The following appeared late yesterday.
NEHTA to release smartcard tender
- Karen Dearne
- From: Australian IT
- September 14, 2010
THE design and build of the National Authentication Service for Health will be done by the private sector, despite years of work on the project by NEHTA.
The National E-Health Transition Authority is set to release a "fairly significant" contract tomorrow for the NASH smartcard and public key infrastructure (PKI) project - the user authentication system originally planned to be in place to support the launch of the Gillard government's controversial Healthcare Identifiers scheme.
Head of infrastructure services Stephen Johnson said NEHTA had been working on NASH "for quite some time" and had realised its complexity warranted participation by experienced industry players.
"We've been trying to define and design the authentication needs for healthcare in the e-health domain for the years to come, and we've realised it's a very complex affair," he said.
"The more we looked into the design aspects from all perspectives - healthcare providers, suppliers and so on - the more we found it lent itself well to (approaching) the marketplace."
Mr Johnson declined to reveal the value of the contract but said it would be fairly significant although not in the hundreds of millions of dollars.
NASH was touted as the key means of ensuring patient privacy and secure professional access to information as regulations underpinning the HI service were pushed through Parliament in June.
It was intended to ensure only authorised people could access patient details held by the Medicare-operated HI service, and establish an audit trail in the event of problems.
In March this year, NEHTA chief executive Peter Fleming told the Senate inquiry into the HI legislation that NEHTA was "moving quickly" with the Queensland government to develop the encryption technologies needed to support NASH.
Mr Fleming said "small-scale implementations, rather than pilots" of the building block components - identifiers, NASH and secure messaging - would begin from mid-year, "using real patients and real data".
After the laws passed, on July 1 every Australian was mandatorily issued with a unique 16-digit number to uniquely identify personal records as health information begins to flow more broadly across the healthcare sector.
The request for tender shows NEHTA wants someone to provide an end-to-end design, detailed specifications for technical and business operations and a delivery plan - to be followed by a buildout and commencement of operations.
NEHTA has been working on NASH in tandem with the identifiers program since 2005; the design, test and development of the NASH software interfaces was originally scheduled for 2008, with deployment of the system through early adopters slated for 2009.
But Mr Johnson said there had been a misunderstanding over NASH's readiness to launch with the HI service.
"That's certainly not a message NEHTA has put out," he said. "There is an authentication requirement for participants in the HI service in certain circumstances.
"That specific authentication medical providers need for the identifier service is already catered for by Medicare, which is our HI service provider.
Here is the tender announcement.
Request For Tender For The Provision Of The National Authentication Service For Health (Rft 2010/01)
The National E-Health Transition Authority (NEHTA) was established by the Australian Commonwealth, State and Territory governments in July 2005 to develop better ways of electronically collecting and securely exchanging health information. It is responsible for the design of e-health initiatives on a national basis, the first of which is the Healthcare Identifier Service which commenced on 1 July 2010. NEHTA works collaboratively with stakeholders across the health sector to develop the specifications and standards for the national e-health infrastructure and applications.
NEHTA is seeking organisation(s) with proven ability to deliver the design, build and operations of a National Authentication Service for Health (NASH).
The NASH will provide the necessary strong authentication for the healthcare sector, including the provision of Public Key Infrastructure (PKI) and secure tokens such as smartcards for healthcare providers and supporting infrastructure.
NEHTA is seeking the provision of services from suitably experienced parties to provide the following services for the NASH:
- Deliver an end to end detailed design;
- Develop detailed specifications for the technical service(s) and business operations of the service;
- Provide a detailed delivery plan, resource plan and costs;
- Build and commence operation of the necessary Credential Management Services (PKI) and Token Management Services to support e-health; and
- Provide an ongoing operational capacity / capability for these services.
The Tender will be released on 15 September 2010 and will be available from 12:00 hours (Australian Eastern Standard Time). To obtain a copy of the RFT you must first register, visit www.tendersearch.com.au/nehta for details.
A Tenderer Briefing will be held on: 20 September 2010 commencing from 14:00 hours (Australian Eastern Standard Time) at the Sydney Harbour Marriott, Circular Quay, 30 Pitt Street. Sydney Australia. Security clearances are not required to attend this briefing.
Please register for this briefing via email: email@example.com no later than 14:00 hours (Australian Eastern Standard Time) 17 September 2010.
----- End Quote:
You can find my commentary here:
among heap of others (Just search the blog for NASH for lots of material).
In summary for almost 3 years we have been told NASH is coming and now we discover it was just a twinkle in someone’s eye and will now be designed and developed externally because NEHTA can’t quite work out how to do it.
Incompetence piled on deception adds up to me to a serious need for some management accountability to be delivered with some major resignations for having wasted public money.