Friday, July 27, 2018

I Thought It Would Be Fun To Just Do Some Analysis Of The Propaganda Put Out By The ADHA.

This appeared early last week:

My Health Record: a health care choice for all Australians

Authored by  Meredith Makeham
OVER the next 3 months, people around Australia are being offered an important choice about how they want to interact with their own health information. By the end of 2018, all Australians will have a My Health Record created for them, unless they choose not to have one.
Their decision will be just that: one for them to make after considering the benefits of having immediate online access to their own data about their health and care, and being able to have their clinicians see that information too. They will have access to information such as their medicines and allergies, hospital and GP summaries, investigation reports and advance care plans — this could save their life in an emergency and help their clinicians find vital information more quickly so that they can make safer health care decisions. This information will empower them as they carry their health care history with them in their pockets, on their mobile phones.
Australians will make their choice in the context of our digital world, where the privacy and security of personal information is paramount. In other parts of our lives, we have already made the digital transition. The health sector has been naturally cautious in its adoption of online technologies, awaiting the availability of systems that can adequately ensure the privacy and security of our health information.
Trusted health care providers – GPs, specialists, pharmacists and others – are likely to find that their patients will want to talk to them about their decision. The My Health Record system is here to support better, safer care, but it’s not here to replace our current systems for clinical record keeping and professional communication. Neither will it somehow replace the patient–doctor relationship and our clinical judgement. It’s simply a secure online repository of health data and information that we wouldn’t have had access to otherwise. The data flow from securely connected clinical information systems in hospitals, general practices, pharmacies, specialists’ rooms, and pathology and radiology providers. It also provides access to Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) data, the Australian Immunisation register and the Australian Organ Donor registry.
People will want to be assured that the Australian Digital Health Agency – the operator of the My Health Record system – holds the privacy and security of their health information as its first priority. The security of the system has not been breached in its 6 years of operation. There is no complacency however – My Health Record system security operates to the highest standards, working with other leading security operations such as the Australian Cyber Security Centre. It undergoes constant surveillance and threat testing, protecting the health data of the 5.9 million Australians who have already opted in and chosen to have a My Health Record today.
The legislated privacy controls that My Health Record offers people are world-leading and easily accessed on the consumer portal. They include features such as a record access control, which is similar to a PIN that a person can apply to their entire record so that it can’t be viewed unless they share it with their clinician. In an emergency, the legislation allows a clinician to “break glass” and see vital medicines and allergy information; however, all instances of this are audited and people can choose to receive a text or email to let them know in the event that this happens.
There are many other privacy features. People can turn off Medicare data flows such as PBS and MBS information, and they can see a complete audit history of anyone who has ever interacted with their record in real time. They can pick and choose which information they’d like to keep entirely private with a limited document access control, which is an additional PIN that they can apply to specific documents. They can block health care provider organisations from viewing their record, and effectively delete documents in their record completely. They can enable an alert so that they receive a text message or email if a new health care provider organisation views their record for the first time.
The steps required for a health care practitioner to view the My Health Record are robust and require a number of security authentications to take place. For a provider to access the My Health Record via their clinical information system, they must be a registered health care provider – for example, registered with the Australian Health Practitioner Regulation Agency. They must also have a valid provider identifier. They must work within an organisation that has a valid organisational identifier. They must have conformant software that has a secure and encrypted connection to the My Health Record system. In addition, the patient must have a record on the provider’s clinical information system as a patient of the practice. Following this, the conformant system must use five pieces of information to validate the patient. Only then can the clinician see whether the patient has a My Health Record and the clinician’s access will depend on their patient’s individual privacy settings.
There is compelling evidence that we need to modernise our systems and embrace the benefits of digital technologies in health care. People are being subjected to avoidable harm and death as a result of data silos and their clinicians being unable to access critical pieces of health information. We know that Australia delivers a world-class health system ranked among the highest globally for efficiency and health outcomes. However, we know from consultations with thousands of Australians who contributed to the National Digital Health Strategy that we could do better – that people want access to their own health information and that they want their health care providers to have access to it too.
We also know that a staggering 230 000 hospital admissions occur every year as a result of medication misadventure, costing the Australian taxpayer $1.2 billion annually. Many of these admissions could be avoided if people and their clinicians had better access to vital medicines and allergy information.
The “Medicines View” is a recent addition to My Health Record that has been applauded by clinicians using My Health Record. It provides a consolidated summary of the most recent medicines information from notes entered by GPs, hospitals, pharmacies and consumers, allowing previously siloed medicines information to be brought together into a single view.
In addition to improvements in the features of My Health Record for people and clinicians, over the past 12 months, the system has undergone a significant transformation in terms of the richness of its clinical content. We have now seen the connection of public and private pathology and imaging providers, and a vast increase in connected pharmacy systems as well as hospitals around the country. The addition of this valuable clinical content will accelerate the realisation of benefits as clinicians find that they now have access to a more comprehensive source of information within the My Health Record system.
This week, a national communication plan has been launched to ensure Australians are well informed when making their decision about whether or not they would like a My Health Record. Our peak clinical and consumer bodies including the Australian Medical Association (AMA), the Royal Australian College of General Practitioners, the Pharmaceutical Society of Australia (PSA), the Pharmacy Guild and the Consumers Health Forum are among numerous organisations who have given their public support to the system and its benefits. Former AMA President Dr Michael Gannon described the system as “the future of medicine”. Guidelines on the use of My Health Record from the PSA have recently been published and the AMA will be releasing its revised guidelines in the coming weeks.
Our role as health care providers is to be our patients’ advocate, to support them in making the decisions and choices that will lead to better health outcomes and ensure that they have access to safe and effective care. My Health Record isn’t here to solve all of our problems, but it is an important step forward in our ability to deliver a safer and better connected health care system.
Clinical Professor Meredith Makeham is Chief Medical Adviser of the Australian Digital Health Agency.
The statements or opinions expressed in this article reflect the views of the authors and do not represent the official policy of the AMA, the MJA or MJA InSight unless that is so stated.
Here is the link:
Comments:
Firstly note there is just no mention at all of any possible risks. The attitude is that it is all good and risks and potential downsides do not exist. That of course is why so many advocacy groups have suggested an opt-out to avoid the risks of data leak, embarrassment, persecution or discrimination.
Secondly we know that a lot of the 5.9 million souls who have a myHR don’t know they have one – they we probably dragooned into signing up in 2012-2014 by Aspen Medical staff in hospital corridors – and have never used the record. That there are so few Shared Health Summaries on the system shows what the demand is really like. (1.9Million SHS Summaries / 5.9M Registered Users) – So 66% of the claimed records lack a clinical summary!
Third the recent usability and safety report shows after six years much more work is needed to make it useful. Right now the myHR is a usability cesspit.
Fourth the majority of the big vocal noisey supporters are paid by the ADHA / Government to be so one way or another.
Fifth a very similar system technically has just been hacked in Singapore big time.
The thing is a largely empty collection of ageing documents – just stay away until it is properly fixed – if ever! Take note of the Disclaimer at the end of the article - a paid puff piece for sure.
David.

