Wednesday, November 06, 2013

The Privacy Foundation Is Not Happy With Government Regarding The PCEHR. Others Also Have Concerns.

This has been released very recently.
3 November 2013
Public Statement: PCEHR
The Australian Privacy Foundation (APF) notes that large numbers of practitioners are signing up for the Practice Incentives Program (PIP), which is tied to the Personally Controlled Electronic Health Record (PCEHR).1
The APF further notes that very few of those practitioners are populating their patients' PCEHRs.2-3
The APF also observes that numbers of patients are signing up for the PCEHR, which is tied to the plethora of assisted registration services that do not explain governance or safety issues. Very few of the patients have initiated the population of PCEHRs post their assisted registration. 4-5
This is good for bureaucrats in two ways:
1. it inflates the apparent take-up rate for the PCEHR
2. it enables the exploitation of individuals' personal health-care data for administrative purposes.6
But the multi-millions poured into the PCEHR project are delivering very little indeed in the way of positive outcomes for patients or clinicians.4
The APF and others argued, over many years, that the design of the PCEHR disclosed that the motivations were administrative, not health care. The cynical behaviour described above reaffirms what APF argued.
It is deplorable, both because of the waste of vast sums of taxpayer money on administrative convenience, and because of the exploitation of personal data for the benefit of public servants, not patients.
2. Australian Medical Association. E-health records in need of urgent help: GPs, 21/10/13
3. Australian Medical Association. AMA Puts flawed PCEHR on the mend. 22/10/13
4. McDonald, K. DOHA rejects claims patients “inveigled” into PCEHR sign-up. Pulse IT,
5. McDonald, K. DOHA rejects claims patients “inveigled” into PCEHR sign-up. Pulse IT,
6. Kruys, E. The PCEHR moving forward. 23/09/13.
Last week we also had this appear.

Australia: Update on Personally Controlled Electronic Health Records - legal and privacy issues

Last Updated: 28 October 2013
By Alison Choy Flannigan
As part of the 2010/11 Federal budget, the Government announced a $466.7 million investment over two years for a national Personally Controlled Electronic Health Record (PCEHR) system for all Australians who choose to register on-line, from 2012-2013. This initiative has the potential to be a revolutionary step for Australian health care, in terms of both consumer's access to their own health information and improvement in information which will be available to health professionals when they treat a patient.
Lots omitted  here:
There are a number of medico-legal and privacy issues which arise with the PCEHR. Some of these are summarised below:
  • If a medical practitioner consults with a patient and is negligent in entering information onto the PCEHR, there are more clinicians relying upon it, so the potential for liability from a negligent assessment of a patient or negligently prepared medical record increases.
  • Health professionals must be mindful that the PCEHR is not a complete medical record and must continue to be vigilant in continuing to obtain independent information from patients. Information may be excluded from the PCEHR at the request of a patient and missing information is unlikely to be flagged.
  • If a medical practitioner has relied upon information on the PCEHR which is incorrect, then the medical practitioner will need to track the author of the original information to join as a cross-defendant.
  • If a patient instructs a medical practitioner not to include information on the PCEHR then the medical practitioner will be under an obligation to inform the patient the risks and consequences of this.
  • Direct access to a medical record may be denied if providing access would pose a serious threat to the life or health of any individual. In those cases, the patient is usually provided access through another medical practitioner. If consumer access requests are dealt with centrally, measures should be implemented to ensure that a clinical assessment is made in relation to whether or not a patient's request for access or information could pose a serious threat to the life or health of any individual. Arguably such information should not be included in the PCEHR.
  • Often a request for access can be an indicator of a potential claim which can be resolved quickly by the clinician by early discussions with the patients. There should be a mechanism so that relevant clinicians are informed if there is a potential claim early.
Privacy issues
There are also a number of privacy issues, including:
  • Obtaining adequate privacy consent from patients;
  • Ensuring that the systems can accurately implement the consent options of patients, such as limiting access or prohibiting access to the PCEHR to health professionals nominated by patients.
  • Ensuring that only information which is required to provide treatment for the patient is collected.
  • Privacy issues if the system involves a number of system vendors and subcontractors or cloud computing.
  • Uniformity of the usage of medical terms and abbreviations and clear handwriting is preferred to protect data quality.
  • Clear understanding of the information flows and potential for leakage of personal health information to unapproved persons or overseas.
  • Data security issues.
  • Patient and participating health professional identification and verification issues.
  • Education and training of participating health professionals.
Full article here:
There are some really good issues for the enquiry into the PCEHR to sort out here!


