Sunday, October 28, 2012

Is The Rocky Path Taken By NASH A Symptom Of A Broader Problem With NEHTA or A One Off?

This tiny remark on October 17, 2012 at Senate Estimates has set off all sorts of interesting commentary.
Senator FIERRAVANTI-WELLS: What is the status of the National Authentication Service for Health?
Mr Fleming : As you are probably aware, we did terminate the contract with IBM. We have been working with DOHA and DHS. We have implemented a NASH solution with DHS, which is in operation and rolling out. That is progressing.
Senator FIERRAVANTI-WELLS: When will this be complete?
Mr Fleming : NASH is doing what we need now. For PCEHRS there is a second component which will support secure messaging. DHS is working with some final phases there, and they will make some announcements in the very near future. Certainly everything we need NASH to do it is capable of and it is doing.”
For some reason it took till the next week for the story to take off despite the fact it had been common knowledge for months that NASH was a real mess.
This September 6, 2012 blog makes it clear what IBM was doing was in grave trouble.
This is the most comprehensive discussion I have seen.

IBM’s NASH deal gets terminated

news The National E-Health Transition Authority and IBM this afternoon confirmed Big Blue’s $23.6 million contract to build a key component of the Federal Government’s Personally Controlled Electronic Health Record project had been “terminated”, just 18 months after the contract was initially inked. However, it is unclear where culpability lies in the situation.
As part of a $466.7 million investment in the e-health records announced in September 2010 by the Federal Government, the nation’s peak e-health body NEHTA chose IBM in March 2011 to build and manage its new National Authentication Service for Health (NASH) system, which aims at establishing a nationwide secure and authenticated service for both healthcare organisations and personnel that have to exchange e-health information.
At the time, NEHTA chief executive Peter Fleming said NASH would improve healthcare for both professionals and patients. “Our agreement with IBM enables NEHTA to build a system that will give healthcare professionals timely and secure access to appropriate patient information,” he said in a statement. “In turn, the NASH program will take us one step closer to broader healthcare access for all Australians.”
The contract was to allow IBM to manage the delivery of the NASH project, offering its hardware, software and services capabilities which include assistance, security and access management technologies, as well as IT infrastructure management.
IBM Australia and New Zealand managing director Andrew Stevens said at the time that the delivery of the NASH would establish a more patient-centric healthcare system, while improving health outcomes for Australians. “This program will benefit over 600,000 Australian doctors, nurses and allied health providers and accelerate the delivery of smarter healthcare across the entire healthcare system,” he said.
The transition from existing healthcare systems was to have been ensured by the deployment of a software development kit (SDK) to be provided by NEHTA, which the authority said would guarantee transactions are authenticated and audited in accordance with Australian standards. Once functioning, NEHTA said the NASH would deliver clinical terminology, messaging standards, unique health identifiers and would become one of the fundamental building blocks for a national e-health system.
Lots more here:
Additionally there is some useful background here:

IBM loses key e-health contract

Human Services steps in as provider.

The National E-Health Transition Authority (NEHTA) has sacked IBM as provider of the National Authentication Service for Health (NASH) after it failed to deliver the service on time.
The NASH service designed and built by IBM was intended to provide a secure means for clinicians to connect with the Federal Government’s $467 million Personally Controlled Electronic Healthcare Record (PCEHR) system.
IBM won the $23.6 million NASH contract in March 2011 and was due to deliver the system on 26 June 2012.
Lots more here:
This paragraph of commentary on the overall PCEHR program is also of interest from the Delimiter article mentioned above:
It’s hard to say what’s really going on here, as I don’t have much knowledge of what’s happening between IBM and NEHTA behind the scenes. However, as someone who’s kept an eye on NEHTA over much of the past decade, I have to say that I don’t have a huge amount of confidence in the organisation or the delivery of the PCEHR in general. NEHTA has suffered a number of communication and delivery problems in the past, and the e-health records area is incredibly complex and notoriously hard to navigate. There have been reports of problems with the PCEHR for months and months now, and I wouldn’t be surprised to hear that the project as a whole is gradually going off the rails.”
It is interesting to read Renai LeMay express this level of concern regarding the overall project and also rather refreshing given the lack of other commentary in the last few months. The utility of independent commentary is clearly seen here as the views expressed are much the same as I hear virtually every other day,
In this context and in the light of this recent comment from Eric Browne one wonders what is actually working

Australian Medicines Terminology browser update

2012-October-03 | 21:52 By: eric
Healthbase Australia has updated the online Australian Medicines Terminology browser to include the 2.36 version of the AMT released by NEHTA today. All deprecated versions are still available for browsing/searching.
It would be useful to hear from any organisation that has implemented, or tried to implement a clinical system based on the AMT, despite its current shortcomings. After all these long years, we are still not aware of any organisation that has a proper deployment where current AMT data is being shared and used by other systems!!
The note is here:
From the ePIP requirements we know that coding has not been standardised - despite all the work on SNOMED-CT over the years as well and I am also told some trying to use the Health Identifier Service are having problems getting reliable results.
Despite the recognised need for an End Point Location Service for the Secure Messaging Service this is still also being developed.
All in all for all that has been invested in NEHTA and the NEHRS Program this is really looking like gross underperformance.
I wonder what will now happen with the funding cuts etc. that we know have happened but not yet been announced. Even slower delivery?


