Monday, May 19, 2014

Summary Of Recommendations Of The PCEHR Review!

Summary Of Recommendations

Page 16 of .pdf.

The Panel recommends the following key actions in relationship to realizing the benefits of the PCEHR:
  1. Rename the Personally Controlled Electronic Health Record (PCEHR) to My Health Record (MyHR).
  2. Restructure the approach to governance, dissolve NEHTA and replace with the Australian Commission for Electronic Health (ACeH) reporting directly to the Standing Council on Health (SCoH).
  3. Establish a Clinical and Technical Advisory Committee to ACeH.
  4. Establish a Jurisdictional Advisory Committee to ACeH.
  5. Establish a Consumer Advisory Committee to ACeH.
  6. Establish a Privacy and Security Committee to ACeH.
  7. Establish a taskforce to transition arrangements between the current governance structure and the one recommended in this report.
  8. Maintain the Independent Advisory Council (IAC) with an altered reporting line, direct to the Federal Minister for Health.
  9. Commission an external review of the function and roles in the eHealth section of the Department of Health, Department of Human Services (DHS) and NEHTA to assess duplication and alignment with mandates
  10. Establish a regulatory body that monitors and ensures compliance against eHealth standards that are set and maintained by ACeH.
  11. Centralise the system operation of the MyHR to the Department of Human Services (DHS), under contract from ACeH. DHS should run all MyHR related infrastructure services and maintenance, performance reporting, contact centres, management of NASH, and the Health Identifier service. ACeH to work with DHS to assess which components of the service should be contracted out to private partners, with DHS remaining the overarching government department responsible for service delivery 
  12. Establish a clinical systems capability (group) within the Department of Human Services (DHS) to integrate and coordinate improvement to all health systems and platforms.
  13. Transition to an ‘opt-out’ model for all Australians on their MyHR to be effective from a target date of 1st January 2015. This recommendation is subject to the completion of the minimum composite of records (recommendation 21) and the establishment of clear standards for compliance for clinical users via the Privacy and Security Committee.
  14. Commission a technical assessment and change management plan for an opt-out model to be undertaken in early 2014 in order to determine requirements and identify costs for a model  change.
  15. Require an annual report from the Privacy and Security Committee on:
    a. the number of individuals who have opted out of the MyHR
    b. the number of documents that have access controls changed by category
    c. meaningful use and adoption by the profession
  16. Commission an Information Security Risk Assessment of the end-to-end flow of consumer information to and from the MyHR platform. Findings and mitigation actions to be reviewed and  agreed by the Privacy and Security Committee
  17. Clarify that the MyHR is a supplementary source of information that may, but does not always need to be, used by clinicians in caring for their patients.
  18. Develop and conduct an education campaign for consumers and clinicians about the impact of the change to an opt-out process and the strength of security and privacy in the system.
  19. Expand the existing Australian Medications Terminologies (AMT) data set to include a set of over the counter (OTC) medicines.
  20. Widen the existing National Prescribing and Dispensing Repository (NPDR) to include the expanded set of over the counter (OTC) medicines.
  21. Implement a minimum composite of records to allow transition to an opt-out model by a target date of 1st January 2015 inline with recommendation 13. This will dramatically improve the value proposition for clinicians to regularly turn to the MyHR, which must initially include:
    • Demographics
    • Current Medications and Adverse Events
    • Discharge summaries
    • Clinical Measurements
  22. Work should proceed to allow the integration of diagnostic imaging and pathology into MyHR but their delivery dates should not delay transition to opt-out
  23. Implement a standardised Secure Messaging platform for the medical industry, prioritising support for standards compliant platforms.
  24. Expand the Secure Messaging strategy to include exchange of secure communication between the medical industry and consumers to facilitate improved communications and workflow efficiencies.
  25. Review the NASH platform with a view to evolving the platform to align with the recommendations for Digital Identity that is included in the Coalition’s Policy for E-Government and the Digital Economy.
  26. Review the current development program for the PCEHR and deliver prioritised usability  improvements based on user centred design principles in partnership with industry. The usability improvements to be designed to complement everyday workflows.
  27. Add a flag to the clinical author to identify if their patient has restricted or deleted a document in their MyHR to facilitate a discussion on the clinical impact.
  28. Notify the consumer via an SMS message when their MyHR is opened or used by default. For patients that do not have a mobile number, a message will not be sent, however mobile contact number should be requested as part of the standard information for a customer’s profile.
  29. Enable a single sign-on capability that enables simplified usability as users of the systems are able to seamlessly pass from one system to another.
  30. Evolve education, training and implementation programs to engage industry associations in the design and delivery of programs. This includes implementation of online training tools, including provision of a simulated MyHR environment to support required training volumes.
  31. Immediately update the MyHR strategy to actively enable decentralisation of information across multiple data repositories, with information being linked using the Healthcare Identifier (HI).
  32. Reset the policy standards and frameworks necessary to enable interoperability, in a decentralised model, plus commercial models that ensure providers can generate an acceptable return on the investments made in shared infrastructure.
  33. Prepare a business case that defines appropriate methods of compensation for investment should be investigated that include one-off costs and/or transaction fee services for clinical access to records associated with integration of existing data sets into the MyHR.
  34. Introduce by ACeH Board a new balanced scorecard of metrics that includes primary metrics (e.g. meaningful use metrics) and secondary metrics (e.g. leading indicators) that are aligned with the benefits and goals of the MyHR.
  35. Apply governance principles of transparency of metrics and reporting to build confidence in the clinical relevance of information that is provided.
  36. Change the ePractice Incentive Payment (ePIP) to introduce meaningful use metrics that incent contribution of clinical relevant information to the MyHR, including linking ongoing ePIP funding to actual usage of the MyHR.
  37. Commission a scoping project to identify the options available to encourage further take up of electronic transmission of data by specialist medical and allied health professional practices and private hospitals.
  38. Alter the Medicare Item number requirements from January 1st 2015, for health assessments comprehensive assessments, mental health care plans, medication management reviews and chronic disease planning items to require a copy of the information to be uploaded to the MyHR.
 Looks like a lot of new acronyms to learn and 91 pages to digest.

