Wednesday, June 27, 2012

One Week Out From The NEHRS / PCEHR We Need To Grasp Just How Badly NEHTA Has Performed. See For Yourself How Claims And Reality Contrast.

With us being just under one week out from the start of the new national E-Health Record System it seems reasonable to ask if there is any chance of real delivery of the NEHRS Program.
The National Authentication Service for Health (NASH) has become a poster boy for just not actually seeming to make a great deal of progress over what seems like geological time.
Here is the NEHTA blurb produced regarding NASH dated 6/6/2008.

National Authentication service for health (NASH) - June 2008

In this electronic age, where significant amounts of sensitive and personal information are being sent electronically, there is a need to guarantee the authenticity and validity of the information being exchanged.

When the information being transferred is your personal medical information, there is an even greater imperative to ensure that information is collected and securely electronically exchanged only by those authorised to do so.

The National Authentication Service for Health (NASH) project being delivered through NEHTA will deliver the first nationwide secure and authenticated service for healthcare organisations and personnel to exchange e-health information.

Together with clinical terminology, messaging standards and unique healthcare identifiers, the NASH will provide one of the fundamental building blocks for a national e-health system, as well as providing security credentials for use at the organisational and local level.

NASH & the Authentication Vision

The vision for authentication in the Australian health sector is that provider authentication should use a strong credential (smartcard with PKI certificate) issued by a NASH-accredited organisation. All e-health transactions and records that need to be electronically signed will use standard credentials.
The goal is to issue NASH credentials to all healthcare professionals over the next five years.
NEHTA‘s vision for NASH is:
  • A healthcare community and professional smartcard system that supports and facilitates the use of e-health information, for example unique healthcare identifiers and the individual electronic health record (IEHR), within the whole Australian community.
  • Coordination of smartcards and reader supply arrangements for health professionals and employees.
  • Provision of support for the smartcard implementation and operation to jurisdictions, software vendors and end users.
  • Design and delivery of support arrangements that meet the needs of jurisdictions and software vendors.
  • Provision of a trusted authentication service that addresses the data protection and privacy requirements of stakeholders and regulators.

What will the future look like with NASH?

Once the NASH is operational, healthcare workers will insert their smartcard into a slot in their desk top computer and enter a PIN. Once accepted this should be sufficient to meet the majority of their daily authentication requirements.

Mobile workers such as nurses will use their smartcard as they move from one workstation to the next, with not only immediate and convenient access to information systems but also session portability. Their NASH smartcard will enable them to seamlessly send and receive secure health messages and attached digital signatures.

It will be possible to add new credentials during the life of the smartcard at any time in response to initial and new/changed authentication requirements. Such credentials will be added to the card by authorised local staff, or by using an automated online service.

More than just a PKI and smartcard!

The NASH will provide:
  • The technology, infrastructure, frameworks, processes and support services to enable health organisations to issue credentials within their own community of interest.
  • Information and support about the use, integration and support of NASH credentials for software vendors and jurisdictions.
  • Provision of robust setup and on-boarding processes for credential issuing points that protect the integrity of the overall scheme.
  • Provision of a governance mechanism that will enable jurisdictional participation in the operational policies and services.
  • Provision of support to software vendors and jurisdictions in transitioning existing systems to use the NASH.
NASH credentials can be used for whatever purpose is deemed suitable by the issuing community, for example signing electronic prescriptions, hospital discharges, hospital admissions, or government reports. By leveraging the national infrastructure, participants can also strongly authenticate and securely exchange health information.

Implementation Approach

As the NASH is a foundation service for wider e-health initiatives, it will be designed, developed and operated in collaboration with the healthcare community at all stages
of implementation. The following milestones are likely, with detailed timelines being developed with our stakeholders:
  • 2008 – NASH specification, design and build test and development environments, develop software interface specifications.
  • 2009 - Deployment commences through early adopter organisations and through software vendor adoption.
----  End Blurb
We all know essentially zilch has happened since with no real implementation progress really having been made and interim approaches now being used.
And from August 2006 we have a just wonderful FACT SHEET.



NEHTA Limited is a not-for-profit company established by the Australian Federal, State and Territory governments in July 2005 to develop better ways of electronically collecting and securely exchanging health information.
Electronic health information (or e-health) systems that can securely and effectively exchange data can significantly improve how healthcare providers communicate important clinical information about patients. As a result, e-health systems have the potential to unlock substantial healthcare quality, safety and efficiency benefits.
People require health care throughout the course of their lives, regardless of where they are. However, the ability of healthcare professionals to access up-to-date health information about an individual whenever and wherever necessary, is limited and fragmented. This is due to the shortcomings of paper-based records, or, where computerised clinical records are available, the inability of these records to be shared across different computer software systems. This results in individual points of care becoming ‘islands of information’.
Lack of timely access to relevant information increases the risk of individuals not receiving appropriate care. For example, the 1994 Quality in Health Care study concluded that there was a clear link between avoidable deaths in hospital and communication problems and poor record keeping. It also results in an accumulation of inefficiencies in the health care system, such as the unnecessary repetition of diagnostic tests.

