Sunday, July 05, 2015

Some Intelligent And Hardly Complimentary Commentary On The Government Plans For The PCEHR. There Are Some Serious Issues Raised Here.

DoH asked for submissions on their plans for the Legislation around a modified PCEHR
Here is the link:
They closed on June 24, 2015.
In response, first we had some useful commentary from the RACGP.
You can find their submission here:

RACGP Submission to the Department of Health on the Electronic Health Records and Healthcare Identifiers Legislation Discussion Paper

24 June 2015
The RACGP welcomes the commitment made by the Government in its 2015-16 budget to strengthen the national e-health system and support the continued development of the PCEHR. There are well identified issues with the current PCEHR model that require meaningful engagement between the Federal Government and the healthcare sector in order for these issues to be addressed effectively and for the PCEHR to be adopted. It is our view that the ongoing work program should focus on:
  • the core clinical documents relevant to general practice (Shared Health Summary and Event Summary)
  • medicines reconciliation, and
  • point-to-point communication (interoperable Secure Message Delivery).
These are the core clinical value propositions for GPs and other clinicians and provide the platform for continuing engagement with the clinical community.

Downloads

RACGP Submission To The Department Of Health On The Electronic Health Records And Healthcare Identifiers Legislation Discussion Paper (pdf 423KB)

Here is the direct link:
I was quite surprised to read the submission and see just how many issues the RACGP identified. The make it very clear there is a massive mountain of work to do to get their support.
There is some coverage of this submission and one from the APF found here:

The other data retention: Concerns over opt-out eHealth model

Australian Privacy Foundation says opt-out model for eHealth record not justified
The government's move to change the current national eHealth record rollout to an opt-out model has raised concerns among privacy advocates.
A 2013 review into the Personally Controlled Electronic Health Record (PCEHR) recommended changing from opt-in to opt-out in order to boost uptake to help the system to reach critical mass.
The government's response to the review included moving to rename the PCEHR to 'My Health Record' and trialling an opt-out approach.
"Doctors have indicated they’re much more likely to use the system if all their patients have a record," health minister Sussan Ley said earlier this year.
"We also need full coverage if we’re to cut down on inefficiencies created by not having one seamless records system, such as double ups with testing, prescriptions and other procedures."
However in a submission (PDF) to a Department of Health consultation, which closed late last month, the Australian Privacy Foundation (APF) argued that moving to an opt-out model is not justified.
The shift will only increase the risks to privacy that already exist from having "a high value repository of every Australian’s identity and health data".
"With respect to the proposed move to opt-out, we believe that there is a strong possibility that there will be a realisation amongst the population at large that the PCEHR is actually a thinly disguised national identity number attached to some health information, none of which can be relied upon because there is no way to medico-legally trust the information contained," the APF argued in its submission.
"[T]he identity data will be seen as very useful to the government, especially when cross-matched against internet and telecommunications metadata and other government databases," the organisation argued.
The government should either decommission the system or completely re-architect it "such that it is able to support major changes to existing health care work practices and is much better and more closely integrated with existing health record systems".
The shift to an opt-out model will have consequences for the risk profile of the eHealth program, the APF said.
Lots more here:
There is also coverage here:
http://www.medicalobserver.com.au/news/medical-privacy-at-risk

The Australian Privacy Foundation (APF) Submission is found here:
Here is the Exec Summary.

Summary and Conclusions

The Australian Privacy Foundation has  a number of very serious concerns with the PCEHR, the  proposed changes to the system and its enabling legislation.
These can be summarised as follows:
1. The value of the PCEHR, as only one eHealth system in Australia, has not been  demonstrated. The PCEHR has been implemented such that it replicates current health care  practices and therefore offers limited functionality. The opportunity to enable better and  more effective and efficient work processes has been missed;
2. The documentation available on the websites of NEHTA and the Health Department is old, inconsistent, incomplete and does not adequately describe the fundamental drivers and requirements of eHealth care or the way in which these have been architected and designed
into the system; and
3. The risks to privacy of a high value repository of every Australian’s identity and health data are not matched by the minimal value and benefits inherent in the PCEHR. Moving to an opt-out model is not justified and will only increase that risk.
A major factor is the poor legislative protection afforded to health information in Australia which, in our opinion, has led to a lack of trust that the risks are, or will be, adequately managed. With respect to the proposed move to opt-out, we believe that there is a strong possibility that  there will be a realisation amongst the population at large that the PCEHR is actually a thinly disguised national identity number attached to some health information, none of which can be relied upon because there is no way to medico-legally trust the information contained. However the identity data will be seen as very useful to the government, especially when cross -matched against internet and telecommunications metadata and other government databases.
Based upon our many concerns, we do not believe that the proposed changes to the system or the legislation will achieve any significant improvement in use by the health community
We contend that the government has only two alternatives: either decommission the system as soon as possible, or completely re-architect the system such that it is able to support major changes to existing health care work practices and is much better and more closely integrated with existing health record systems.
----- End Extract
Disclosure - I am a member of the Health Committee of the APF.
I have also found submissions here:
Here is the summary from the Office of The Australian Information Commissioner:

