Monday, November 16, 2015

Weekly Australian Health IT Links – 16th November, 2015.

Here are a few I have come across the last week or so.
Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

What an amazing week with an incompetent Parliament passing laws to extend the PCEHR! Other stuff also included.
What a disaster for e-Health in Australia as the mindless ill-conceived juggernaut just rolls on!

My Health Record to have increased penalties for misuse of information

12 Nov 2015
The Senate Community Affairs Legislation Committee has recommended that the Health Legislation Amendment (eHealth) Bill be passed, with proposed increased penalties for misuse of My Health Record information. The Bill proposes, among other things, to change the name of the PCEHR system to the My Health Record system and enable trials of opt-out participation.
The Senate Community Affairs Legislation Committee tabled its report on the Health Legislation Amendment (eHealth) Bill this week. The report noted the AMA argued against the introduction of increased civil penalties and new criminal penalties in relation to unauthorised use or disclosure of My Health Record information. However, the committee considered that these penalties are justified as deterrent measures to protect the privacy of system participants.

Australia to bring citizens' health records online

Bill officially passes parliament.

By Allie Coyne
Nov 12 2015 5:19PM
The Australian government has been given the go-ahead to create a digital health record for every Australian by default pending the success of trials of the model, after the bill for opt-out records passed the parliament today.
The federal government introduced the e-health bill in September. It amends the existing personally controlled electronic health record (PCEHR) law to create a record for every Australian by default.
The change in approach was a response to slow take-up of the former Labor government's PCEHR scheme, which allowed individuals to opt-in to the digital health record.
The Health Legislation Amendment (eHealth) Bill 2015 today passed the Senate with no amendments, allowing the government to trial opt-out e-health records in two locations in Queensland and NSW, covering around one million individuals.

Revamped Australian e-health system passes Parliament

The health records of Australians are set to go online by default, with the new system to be trialled first in northern Queensland and in the Blue Mountains.
By Chris Duckett | November 12, 2015 -- 04:15 GMT (15:15 AEDT) | Topic: Innovation
The medical records of all Australians are set to go online after legislation to revamp the e-health system and get more people using it cleared Parliament.
The new My Health Record system is to be trialled first in north Queensland and the NSW Blue Mountains region, and will be rolled out nationally if it proves a success.
Australians will need to opt-out of the system if they don't want an e-health record, as opposed to the current model, which started out as the Personally Controlled E-health Record System, which required patients to opt-in.
The Australian government's e-health record system was switched on in 2012, and was given a further AU$485 million in funding in the 2015-16 Budget in May.

Inquiry backs legislation for 'opt-out' eHealth record

Privacy group call for opt-out to be dumped
A parliamentary inquiry has endorsed a government bill that will enable the national eHealth system to potentially be shifted to an 'opt-out' model.
Health minister Sussan Ley in September introduced the Health Legislation Amendment (eHealth) Bill 2015.
The bill implements recommendations from the 2013 review of the Personally Controlled Electronic Health Record (PCEHR), including renaming the record to 'My Health Record'.
The bill will allow the minister to apply opt-out participation to particular areas, which will enable trials of new approaches intended to boost participation in the system.
A report from the Senate's Community Affairs Legislation Committee was tabled yesterday in the upper house and recommends that the bill be passed.

Senators 'dangerously naive' on ehealth

26 minutes ago
A PARLIAMENTARY committee has been labelled "dangerously naive" after giving its tick of approval to electronic health records for all Australians.
A SENATE inquiry into government legislation says tough penalties will address any fears of sensitive medical details being accessed or used inappropriately.

E-health opt-out records a 'huge invasion of privacy'

The Privacy Foundation has accused the Australian Senate of ignoring privacy concerns in making the e-health record system opt-out.
By Corinne Reichert | November 11, 2015 -- 07:53 GMT (18:53 AEDT) | Topic: Government : AU
The Australian Privacy Foundation has accused the Senate of being "dangerously naive" in thinking that opt-out e-health records could be secured against breaches of privacy.
Bernard Robertson-Dunn, a member of the Privacy Foundation who has also constructed IT systems for several government departments, said it is "patently absurd" for the Senate inquiry committee to think that Australian laws will do anything to deter criminals and cyber attacks from overseas.
The Senate had said it would institute penalties for privacy breaches in order to address concerns over the misuse of confidential medical information.
The Senate had ignored expert advice by changing the e-health records to be opt-out, according to the Privacy Foundation, with the likelihood of personal information being stolen and published in an attack similar to the Ashley Madison hack increasing with the more data that is stored.

