go somewhere new for a health service. Given the number of services provided each year ( in the millions) – the cost of the time spent will be non trivial.
Back of the envelope let’s assume each person needs to access 3 providers in the year following introduction of the system. Let’s assume it takes two minutes to obtain and store the ID.
That comes to about 60 million look ups taking two minutes. This is 250,000 days of time spent. (120,000,000 divided by 60 = 2 Million Hours spent. Divide by 8 = 250,000 working days). Assume each working day costs $100 and we are talking $25M per annum on lookups! If there are even 10% of records needing to be updated the cost rises dramatically. You really need to be sure you are getting value for imposing such a cost on the system.
I really hope with the new era introduced by the NHHRC Report we can see a new era from NEHTA and that this sort of rubbish trying to treat the public like mushrooms will end real soon now.
David.
We will see nothing new from this mob. The NHHRC Report will spin on the talkfest merry-go-round, no-one has the authority to change NEHTA and no new leadership will be brought into play. It is probably fair to say NEHTA and DOHA will just keep doing the same old same old until something happens to break the status quo. What might that be?
ReplyDeleteSo let me see if I understand your position here, you think it is viable to exchange healthcare information relating to an individual between providers, without a mechanism to uniquely identify that individual? How does that work? If that's not what you think, can you outline what model for identification you think is suitable?
ReplyDelete"but there may be ways - like those that have been developed by Initiate Systems?" or Sun, or Orion or.....
ReplyDeleteI think the point that a contract has been signed and is on the cusp of being deliver has been lost. Yep, let's stop 2 years of work and take another direction. Not my vote for taxpayer money. As a matter of interst, are other contires taking the same approach as the US?
No one believes you don't need unique identification mechanisms. The question is how you do it and protect privacy etc.
ReplyDeleteIf what is happening in the US is working - as it seems to be..it seems there are options. No one is even considering those and we are not told about them. Identifiers are simple and easy to understand - I agree - but there may be ways - like those that have been developed by Initiate Systems that need to be considered before being dismissed. That is my point. The options are not reviewed for all of us to consider the costs and benefits
David.
It is NOT happening in the US without identifiers. Each of the 5 HIEs in the example you refer to have some sort of master patient identifier they have individually agreed on - Initiate just provides a way to map between them. I realise NEHTA have a communication problem but you can't be serious if you think there is a chance of progressing any viable, broadly available ehealth capabilities in Australia without an identifier.
ReplyDeletePerhaps a little bit of objectivity is called for here, as well as some analysis of what is really holding Australia back. Claiming we "are not told about them" just makes you seem like another conspiracy theorist, when in its not that hard to find out what is really happening. Getting 5 organisations to share health info is laudable, getting 5000 to do so, in a sustainable and affordable manner is an entirely different proposition.
Also, asking an uninformed marketplace what they think is a good idea reminds me why Henry Ford claimed he never asked his customers what they wanted - "because they would have told me it was a faster horse..."
And how many of us were involved in this decision to go down this unproven and unexplained path and just what validates it as appropriate?
ReplyDeleteI am seriously over what has been done as I do not actually think it is fit for the purpose of linking patient records and I do not think it is privacy protective enough.
Your mileage may vary but given I was involved in the major NEHTA consultation that has never been released on ID, the presently suggested this approach may be flawed in my view and I want to make sure, like you, money is not wasted.
David.
Read closely. The organisations involved serve a population about the size of Australia and my point is there is not a National Health ID in the US. And there won't be.
ReplyDeleteAs for your attempts to insult common sense and suggest the readers of this blog don't know what they are talking about - go for it!
If you are so convinced this is a wonderful, privacy protective, secure, not open to abuse plan send me the material that provides you with the information to form that decision. I have seen none to date.
David.
You are missing the point David - I wasn't referring to the readers of this blog - I said the marketplace.
ReplyDeleteWhy do you think the Australian government is less likely to protect people's privacy and security than the Long Beach Health Network?
While Australia is by no means a world leader in protecting privacy it is light years ahead of the US - so why are you convinced, with no evidence shown, that the example you present is any closer to a "wonderful, privacy protective, secure, not open to abuse plan"?
Again, what I'm asking for is some objective analysis, instead of broad assertions that somehow Australia is totally on the wrong track. Personally, I'm pretty comfortable that my privacy and personal information is better protected by the ATO than an American business - I have not forgotten the privacy breaches of Amazon, CDNow, DoubleClick and many, many others.
2 Points.
ReplyDeleteI would love to see the facts on which we could base the 'objective analysis' you mention. I have not said we are on the wrong track. I have said the whole thing is being done with such a lack of transparency neither you and I can know if this is the best way forward. Also despite your protestations you have no idea just how 'fit for purpose' using the Medicare CDMS is.
Second both the Tax Office and Centrelink have had issues of data and privacy compromise to say nothing of the State Motor Registries.
Bottom line is that I simply don't think the secretive approach and compulsory use of an unproven identifier for individual patient record linking without proof it will work safely is not good enough.
David.
OK - I agree with you about the fit for purpose issues of the CDMS. I certainly have significant questions as to whether Medicare is the right choice to implement this. However, that doesn't mean that the concept of a national identifier is flawed.
ReplyDeleteDavid, your time would be better spent criticising NEHTA for its real shortcomings. The very concept of IDs for everyone is essential to efficient HealthIT, and would make programmers' lives so much easier. Your arguments about time wasted on lookups are stretching things a bit. All systems would cache this data, and pretty soon lookups would be needed very seldom. If NEHTA provides a centralised, web service approach I don't see how a lookup could take more than 5 seconds anyway.
