Tonight the 7.30 Report ran a long piece on e-Health, EHR Privacy, the IHI, the lack of consumer involvement in the planning process (which was justified by Ms Roxon saying citizens would not understand all this technical stuff so there is no need to ask them!) and so on.
I am sure all this will be up later tonight or early tomorrow at:
There will be vision downloads and transcripts as usual.
Enjoy.. and note just how condescending our Health Minister is of the ordinary public. She could single-handedly set e-Health back a year or so with such stupid comments.
The transcript is here:
http://www.abc.net.au/7.30/content/2009/s2713265.htm
Here is the last bit of the discussion with the Health Minister and others (note bits in italics):
MARY GEARIN: According to the Health Minister, the new health-care identifier may be accessed by a smart card or pin, but won't have health information directly stored against it. The number is meant to simply serve as a link for authorised users.
NICOLA ROXON: People have a very high acceptance of the use of a Medicare number. This will obviously be different to that, and not using the Medicare number. But I think when it comes to health, people have a very good understanding of why you want to keep comprehensive records and why that ultimately helps you as an individual.
DAVID VAILE: As a database developer, I know that if you get the single number you can use that to tie everything together. And so even if they are distributed around the planet, you know, in 100 different systems, if you have got one number, it become almost impossible to properly control the use and access and reuse, the distribution, the transmission around the world of that information.
NICOLA ROXON: Sometimes I think we jump a little bit too much at shadows, that this is a way to improve patient care, save a lot of time for the patients and health professionals, and reduce a lot of wasted expenditure for extra tests and repeat tests that don't need to be done.
MARY GEARIN: In a submission on the issue two months ago, the office of the privacy commissioner noted that enabling such easy and accurate linking of data could create an environment in which linking might be done excessively and sometimes without adequate justification. The office called for greater certainty around the secondary uses of the information.
Will it be illegal for instance, employers or life insurance companies to have access to this material?
NICOLA ROXON: Again, I think these are really quite ridiculous questions when we are talking about patient-controlled information of your personal health records. Putting that into an electronic form doesn't change the law related to every other situation.
DR MUKESH HAIKERWA: The issue of secondary use of data is not covered by these provisions at this point in time. But any use of data that will be gleaned from this has to be with the patient's agreement.
MARY GEARIN: It's planned that whoever accesses the records will leave electronic fingerprints, but the minister admits many details, such as how potentially sensitive information is stored is yet to be thrashed out.
Juanita Fernando is frustrated by a process that has seen only invited advocacy groups including hers involved in the development of the system.
JUANITA FERNANDO: We need to hear a consumer voice - and there's no consumer voice.
NICOLA ROXON: I think trying to have the public intimately involved with every piece of technical advice that we are getting on how the different pharmacy information and GP information, hospital information will link up is probably beyond the interests of most people. So I don't think that sort of discussion has to be had publicly.
DAVID VAILE: They have not taken people into their confidence and they haven't put solving the privacy risks for real people in a way that is persuasive and reliable, they haven't put that at the heart of the process when it should have been.
DR MUKESH HAIKERWA: The paramount building block is confidentiality, if you don't have that people won't square up with you and you don't get the full information.
MARY GEARIN: For Jim Morgan, e-health and its promises of efficiency can't come fast enough.
JIM MORGAN: Yes I'd prefer others didn't get access to it, but what on earth are they going to do with it anyway?
---- End Transcript
Ms Roxon clearly thinks no one has the right to ask questions they see as important
David.