Remember this was a report to Government - they might do something quite different.

Comments welcome



Dr Ian Colclough said...

Interesting - at least it seems like a start - one small step for .....

Recommendation 1 - change the name is a good start.

Now jump to Recommendations 31, 32,33 and focus your mind on them:

31: strategy to enable decentralisation of information across multiple data repositories

32: standards and policies to enable interoperability in a decentralised model plus commercial models to ensure providers can generate an acceptable ROI in the shared infrastructure

33: develop a business case showing compensation models for investments made embracing one-off costs, transaction fees and integration of data sets into the MyHR.

Now, where do you start?

Anonymous said...

This misses the most important recommendation. To decide who this is intended for. Is this a platform intended for consumers/patients or doctors or both?

Anonymous said...

... or Government ..!

Bernard Robertson-Dunn said...

They can implement every one of those recommendations and it will still be an IT system.

Bernard Robertson-Dunn said...

Recommendation 17: Clarify that the MyHR is a supplementary source of information that may, but does not always need to be, used by clinicians in caring for their patients.

This has two parts. The first is a statement that the MyHR /PCEHR is a supplementary source of information. The second is that this should be "clarified".

$1billion is a lot of money to spend on a secondary source of information. Given that the recommendation recognises that clinicians need/may not use the information in it, how about someone does a study to find out if this massive and costly imposition will actually deliver value. Recommendation 21 seems to assume that it will.

Anonymous said...

May 19, 2014 5:09 PM said ... Now, where do you start?

It's very clear - you start at the beginning; like:

Who is the system for?

What is the problem it is trying to solve?

Why does the problem exist?

How will it solve that problem?

What are the business processes causing the problem to exist and how should they be changed?

Now, as for IT - how can it be used to help solve the problem that we must first define?

Can we stop the $140Million Ms Halton has available from being wasted?

K said...

So I see we're back to the good old days of re-organising the governance committees instead of actually solving the problems.

Recommendation #21 is particularly obtuse - what's a "clinical measurement"? (surely not a clinical quality measure?)

