Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Sunday, August 12, 2018

We Have To Think Very Carefully Just What We Want Now The myHR Is In Some State Of Flux!

Maybe I am being a little optimistic but I think the controversy over the ADHA plans for the myHR offers an opportunity to consider the best way forward for Digital Health in Australia without the straightjacket of the centralised myHR as envisaged by the present proponents – or at the very least making major changes of the parameters surrounding it.
On the issues of changes it seems to me among the worthwhile ones may be:
1. Making the default security settings such that you (the information owner) have to consent to any sharing of information rather than having to specifically block sharing.  
2. Making the idea of “standing consent” be recognised for the nonsense it is in the sharing of personal health information, and require specific consent on all occasions.
3. Making the overall consent model of the myHR fully opt-in with the ability to restrict / delete the entire record – as well as the ability to download and preserve the record in a machine readable form.
4. Making available a suitable MBS item number to make it worthwhile for the GP to curate the record with the patient to ensure accuracy and currency of the data held in the system.
5. Allowing the capacity for the patient to print out a summary of their myHR to carry in their wallet to assist should they fall ill or be injured.
6. Full military grade encryption of the data-base to ensure breaches of the system lead to minimal data loss as well as two factor individualised authentication – with appropriate audit trail – to ensure it is very hard to get away with anonymous penetration of the system.
7. Specific measures to harden the security of the GP and Pharmacy endpoints to access the system with all other access removed except in secured emergency rooms. Uploads of information would still be permitted by Pathology, Radiology etc. but allied health, podiatrists and the like would be excluded. This means that just identified pharmacists and doctors can access the system – and no one else other than the patient – who also requires two factor ID.
8. Careful review of the situations regarding minors, estranged partners to ensure maximum user safety and privacy.
That is what I see as needed – at the least – to make the myHR acceptable.
The alternatives are a range of other non-centralised options such as linked regional health information exchanges with operating parameters similar to the above, direct on-line access to beefed up GP systems or various shapes of card based systems. This short blog can’t resolve which of these would be best – but a proper strategic review of the whole box and dice is needed.
We can’t have the feeling of ‘sunk cost mourning’ block a much brighter future?
What do you think? Please add suggestions for both scenarios - total change or major revamp!
David.

20 comments:

john scott said...

David,

I would prefer to find an acceptable path forward whereby the My Health Record initiative can be jettisoned.

This will be difficult politically IF the major political parties cannot see it in their mutual interest to consign this shared fiasco to the scrap heap of history.

There are international initiatives underway which point to a different conception of the way forward and a few of these are worth serious consideration. One such is the Apperta Fundation's Open Platform initiative with its openEHR foundations.

Our baseline test should be 'fitness-for-purpose' where the purposes are agreed and can be seen to deliver apparent value to stakeholders.

Trevor3130 said...

Another iron in the fire is that creeping "third party" effect. As noted in the paper referenced in Lawfare article on tech giants.

As currently formulated, the third-party doctrine allows the government to obtain from firms all sorts of sensitive customer data without first securing a warrant or issuing a subpoena. The government may do so on the theory that customers who share information with various businesses have no reasonable expectation of privacy in that information.

I'd like someone in Australian law to go over the implications of health apps where users give away their data to such as Apple, Google, News.com, etc.

Thomas Rechnitzer said...

Other things I would like:

1. Law to make it illegal to discriminate against someone on the basis of whether or not they have a MHR

2. Law to make it illegal to discriminate against someone on the basis of whether or not they provide access to their MHR

3. Law to make data applications for research have ethics committee approval and explicit patient consent

4. Data cannot be used for commercial gain; it can only be used for public good with explicit consent from patients

5. Emergency access codes can only be used for direct care of the patient (not for 'public safety' reasons)

6. No government department to access a MHR. Police can only access it for investigation of an actual crime with a court order.

