Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, February 10, 2010

A Few Thoughts on the Draft Health Service Identifier Bills (2010).

We now have the Bills that have been introduced in the Australian Parliament.

The relevant Bills can be accessed here:

http://parlinfo.aph.gov.au/parlInfo/search/summary/summary.w3p;adv=yes;orderBy=priority,title;query=Dataset%3AbillsCurBef%20SearchCategory_Phrase%3A%22bills%20and%20legislation%22%20Dataset_Phrase%3A%22billhome%22%20Portfolio_Phrase%3A%22health%20and%20ageing%22;

With the obvious disclaimer that I am no lawyer I find this all pretty alarming.

I will look forward to the comments of some serious lawyers but in the mean time a few points that strike me.

For a start there are a few gaps I would have thought might have been addressed.

A search shows that Pseudonomysation and anonymous care are not even mentioned.

There is a total loss of any choice about having an ID (See page 6-7).

“(4) In exercising a power under subsection (1), the service operator is not required to consider whether a healthcare provider or healthcare recipient agrees to having a healthcare identifier assigned to the healthcare provider or healthcare recipient.

(5) The regulations may prescribe requirements for assigning a healthcare identifier to a healthcare provider or to a healthcare recipient, including providing for review of decisions made under this section.

There is a document explaining how the HI service is to work and it also does not really provide any useful information – anonymous is found twice in the whole 40 pages.

This is the link to the explanatory document.

Building the foundations for an e-health future: update on legislative proposals for healthcare identifiers (PDF 966KB).

Another explanatory document is the NEHTA Concept of Operations found here:

http://www.nehta.gov.au/component/docman/doc_download/872-concept-of-operations

Sadly there seems to be no linkage made in the Bills between the above documentation and how the system will actually work based on the legislation. This is a magnificent example of the 'trust us, we are from the government'. Sorry I just don't.

There also seems to me to be an issue around all the exclusions to the way the actual legislation works found in Section 38, but it could be that I don’t get the legalese!

Last as far as I can tell virtually all the public submissions would appear to have not had much impact on what we see being put to Parliament.

Here is the only place all the detail is found. The legislation does not guarantee anything of this will ever become real as it clearly will all depend on the regulations which we are all yet to see.

For this Bill to pass without those regulations being made public would be an outrage in my view.

Sadly I can’t check about the regulations at the moment as www.aph.gov.au is being attacked by hackers and barely can show you a front page. Nevertheless the point stands – until we all see the regulations this should pass in my view.

I also have to say that virtually none of the issues identified by the Australian College of Health Informatics (ACHI) seem to have been addressed.

Executive Summary

The Australasian College of Health Informatics (ACHI) is pleased to provide comment on the "exposure draft Healthcare Identifiers Bill 2010" with its supporting documents. The College combines the region’s peak health informatics expertise and experience and welcomes this opportunity to help inform the Health Identifier (HI) national e‐Health endeavour from an extensive background of significant knowledge and experience in health information systems and identification implementations.

1. ACHI is concerned the draft HI Bill may be enacted yet COAG has not yet made any decision about a national Electronic Health Records implementation. The draft seems to establish the framework for an e‐Health system that may never exist or be funded. It seems to ACHI the information available regarding any possible framework is also very scant and inadequate.

2. There are several major omissions from the draft Bill that are referred to in the documentation supporting the draft Bill, especially the "Building the foundations for an e‐health future … update on legislative proposals for health care identifiers:

The legislation does not specifically cover consumer ability to access information even though we understand it to be a requirement of the Health Identifier service provider.

The Bill appears to lack details of governance arrangements in place to manage the misuse of provider details in the provider directory, eg stalking.

There is no information about the NASH process or controls in the draft Bill or in papers supporting the Bill.

The Bill appears to lack clarity around the operation and governance of the HI Service.

Future development through regulation would be improved by linkages to Standards Australia and the International Standards Organisation.

In addition, we are concerned that a substantial pilot of the HI system for evaluation has not occurred.