But not as obtuse as #23, which is only what's been happening anyway...

I bet the authors are really mad that they wrote it in such a hurry (#33 isn't even grammatically correct) and then nothing happened; they could have taken their time and got it right. Oh...

Anonymous said...

I agree, it's a poorly written shallow document lacking logic and reason undertaken under extreme pressure preventing the authors the time required to think through the complexities of the issues in the relation to the information they have collected through submissions. Once again we see a lackadaisical approach to reviewing this 1+billion fiasco. The taxpayers of Australia deserve better.

Anonymous said...

Considering their lack of knowledge and experience in real eHealth its a pass if they were submitting a high school project, but this is a billion dollar program.
Unfortunately eHealth has been run like a high school project and that's the insult to people who have devoted years of hard work to try and make a difference.
The public service need to grow up and realize they are out of their depth and the chances of them designing and implementing a workable system are nil. All they are doing is driving the people who have a chance away, there must be a lot of head shaking going on among the eHealth community.
The reality is that no one person can do it, but squashing innovation will simply delay real progress. The government would be better to focus on sorting out its own aging infrastructure and stop throwing away taxpayer dollars and accept that they can't solve wicked problems.

Anonymous said...

hmmmmm. No wonder the govt has sat on it for months, and I can see why they need another year to sort through the recommendations and work out what to do.
I do like the raw, honest chaos of it though. It has a home-spun, coalface feel. It isn't as shiny and superficial as might have come from a big consulting firm.
Buried in the comments and themes are some real gems if you care to read the detail.

Michael Legg said...

The report is more about National eHealth Governance than it is about the PCEHR in my view.

While there is good in the recommendations to improve on the dysfunctional Governance we have had, there are two aspects that disappointed me.

The first is a lack of emphasis on the widespread harm that is being done as a result of poor information systems now. This contention is supported by the recent ECRI Institutes top 10 Patient Safety Concerns for 2014 in the US (and there is no reason to believe it is any different here). The top three were:

Data integrity failures with health information technology systems
Poor co-ordination with patients next level of care
Test results reporting errors (most outside the laboratory)

This list is largely based on recurring trends identified from data voluntarily submitted to ECRI Institute PSO for review and analysis. The data includes more than 300,000 event reports, research requests, and root-cause analyses. Akin to this is the focus now being taken by the Institute of Medicine on Diagnostic Error which may well expose a whole new understanding of how much better the health system needs to be.

The second is the lack of involvement and influence of health informaticians in the proposed Governance structure. This is very much linked to my first concern. It needs trained and experienced health informaticians to address these safety issues. Indeed I also contend that many of the missteps that the review highlights could have been avoided if the Governance had included health informaticians and their voice had been louder. There has been an awful lot of hard and unnecessary learning on the job. NSW Health after its more comprehensive Governance and eHealth review as an example came to the conclusion that the role of the Chief Clinical Information Officer was an important one.

Anonymous said...

Well, at least it recommends keeping the Dept of Health out of operational matters, and that has to be a good thing. Let our Jane concentrate her efforts on sport

Anonymous said...

Trouble is, it's not MyHR - it's the GovtRecordofMyHealth. Kept handily along with one's medicare and centrelink records, tax returns etc etc

Anonymous said...

At least it reccomends the dissolution of NEHTA which has been at the core of the failure of the PCeHR!

OR is it suggesting NEHTA under another name? mon dieu!

Bernard Robertson-Dunn said...

Towards the back of the document is Addendum 3 “Key Themes from stakeholder feedback in detail.”

On page 88 is section 15 Legal /Liability. It is a set of 24 bullet points taken from various submissions on legal and liability risks and issues.

These seem to have been summarised into one of the “Key Concerns From The Submissions” – #4 “Value proposition for users if data sets are unreliable or incomplete, and the liability and indemnity that flows from this”.

This Key Concern (which doesn’t seem to address all the Key Themes under Legal / Liability) appears to be dealt with by recommendation 6. “Establish a Privacy and Security Committee to ACeH” and recommendation 16 is “Commission an Information Security Risk Assessment of the end-to-end flow of consumer information to and from the MyHR platform. Findings and mitigation actions to be reviewed and agreed by the Privacy and Security Committee”

This is an attempt to address some of the legal /Liability issues but IMHO, such issues are not all matters of privacy or security.

