Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"


H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Tuesday, November 17, 2009

It is By No Means Clear The Released Privacy Impact Assessments Get Us Very Far.

As noted in a short blog yesterday NEHTA have released a short commentary document and the three Privacy Impact Assessments (PIA) conducted over the last three years (since early 2006) on the IHI Service.

The documents are found here.


(Note to save as a .pdf find the “Save Pages” Icon and click.)

As always the devil is in the detail. Among the things I found interesting were.

1. The Scope of the Last PIA - which is really the only relevant one (Page 7).

“2.1 Scope of this PIA

This PIA is a consideration of the potential privacy impacts of the IHI on individuals.

This PIA is limited in scope in the following ways:

(a) this PIA relates only to the proposed IHI component of the HI Service as described in 3 and 4 of this PIA

(b) this PIA does not consider the privacy implications of the proposed HPI-I or HPI-O

(c) this PIA does not consider the privacy issues that may arise from using a healthcare identifier as a key or index to identify an individual in another e-health system such as an electronic health records system or electronic prescription systems

(d) this PIA does not consider the privacy issues that may arise from other possible future initiatives which may make use of the IHI, the HI Service or data held in relation to the HI Service

(e) this PIA does not consider the privacy compliance issues involved in a Healthcare Provider’s own use or disclosure of IHIs in its own local record systems, including the possible need to remove the IHI from data for some communications (although it does consider at a high level the nature of restrictions that might be put on such further use and disclosure of IHIs in local records)

(f) this PIA does not consider the privacy impacts of current Medicare Australia procedures

(g) this PIA does not consider the privacy impacts of the content of any participation agreement between a Healthcare Provider Organisation and the HI Service Operator (although it does consider at a high level the possible content of that agreement)

(h) this PIA does not consider the privacy impact of the security measures associated with HI Service infrastructure, including Medicare Australia security measures, security features of digital certificates, and user authentication (although it does consider at a high level some specific security issues)

(i) this PIA does not consider non-privacy related matters (including non privacy supervision of the HI Service Operator)

(j) this PIA does not conduct a detailed assessment of equivalent international approaches or previous international studies (k) the depth and extent of analysis in this PIA is reliant on the depth and extent of NEHTA’s policy work and design decisions to date, and

(l) this PIA only takes into direct account the views of stakeholders that participated in the single stakeholder consultation session conducted on 29 May 2009 (see 8 below).”

So very little consultation, no consideration of the impacts of actually using an IHI and no consideration of the possible impacts on healthcare providers.

2. The NEHTA introductory documents do not make it clear just why it has taken to so long to release these. The last PIA was submitted to NEHTA in late August, 2009.

3. It is clear the outputs of the consultation process on the shape of draft legislation which ended a week or so before this PIA was finalised and which has now led to a second round of consultation.

See here:


4. There is a recurring phrase found in the NEHTA summary:

NEHTA refers to Governments for consideration.

I counted 15 recommendations had that response so all those areas are still ‘up in the air’ As far as I can tell NEHTA does not make it clear just how the answers are to be obtained, specifically from whom and indeed by when. Given these answers are all pretty important to the actual workings of the IHI service it would be good to know!

5. The following from Page 40 of the Malleson’s document also makes it clear there is more PIA work to do:

“However, as stated at 2 of this PIA, this PIA is limited in its scope to addressing the IHI component of the HI Service. A PIA that addresses the privacy impacts of the IHI in isolation from the HPI-I and HPI-O, and the HI Service more generally, is therefore prevented from addressing some of the issues that arise when the three healthcare identifiers operate together. This was a concern raised by some stakeholders who were consulted as part of this PIA (see 8 below). We understand that a separate PIA will be conducted in relation to the non-IHI aspects of the HI Service.”

This is really a joke – surely we need an assessment of the total system and its impact on each of the different types of actors involved (providers, provider staff, consumers, Medicare staff etc).

6. I have to say the Malleson’s document provides a useful summary of what NEHTA has in mind but the more one reads the more wrinkles one sees. E.g. how does the system work if there are two John Smiths with the same Date of Birth – does it return no IHI or a list to choose from based on address?

Overall the documents make it pretty clear what NEHTA was proposing a few months ago for the IHI service but with all these referrals to Government for decisions and the recent Health Minister’s meeting it seems likely some rework and creation of a final PIA (and PIA’s for providers etc) after the legislative consultation will be needed.

7. The following also makes for some worrying reading. (Page 40)

“6.2.2 Uncertainty of some aspects of the HI Service

At the time of undertaking this PIA, some aspects of the HI Service had not been finalised. In particular, the governance framework had not been settled, and its development is ongoing. We identify the governance framework as one of the critical factors in ensuring that privacy aspects of the HI Service are managed appropriately and that materially adverse privacy outcomes are avoided. This PIA is limited to offering suggestions as to key elements of an appropriate governance framework from a privacy perspective.

As the title of the blog says we have a bit of a way to go yet to get real clarity on what this will all look like and how it will be governed. Of course we are all wondering just at what point all of this will be sufficiently well defined for client systems to be modified to use the IHIs!

June 2010 for being operational looks pretty tight!



Juanita said...

Pretty tight is an inderstatement- I cant see how the June 2010 timeline can be achieved at all! Inciteful analysis David.

Anonymous said...

An excellent analysis of the status quo. Troubling in the extreme is the repetitive disclaimer "this PIA does not consider the privacy issues that may arise from" - repeated, repeated, repeated ad nauseum. No one should be under any misunderstanding after reading your analysis that this whole identifier business will be going no where by June 2010; absolutely nowhere. We might, just might, see something in two to three years if we are lucky but our company won't be holding its breath.