Dr. David G. Moore, My comment to you is that we the public should be able to allow our own GP, or Specialist to download that which is appropriate about our health conditions and medication onto a "dongle", which can be carried on our key chain for other Doctors, who we choose to visit and will know our correct treatment in any emergency, even in the case of accidents. I have a rare "one in a million" malady called SPS, you may not have heard of it, as most Medical Practicioners or Specialists have not. The relative cost for each patient to obtain a ":4GB dongle" would be about $4.00, and it would be a good opportunity for the whole medical profession to get behind this safe and private scheme, which could only give all the necessary information to ensure a persons safe treatment where ever the "Medico" has a computer to access the correct and appropriate treatment at the time. This way the patient is only able to give their complete medical history to the Doctor whom they wish to have this information. Technology is simple and effective if used with human brain power. Please take this seriouly, as the current Aust. Govt. scheme seems to me too complex and costly, they could even supply all the Medical profession with these "dongles" for issue to a patient at a nominal cost, as the Govt. would buy them at wholesale prices. Much cheaper than their present scheme. Regards, Jim R.
ReplyDeleteHey Jim
ReplyDeleteA couple of problems with the "dongle" idea:
-Like paper patient held records, they are often left at home, particularly in Emergency situations.
-They are not secure i.e. lose it and anyone can open it
-regular backup copies would be required to ensure that information is not lost via corrupt files or viruses
-standard software is still an issue e.g. if i save data to your "dongle" using Office 2000 and your GPs are using Office 1997, they won't be able to open the file.
-A "dongle" doesn't have any structure or order, so if I wanted to look at all of your blood results for the last 2 years, I'd have to open each file on the "Dongle" that might have blood results in it.
I think a National EHR is the best answer, but it is an agonisingly slow process so far!
Regards
Jane
David,
ReplyDeleteI actually think that Nicola did not do too bad a job with the questions last night. At least she had her facts more straight than the journalists and some of those interviewed.
The cause of eHealth has been set back far more by self-styled experts who are overly-focused on why eHealth will NOT work, instead of focusing on what can be done, right now, that does work; and there is plenty that does and improving almost daily. Even NEHTA has got this message (at last).
Unfortunately, the nay-sayers include you David - as well as the academics and self-appointed privacy advocates who featured in the interviews last night and who get far too much air-time on this issue.
I have been working in this sector for ten years, delivering an eHealth solution that supports real patients in real clinical settings in public health across several states - a single, interoperable solution.
This over-cooked focus on privacy and the use of the IHI is utter nonsense - the vast majority of patients are more than happy to a) share their health records if it means better healthcare and b) let their clinicians manage this data on their behalf. We have never had a patient opt out of one of our programs.
Australia has adequate legal protection of health records right now. Nothing changes when that data becomes electronic (as much of it already is!).
If I am a naysayer of a disorganised, unthoughtout, confused and unfunded non plan then I am proud to be so.
ReplyDeleteShe reminded me of a former premier of Qld - essentially saying 'don't you worry about that' when all the evidence tells us that if you don't worry to get these issue right you will fail.
David.
Once again, Ms Roxon has incorrectly floated the notion that the IHI will be held on a smartcard or protected by a PIN. There are no plans whatsoever for either scenario. Indeed, Peter Fleming at the MSIA last week said there would be NO TOKEN, that the IHI would simply be referenced by looking up the person's existing Medicare number from their current Medicare card.
ReplyDeleteI thought Nicola and Mukesh came across as the most sensible of the lot.
ReplyDeleteAnd I think Nicolas point about consumer involvement was right on the money - there are a lot of technical aspects of how systems hook up that are of no interest to the consumer. I don't think anyone needs the Privacy Foundation's help to debate the relative merits of WS-I profiles or check digit algorithms.
It would also be helpful if the so called 'experts' didn't confuse identification with authorisation. I'm not sure how many databases David Vaile has designed recently, but even though we call our columns 'keys' - they don't actually open any doors. Merely presenting an IHI to a system doesn't give you access. The strength of a systems authorisation checks should have nothing to do with the existence or non existence of IHIs (which is not to say that standardising the authorisation/authentication is not important - it just doesn't really have anything to do with IHIs)
Andrew and all.
ReplyDeleteLet us be clear here, no one has the least clue just what the 'e-Health system' that Ms Roxon and NEHTA are talking about actually is, how it will work, what it will cost and what benefits it will deliver. I also could not care less about check digit algorithms but I do care about the issues raised above - and I am entitled to be told clearly and publicly so I can form a view as to what I think could me modified, improved and so on.