15 comments:

Bernard Robertson-Dunn said...

David, a slight clarification.

There have been 5.9 Million registrations (the number of current registrations is probably lower, people die)

There have been 1.9 million Shared Health Summaries uploaded. Some might be for people no longer with us, some will be replacements of existing SHSs.

According to figures ADHA provided to News ltd 1.2 million people have a SHS. That's 20%

Let's assume that a SHS older than six months or so is considered potentially out of date and unreliable and ask how many of the 5.9 million registrations have had an SHS uploaded this calendar year we get the answer 9.5%. Not a lot.

To summarise:

5.9 Million registrations

1.9 Million SHSs ever uploaded

1.2 Million people registered have a SHS

Fewer than 9.5% of people registered have a current SHS

Over 90% of people registered have a Myhr that is either without a SHS or have one that is old and probably out-of-date.

Gee, lets make everyone have one and then sort out the issue of useful data later. Over time we will collect more data. The trouble is, over time the data we have will become old and unreliable. But, of course, we don't really want it for personal health care, do we? Hush, someone might work it out.....

Anonymous said...

Would be nice if someone would publish the optout numbers. That data would be easy enough to obtain it is very simple transaction data, either someone hit the optout button or not, the number of times an optout instruction was sent to the database register would generate a log file.

I assume basic data analysis is within the capabilities

Anonymous said...

The Governments Electronic Health Administration Record has not rolled out to each and every Australian, it has created a policy and privacy pain-point for the incoming government and the lost of a once respected Health Minister along with a number of high profile eHealth advocates reputations in question , and the over sold system is not available at the GP interface. Even The department that hired him does not have much to say for his term in office. If he had been employed in private industry would his record have been sufficient? 2 years and hundreds of millions of dollars later – Tim Kelsey moves on. Just what has he achieved?

Anonymous said...

Agree Bernard, the numbers of accounts created are misleading and misrepresent the actual use of this thing.

Anonymous said...

Put a couple of professional public service people in key positions to oversee the ADHA while they exit the CEO, COO and their general managers. Replace them with actual people who are qualified in informatics, privacy and policy. The ADHA has already lost several executive and they are recruiting a CFO so it is a shell of an organisation. The mess the ADHA has created is a national embarrassment.

Bernard Robertson-Dunn said...

The story so far 1 of 2

The opt out initiative is a miserable failure of communications. Tim/ADHA thought they could get it through under the radar. They failed on multiple counts:

They did not explain what MyHR is - there are so many misunderstandings and fears because AHDA exaggerated what it is - "an on-line summary of your key health information" (No. We readers of this blog know it isn't) in order to talk up its value. That alone has frightened the populus.

In trying to explain what the access controls are, they worried the techno-illiterate.

The tech savy who had never even heard of the system but know a security snow job when they see one, jumped on the topic and found resources like this blog and the privacy.org.au website with a load of background info, including info on the now infamous Section 70 that's been there for ages, gradually seeping into the blogoshpere. It became an overnight sensation after years of being dormant waiting to explode.