K said...

if "very few of those practitioners are populating their patients' PCEHRs" and "Very few of the patients have initiated the population of PCEHRs post their assisted registration"

then "it enables the exploitation of individuals' personal health-care data for administrative purposes" must be working well then?

Really, APF is full of crap here. It's disappointing when there are real issues for them to get distracted chasing self-evidently crap conspiracy theories.

Anonymous said...

On the medico-legal side of things - my partner recently had to get a medical summary of their health status from their GP preparatory to some minor day surgery. It contained a load of falsehoods about conditions my partner does not have but some junior doctor seen once entered on the record without discussion, incorrect dates for prior surgery, other major conditions that have been discussed not listed.

This summary could not be changed by the doctor who gave it to my partner therefore it was inaccurate when given to the specialist/day surgery facility/anaesthetist to perform the procedure. Verbal instructions had to be given to correct the errors.

My partner's comments - just imagine if this was uploaded to the PCEHR and everybody could see it, it being wrong!


Bernard Robertson-Dunn said...

re anon's post "On the medico-legal side of things ...."

Relating this incident to the first of the terms of reference for the review panel:

"The gaps between the expectations of users and what has been delivered"

I would have thought a reasonable expectation was that data in the PCEHR was as current and accurate as possible so that it could be relied on by health professionals.

And that there were well publicised processes and procedures in place to re-mediate incorrect or invalid data

And that there were well publicised processes and procedures in place so that any disputes could be resolved.

And that there were appropriate mechanisms to hold those who acted irresponsibly or maliciously when entering data could be held liable for their actions.

I don't think these are unreasonable expectations. It will be interesting to see if such issues are considered by the review panel.

Anonymous said...

“I would have thought a reasonable expectation was that data in the PCEHR was as current and accurate as possible so that it could be relied on by health professionals.”
There appears to be a major problem here. The PCEHR places all responsibility for data quality and accuracy on those service providers who enter health care summaries and discharge summaries. The PCEHR core system itself seems merely to be a repository into which summaries can be placed. When there has been a problem as reported in the media, for example when incorrect medications were recorded against the wrong person, or when Medicare sourced data (PBS, MBS) are listed for incorrect family members, the blame has been placed on the source data providers. E.g. the pharmacist did something wrong, it is not the fault of the PCEHR, but look isn’t it wonderful that the PCEHR has actually detected this error so that the consumer can be aware and fix it? But to fix it the consumer must go to the source provider, as it is not the responsibility of the PCEHR. The PCEHR Operator has claimed that problems with data in source systems exists with or without the PCEHR, and that it is a benefit of the PCEHR that it allows you to check everything and correct it. This philosophy might work if each record was a complete record, and each consumer checks their records. However, we now have over 1 million consumers who have a PCEHR record, most of whom will not ever/very rarely look at their record online to check it. When these consumers have hospital, pharmacy or GP services, they may agree to a summary being posted to their PCEHR. There are probably already many erroneous data items on records that are not being checked. This creates a risk to consumers if erroneous data is used by clinicians who may be assuming that the consumer has checked their record. And if providers have to treat the data as likely to be erroneous, then they may not use the system as it was intended.
It has been argued that this situation existed before the PCEHR, i.e. providers being wary of the quality and accuracy of historical data. But it raises the question of whether the way the PCEHR works makes this situation better or worse.

Grahame Grieve said...

I think it was me who argued that this shouldn't be seen as an outright safety issues in the pcEHR ( I'm not aware that anyone else has made this claim, and I certainly do not speak on behalf of the PCEHR, NEHTA, or DOHA; I was only making an in principle point.

Whether the pcEHR makes this better or worse, the real concern is that the healthcare system is drowning in information, much of it is suspect in quality, and existing quality processes across all aspects of healthcare are favouring the retention of ever increasing amounts of data, because this is easier to measure than quality.

I do think that in the long term, demonstrating that (a) we have a problem and (b) we don't have processes and procedures in place to even address the consequences, let alone the causes - I think that in the long term this will be a great thing for all of us. In the meantime, the road will be rough. But how to get from A to B without making a big mess - have you seen how much mess making a road makes?

Bernard Robertson-Dunn said...