Establishing national foundations

The sharing of health information is best addressed through a national approach.
NEHTA is therefore establishing the national foundations to Shared Electronic Health Records (SEHRs) – records which will contain selected health information about an individual, which can be shared between multiple points of care while maintaining high standards of privacy and security.
The primary purpose of the SEHR will be to improve the quality and safety of healthcare experiences. Secondary purposes of the SEHR include public health and policy planning, and supporting safety initiatives, disease detection, research and education.
The national SEHR approach will involve the creation of one (or more) SEHR Service(s), which will maintain, and provide access to, the SEHR of those individuals who choose to participate in that Service.
Healthcare providers and organisations will be able to contribute information to an individual’s SEHR by keeping electronic records of patient interactions, and using software which is compatible with the SEHR Service(s). This software will allow healthcare providers to maintain their own detailed records, while ensuring that the most critical information can be easily included in the individual’s SEHR, without the need for double data entry. Providers will also be able to see summarised views from the individual’s SEHR.
The national approach to SEHRs provides an opportunity for vendors to create solutions that are capable of bridging the gap between the needs of particular clinical groups/specialities and the broader care continuum supported by the SEHR Service(s).

NEHTA’s SEHR Contribution

NEHTA’s work program is currently centred on producing specifications and standards for the SEHR, including:
  • Recommending SEHR standards for adoption in the Australian health sector. NEHTA has retained an independent e-health consultant to review the standards being developed around the world. From this NEHTA will define the structure and content of SEHRs; assess their use and potential impact on future Australian developments; and recommend the most appropriate SEHR specifications for adoption.
  • Defining requirements for a national approach to SEHRs. NEHTA is developing, for consultation, operating concepts for a national approach to SEHRs. Based on these operating concepts, the requirements for a national approach to SEHRs will be defined and a privacy impact assessment process will be undertaken.

Relationship to other NEHTA Initiatives

NEHTA currently has a number of initiatives underway to deliver secure, interoperable e-health systems, many of which are highly relevant to NEHTA’s SEHR work. This includes:
  • Establishing standard clinical terms for diagnoses, medicines, treatments and therapies so that one e-health system can understand the information produced by another system;
  • Setting standards for the types of priority clinical information – for example, discharge summaries, referrals, etc. - to be communicated by e-health systems;
  • Identifying a secure means of electronically transferring clinical information - such as prescriptions for example - between authorised healthcare professionals in a way that maintain privacy;
  • Establishing an overall framework for how the various e-health systems interoperate;
  • Developing unique identifiers for individuals and healthcare providers to ensure that the information is attributed to the right patient and the right provider;
  • Developing a framework for involving local and international standards organisations, to support implementation; and
  • Pursuing opportunities for supply chain reform across the health sector – supporting the purchasing of medications and medical devices in particular.
For further information go to
----- End Fact Sheet.
I leave it as an exercise for the reader to see just how much of this now six year old plan - that has had NEHTA funded to the tune of hundreds of millions of dollars has actually been delivered in any real and clinically meaningful sense.
It really would have the be the ‘triumph of hope over experience’ to hope all this will come right over the next two years for which funding has been apparently provided.
Without dramatically improved leadership and governance frameworks we are just wasting time and money.


Anonymous said...

Give me a couple of million and I'll have a fully secure authentication service up and running in a few months. this is complete BS, and is looking more and more like school halls and pink batts!

Keith said...

The June 2008 NASH paper is very interesting, in that it is one of the very few places that I have seen any timeline for NASH implementation. It is extraordinary that NEHTA stuffed around for almost three years before handballing the implementation to IBM. I wonder what happened to the "detailed timelines being developed with our stakeholders"? By NEHTA's own estimation it is going to take about four years from the time that NASH first becomes available until it is ubiquitous, so the project is at least three years late.

The second paper (August 2006) shows that NEHTA was toying with a shared EHR way back then, long before the PCEHR was announced. The paper talks about "foundations" for a SEHR, but is rather lacking in specifics. To be fair there was a period when NEHTA appeared to be concentrating on standards for foundation infrastructure, but they appeared to lose focus before the work was finished.