Today we had this little bombshell appear.
Doctors paid for phantom e-health standard
- Karen Dearne
- From: Australian IT
- September 15, 2010
DOCTORS were paid $83 million for using a secure messaging standard that did not exist, the Audit Office has found.
GPs have been making claims for using the system since August 2009 through an e-health Practice Incentive Program (PIP), managed by Medicare on behalf of the federal Health Department.
But there was no such system as the National E-Health Transition Authority had not finalised the specifications required for the standard then.
The e-health specific PIP scheme replaced an earlier IT for GPs incentive and aimed to encourage general practices to keep up with e-health developments through developing the capacity to exchange patient information.
When the scheme commenced on August 1, GPs qualified for payment simply by demonstrating use of an "eligible supplier" which had agreed to participate in NEHTA's consultation process and comply when the requirements were established.
"The risk of delay was identified in August 2008, but no specific action plan was developed,” the audit office said.
"NEHTA's subsequent feedback to Health in January 2009 indicated that the specifications, while drafted, had not been tested with industry, nor used in any products, and that consultation and take-up would take between one and two years."
In fact, NEHTA's secure messaging specification was accepted by Standards Australia in March this year, but the audit office said no timeline had been agreed as to when eligible suppliers needed to comply with it.
The second component involved secure authentication of doctors using the system - ultimately through the proposed National Authentication Service for Health (NASH).
Although practices and GPs were required to apply to Medicare for PKIs to claim the incentive payment, there was "no obligation for either the practice or their GPs" on usage.
Medicare had advised that its certificates were designed for electronic billing and claiming purposes only.
Health told the audit office the PKI requirement was included to "encourage practices to accept the principle of digital certification as a necessary part of practice technology", in support of NEHTA's work towards the NASH.
"But Medicare's PKI certificates are designed for the specific purpose of communicating with Medicare - rather than to enable the secure exchange of patient information as envisaged by the PIP," the report said.
Medicare initially raised the issue with Health in December 2008, the department referred it to NEHTA and the parties agreed there would be a "seamless transition" once the NASH was built, with the secure messaging software based on NEHTA's specifications becoming fully operational once the NASH PKI certificates were available.
Although NEHTA advised it expected to have the capability to issue NASH PKIs by July 2011, only yesterday it released a major tender for the entire smartcard and PKI project.
Lots more here:
You can grab the full report from here:
No.5 - Practice Incentives Program
For good measure this is not the only part of the programme that has been rorted.
GP and nurse phone lines found wanting
by Michael Woodhead
Two new reports have found deficiencies in nurse-run phone advice lines and also the responses from PIP-funded GP practice after hours lines.
An investigation by the Victorian auditor general into the state’s 24-hour nurse-on-call service found that it generally provided an effective service but that almost one in 20 callers received unsafe advice.
Meanwhile, a report from the Australian National Audit Office found that GP practices receiving Tier 3 of the PIP After hours Incentive, may be failing to meet the requirement that patients have access to after-hours care by a practice doctor 24 hours a day, seven days a week.
Test calls made to 34 practices found that none of them answered the calls in person. Answering machines provided callers with an after-hours number for a practice doctor in only half the cases, with two practices indicating that no practice doctors were available after hours.
16 September 2010
The part of most interest to me is this bit: (Page 62)
2.48 The PIP eHealth Incentive was announced as a 2008–09 Budget measure with expected annual expenditure of $83 million. The Incentive, which replaced the IM/IT and proposed Electronic Decision Support Incentives, aims to encourage general practices to keep up to date with the latest developments in eHealth, through developing the capacity to exchange patient information and promoting the use of electronic clinical resources.
2.49 While being announced in May 2008, DoHA’s consultations with the National eHealth Transition Authority (NEHTA)66 and Medicare Australia on the role of these agencies in the implementation of specific requirements of the Incentive were delayed, owing to the evolving nature of the national eHealth approach at the time. This impacted on the rollout and function of fully interoperable secure messaging software for the exchange of patient information.
