Tuesday, March 02, 2010

Senate Submission Version 2.0. A Lot Has Happened in 24 Hours.

The following is the current state of my Draft – Comments please! Most changes are in the second ½ of the document. I plan to submit Thursday so I have no technical problems.

----- Begin Submission.

Submission to the Senate Standing Committee on Community Affairs.

Topic: Enquiry into the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010

Submission Author:

Dr David G More BSc, MB, BS, PhD, FFARACS, FCICM,FACHI.

Author’s Background. The author of this submission is an experienced specialist clinician who has been working in the field of e-Health for over 20 years.

General Points on the Bills.

First without seeing the associated regulations it is impossible for the Senate committee to know what we are actually going to wind up with as a final implemented system. As the Late US President Ronald Regan put it "Trust but Verify" The Senate should insist in seeing at least the proposed draft regulations.

Second the Bills are being treated in isolation from the larger e-Health agenda for which there is at present no effective leadership, organisation or governance as recommended in the 2008 National E- Health Strategy which was developed for the Australian Health Ministers Council (AHMC) by Deloittes and subsequently agreed. To be undertaking legislation and implementation with this gap not addressed is, as Sir Humphrey would say ‘exceptionally courageous’ or maybe his worst grade – that of ‘politically suicidal’.

Third to not be undertaking small and large scale pilot implementations before a nationwide rollout is, in my view just foolhardy and just nonsensical. No responsible organisation just switches on a national system of this scale without a lot of operational testing etc. The whole project poses massive risk from an organisation that has been found wanting in other much less complex implementations. (e.g. Medicare Easyclaims). Internationally and at a State level in Australia there have been very many difficulties with many such projects and very few obvious successes.

Fourth it would seem to be quite strange to be passing legislation for the HI Service without being clear what comes next. A COAG proposal is being developed by Department of Health Ageing for a fuller E-Health approach at the time of this submission but is still secret. The time for legislation is when that fuller agenda is public and has been debated by stakeholders.

Fifth there is no evidence there will be wide-spread use of the HI Service until there are some arrangements put in place to ensure they have their reasonable time and costs rebated in some form. I am informed NEHTA has approached their Board on this matter – but in absence of this approval the entire Health Identifier Service risks being an expensive white elephant

Sixth it now seems there are some issues surrounding the behaviour of Medicare Australia staff in regard to the handling of personal information.

The following report appeared on March 2, 2010 and raises significant issues in my view.

Medicare snoops caught by secret database

MORE than one in six Medicare Australia employees is suspected of having spied on confidential client records in the past financial year.

In a statutory personal information digest submitted to the federal Privacy Commissioner, Medicare reports 948 staff members out of a total of 5887 employees were being tracked on an unauthorised access database as at June 30 last year.

This was up from the 750 employees under surveillance at the end of June 2008.

That same year, Medicare set up a "high-profile individual" database with records belonging to 250 people -- apparently as a honeypot for snoops. The purpose was said to be "to assist with identifying unauthorised access to information" held in agency systems by tracking staffers who sought to look at the medical history of famous Australians.

Apart from Medicare card numbers, names and addresses, healthcare provider details and benefit summaries, sensitive data includes medical and financial information.

Unlike other agencies such as Centrelink, Medicare does not disclose privacy breach statistics in its annual reports.

The full article is found here:

http://www.theaustralian.com.au/news/nation/medicare-snoops-caught-by-secret-database/story-e6frg6nf-1225835818328

Clearly such staff cannot be trusted to manage the even more sensitive information that is planned to be held in the Electronic Record System being proposed by Medicare Australia and NEHTA.

Seventh, while the HI System does not provide for the look up of patient name and address information it can, by returning an identifier when queried with a name, date of birth and address, confirm the validity of a name and address pair which may assist in unwanted tracking down of individuals who would rather avoid this happening (e.g. domestic violence victims)

I have written more about this topic here:

http://aushealthit.blogspot.com/2010/03/there-might-be-major-hole-in-design-of.html

Last, while there is no doubt there would be major benefit from a smooth running efficient National Identifier System the costs of ongoing delivery and maintenance (recording births, deaths, address changes and so on for some 22 million souls) are not addressed and may be very considerable. Other options exist for addressing Health Identification but these have never been explored and there has never been a business case developed .

All the above points ignore the various risks to privacy and identity protection which I am sure others will provide detailed submissions upon.

In summary it is my professional opinion that the community is entitled to be presented with legislation that takes a far more holistic view of the way e-Health systems and services are to be delivered to Australians and addresses clearly and systematically all the possible risks that are associated with the implementation of large complex systems as well as providing an optimal framework for governance, leadership, privacy protection and engagement with the caring professions and consumers who are going to be required to use these systems.

The present proposed legislation is deeply inadequate and there are major implementation risks with the project overall which I do not believe have been treated frankly by the enthusiasts for this Bill in its present form. I find it concerning that there are a number or organisations who are not specialists in e-Health who are lobbying for passage of the bill, without any apparent in depth understanding of the risks this project runs, unless the plans for its delivery are dramatically improved.

Finally I have to point out that we have had at least a lost decade of (essentially no) progress in e-Health. We are presently at a cusp and if the right path is not chosen and implemented it will be another decade before e-Health realises its promise in Australia. Right now I do not believe we are on the right path.

Dr David G More.

----- End Submission.

Thanks in advance for any suggestions.

David.

1 comment:

  1. Some feedback for the first section:
    Authors background: It does not add much value to an argument if all you state is that you are experienced and have 20 years experience. Think of the audience reading the material. Provide quantitative evidence of your experience and your contribution to ehealth by providing examples of your specialty and the projects you have implemented to benefit e health.
    Ronald Reagan analogy: Remove this and replace with a constructive argument. You are trying to convey a serious message and using trivial examples , in my opinion, does not add value.
    The Sir Humphrey analogy, again, remove and ad a constructive argument instead.
    Other options for ehealth: Provide examples or a model which could be used which has a proven track record.

    Without the solid evidence and examples behind a letter such as you are intending, it will fall on deaf ears as a rant from someone with an axe to grind. Provide the right information and maybe we can get ehealth on the right track.

    ReplyDelete