On pages 30/31 is an interesting couple of paragraphs.

“In order to understand and to mitigate the risk of interacting with the MyHR clinicians need to be reminded that they are not legally compelled to open and use the MyHR. Clinicians need to be confident that they will be meeting the appropriate professional standard if they make decisions, in good faith, based on information in the MyHR even if they turn out to be incorrect because a patient has removed or restricted access to data. As with other forms of clinical information clinicians are expected to meet appropriate professional standards when interacting with the MyHR, but that is unlikely to extend to opening each and every document for every patient. MyHR clinical interface needs to be designed to present clinicians with easy access to important data that is relevant to the care being provided at the time rather than endless list of documents. Opening of a record in error or uploading a document in error if done in good faith should not result in sanction.

Use and adoption by the profession should be surveyed and reported by the Privacy and Security Committee so that practitioners are kept abreast of peer professional opinion in relation to participation in the MyHR. This should extend to beyond merely signing up for use but be measured by actual use.

The security and use of important and private consumer information is important to review and understand from an end-to-end process of how customer information is supplied to MyHR (ie: via Clinical Information Systems and other integrated software as part of standard workflow events) and also how information is obtained from MyHR and stored in interfacing systems. Compensating controls, standards and compliance requirements are mitigations that may be required to be implemented to deal with ensuring the ongoing confidence in the platform and how customer’s information is protected. The Privacy and Security Committee will have ongoing responsibility for the development, and regular review of an Information Security Risk Assessment.”

The reviewers seem to have recognised that there are outstanding legal and liability issues but their proposal that they be identified, addressed and managed by the Privacy and Security Committee is IMHO totally wrong.

And unless the legal and liability issues are properly dealt, with and dealt with first, the system will be of no use to anyone.

Enrico Coiera said...

I note that my comments to the review committee are summarised under 'legal and liability'. All my comments however were to do with patient safety.

Safety only becomes a legal or liability issue if you have not dealt with it appropriately.

Its also an ongoing source of frustration that privacy/security/access and safety continue to be confused with each other.

There is no doubt that access problems can lead to clinical safety problems, but if you solve all of your access problems, you can still have a very unsafe system. You cant fix safety through security and privacy controls.

Anonymous said...


An opt-out model will result in a increasing numbers of consumers deleting whatever information they have control over, versus an opt-in (I want to have an ehealth record) model.

Eventually, increasing numbers of deleted docs/info will be all the ammunition (evidence) needed by those who never wanted consumers to have any control over their own ehealth records... and that evidence will result in 'consumer controls' being removed.

Anonymous said...

Moving to an opt-out model is a good idea.

At the moment all those who think they have stuffed up with the pcehr know that most people (clinicians and patients) will ignore it. There is a climate of apathy.

As soon as it looks as though it is going to be made opt-out, everybody who dislikes the whole concept will be against it and will try to stop it. Starting with the privacy wonks. It will become a climate of fear.

Roll on opt-out, the sure way to kill it.

Anonymous said...

"Transition to an 'opt-out' model for all Australians on their MyHR to be effective from a target date of 1st January 2015"

Bloody great! Australians voted with their feet and clearly indicated that they don't want their heath information to be out there for everyone to hack and/or misuse. So now the govt wants to force us into it.

I will be the first to opt out.
But I'm afraid that may not stop the govt from collecting my health information. I just won't know about it.

Anonymous said...

Indeed. One interesting comment in the Review in relation to opt-in-out: "If a citizen's PCEHR was accruing information from the time of the systems inception until such time as they opted in, this would better meet both their expectations and those of their providers. It would also create a record that was immediately useful to the viewing clinician and patient leading to increased ongoing usage."

Another way of saying this might be, provide government with all your health information without you being aware of it.

Anonymous said...

Put it to the High Court!

Surely in their present temperament they (the High Court) will find any such attempt to violate personal health privacy as an unconscionable and "hopefully" unconstitutional act...