Wednesday, July 05, 2017

Is Anyone Thinking About The Privacy Implications Of All This Information Sharing On An Automatic And Routine Basis?

A couple of articles popped up this week that made me ask just what was going on. First we had this:
28 June 2017

NSW throws some serious money at digital health

Posted by Julie Lambert
NSW will inject more than half a billion dollars in digital systems to bring patient health records, medications management and the sharing of pathology results into the 21st century.
NSW treasurer Dominic Perrottet said the $536 million outlay over eight years reflected the position of e-health as the “most important revolution in healthcare”, adding the investment would lift efficiency.
Specific spending items include $236 million for digital patient records, to ensure patient records are easy to read, instantly accessible and accurate, and to extend the state’s electronic medications management (eMeds) program. The full roll-out of eMeds would bring a significant advance in medications management to assure patient safety, eHealth NSW CEO and CIO Zoran Bolevich told The Medical Republic.
“We’ll move from 13 hospitals with 4,500 beds now live with eMeds to 178 hospitals with almost 22,000 beds,” he said.
In another key initiative, NSW will extend its lead in digitising pathology test results so they can be accessed by clinicians anywhere in the state’s public health system and shared to the national My Health Record.
“In April, NSW became the first state or territory to feed public-hospital pathology results into My Health Record,” Mr Bolevich said.
“The new funds in the latest NSW budget will complete integration of the four NSW Pathology Hubs to our HealtheNet Clinical Repository, enabling clinicians to view pathology results quickly and easily state-wide.”
…..
As most clinical decisions hinged on the outcomes of pathology results, quick and easy digital access to them across the public health system was important, Mr Bolevich said.
The results are also passed on from the state’s HealtheNet repository to the national MyHR for the benefit of community clinicians and patients.
More here:
On the surface all this seems wonderful but I wonder do all those people who have tests feel happy if they are sent all over NSW and also to the myHR without any real informed consent. Those urine results that found an STD etc. Are they fair game for sending all over the place.
Then I noticed this:

Amcal pathology screening gets thumbs up

The Royal College of Pathologists of Australasia has backed the pathology health screenings rolled out through Sigma’s Amcal Pharmacy network this week

Sigma Healthcare has partnered with SmartHealth to roll-out the service, which began on Monday 26 June, utilising their network of 1,500 accredited participating collection centres and laboratories throughout Australia.
Allowing people to access valid pathology testing through pharmacies will allow those not visiting their doctors to be screened for common chronic health issues, says Dr Michael Harrison, President of the RCPA.
“These are limited mainstream tests, mainly for detecting cholesterol, diabetes, kidney disease, for people who – for whatever reason – are not getting testing done through the usual system.
“It’s hard to know why, but some people don’t see their GP for testing, they don’t visit their GP very often or, if they do, the GPs don’t order these tests,” he tells AJP.
Dr Harrison says identifying high cholesterol levels and other markers can help to arrest the development of serious but common health issues such as cardiovascular disease and diabetes.
Since the tests will be sent to a laboratory the results will be scientifically valid, a process Dr Harrison says is much more accurate than point-of-care tests, particularly regarding cholesterol screening.
The results will be placed on the patient’s My Health Record for healthcare practitioners to access.
Any abnormal results will prompt pharmacists to refer the patient to a doctor, and in the case of very abnormal results, these will be passed along to a GP enlisted in the program to help follow them up.
Lots more here:
As with the bold text in the first article we seem to be having rather splatter gun un-consented sharing of potentially sensitive information.
Forgetting about the rather worrying trend with pharmacists ordering all sorts of blood tests, I hope proper thought has been given regarding just who gets access to what and what information is to be shared.
There is the risk of all sorts of worrying mistakes here!
David.

6 comments:

Anonymous said...

So long as it is someone else privacy at risk I see no problem, digital health according the the ADHA gospel is it is all about me!!

Peter said...

Basic principle of information architecture: Data is a toxic asset.
It IS an asset and needs to be available and accessible when required. But it is toxic and needs to be locked away behind triple bolted doors, released only to the extent required by context and deposed of with great care once it is no longer needed. Consider it to be treated like dangerous drugs, held in a depository with small amounts released as and when requested by an authorised expert in response to a specific need - and with all access and usage tracked.

In health care, nearly always a patient record will be used in the same place it was gathered. There are obvious cases where data may need to travel across the country, but mostly it is used in the same clinic, hospital, pharmacy, region etc. That is the prime use-case that any health related record should be complying with.
Since most small clinics won't have facilities to manage the data correctly, a central repository at a local hospital(?) or regional office(?) could be set up - but access depends on who stored it and only through an certified patient management application.

In other industries this is usually managed by a token or context record sent with each request for data. The token holds information on who is asking (IHI), what application they are using (a dispensary tool requires different data to a GP's clinic manager) and what the data is to be used for.
Of course, the data would need to be structured so only portions could be meted out as needed. Storing it as, for instance, PDF documents is simply ridiculous.

Anonymous said...

@July 06, 2017 8:54 AM

I kind of wonder why General Practices are giving away their (de-identified) data to PHN (Primary Health Network), often their whole demographic, for next to nothing. How competent are the PHN staff (and God knows who else they work with) who receiving this in applying it meaningfully?

Bernard Robertson-Dunn said...

Peter,

Everything you have said about health data, many of us who post comments to this blog would completely agree with.

However, it does raise the question: Is the MyHR compatible with these views?

I don't speak for others, but I'd say a very emphatic - No.

Can MyHR be modified to be compatible? An even more emphatic - No.

Has the government wasted $2b and ten years - Yes.

Does the government understand any of this - probably not.

Peter said...

Bernard,
I think just about everyone here is in violent agreement :-). As I think we all see it, the problem is that MyHR is a solution to the wrong problem. It is an attempt to duplicate what any doctor worth his degree will already be doing. The problem is not in holding patient information, it is about getting it where it is needed when it is needed.
Many of the businessmen I have worked, like ADHA, think this means replicating the data so there is always a copy available. The IT industry recognised the issues around maintaining data integrity and security something like 20 years ago and there all sorts of solutions available now. However, there are still software products being developed and sold which assume they operate in isolation and need to have a copy of any data they work with.
Sorry - lecture mode off, back on topic. I think ADHA is on the correct track with secure messaging and interoperability. At least in principle. In practice, I suspect they have as little understanding of what those terms mean as they do about information management.

Anonymous said...

Seems we are not alone, is this cultural mindset now being implemented in our own machine of government? https://www.digitalhealth.net/2017/07/royal-free-and-deepmind-did-not-comply-with-dpa-ico/