Oz e-health privacy: after a breach is too late

Privacy foundation slams 'dangerously naive' Senators

12 Nov 2015 at 02:56, Richard Chirgwin
Australia's peak privacy body has lambasted the country's Senate for being ignorant about the implications of the country's new e-health records.
What was once called the Personally Controlled Electronic Health Record (PCEHR), re-branded My Health Record this year to give it a smiley face, is the government's attempt to dragoon Australians into a national health database.
Looking behind the mask, however, the Australian Privacy Foundation reckons the e-health system looks more like it was designed for spooks and revenue-collectors than for doctors or patients.
Coming in for special criticism is the Senate committee recommendation (full report here) that My Health Record be changed from an opt-in system to an opt-out system. That decision seems designed to boost the chronically low take-up of a system that this year got a budget allocation of more than AU$450 million (its 15-year estimated cost from 2010 to 2025 is $3.6 billion).

Computer says 'yes’ to CDM care plan for the nearly dead

Serkan Ozturk | 12 November, 2015 | 
Concern over use and abuse of care plan items has been a long-running and heated topic of discussion among GPs.  
This year, the Professional Services Review raised the issue of computer-generated templates — seen by most doctors as a way of dealing with the red tape headaches inherent in the Medicare system. 
A regular problem, according to the PSR, is that practice software automatically updates chronic disease management (CDM) care plans, by simply changing the date.
The computer is set to remind the practice to produce new MBS care plans as soon as the patient becomes eligible.  
But some of these templates are so automated that they verge on the ridiculous.

GP researchers slam online CBT programs for depression

Serkan Ozturk | 12 November, 2015 | 
Online CBT programs have no benefit in depression because patients fail to engage with them, a major evaluation by GPs has found.
UK researchers have recommended against routine use of online CBT after their randomised controlled trial in 100 primary care practices found that programs such as the widely recommended MoodGYM conferred no benefit compared with usual GP care.
Almost one quarter of patients dropped out within four months of being offered the Australian-developed free program, or a commercial program called 'Beat the Blues', showed the research by the Department of Health Sciences at the University of York. 
In addition, only about one in six of the 378 participants completed all the assigned computerised CBT sessions.

IT problems in general practice could be putting patient safety at risk

12 November 2015
Problems with information technology (IT) in general practice are creating risks for patient care, a study led by researchers at Macquarie University, Flinders University and the University of New South Wales has found. The TechWatch study, published in BMJ Quality and Safety, examined the effects of IT errors on patient safety in general practice
The researchers asked 87 General Practitioners (GPs) across Australia to report any IT incidents over a 19 month period between 2012-2013 that could lead to patient harm or near miss events, finding that IT issues were at fault for 90 reported incidents during this period. While some of the patient safety risks were carried over from historical paper records system, there were an array of additional disruptions in workflow and hazards for patients unique to IT.
“Our results show that IT problems can disrupt care delivery and pose risks to patient safety,” said Associate Professor Farah Magrabi from the Australian Institute of Health Innovation and the NHMRC Centre for Research Excellence in E-Health at Macquarie University.

Practice software glitches wasting GPs' time

Alice Klein | 9 November, 2015 | 
Practice software problems are wasting doctors’ time and have the potential to lead to dangerous prescribing errors, research shows.
On average GPs spend two hours a week troubleshooting software issues such as frozen screens, problems with software updates, and disappearing or mismatching patient data, according to a study of 87 GPs across Australia.
If replicated nationwide, this suggests that Australia's 22,600 GPs spend a total of two million hours per year fixing IT problems.
The study found that software issues also put patients at risk, with GPs in the study reporting 90 incidents that either caused patient harm or led to a near miss event over a 19-month period.