Future development through regulation would be improved by linkage to Standards Australia and the International Standards Organisation. We also believe the HI will be affected by the lack of systems to put in place provider details, such as those to enrol some categories of Allied Health Care workers, which may take several years.

3. The punitive measures for the disclosure of patient information risk penalising clinicians in the patient care context, over which most have no control.

4. Any permitted information disclosures should comply with ISO Standard "ISO/TS 25237 Health Informatics: Pseudonomysation" (ISO TS 25237 2008).

5. A process defining the nature of accepted secondary uses of patient data needs to be made consistent with the international standards in this area and be the subject of appropriate public consultation.

6. The draft legislation links personal information to HIS. International and Australian standards on the identification of Subjects of Care and Health Care Client Identification offer a more controlled approach to linkage and implementation that does not appear to have been considered in the Exposure Draft.

7. ACHI suggests that it may be prudent to refer to international and national standards in the draft Bill rather than facilitate personal data linkages based on an outmoded technological stance.

8. The draft legislation leaves many important matters to regulation that has yet to be planned and does not leverage or comply with existing standards.

In summary, the College believes that the "exposure draft Healthcare Identifiers Bill 2010" is a timely national e‐Health endeavour. The establishment and broad implementation of a Health Identifier requires a comprehensive and mature legislative underpinning, which can be achieved by broad consultation.

With this response, the College seeks to support and contribute to this process. In particular, the College believes the identified agreed local and international standards should be leveraged and the issues surrounding implementation that we have identified should be further explored.

The Australasian College of Health Informatics comprises Fellows and Members that have led and contributed to local and international initiatives in the e‐Health area for many years. The College would be happy to leverage their expertise and experience to help ensure the national e-Health legislative framework interoperates with international standards, planned and implemented architectures as well as systems that are effective and sustainable. To this effect, ACHI would be pleased to continue and extend its input into future iterations of the legislation.

The full and quite detailed document is available at the ACHI web site:

http://www.achi.org.au/docs/ACHI%20Response%20to%20Draft%20Health%20Identifier%20Legislation%20V1.0.pdf

Enough said. We need the regulations pronto!

David.

10 comments:

Anonymous said...

I read the Minister's Media release today. It said "The Rudd Government believes that e-health is a key part of reforming the health system".

Ahhh - I feel better now.

Anonymous said...

Well the regulations won't be made available for quite some time. First we pass Legislation, then we implement the Identifiers and around the same time we will inform everyone about the regulations governing the identifiers.

Dr David G More MB PhD said...

That approach is unacceptable. Its that simple.

If you are from NEHTA you are working hard to make sure this project is a catastrophe with attitudes like that!

David.

Anonymous said...

My understanding is that the Identifier is just that, an Identifier. Everyone is freaking out about a 16 digit number because they are not sure how it will be used and I can understand that, however, does anyone not agree that we need a better way to identify a patient record between disparate systems? At the moment Vendors are having to use Name matching backflip techniques to identify a record and even then still require a human to tell them that these two records are in fact the same person. It's the 21st century people, isn't it time we got a bit more efficient.
Whilst I can understand the fear of governments holding big databases of data on people, I do believe that the identifier is purely a way of allowing more reliable communications between two solutions (even if they are the same product). The identifier is not about STORING DATA in a BIG DATABASE that the Government has control of.
Providers will be able to store a number against a record in their own databases and be able to decide if, where and what data is shared.
We all accept pathology interfacing in its current form, no-one has screamed big brother with that. I see these identifiers as making this function (for a start) much more streamlined and reliable.

Dr David G More MB PhD said...

2 Issues:

First know one knows if the Medicare CDMS is reliable and accurate enough to do this because they haven't piloted it.

Second attaching patient data to this is just what NEHTA wants to do - its called the IEHR.

David.

Anonymous said...

It is when attaching the IHI to a patient record that we need the privacy safeguards and the ability to opt in/out. Who cares if a person is assigned a number that is not used.