7. Make it illegal for any data to be sold by anyone

8. Clarify how non-English speakers, those with intellectual disabilities (eg dementia), those without good computer proficiency can opt-out and/or change settings in the MHR

9. All data access logged so the patient can see it (including police access)

10. All data access logged to an individual rather than an organisation

11. Default settings to maximal restriction of access (rather than minimal privacy as it now stands)

Anonymous said...

@ 8:07 AM those points all sound very reasonable. Point 10 is a must. This was how the HIservice design was suppose to be implemented. Perhaps the COAG members can explain why they support HI service but requested the implementation be ‘relaxed’ for an unknown period of time. If COAG support MyHR and the benefits presumed to deliver then perhaps they need to implement the HI service completely

Dr Thomas Rechnitzer said...

Other things I'd like to see:

1. Make it illegal to discriminate against someone on the basis of whether to not they have a MHR

2. Make it illegal to discriminate against someone on the basis of whether to not they provide access to their MHR

3. Make it illegal for anyone to sell MHR data/information

4. Make default setting maximal restriction (rather than the minimal privacy setting it now has) - data cannot be shared by default – that it can only ever be shared via affirmative consent

5. No secondary use for commercial purposes

6. All research applications to have ethics committee sign off and explicit patient consent

7. No government department to have access to MHR. Only police for investigation of an actual crime (not for prevention) with a court order

8. All logs of access to show the individual who accessed the MHR (not just an organisation) - for all access, including that by the police

9. Emergency access only for direct patient care (not 'public safety' etc)

10. Information on how people from non-English speaking backgrounds, those not proficient with IT, those with disabilities (eg dementia) can opt out and/or change their MHR settings

11. Pause in the rollout whilst a public enquiry is held in to the privacy, data security implications of MHR

Dr David G More MB PhD said...

I have posted both lists as they are partially different and additive in part.

David.

Bernard Robertson-Dunn said...

7. No government department to have access to MHR. Only police for investigation of an actual crime (not for prevention) with a court order

This is an interesting one.

ADHA is a government department/agency (there's no real different).

How do you stop ADHA having access?

IMHO, you can't, apart from by scraping MyHR.

And if you accept this one as well,

4. Make default setting maximal restriction (rather than the minimal privacy setting it now has) - data cannot be shared by default – that it can only ever be shared via affirmative consent

i.e. The only people who should have access are the patient and their treating doctor, therefore there is no place for a health record other than with a health provider.

Which brings us back to the only really privacy effective solution - a distributed system based upon health providers. Which is where we should have started in the first place and where the UK ended up.

Thomas Rechnitzer said...

@Bernard Robertson-Dunn 8:46am:

The ADHA could have access if 1. They ask the patient; 2. They state the reason they want access (and there must be a list of acceptable access request reasons published); 3. the patient consents; 4. access is logged to an individual person in the ADHA

I agree the only totally robust solution is to scrap MHR, but this is not going to happen as both major parties have created it, support it and have a lot invested in it. Instead we can try and change the current system to make it as 'least worst' as possible.

Dr David G More MB PhD said...

Thomas,

I am pretty sure the myHR won't be suddenly scrapped - but the way things are going a slow fade to oblivion with low use and clinical boycott etc. is by no means out of the question I believe.

David.

Anonymous said...

least worst? I am not sure that is a reasonable qualifier. Now if this was a high school engineering project where every participant was test data then maybe. But it is not, it is being marketed as a clinical tool. I think we pay a dis-service to the medical folk who strive for excellence.

I certainly do not choose my GP, hospital or pathology provider because they are not the least worse

Dr Ian Colclough said...

David,

It is an exercise in futility attempting to modify or re-platform the My Health Record. Your description of the centralised MHR as a "straitjacket" on the future of digital health in Australia is particularly apt.

For some time, a small collaborative group of some of the finest minds in the country have been quietly applying their intellect and diverse skills in a tightly disciplined engineering environment to define the many complex and wicked problems which are integral to underpinning a new architecture and a completely new approach to a better way of bringing to fruition a shared, interoperable, electronic health record.