Practices fail the eHealth test

9 November 2015
SEVEN GP practices assessed for eHealth PCEHR privacy safeguard compliance all failed to fulfil the requirements — sometimes for simply not activating the screensaver lock when a computer was left unattended. 
That assessment is one of five audits the Office of the Australian Information Commissioner (OAIC) has undertaken, according to its 2014–15 report. 
The report refers to the audits and says no complaints of breaches were made to the independent PCEHR overseer, but that “a number of recommendations” had been accepted by the health department. 
One of these assessments, not contained in the annual report, scrutinised eHealth security in the seven clinics — all active eHealth system users and Health Provider Organisation (HPO) members — between December 2014 and April 2015.

NAB urges ‘healthy habits’ as it dangles carrot to harvest data

Andrew White

You leave a data trail every time you tap your card to make a payment, dial a phone number or use the internet. But would you be willing to let that data tracking into the bedroom, the gym and the doctor’s surgery?
National Australia Bank’s insurance arm is about to test that proposition by handing out smartwatches that collect data on resting heart rate, sleep patterns and exercise to some of their life ­insurance customers, in what is believed to be a first for wearable technology in Australia. In exchange for agreeing to sign over information collected by the watch and then meeting good health goals, MLC is offering discounts on life insurance policies of up to 10 per cent.
It is being pitched as an initiative to try to get customers into healthy habits that will reduce their need to claim.
“It’s a bet that if they can achieve healthy habits for three, six, nine, 12 months then habits are habits and it’s hard to get out of habits,” the general manager of ­insurance for NAB and MLC, David Hackett, said.
  • Nov 10 2015 at 6:01 AM
  • Updated Nov 10 2015 at 6:10 AM

Watch your weight: MLC offers discounts for healthy customers

MLC smartwatch lightens insurance burden
You're being watched.
Your breathing, heartbeats, the hours that you sleep and wake are being monitored by an Intel-built smart watch on your wrist. 
And if you're proven to be healthy and hit the set goals, you could save hundreds of dollars in insurance premiums each year.
That is the new proposition by life insurance giant MLC, which has become Australia's first insurer to use smart watch technology to track customers' habits and reward them for good behaviour.

Big data can improve health but first we need to build the foundations

November 11, 2015 1.08pm AEDT

Author Julian Elliott

Head of Clinical Research in the Department of Infectious Diseases, Alfred Hospital and Monash University and Senior Research Fellow at the Australasian Cochrane Centre, Cochrane Collaboration
 “What if we, as government, got out of the way and gave consumers full access to their own personalised health data and full control over how they choose to use it?” Health Minister Sussan Ley asked in her recent speech to the National Press Club.
Ley sketched out a new health landscape populated by consumers who shared their personal e-health records with app developers, dietitians and retailers in return for products and services tailored to their particular health needs.
“The great digital health revolution,” the minister concluded, “lies literally in the palms of consumers, rather than government.”
On one level this rings true. There have never been more ways to monitor our personal health and well-being, and share and compare our findings. We can track our activity, diet, exercise, emotions and sleeping habits on our mobiles, Fitbits, Apple watches and apps. We can even have our genomes sequenced.

Your smartphone can help cure cancer while you sleep

Date November 9, 2015

Hannah Francis

Technology Reporter

If you were able to help find a cure for cancer without lifting a finger, it would be a no-brainer, right?
Well now you can, thanks to a new Android app created by the Garvan Institute of Medical Research, and Vodafone Foundation Australia, which funds health and well-being projects that use mobile technology.
Two years in the making and with the help of Melbourne app developer b2cloud, DreamLab harnesses unused capacity in your smartphone while you're sleeping to crunch medical data for cancer research.
The researchers are hoping to get 100,000 users signed up in the first year, which would allow them to process data around 3000 times faster than they currently are, and complete their first phase of research into four cancers: breast, ovarian, prostate and pancreatic.

Australia, NZ agree to share electronic identity checks

Verification services expanded across the Tasman.

