The submissions can be reviewed here:
The list of responders is well worth a browse and some of the issues raised are of interest.
What I see, in summary is:
1. A number of groups very concerned to be covered as Health Providers and in some cases this is going to be a little difficult to manage given the various qualification levels and the absence (as present of a registration entity.
Examples include the following:
2. The Office of the Privacy Commissioner has a few suggestions – In summary – From page 2:
The Office of the Privacy Commissioner considers that the exposure draft regulations for the Healthcare Identifier Service enhances the privacy framework provided in the Healthcare Identifiers Bill 2010 (the Bill) to support the establishment of the Healthcare Identifier Service and the use of healthcare identifiers. The Office makes the following comments about the exposure draft regulations:
i. Regulation 10 could be strengthened by limiting the purposes for which healthcare identifiers can be collected. We consider that the collection of a healthcare identifier should be linked to the provision of healthcare to the individual healthcare recipient.
ii. The Office suggests that the title of Regulation 10 could be amended to reflect the content of the regulation.
iii. The development of guidelines to support proposed Regulation 10 is pleasing. The Office would appreciate the opportunity to be consulted in their development.
iv. We consider it is appropriate that Regulation 11 proposes a period of transition for active enforcement of penalty provisions. However, penalties should still be enforced in cases of systemic non-compliance.
v. The development of guidance about data security measures for entities handling healthcare identifiers would support the data security obligation in section 27 of the Bill.
The full submission can be found with this link.
3. The Australian Medical Association has now noticed just how much work is going to be involved in the red tape associated with the HI Service. They are concerned about the regulatory imposition and its costs – to say nothing of the scale of the penalties on offer!
One has to say their plea for some balance seems not unreasonable.
4. The Royal Australian College Of GP’s are also feeling they are a bit in the dark on a few matters.
4. Concluding comments
The College is supportive of UHIs, and looks forward to continuing discussions with the Department of Health and Ageing regarding UHIs prior to their progression and implementation.
In particular, the RACGP looks forward to receiving information providing clarity regarding:
• privacy safeguards and informed consent
• details of the communication strategy for the implementation process for both health providers and patients
• how implementation issues will be addressed, including the roll out of general practice software, installation, and funding
• application of HIs, including when to apply anonymous or pseudonymous IHIs
• how penalties will be implemented
• designation of a “responsible officer”.
Page 4 of Submission.
The direct link is here:
5. The Medical Software Industry Association has also noticed an issue that will impact them.
From Page 3.
“Our submission describes a number of existing models of health IT provision are currently operating in the Australian health sector. We do not believe these healthcare information service vendors will be recognised as Healthcare Provider Organisations under the current draft Healthcare Identifier Regulations, although they will have requirements as Healthcare Provider Organisations in terms of accessing identifiers.
In all these cases, the health information service providers are not seeking to access a patient’s health identification number for use themselves, but rather, are seeking a means within the regulations of establishing a technical mechanism for their participating healthcare providers to use the patient identification number when appropriate consent is given. The technical mechanism that is most cost effective and technically robust is for the health information service provider to be issued a single healthcare provider organisation certificate themselves and use methods internal to the application to deliver HI information back to the requesting user.
The Medical Software Industry Association submits that while these information service providers may have a healthcare provider as a staff member and could perhaps apply for a healthcare provider organisation identifier under these arrangements, healthcare provision is not the core business of these parties. While the regulations do not stipulate that health care provision must be the core business in order to access the HI service, our reading of the regulations is that this is the spirit and intent of the wording. In any case this model would be unsatisfactory requiring IT service providers to engage healthcare providers simply for the purpose of obtaining an HI-O. It is also noted that processes to allow healthcare software vendors to continue to provide services without and HI-O certificate will be costly, cumbersome, and less secure.”
Another set of issues to be sorted out.
All in all there are a good few changes needing to be made in the regulations in the next little while and a fair bit of consultation required to ensure there is not an almost universal practitioner revolt due to the additional workload and red tape.
This could be a real fiasco if not thought through very carefully!