Sunday, August 13, 2017
I Think It Is Fair To Say Reaction To The New National Digital Health Strategy Has Been Rather Mixed.
We have now had a week or so to thing about the new Strategy and have had a presentation from Tim Kelsey at HIC early last week.
Here is a link to the presentation:
Tim Kelsey, CEO of the Australian Digital Health Agency, presented at the Health Informatics Conference (HIC) on 9 August 2017 about our work program, My Health Record and COAG's (Council of Australia's Governments) approval of Australia’s National Digital Health strategy.
Here is the relevant page:
Among the reactions to the Strategy have been the following:
First we had this:
Lynne Minion | 08 Aug 2017
Australia's new digital health strategy has been labelled “incomplete”, with critics claiming it is short on detail about how sensitive medical records will be secured.
Australia’s state and territory health ministers approved the Federal Government’s Safe, seamless, and secure: Evolving health and care to meet the needs of modern Australia at a COAG meeting on Friday, giving the green light to automatically sign up citizens to My Health Record by 2018, with an opt-out function. By 2022, all of the nation’s healthcare providers will be connected to the digital platform.
But some, including managing director of IT consultancy PivotNine, Justin Warren, have raised concerns about a lack of detail.
“The strategy document is heavy on breathless positivity, and light on concrete detail about how it will achieve its lofty goals. Indeed, it doesn't specify concrete goals in many places at all,” he said.
According to Warren, information security is difficult to achieve, particularly when numerous apps and platforms will be allowing healthcare providers such as GPs, hospitals, pathology services, specialists and pharmacies to access the same system.
“What I've seen so far doesn't inspire confidence that the very real security issues are being adequately addressed,” he said.
“For example, when your myHR is created, it defaults to an ‘allow all’ access so that all health providers who provide you with services can see all your information.
It's not clear how myHR knows if a provider is one you deal with, so it would seem that any provider who can look you up would be able to see your data.”
The opt-out mechanism also appears to be flawed, he said, as a person’s record isn't deleted if they opt out but instead simply locked.
For Warren, #CensusFail, #notmydebt, the ATO's ongoing woes, the publishing of identifiable medical data by data.gov.au and the recent discovery of Medicare numbers up for sale on the dark web show the government doesn't have a good track record with cybersecurity and the strategy doesn’t allay his concerns.
“They can't just sit back and expect us to trust them. They don't have the required track record of trustworthiness, so they need to work harder to prove they can be trusted, and they don't seem to be inclined to,” he said.
“The lack of detail concerns me a lot, because if privacy and security were really a priority, those parts would have been designed in already and we'd have a good understanding of how the processes would work. We don't.”
The Australian Medical Association, the Royal Australian College of General Practitioners, the Pharmacy Guild of Australia and the Pharmaceutical Society of Australia, as well as the Consumers Health Forum, Medical Software Industry Association and Health Informatics Society of Australia voiced their support for the strategy in the ADHA’s media release on Friday. But medical specialist and a spokesperson for technology thinktank Future Wise, Dr Trent Yarwood, who has opted out of My Health Record, claims the digital health strategy “completely fails” to address how the Federal Government will secure health information on the portal in light of recent IT breaches.
Lots more here – including some of my comments:
Second I found this:
8 August 2017
The Australian Digital Health Agency says it will smooth a five-year transition to the digital future for doctors by having technology vendors adopt secure interoperable platforms across the health system.
The agency’s blueprint for change is spelled out in a five-year strategy, approved last week by all state and territories, that will begin in earnest with the creation of opt-out My Health Records for all Australians in 2018.
“By 2022 all healthcare providers will be able to contribute to and use health information in My Health Record on behalf of their patients…” the strategy says.
This will provide “potentially lifesaving access to reports of their medications, allergies, laboratory tests and chronic conditions”, and support significant improvements in the safety, quality and efficiency of healthcare, it says.
“Every healthcare provider will have the ability to communicate with other professionals and their patients via secure digital channels by 2022. Patients will also be able to communicate with their healthcare providers using these digital channels.
“This will end dependence on paper-based correspondence and the fax machine or post.”
The transformation will require a standardisation of patient data so it can be shared in real time across the health system and be available whenever and where it is needed, the document says.
The strategy was adopted by the Council of Australian Governments health ministers in Brisbane last Friday.
Days earlier, the agency’s chief information security officer, Anthony Kitzelmann, offered an assurance that GP clinics would be spared much of the security burden accompanying the jump to digital.
Mr Kitzelmann said small, under-resourced general practices could never be completely secure.
So the agency was working to “incentivise the software developer community to build products that are more secure, demonstrate to us that they’re taking the risk away from the GP, so they can do their job and get on with healthcare without having these overheads”.
Third we have this commentary:
If patients are to be 'put at the centre of their healthcare', they need to be put at the centre of their health data.
The thing to remember about strategy documents is that they're merely aspirational. They set out a proposed pathway to achieving a set of defined goals, but they're no guarantee that those goals will even be achieved.
Australia's digital health strategy, released on Monday, is no exception.
As the old BBC TV series Yes Minister taught us, when it comes to writing government reports, "the tricky bit should be disposed of in the title". This strategy [PDF] does exactly that: Safe, seamless, and secure.