By Paris Cowan
Nov 11 2015 4:53PM
Australia and New Zealand have inked an agreement that will allow organisations to electronically verify proof of ID documents issued by either federal government as well as Australian states and territories.
Australia’s document verification service (DVS) has been in use since 2007, and gives authorised government and non-government organisations the ability to check the authenticity of documents they have received against the government’s own records.
The system is run by the Attorney-General’s Department.

News in brief

Monday, 9 November, 2015
Australian CBT program reduces suicidal thoughts
AN Australian-designed, web-based cognitive behaviour therapy (CBT) program has reduced suicidal ideation among US medical interns by 60%, highlighting its potential as an efficacious public health measure in a country where one physician dies by suicide every day, according to the authors of research published in JAMA Psychiatry. The 199 interns from multiple specialties were randomised to the web-based therapy group — MoodGYM, developed at the Australian National University’s National Institute for Mental Health Research — or an attention-control group, who received emails with general information about depression, suicidal thinking and local mental health professionals. MoodGYM is a free, online interactive CBT- and interpersonal-based therapy program for young people experiencing mild to moderate levels of depression or anxiety. All interns in the study also completed study activities lasting 30 minutes each week for 4 weeks before starting the internship year. Suicidal ideation was assessed 3 months before students started their intern year and then at 3, 6, 9 and 12 months of their intern year. Over the year, 12% of interns in the MoodGYM therapy reported suicidal ideation during at least one follow-up assessment, compared with 21.2% of students in the control group. The researchers wrote that the findings were important, given that suicidal ideation increased 370% over the first 3 months of the internship year. “With approximately 24 000 medical trainees beginning internship each year, dissemination of a pragmatic, no-cost, feasible, and efficacious prevention program could have substantial public health benefits”, they wrote. Further research using a larger sample would be required to determine whether MoodGYM had any impact on suicide rates, they wrote. An accompanying editorial suggested MoodGYM “inoculated” interns at a critical time in their lives, by providing knowledge and skills that would “enable them to be resilient to the stresses of internship, depression, and suicidal ideation”.

NEHTA's Annual Report 2014-15 is now available

Created on Monday, 09 November 2015
NEHTA's Annual Report 2014-15 is now available and can be downloaded from NEHTA ANNUAL REPORT 14-15 PDF (2.76 MB).
The National E-Health Transition Authority was established in 2005 by the Council of Australian Governments (COAG) to identify and jointly develop the necessary foundations and services – the building blocks – for a national eHealth infrastructure: 'NEHTA's WORK 2005-15' PDF (424.56 kB)
NEHTA is continuing to work with stakeholders on the widespread adoption and use of eHealth across the healthcare community until the Australian Commission for eHealth commences operations in July 2016.

Putting the eHealth record system into business

Created on Monday, 09 November 2015
Putting the eHealth record system into business is a useful resource for Responsible Officers (ROs) and Organisation Maintenance Officers (OMOs) and their responsibilities in managing their organisations for the Healthcare Identifiers (HI) Service, NASH PKI Certificate for Organisations and the eHealth record system.

It’s time for an eAustralia Card

November 9, 2015 6.21am AEDT
A digitally integrated identity card with comprehensive security could simplify many transactions with government and business. Shutterstock

Author Matthew Sorell

Senior Lecturer, School of Electrical and Electronic Engineering, University of Adelaide
Australian e-government is a long way behind many other developed nations. Our national leadership has utterly failed to comprehend why e-government should have been a national priority decades ago, and continues to offer little in the way of policy direction.
Hence, our current solutions are a bizarre mish-mash of inconsistent approaches, making it confusing and frustrating for Australians. Every mis-step sets back public trust in online government services. Usability, reliability and security are the keys.
The Australian Tax Office (ATO), for example, provides online data entry, but inadequate explanatory guidance. Searching the ATO website is risky because it also contains obsolete material from previous years.
The ATO communicates by print-formatted electronic documents to a separate MyGov email inbox, making reference to non-existent additional information, yet two-way communication is not possible through this service.
If the Digital Transformation Office is appropriately funded, empowered and motivated, then a top-down review of government services may be able to address the usability and reliability issues over time. Of much greater concern and urgency is the challenge of digital identity.