David.
I don't know the exact details but I think I have a reasonable idea of what the IHI is.
ReplyDeleteI have a tax file number now - people involved in my taxation ask me for it. People not involved in my taxation aren't allowed to ask me for it. I can refuse to give it at any point.
I will have an IHI - people involved in my health will ask me for it. People not involved in my health won't be allowed to ask me for it. I can refuse to give it at any point.
Putting an IHI onto a record doesn't change any of the access or authorisation or authentication rules that are well established in health. It doesn't change any of the rules about who is allowed to share what with whom. However, when organisations share information at least they can be a bit more certain that they are referring to the same entity.
You may say that now that sharing can be done with more reliability that it may encourage unwanted sharing - perhaps that is true. Perhaps we need a thoughtful debate about balancing the need to collaborate using shared information, and how to do that with control and without information leakage.
But the debate will make more sense if people separate the concerns and make clear which bits they are debating.
Andrew,
ReplyDeleteThat is the point I am making. We have not been told what the big picture actually is and how it will impact consumers, providers etc etc.
As far as the IHI is concerned I have no idea just who will use it, how the software mods needed to make it work will get done etc. Of course just how the 500,000 providers who need smartcards etc for NASH are to get them we also don't know.
I am not arguing the IHI is not needed but I am keen on what is done being done right and right now neither you nor I know answers to a wide range of important questions.
David.
To me, the baseline for the confidentiality and privacy of personal data is this; if you don't want data to leak, don't collect it in a container. Clearly, medical data is inherently shared, so compromises are required, but we have to understand the nature of the threats to privacy in each proposed scenario.
ReplyDeleteWhen records were kept on paper in a GP's surgery, the non-medical staff necessarily had access to that data. Privacy was a matter of trust between the patient and the GP, and between the GP and his or her staff. Someone wanting access to your records could, for instance, bribe a staff member, or break into the practice.
Depending on the arrangements at individual clinics, computerised clinic medical records may still be accessible by non-clinical staff. Unlike paper records, they may be readily copied onto unobtrusive media and removed from the clinic if a staff member can be induced to do so. If there is an Internet connection from within the clinic, there is a problem of protecting the clinic's systems and data from becoming part of a bot-net operating out of Russia, Venezuela or elsewhere. Nonetheless, the basic trust relationships are the same as for paper records, although the ground has significantly shifted.
In both cases, though, the data, and the threats to its security and integrity, remain _localised_. When patient data is centralised, directly or indirectly, so too are the access activities of all workers within the health sector in Australia. Not only do we create a big hive of honey, but we have hundreds of thousands of bees buzzing to and fro. The sheer volume of such traffic underlines the risk of some of it being unauthorised or incorrectly authorised.
Terry and Francis, in the Uni of Illinois Law Review, stated what should be obvious, but too often is not.
EHRs are not like paper records writ larger. The differences for patient privacy and confidentiality and data security are matters of kind, not simply matter of degree. The irony is that the more inefficient a health records system … the fewer confidentiality and security issues it will raise.
I would argue that the IHI is not needed. The primary driver for an IHI, as far as I can tell, is for the tertiary users of the data. The overwhelming majority of clinical interactions in Australia are localised. They have to be, because a clinical interaction is a person-to-person interaction. Medical data moves in small circles. If "small" is defined in terms of the people involved, this applies as much to tele-health as to traditional medicine.
ReplyDeleteInformation has managed to flow around these circles for a long time now, without the benefit of a central identifier. How hard is it to look at these actual data flows and devise means, based on what exists now, to improve the ease and reliability of such flows?
The central identifier only makes sense to centralists of one stripe or another. It is not about the health of patients, it's about the health of various national systems.
If this is not the case, show me _any_ analysis of the relative merits of various decentralised approaches to identifiers and the IHI. I haven't seen one, and I'd say that Nehta's genesis in an alliance of Australian governments was the determining factor in the apparently unchallenged assumption of a central identifier.