Anonymous said...

IBM has been sacked by NEHTA.

This means that one of theses two parties have failed to perfom.

Is it that NEHTA is not happy with IBM's performance so it has cancelled the $23.6 million NASH contract and sacked IBM?

Alternatively, IBM was unable to perfom because NEHTA was too difficult to work with, kept changing the specifications, moving the goal posts and making it impossible for IBM or any other vendor to deliver under the contract.

While it takes two to tango one experience says that one party is the root cause of the problem.

Which is it? IBM or NEHTA.

For my money I would suggest IBM went into the contract not really understanding the depth and complexity of what it was undertaking to deliver. One it got to grips with the 'specifications' [assuming there were some] it got into a deeper and deeper hole.

On the other hand NEHTA I suggest had no clear idea of what it wanted, had inadequate specifications for NASH and as time went by its requirements and expectations kept changing.

If the above holds true - the party at fault is NEHTA. Reputations - corporate and personal are at stake. Where will it end? Litigation perhaps? NEHTA has made the first move. Will IBM take it lying down? I doubt it. They will want their pound of flesh.

Anonymous said...

"Will IBM take it lying down? I doubt it. They will want their pound of flesh."

No, IBM will want their next government contract. I can't see them going to war over this, if they have indeed been hardly done by. There are mouths to feed after all.

Anonymous said...

Yes - but going even further back - if Dept of Human Services already had a NASH-like component which was able to be wheeled out and used, then why did we just not use that in the first place? Why pay twice? (and the second time for a failed contract - I doubt that cancelling the contract would return much of the money - IBMs lawyers are smarter than that!)
Why doesn't anyone ask these things in Senate Estimates?

Anonymous said...

With the NASH cancelled and the PCEHR an overpriced, under delivery that is not fit for use in the eyes of many, when will the powers that be start to listen and learn.

Never is my guess, unless someone starts to seriously investigate why we continually hire consulting companies that don't have the background or staff with the right knowledge. The pattern is clear, get a high level relationship, fly in some expert from overseas, win the business and then manage it with lawyers and money men even though they don't have the capability. Surely this must be obvious now that the main criteria for selection with these overblown pieces of work is relationship and self interest.

Who made this selection, how could they be allowed to do it when there was clearly another lower priced option that is now apparently adequate to do the job?

Why can they be allowed to waste so much taxpayers funds and get away with it?

Anonymous said...

Dear previous anonymous,

Two years ago, we were told that the DHS PKI solution did not meet NASH requirements. Now we are being told that it does meet those requirements, despite no material changes to that PKI scheme. Sophistry or bullshit?

As for Peter Fleming's statement to Sentate Estimates that "NASH is doing what we need now. For PCEHRS there is a second component which will support secure messaging. DHS is working with some final phases there, and they will make some announcements in the very near future. Certainly everything we need NASH to do it is capable of and it is doing", well that is simply not true - and there is ample evidence that Peter knew it was not true when he said it.

The DHS NASH solution a) does not support Secure Message Delivery and b) does not support participation in the PCEHR by Contracted Service Providers, a design flaw that will not be corrected quickly or easily.

Why does this man still have a job?

Andrew McIntyre said...

When SMD was being developed I was arguing hard for a solution that could use the existing Medicare PKI infrastructure. NEHTA would not have a bar of it despite the fact that NASH did not exist then. I do not think NEHTA has a technical ability to manage a project of this complexity and they try apply enterprise type solutions on a landscape that requires internet scale infrastructure and security. Now that NASH is dead SMD is very shaky if you want proper authentication and free interoperability between vendors. This is the issue with including SMD in the PIP criteria, as without a robust common PKI infrastructure interoperability between vendors is almost impossible in a scalable way. Does anyone in a position of "power" have a clue.

Anonymous said...

It is all very confusing. It would be useful to see a map of how all of the components fit together in the ehealth landscape. NASH is just one component, and then there is the Health Service Provider Directory that has end points locations defined (so you can send secure messages) , and a mechanism for ‘registering’ (authorizing?) health service providers for one or more capabilities – e.g. for the PCEHR System, or for the HI Service, or for other ehealth initiatives such as ETP. The concept of what constitutes an electronic signature at the clinical document/content level (which must endure over time), and also at the transactional level (e.g. sending an ehealth message, which may be transient) needs to be clearly defined in this context. Does anyone know if this broader ehealth architecture has been defined? That might help those ‘in power’ to understand. Perhaps Nehta have such a document that can be understood without having a Ph.D in IT?

Keith said...

It is interesting to be reminded of what the "infamous serial blogger" wrote back on Tuesday, June 01, 2010 (yes, more than 2 years ago) in a blog titled "NASH - This is A Sleeper Of a Problem I Believe – Cost and Implementation Timetable Wise!". Both the article and some well-informed comments were uncannily prophetic! David, it's a pity that sometimes being right is not something one can be entirely pleased about.

Anonymous said...

It looks like the Medicare local eHealth strategy has been exposed

DOHA explains eHealth Strategy