General comments

The OAIC welcomes the opportunity to provide the Department of Health with comments on the Electronic health records and healthcare identifiers: legislation discussion paper155 KB (the discussion paper).
The discussion paper outlines a range of proposed changes to the Personally Controlled Electronic Health Records Act 2012 and the Healthcare Identifiers Act 2010. The proposed changes relate to areas including governance, participation models, the obligations of eHealth system participants, and privacy. While section 3.5 of the discussion paper is named ‘privacy’, the OAIC considers that privacy considerations arise in relation to all sections of the paper. We have therefore commented on a range of proposals throughout the paper.
In making the comments below, we recognise the benefits that are expected to accompany an effective eHealth record system in Australia. These benefits include better health outcomes arising from the improved availability and quality of health information, fewer adverse medical events, and efficiency through reduced duplication of treatment.
However, changes to the eHealth record system do pose potential privacy risks. The system is expected to increasingly handle significant volumes of sensitive health information. In addition, the Government has announced trials of an opt-out model of participation, with the possibility of that model being expanded nationally in the future. Under opt-out arrangements, the health information of an individual who does not opt-out will be handled in the eHealth record system without that individual’s express consent.
In the context of an opt-out system, it is important to provide individuals with control over if and how their health information is handled, and to ensure strong privacy protections are in place for those who do not exercise their choice to opt-out. We consider that an eHealth system operated on an opt-out basis should be designed with privacy as a critical consideration. Ensuring that privacy is adequately addressed is fundamental to establishing and maintaining public confidence in the system.
We acknowledge that the discussion paper raises for consideration a range of privacy issues, and explains the Department’s approach to managing these. We welcome this focus on privacy as a central consideration. The specific comments below outline the OAIC’s views on the key privacy issues that in our view are raised by the proposals. 
The Consumers Health Forum responds here:
The College of Psychiatrists highlight some very serious issues here:
These two paragraphs raise an issue I have no idea how the PCEHR could ever properly manage
“The RANZCP also wishes to emphasise an important issue in relation to mental health diagnoses under the PCEHR system. Mental health diagnoses are often less clear cut than their physical health equivalents. Diagnoses can change as more information becomes available, research in the field develops or courses of treatment are found to be more or less effective. Therefore, a change in a patient’s mental health diagnosis is a common occurrence and -if previous diagnoses are not critically reviewed -it can and does result in many years of unnecessary treatment and stigmatisation of the patients concerned.
Consequently, the RANZCP considers that more information is required as to how the issue of a changing diagnosis will be reflected in a PCEHR. If a diagnosis is made by one practitioner and then reviewed, changed or removed by another, for example, how will this show up? Are there measures in place to avoid stigmatisation of an individual due to an incorrect diagnosis? Any PEHCR system would need to be flexible enough to allow easy correction of mislabelling and adjustments made as the result of new information coming to light or a change in presentation.”
This Google Search may soon find others:
(submission "Electronic Health Records and Healthcare Identifiers: Legislation Discussion Paper")
All in all there is some serious thought provided here. Will be interesting to see what responses we see. I bet all this is just ignored - but would be happy (no thrilled) to be proved wrong!
David.

3 comments:

  1. Re the Australian Privacy Foundation (APF) Submission.

    For information and disclosure, I became chair of the Health Committee of the APF in November last year. The submission was endorsed by the board.

    All my comments on this blog are my opinion only, unless otherwise stated explicitly - which has not yet occurred.

    Bernard

    ReplyDelete
  2. My opinions too Bernard
    Juanita

    ReplyDelete