The techos started tweeting, which caught the eye of the media, some of whom have been insulted and shouted at (metaphorically) by Tim specifically Sue Dunlevy, and they all started digging into it. Tim taking down his embarrassing letter of complaint didn't help his credibility.

Talkback got involved, spreading the fear and conjecture into the vacuum created by ADHA's lack of any rational explanation or of what the thing was or justification of it purpose. The claims of benefits did not strike a chord or overcome people's natural fear of big government IT.

The opt-out channels clogged up, causing a news thread all of its own.

The cartoonists, The Chaser and other popular, hip, electronic media channels poked fun at the opt out debacle.

The AMA president read the growing mood of discontent re privacy and Section 70 and gave his address at the National Press Club, another channel into the homes of people who had never heard of MyHR. He called for improved privacy protection, and the government immediately fell over themselves agreeing to look at the issue.

The president admitted to not having a myhr because it was too difficult to use at his practice, the RACGP head decided to opt-out, so did high profile Lib and Labor pollies, the labor party called for a halt of the opt-out program. Other high profile people such as Kerryn Phelps put the knife in, Greg Hunt's claims re Military grade Security were debunked by a real security expert,

Other claims about third party access were contradicted by no less than the Parliamentary Library and the Queensland Police. Greg, or someone in the Health Department for him, stupidly got the Parliamentary Library to take it down and replaced by a neutered version, causing great dismay from some and hilarity from others as a plethora of cached versions turned up.

Bernard Robertson-Dunn said...

The story so far 2 of 2

If the government thinks this will blow over in a few more days, they will be seriously disappointed. The media has it in for Tim - call it revenge or retribution, he's brought it on himself. People like Bernard Keene and Ben Grubb seem to be particularly incensed. A tweeter has investigated and analysed the incompetencies in the opt-out trials and has tweeted a series of well documented tweets describing the way the ADHA and other vested interests cherry picked the evidence and persuaded the government to shell out even more money and eventually triggered the current avalanche.

There are a few more hot topics just starting to boil. One is the issue of children's myhrs, another is Section 71 of the legislation "Prohibitions and authorisations limited to health information collected by using the My Health Record system". This effectively says, even if there are privacy protections and access controls in the legislation, they don't apply if the data can be sourced elsewhere.

Considering most clinical data can be sourced elsewhere, that doesn't leave much data to be protected. It also means that Greg Hunt will find it difficult to come up with some mechanism to better protect people's myhr data.

We all know that the data held in other places has the protection of the Privacy Act and that myhr doesn't change the status quo. It's the untruth that ADHA has been telling people that their data is secure in myhr and that access to it can be controlled that will come back to bite them. People will not understand the finer points of the whole system, in fact there are many well informed commentators and health providers who don't understand it. They are adding to the confusion.

All because ADHA has not done a good job communicating the facts to everyone. The pathetic brochures that most people will miss, the flashy new website that is all fur coat and no knickers, to use a UK expression, but content poor doesn't help.

The lack of advice to minority groups, the lack of support for non-English speaking communities (who have called on me for assistance and advice) all sowed the seeds for discontent. Social media is an effective amplifier, with the messages picked up and fed back via the print media and TV. It won't stop real soon now.

Two weeks down. Eleven to go.

Anonymous said...

There is also the probably little known gag orders placed on many of us who were relieved of duty because we knew certain things and wanted to fix them.

Anonymous said...

@11:12 PM "Put a couple of professional public service people in key positions to oversee the ADHA while they exit the CEO, COO and their general managers."

Presumably you mean professional public servants like Richard Madden who was instrumental in putting together a draft strategy and then heavily involved in setting up the ADHA in the first place! You must be joking.

Anonymous said...

correction ---- like Paul Madden not Richard

Anonymous said...

Paul Madden was a project manager who had worked on a small scale reporting system in Treasury that made him as qualified to run Digital Health as any other generalist with no knowledge of health care or enterprise information systems - or a journalist. At least Paul probably knew a little bit about how Australian public sector works. No wonder ho got out when he could - although he may have been pushed.

Anonymous said...

@10:39 No I mean senior administrators, people who can administer the business, payroll, accounts HR etc... not ones who will come with a view to innovate, there is an agreed strategy, needs to have aspects removed but during the administration period careful selection can be made to get the right people with the right balance of skills.

Anonymous said...

Would not drag Paul Madden it this disappointment. The CEO and COO are the accountable officers and need to be held accountable.

Anonymous said...

AFAIK, Paul was involved in the original "good idea". Unfortunately, neither Paul nor anyone else in public sector health, either Federal or State had the smarts to understand why it was such a bad idea. Even now many people think it has merits. Too much confirmation bias.

Anonymous said...

You sure Paul was around in 2008/09? The PCEHR was conceived by an executive at NEHTA and god knows who at the department. The project started sometime in late 2009 early 2010. That was about the time things fell apart, standards, secure messaging, NASH, HI, quality processes and open dialogue