Sunday, March 06, 2011

A Story of Consultation NEHTA Style - Pretty Sad!

The following appeared a few days ago.

http://www.consumerehealth.org/index.html

4 March 2011

Initial PCEHR consumer consultation of sorts

Recently the National E-Health Transition Authority (NEHTA) and the Department of Health and Aging (DoHA) called 3 workshops to ostensibly gauge consumer views and enable consumer centred policy input into the early concept development and design of the Personally Controlled Electronic Health Record (PCEHR) and other eHealth initiatives. Time is quickly running out before the 467 million dollar PCEHR will be implemented in patient care environments. Experience tells us that a resounding silence has greeted voluntary feedback over previous years. Nonetheless, for all Australians, we hope the situation will improve this time.

For example, the findings of the NEHTA funded Individual Health Identifier IHI pre-implementation risk assessment report (here) reflects most of the constructive criticisms consumer and privacy groups have voluntarily provided in dozens of submissions over the years (see below). However neither DoHA or NEHTA have bothered to reply to these (see here). Nor is there evidence to suggest any part of the feedback has been reflected in IHI enabling legislation. Instead bureaucrats have driven the process, preferring to commission reports, such as the risk assessment report, that have cost tax payers thousands of dollars rather than listen to the advocates or citizens.

More alarming, in an age of rapidly growing rates of identity fraud, all of the personal details of every Australian is stored by Medicare in a centralized data base. Medicare has been tasked with leveraging a birth to death identification number (the IHI) from the notoriously unreliable Medicare number to enable national e-health projects. The market-speak DoHA and NEHTA use to describe the data-base simply refers to it as "distributed". A distributed database IS a centralized data base!

The IHI has proved to be unreliable in test environments and tends to jeopardize the quality of patient care outcomes. Even health authorities recognize that an IHI is too hazardous to use without some other type of patient identifier. Risk assessment findings assume the "Use of the IHI in conjunction with the local UR number for internal clinical and administrative patient activity (page 9)" in their analysis. This assumption contradicts the arguments published by the government when passing the legislation last year (here). In a press release designed to support the passage of the legislation, DoHA said " IHI’s are essential in creating a single process to accurately and consistently identify patients and healthcare providers". The IHI project clearly does not come up to scratch.

The tender for the National Authentication Service for Health (NASH) , which the government claims will protect the privacy and security of personal information stored in the richest, most up-to-date, centralized data base in Australia has only been awarded this week (click here). It hasn't been designed. Does this mean that access control to the IHI data base cannot be audited yet? Are Australians still unable to see who or why others may access their private information despite public government assurances to the contrary?

IHI and NASH projects and the risk assessment analysis document provide an interesting context within which to understand the PCEHR project. Minister Roxon promised that the PCEHR Concept of Operations document would be publicly available nearly two months ago. A Concept of Operations document "describes the characteristics of a proposed system from the viewpoint of an individual who will use that system" (Wikipedia). However the document still hasn't been publicly released by government authorities. Instead, a well-known blogger has published it (click here to read it). Thanks for providing some much needed transparency David!

Government authorities initiated a series of 3 workshops to ostensibly gauge consumer views about the early concept development and design of the PCEHR in January and February of this year (see above).They also funded a parallel process that excluded some of the advocates invited to the more public meetings. When the time finally comes to take consumer feedback into account, which process will inform the design of the PCEHR? Will the outcomes from both processes be reconciled? If so, how? Click here for further information.

We are growing frustrated with the NEHTA/DoHA led consultations process and skeptical about any useful outcomes incorporating consumer feedback. We ask for evidence the feedback has influenced a single aspect of the e-health experiment. Instead selective interpretations of international experiences have begun to emerge from government spokespersons (more here). Yet none of these refer to the benchmark analysis of the UK's Summary Care Record (SCR), which is similar to the Australian PCEHR. Analysis findings suggest the SCR data base contains inaccuracies, neither patient or doctor use them and the chance that a treating clinician will find needed information stored in the SCR is remote (click here to read the analysis).

.....

When attending NEHTA initiated meetings about the IHI in previous years, advocates were told NOT to analyze the way a PCEHR will work with IHI and NASH yet. Now that the IHI data base is an dysfunctional actuality, residing in a centralized data base and suffering from threats listed in the risk assessment report, as advocates warned years ago, we have been scurried along to contribute analysis of the PCEHR. What is all this compartmentalization about? It’s so abstract and useless. Yes there are some principled and talented people working for NEHTA and DoHA but they run neither organization. Are we actually being led up a "blind alley" masquerading as a way to influence PCEHR design outcomes?

This writer wants to trust DoHA and NEHTA but can't ... every alarm in my head is screaming that the consultations and meetings are simply propaganda to distract voluntary members of advocacy groups from key issues, such as governance, the urgent need for meaningful consumer advice and the poor project management skills government health bodies have demonstrated thus far.

----- End Article.

This is a classic ‘fool me once, shame on you : fool me twice, shame on me.’ The consumer and privacy advocates feel strongly they were misled by DoHA / NEHTA on the HI Service and are really keen not to be conned again.

If the PCEHR consultation process is not done a lot better than the HI Service effort then the likelihood the system will be a success is vanishingly small and it will be a terrible waste of money.

Time has come to dramatically lift the game - as well as fundamentally reshaping the direction the PCEHR is presently heading - which I believe is utterly wrong.

Sadly the author of this report wanted to stay anonymous - fearing retribution from some of the dark forces I wrote about last week.

David.

4 comments:

  1. Beware of Nehta consultation:

    They will badger you to look at what they have done and then ignore your objections totally. However they will then release the plan with your name as a person who was consulted, not mentioning that you though what they had done was deeply flawed!!

    ReplyDelete
  2. I have always been prepared to make my expertise available to NEHTA and have let them know that quite diplomatically on various occasions. They have never accepted the offer. Perhaps the reasons have been insecurity, immaturity and limited experience on their part which has made them fearful of the pragmatic no-nonsense approach to problem solving based on practical experience and common-sense. In making myself available I have always made it clear that I require a written undertaking that my name will not be used on any documents produced by NEHTA without my written permission. Perhaps that too has been a problem. My position remains the same and my diverse and lengthy experience in health and IT reaffirms the soundness of my position.

    ReplyDelete
  3. David

    The design for the NASH does exist. IBM were contracted to do a high level architecture and blueprint for NASH some time ago. Part of it was used in the procurement process from what I understand. Surprisingly enough they were then able to successfully bid on the procurement when others were apparently limited by having a reduced scope available to inform their proposals.

    Odd

    ReplyDelete
  4. There might need to be more work on that according to AusCERT - see blog later today!

    David.

    ReplyDelete