Revealed: Govt's unused e-health software

A relatively cheap software upgrade featuring all the functions of the $422 million Enterprise Patient Administration System - and more - was purchased by SA Health but never implemented, InDaily can reveal.
Adelaide Wednesday November 11, 2015
Bension Siebert @Bension1
The beleaguered EPAS, billed as a statewide solution to slow, paper-based and outdated e-health records systems, has been plagued by doctors’ complaints that it slows down care and risks patients’ safety.
Despite the complaints, however, SA Health has persisted with implementing the system.
But InDaily can now reveal the department purchased a software upgrade to another system – OACIS – in 2009, which boasts all of the health record functions of EPAS.
SA Health would not reveal the cost of the upgrade, but InDaily understands it is significantly cheaper than the $422 million spent on EPAS.
And unlike EPAS, an older version of OACIS is already installed on SA Health computer systems in hospitals across the state.

E-health blamed for Repat waiting list blowout

Patients at a Repatriation General Hospital clinic now wait up to nine months longer than they did before the installation of the State Government’s e-health records system, a senior doctor says.
Bension Siebert @Bension1
A senior clinician at the Repat told InDaily his patients now had to wait for up to a year to receive their first appointment.
Before the introduction of the Enterprise Patient Administration System (EPAS), he said, patients would wait a maximum of three months for an appointment at the specialist clinic.
“We could boast the fastest time, from referral to actually getting surgery, of pretty much any public hospital in Australia,” the doctor said.
 “My waiting list was no more than … three months.
“That’s blown out longer and longer and now it’s hit the 12-month mark.”

Health quietly passes Medicare payments sell-off deadline

Department stays silent about offloading services.

By Paris Cowan
Nov 9 2015 6:30AM
The Department of Health is staying silent on its proposed sale of Medicare payments to the private sector, despite sailing past the date it originally scheduled to have contracts signed without any movement.
In August 2014, the department issued a request for expressions of interest from organisations to take over the processing and payment of $19 billion in medical benefits claims, $10 billion in pharmaceutical claims and nearly $2.5 million worth of veterans affairs claims every year.
Facing a mammoth IT upgrade bill to replace the ageing system that calculates the Medicare and DVA entitlements, the government instead opted to test the market and see whether any private sector companies already equipped to deliver similar functions - like private health insurers, general insurers or banks - would be interested in taking over the work.

CryptoWall 4.0 the nastiest strain yet

Evolves to become even more dangerous.

By Allie Coyne
Nov 10 2015 9:16AM
The fourth version of the CryptoWall ransomware has landed in the wild, equipped with better evasion techniques and tactics to thwart antivirus protection and detection.
Ransomware attacks computers and encrypts user files and folders via infected email attachments, with attackers demanding ransom payments to unlock the scrambled documents.
Users are told to make the payment by a specific deadline or risk having the private key to unlock the files deleted.
The active CryptoWall ransomware spawned from CryptoLocker, which is thought to have extorted more than $3 million from victims before the botnet used to distribute it - Gameover Zeus - was taken down last year.


Bernard Robertson-Dunn said...

"The Senate Community Affairs Legislation Committee has recommended that the Health Legislation Amendment (eHealth) Bill be passed, with proposed increased penalties for misuse of My Health Record information."

Access controls are at the institution level. Which means that when a patient visits a medical practice and the receptionist happens to access the My Health Record, there will only be a record that the medical practice has accessed the system.

If the information is misused, will anyone know who has really accessed the system? I guess it depends on the software the medical practice has and if it does any logging. If the medical practice is risk averse and the penalties are high, that is a disincentive for them to use the system.

But the really stupid part is that the medical practice can download all the patient's data into their local system. The eHealth legislation doesn't cover that, only generic Privacy legislation.

It also means all the promises about patients knowing who has looked at their health data are wrong on two counts:

1. Only the institution's use is logged.
2. Once it's in the institution's system, there is no patient accessible logging.