I still do not understand why there is so much fuss over the HI Service when it is not legislating an IEHR. We all expect that an IEHR will happen but, as people keep saying, this is just a stepping stone. As far as I can see there are adequate privacy safeguards around the HI Service itself. It is the shape of the IEHR that people are (rightly) concerned about. But why is it necessary to know all about the IEHR for this legislation?

Dr David G More MB PhD said...

1. A lot of us don't expect an IEHR will happen.

2. The major part of the business case for doing the HI service rests on using it for something like the IEHR. If the IEHR is not on - and at present it is just a twinkle in NEHTA's eye - there may be much better and cheaper ways to get similar outcomes. Even if you believe the HI Service will actually do as claimed. I am not at all sure on that point either.

David.

Anonymous said...

A few thoughts...

The business case for the HI Service is about providing consistent identifiers. An IEHR is just one of many clinical processes that will consume reliable identifiers, include discharge sumaries, referrals, presciptions, clinical orders etc.

In practice identifiers will be much more heavily used across single cycles of care than they would be in longitudinal health records (IEHR).

So even if we don't proceed to IEHRs, there is still a need for a benefits arising from having consistent reliable national identifiers.

In practice the IHI is only going to be a primary identifier where "interfaces" occur between healthcare organisations/services. For a whole host of reasons, it seems highly likely that it will be used as a secondary identifier within the domain of an individual organisation/service

In terms of legislation first and developing regulations later, for better or worse, that is a fairly common approach to legislation in Australia. The nature of regulations is that in any case that they can be changed by the Governance Authority established under the legislation. If you don't like that you will be alarmed by much of the in-place legislation in Australia, which none-the-less works quite satisfactorily in practice.

Regarding Medicare Program (MBS) data and DVA data, its just a starting point..... within reason and the limits of AS 4848 and AS 5017 (which the HI Service Concpet of Operations makes clear are acknowledged standards for the HI services, so I can't think what ACHI was on about with their comment on that) additional data, to improve searches without tokens, can be added over time with the consent of the individuals concerned.

The HI Service datasets are not lockstep with the Medicare Program or DVA datasets (though anecdotally the DVA data is said to be quite good).

Your comment about "better and cheaper ways to get similar outcomes" is puzzling. Most of the matching approachs I've seem proposed based on namespaces have quite limited applicability in terms of the cultural aspects of namespaces *IN AUSTRALIA*. What works for the population in, say, Cabramatta may be complete failure for the population in, say, Alice Springs. They are also significantly more invasive in privacy terms, and consdierably riskier in clinical Quality and Safety terms.

Lastly, the RACGP seems quite supportive of the legislative approach.

Dr David G More MB PhD said...

"Your comment about "better and cheaper ways to get similar outcomes" is puzzling. Most of the matching approachs I've seem proposed based on namespaces have quite limited applicability in terms of the cultural aspects of namespaces *IN AUSTRALIA*. What works for the population in, say, Cabramatta may be complete failure for the population in, say, Alice Springs. They are also significantly more invasive in privacy terms, and consdierably riskier in clinical Quality and Safety terms."

My point here is that the need for national systems of this scale and complexity really do need careful justification. I have not seen any such justification - just bald assertions going this way is optimal. However, in conversations with NEHTA as recently as a few days ago there is acknowledgment that there are both alternative approaches and that implementation of large centralised approaches carries considerable risk.

I think you can get most of the benefits of the HI service using regional approaches that are standards based and which may be cheaper etc.

I think there is a reason that we see tenders for identity management from SA Health and the like.

As a last comment building an infrastructure to maintain the HI Service data current and accurate to an acceptable level is not going to be cheap - someone will have to pay - so we really need to pilot at a significant scale and evaluate carefully - costs, benefits, issues etc before a national roll out. That this is not part of the plan - to prove it can be made to work acceptably - is a joke I believe.

David.

Anonymous said...

There is definitely a job here for you David, if you would just shut up and stop criticising the department and the Feds