An observation. When you automate a mess, all you get is a bigger mess, that happens faster and has far worse consequences.

One of the guiding principles behind the PCEHR seemed to have been "Let's make access to health information better and easier"

This may or may not be a good thing, of itself, however, if the information is incomplete, inaccurate or just plain wrong, then the PCEHR will allow more people to see bad data quicker and potentially make worse health decisions.

And because the PCEHR gets its information from different sources, each with its own level of data quality, then there is a danger that users of the PCEHR will assume that all data is of the least quality.

Health systems need to be seen as trustworthy. Trust doesn't seem to be the PCEHR's strong point.

And re Grahame's point about getting from A to B, sometimes trying to do it in several jumps is a bad thing. Think crossing a chasm.

Andrew McIntyre said...

I have long been arguing that it is the quality of the data - both structurally and content that has been in need of attention. Trying to build bigger systems on top of rubbish data is fraught with risk.

It is the lack of quality in the messages that actually prevents easy interoperability between messaging providers. If the quality of the messages constructed and the ability of systems to reliably receive quality messages was high then messaging providers could interchange with minimal risk, but this is not the case.

Building a PCEHR on bad data just makes a bad problem worse. We need to return to the basics. Its not hard to transfer and collate good data. Its foolish to try when the data quality is known to be low. The "smartest guys in the room" who have spent the billion dollars have been told this many times, but they do not even know what they don't know.

Grahame Grieve said...

Andrew, the problem is that it has been demonstrated again and again that it is *hard* to collect good data - and it's a user level problem: they are the ones that have to decide that good consistent data is worth having.

Evidently more of them agree about the first than the second - because the second is the bit that bites, where detail matters: what, actually, do they want?

Trevor3130 said...

Following up on Andrew M's "Its foolish to try when the data quality is known to be low" with a thought experiment. Suppose the Govt pays good money to digital curators whose job it is to upload any documents that citizens have kept in relation to their own health. What sort of material would be presented, by the people who, evidently, have cared the *most* for their own health?
Seems to me the people who know, and care, least about their 'history' will have curated *none* of their own stuff, and will be the easiest to align with PCEHR.
Whereas, if we were concerned to develop the civic responsibility to adequately care for our own needs, we'd be encouraging much more literacy in health matters. That, though, would lessen the dependency of the wilfully ignorant on conventional health care. Then, more self-sufficiency would reduce the demand for more 'service providers'. Just educating to prevent obesity would, by itself, cut billions in salaries out of the health care budgets.
Perverse incentives come to mind.

Andrew McIntyre said...

Good content is harder than compliant messages, but until we have compliant messages the value of good data is easily lost.

Good data on things such as Medication (for example) requires good terminology and co-operation between AMT, PBS, Snomed-CT core and private terminologies such as MIMS. It appears AMT was designed for stock control in a Pharmacy and none of this essential co-operation was given any weight and its clinical value is limited. Unfortunately the political will to make these things happen was not there or the importance was not understood.

It the lack of understanding of the need for bottom up improvement that has resulted in the leaning tower of PCEHR, which without a solid foundation, is sinking into the swamp. I am not sure its the right tower either, so you would have to be careful to choose between very expensive underpinning vs demolition. The Queensland Health Payroll comes to mind, I am sure someone wishes they had abandoned that after the first run...

Trevor3130 said...

On quitting a project, Real-time tracking for buses scrapped.
Daniel Kahneman describes the inability of committed insiders to accept the obvious, 'Thinking, Fast and Slow', chapter 23 The Outside View. I'd like to think anyone in control of spending millions of taxpayers dollars would be very familiar with Kahneman's work.

Bernard Robertson-Dunn said...

When it comes to failing projects, especially those that have a significant political component, they run up against the "Backfire" effect.

People who "believe" things (rather than have knowledge and can think rationally about a subject) become more entrenched in their views, in spite of the evidence.

"Recently, a few political scientists have begun to discover a human tendency deeply discouraging to anyone with faith in the power of information. It’s this: Facts don’t necessarily have the power to change our minds. In fact, quite the opposite. In a series of studies in 2005 and 2006, researchers at the University of Michigan found that when misinformed people, particularly political partisans, were exposed to corrected facts in news stories, they rarely changed their minds. In fact, they often became even more strongly set in their beliefs. Facts, they found, were not curing misinformation. Like an underpowered antibiotic, facts could actually make misinformation even stronger."

How facts backfire