Listening to only to NEHTA and the Department about this system is like a judge asking a suspect if they have committed the crime, rather the listening to the police who see things a little differently from an accused.

Anonymous said...

From memory, one of the requirements/tests for software to access the pcehr is to have permissions for accessing it. Also, from memory, any request to the pcehr, needs to pass either the hpi-i or software userid of the user.

You can also have a password on your record, to stop people accessing it, except in emergency flagged situations.

Bernard Robertson-Dunn said...

re: "From memory, one of the requirements/tests for software to access the pcehr is to have permissions for accessing it. Also, from memory, any request to the pcehr, needs to pass either the hpi-i or software userid of the user."

The High-Level System Architecture, Version 1.35 — 11 November 2011, says:

"The PCEHR System only allows provider access to be controlled at the organisation
level, therefore the identity credential submitted to the PCEHR System must be that
of the organisation that the healthcare provider represents."

Mind you the document also says:

"This document is based on the April 2011 release of the Draft Concept of Operations (ConOps). It will be updated in future to reflect the latest version of the ConOps and to reflect changes to the PCEHR design developed by the National Infrastructure Partner".

It is the only architecture document on the NEHTA/Health website, so I have to believe that it is current and correct.

And the only password I know of is for the portal, not for health professionals accessing your record.

Anonymous said...

The record owner can set a password to stop health professionals/etc accessing the record without the record owner giving them the password (this can be overridden by the health professional selecting an emergency, which the record owner can optionally get notified about).

Anonymous said...

So the PCEHR architecture is only available through memory, just who is the principle architect providing leadership over the PCEHR in NEHTA? or has that discipline been lost from memory? Trust has left the building.

Bernard Robertson-Dunn said...

"The record owner can set a password to stop health professionals/etc accessing the record..."

This is the government's big lie. You cannot control which health professionals can access the record, only the institution. If you want to limit access at the professional level you have to talk with your healthcare provider and then trust that they implement appropriate controls. You cannot control it and you are not informed who has accessed your record.

Even if you want to see which healthcare provider has accessed your record it may not be obvious from the audit logs "If you do not recognise the name.. it could be ...because the organisation’s access is centrally managed by a parent Healthcare Provider Organisation". Really user-friendly. Not.

See this page on the government's ehealth website.

"Who can see the information in my eHealth record?

Access to your eHealth record by a Healthcare Provider Organisation is controlled by your Access List. You can set access controls for different document types, classifying documents as either general documents or restricted documents.

If you feel it is necessary, you can choose or limit which Healthcare Provider Organisations can see and add to the information on your eHealth record. Who can access your eHealth record is determined by Access Flags set by you and your healthcare provider. You should discuss with your healthcare provider which other health professionals in their local service that they share client records with, and whether you wish to limit access to your record. Note, however, it is important that healthcare providers treating you have access to the vital information that they need when they offer you care.

If you do not recognise the name of the Healthcare Provider Organisation on your Access List, this could be because the organisation’s access is centrally managed by a parent Healthcare Provider Organisation. You should ask your provider for the parent organisation’s name."

Bernard Robertson-Dunn said...

"So the PCEHR architecture is only available through memory, just who is the principle architect providing leadership over the PCEHR in NEHTA?"

IMHO, the PCEHR was never archtitected, only designed. None of the documents I have been able to find (and that includes asking Paul Madden) are what I would recognise as an architecture.

BTW, there is only one thing wrong with the design of the PCEHR:

It's a central database of incomplete, undifferentiated health data with poor access controls and is accessible via the internet.

Apart from that it's OK.

There are alternative architectures and designs that would deliver far more useful aids to health decision making, be more secure and address privacy issues, with little or no government involvement.

IMHO, that's what the government is frightened of - not having all that lovely health data that can be mined and used for surveillance. Of course I have no evidence that they are actively doing these things (there's hardly any data in the system) but the potential is there.

And it's probably not patient data they are most interested in - it's service provider data. They are the ones who are primarily responsible for spending the nation's health funds.

Just to repeat - this is all speculation. I'd be more than happy to be told (with evidence) that I'm completely wrong.