That dealt with, let's look at some of the details that worry me.
"An economic analysis, undertaken as part of the development of this strategy, has estimated that the gross economic benefit of secure messaging could be around AU$2 billion over four years and more than AU$9 billion over 10 years," says the strategy.
That's the gross benefit, but what about the net economic benefit? Setting up the digital health record system during its trial phase had its budget topped up by a few hundred million a couple of times, putting it well into the billion-dollar project category.
As a submission from health insurer HCF put it: "Health does not lack innovation, the issue always is in scalability, and execution in a fragmented system."
This integrated national system will have to link up statewide systems, and as the strategy notes, there's "no overarching standard in place to govern the sharing of data". The potential for massive cost blowouts is obvious.
"There have been widespread calls from peak professional bodies and health services for immediate action to create a standardised, universally accepted, secure messaging capability," the strategy says.
So why implement secure messaging as part of a massive, complex data interoperability project, where delays in other parts of the project could well delay this "immediate action"?
You could just set up encrypted email as a separate project. Or use WhatsApp?
The strategy does list some "critical success factors", but there's no discussion of risk mitigation strategies, except to note that the risks exist.
Lots more here:
Fourth we have:
The Council of Australian Governments Health Council has given the federal government the green light to automatically sign citizens up to an electronic health record, with a public consultation on draft interoperability standards to come by the end of next year.
My Health Record, the Australian government's e-health record system, has been officially given the green light from the Council of Australian Governments Health Council to automatically sign citizens up to the service, allowing them to opt-out if they choose.
By 2018, all Australians will have a My Health Record and by 2022, all healthcare providers will be able to contribute to and use health information in My Health Record on behalf of their patients. They will also be able to communicate with other healthcare providers on the clinical status of joint patients via the digital platform.
According to the strategy, Safe, seamless, and secure: Evolving health and care to meet the needs of modern Australia, the interoperability of clinical data is essential to high-quality, sustainable healthcare, with My Health Record allowing the collection of citizen's data to share in real-time between providers. However, there is currently no overarching standard in place to govern the sharing of data, with a public consultation on draft interoperability standards to determine an agreed vision and roadmap for implementation of interoperability slated to occur "by the end of 2018".
"Base-level requirements for using digital technology when providing care in Australia will be agreed, with improvements in data quality and interoperability delivered through adoption of clinical terminologies, unique identifiers, and data standards," the strategy explains.
"By 2022, the first regions in Australia will showcase comprehensive interoperability across health service provision."
In the strategy [PDF], the Australian Digital Health Agency (ADHA) said Australians want a health system that puts people first and offers more choice, control, and transparency. Most importantly, Australians want their health information to be confidential and secure, protected from cyber criminals and from any unauthorised access.
Healthcare providers have a similar desire, ADHA said, wanting secure digital services that provide instant access to a patient's information -- especially in an emergency.
Lots more here:
Last for now we have this:
Freelance JournalistThe government is planning to give every Australian a digital health record by the end of 2018. With that goal in mind, the Council of Australian Governments (COAG) Health Council has approved Australia’s National Digital Health Strategy, drafted by the Australian Digital Health Agency (ADHA.) So how much data will a digital health record — known officially as a My Health Record (MHR) — contain?
The MHR was previously known as the Personally Controlled E-Health Record (PCEHR.) But after patients and healthcare providers avoided signing up to the PCEHR in droves, ADHA renamed the project and changed patients’ sign-up option from opt-in, to opt-out only. Yes, that’s right: you all get an MHR, whether you like it or not. Want to opt-out? Too bad.
The government won’t delete your e-health record: people who opt-out will still have a shadow-file — a shell account the ADHA will retain, void of healthcare data from the date patients opt-out. And how well do opt-outs work anyway? Well, before the UK scrapped its equivalent digital health data project — known as care.data — it was discovered the National Health Service was disregarding patient requests and still populating patient files with information, even after patients opted-out.
(Before people opt-out of MHR, they should consider setting up a pin to lock down their accounts, as MHR accounts are automatically set to universal-access. Without a pin, any health care provider can access MHR files, not just patients’ regular GPs.)
The National Digital Health Strategy claims the MHR will allow all Aussies to access their health info “at any time online and through mobile apps”. And what could go wrong, considering the Australian government has left a trail of failed data governance projects in its wake in recent years? “Early app developers are already taking advantage of new interfaces on top of the MHR system which allow people to see the medications they have taken, or to view clinical documents on their mobile devices,” according to the strategy.
Lots more here:
Overall there has been a pretty large amount of careful analysis of what the ADHA is proposing and most find themselves being like David Copperfield and wanting more, or seeing the Strategy and a privacy invasive and security disaster.
Overall I feel we need much less marketing and much more implementation planning and that we should wait and see the outcome of this process before deciding what our final view is, remembering that we need to also be convinced that the myHR is a useful and central vehicle for this implementation.
I am strongly of the view we need an impartial option analysis as part of the implementation plan that looks at all the forward possibilities for the myHR including solving problems in different ways to the present plan based on the myHR. It seems there are a few others who agree with me! Last week's poll rather confirms that view.
Posted by Dr David More MB PhD FACHI at Sunday, August 13, 2017