ReplyDeleteDavid's questions are right on the mark: Is this a good idea? Which of these options do prefer, if any? These are the questions that are not being asked. Instead, we are assured that a universal ID is essential for the "efficient" running of (universal) HealthIT. Where is the discussion of the alternatives? Are we to believe that there are simply no possible alternatives? I, for one, don't believe that, and until I see that discussion, I will not accept that there has been any effective consultation on the issue of identifiers, let alone on the larger issue of privacy.
ReplyDeleteIf you believe that there is no alternative to the universal identifier, prove it, don't just assert it.
IHIs have been coming down the pipe (ever so slowly) since NEHTA's inception, and the time to argue about whether IHIs are suitable has long passed.
ReplyDeleteThe discussion needs to focus squarely on how to maximise privacy within the context of the IHI system.
Then, once we accept that privacy can't be guaranteed, no matter how good the system is, we need to figure out how best to crucify people who abuse their access rights.
Rubbish,
ReplyDeleteIf you are going to do something, that costs lots of money, then you should do it properly.
The evidence that this is what is happening is pretty thin on the ground as far as I am concerned.
An IHI done properly might be a good idea, but lacking the information to assess what NEHTA is actually doing, and how well they are doing it, as all the correspondents here, leaves me in the 'trust but verify' mode.
Who, of those reading here, other than the NEHTA staff, know the technical details of how it will work, etc. And who knows the approach being adopted is the best one? Who has the evidence the the CDMS is fit for this purpose. I don't and I doubt anyone else does either.
I am suggesting you are clueless as to whether this IHI proposal is suitable. If you do know better show us all the evidence!
BTW you don't design a system and then bolt on privacy. The design needs to be privacy driven from its initiation.
David
DM: Who, of those reading here, other than the
ReplyDeleteDM: NEHTA staff, know the technical details of how
DM: it will work, etc.
Its not like this is any great secret... what is it you are wanting to know then?
DM: And who knows the approach being adopted is
DM: the best one?
AHMAC, NCIORF, NHHRC, COAG etc etc. Do you think they are all conspiring together to allow a not fit for purpose approach to be funded and implemented?
DM: Who has the evidence the CDMS is fit for
DM: this purpose.
What is your evidence is that it will not be fit for purpose (refer list of gateway approval organisations above)?
DM: The design needs to be privacy driven from its
DM: initiation.
Again what evidence is there that this is not the case (again refer list of gateway approval organisations above).
Answers:
ReplyDeleteQ1 - Where can I download them from to read?
Q2 - And the technical capabilities of these organisations is?
Q3 - If it is a download from the CDMS it is unlikely to have an error rate of less than 1 in 500 or so entries at best. I would like to see essentially 1 in 10000 to be even slightly content. Error rates from Audits of the database would confirm who is right.
Q4 - The Privacy Impact Assessment has not been done - except a 2 year old draft - so how can it be privacy driven.
Bottom line. The onus is on the proposers to show the work they have done to confirm this is fit for purpose - or we can all wind up with a lemon. There are big long term dollars here remember to operate and maintain this service. Has anyone see and options analysis and business case - or are we all to believe NEHTA knows best. Sorry I don't
David.
And I don't either David.
ReplyDeleteYour request for information and transparency is valid. If the individual with whom you are havving a tussle about who knows best has any common sense at all he will support your call for having the information made available for scrutiny.
After the history of flagrant wastage of public funds of hundreds of millions of dollars over the last 5 years or more by DOHA on HealthConnect and NEHTA any one who is prepared to accept that the same thing won't happen again in the absence of complete public scrutiny and proper governance is a gullible fool and a nave.
And if your commentator doesn't agree with me he should say so and provide the evidence to justify his ignorant belief that we can just leave it to 'them' and 'all will be well'.
Anon> Its not like this is any great secret...
ReplyDeleteAnon> what is it you are wanting to know then?
Even if David, and whoever else was posting above, prefer answering questions with more questions and conspiracy theories rather than any substence, I'd like to know how a national consumer identifier (IHI?) will work in conjunction with all the existing identifiers, which will stay attached to existing medical records?
HC
HealthConnect is not alone. We would all like to know how a national consumer identifier (IHI) will work in conjunction with all the existing identifiers.
ReplyDeleteHow many existing identifiers exist ie associated with the individual and their many 'record fragments'?
What standard national interface has been designed? It involves more than just developing an 'identifier' it must also provide for an enormous amount of cross-correlation which in simplistic terms is why we have '3' Identifiers (Individual, Entity, Service Provider). I say simplistic advisedly, taken into the real world will require a far more sophisticated interface than just those three identifiers. So, who is designing that, where is it at, what is the architecture, and so on?
Let's get some info out there or is there some deep seated fear that those who might be or have designed this in NEHTA or Government want it kept secret for some bizzare reason.
While identifiers will be useful it's a furphy to suggest progress in ehealth cannot be made in the absence of Identifiers. Identifiers are not the be all and end all of ehealth. They are just another enabling building block. So, while Health Connectorabove and the rest of us would all like to know how it is planned the Identifier(s) will all interoperate that is no reason why ehealth applications should not be developed in parrallel. Why the bureaucrats and NEHTA have sat on their thumbs for so long hidding behind Identifiers as the reason for lack of progress beats me.
ReplyDeleteDoes it really matter?
ReplyDeleteIt is hard to think of any system so bad that could not produce some sort of identifier. It doesn't have to be efficient, nor even unique. Just good enough for most practial usages. The current system has run for 100 years without one.
The more information that Nehta releases, the more criticism it is likely to receive. For example, the document accidentally did state one tangible fact, namely that the id is 16 digits long. Obviously 8+1 would be enough. (Or maybe a user chosen ID, web style.)
If I was Nehta I would release nothing except pretty broachers of people looking happy.
T.