2.50 Applications were required from practices by 30 April 2009 for the first payment in August 2009. In order to qualify for the first payment, PIP practices needed to meet three requirements outlined in Table 2.4.
1. Practices required a secure messaging capability that allows the exchange of patient clinical and medical information, provided by an eligible supplier. In practice, by 31 July 2009, general practices needed to sign up for the supply of practice software from a supplier that had agreed to:
- participate in the NEHTA consultation process leading to secure messaging specifications and compliance timelines; and
- subsequently comply with specifications and implementation timelines.
2. Practices required (or applied for) from Medicare Australia by 30 April 2009, a location/site Public Key Infrastructure (PKI)67 certificate for the practice and each practice branch. Practices also needed to ensure that each medical practitioner from the practice had (or had applied for) an individual PKI certificate. PKI certificates were to be used to securely send and/or receive information via the practice’s messaging system where possible.
3. By 30 April 2009, practices needed to provide their medical practitioners with access to a range of key electronic clinical resources.
2.51 In effect, however, only Requirement 3 places conditions on general practices to make changes to their operations in line with the PIP objective.68
2.52 With regard to Requirement 1, the secure messaging software has limited interoperability until suppliers redevelop their software against NEHTA specifications, and these versions are taken up across health and medical services, such as specialists and pathology laboratories. NEHTA advised that specifications have been determined and published by Standards Australia in March 2010, but no timeline has been agreed as to when eligible suppliers need to comply with specifications.
2.53 The risk of delay in software suppliers adopting NEHTA specifications was identified in August 2008, but no specific action plan was developed to address this risk. NEHTA was actively engaged late in the process on the use of its specifications as a key design factor in the required messaging software.
NEHTA’s subsequent feedback to DoHA in January 2009 indicated that the specifications, while drafted, had not been tested with industry, nor used in any products, and that consultation and take‐up by industry would take between one and two years. DoHA advised that it addressed this risk by requiring eligible software providers to comply with the specifications within the anticipated implementation timelines.70
However, as the timelines have not been agreed to date, DoHA’s approach to constraining the delay has been limited.
2.54 Under Requirement 2, once general practices receive their Medicare Australia PKI certificates, there is no obligation for either the practice or their GPs on their use. Medicare Australia has been issuing PKI certificates which facilitate electronic billing and claiming, as well as access to a range of other Medicare Australia online services, to practices and medical practitioners since 2003.
2.55 DoHA advised the ANAO that the inclusion of the PKI requirement was to encourage practices to accept the principle of digital certification as a necessary part of practice technology. It was expected that Requirement 2 would also significantly support NEHTA’s work towards a national authentication system based on PKI. However, Medicare Australia’s PKI certificates are designed for a specific purpose—communication with Medicare Australia—rather than to enable the secure exchange of patient information as envisaged under Requirement 1.
2.56 PKI certificates required by practices to receive the incentive that fully supported secure messaging software developed under the NEHTA specifications, was raised with DoHA by Medicare Australia in December 2008. DoHA drew this issue to NEHTA’s attention, with the parties agreeing on the importance of a seamless transition process to replace the Medicare Australia PKI certificates once the NASH71 solution was built. Secure messaging software based on NEHTA specification will be fully operable once NASH PKI certificates are available to practices and GPs.72
----- End Extract (Italics mine)
It seem what I wrote almost a year ago has turned out to be true:
This all has the flavour of DoHA and NEHTA basically just not co-operating and with the Audit ‘let the finger pointing begin’!
From the recently released tender we learn NEHTA expect the NASH will be operational by June 30, 2012 and that full implementation will take 5 years (that’s 2017). I wonder when the PIP payments will actually start sponsoring some actual outcomes. Not soon at this rate!
Heaven can only know the impact this sort of behaviour will have on things like the PCEHR initiative.
Again leadership and governance seem to have failed.