An in-principle agreement for deploying this record between a well-qualified group of complex patients, their doctors, health support professionals and a few expert, mature, and highly credible health software vendors, is an integral part of the collaboration.

To the best of my knowledge this dedicated, strictly-disciplined, engineering approach has never been attempted in the digital health environment in this way before. A series of challenging interactions with the Health Department, the ADHA, major technology vendors and consulting firms, has confirmed that none have been able to demonstrate an ability to comprehend the merits of this approach when the initial concepts have been laid out for them to engage with and discuss perceptively.

The Consortium embraces to the maximum every step of the way John Scott's baseline test of 'fitness-for-purpose'; whereby, following vigorous forensic argument, the purpose is agreed between all stakeholders and measurable criteria are clearly defined to ensure real and measurable value can be identified and delivered to every stakeholder.

Anonymous said...

I am always impressed when someone can paint a broad picture in so few words

https://www.afr.com/technology/former-pentagon-cyber-chief-says-hackers-will-exploit-my-health-record-flaws-20180805-h13lb5

Anonymous said...

A timely reminder that when you a sign up saying “do not look” people tend to look, just like gambling and other addictions it is just below the surface waiting for a trigger

https://www.healthcareit.com.au/article/canadian-pharmacist-breaches-privacy-people-known-her-routinely-accessing-their-health

Anonymous said...

There are 100's if not 1000's of types of human error 'deliberate' and 'accidental' at all levels of health information gathering and processing.

When such errors are identified, how are they being corrected beyond the system in which they are identified? In my experience we are only finding the 'tip of the iceberg' and represent significant patient safety concerns.

There appears to be a lack of understanding of the enormity of the problem and an inadequate commitment of resources to data quality activities in recognition of human error factors across the workflow/patient flow continuum including at design, development and implementation phases.

Grahame Grieve said...

"In my experience we are only finding the 'tip of the iceberg' and represent significant patient safety concerns".. well, sort of. The issues with data are so persuasive that most routine users of clinical records regard them with a fair degree of suspicion... so redoing tests and reasking questions...

btw, Google say that the narrative portion of the record - the official documents - are more useful for predicting outcomes than the structured data, in spite of the lower efficiency/reliability of text processing... because the data is so unreliable since people don't invest in it (reported to me directly by the project lead, but I think that's on record somewhere)

So it's a safety issue if you take the records as a source of truth... but an efficiency issue if you don't. Fixing the records to be correct is a big task with (probably) a bigger payoff - but you spend the money before you find out whether there'll be a benefit at all. And there seems little interest from any participant in spending the money. But I don't agree that "There appears to be a lack of understanding of the enormity of the problem" - rather, i think, there's a lack of belief that it's a soluble problem.

it's kind of bizarre to hear a secondary record keeping system labelled as unreliable because it reproduces the problems of the primary records. (of course there are other issues with said secondary system...)

Anonymous said...

"it's kind of bizarre to hear a secondary record keeping system labelled as unreliable because it reproduces the problems of the primary records."

A secondary system with less information in it than in the primary records will always be less reliable.

A secondary system with information in it that is in conflict with the primary records is even more unreliable.

My Heath Record is badly thought through but is being pushed as the answer to a maiden's prayers. If it weren't so serious, it would be hilarious.

Anonymous said...

@Grahame - Fixing the records to be correct is a big task with (probably) a bigger payoff - but you spend the money before you find out whether there'll be a benefit at all. And there seems little interest from any participant in spending the money.

(Cheekily) spending money without defined or obtainable benefits has not been a Constraint to date.

Anonymous said...

The MyHR was conceived at a time when it probably made sense. In today’s world it is hard to place it as a useful tool. It might perhaps act as a portal to collect information that is outside other clinical systems and play a role in building a broader picture for a patients journey. To be the central focal point probably counter productive to it adding value. It seems a strange concept for government to take on such a risk at the cost of being able to play a more independent and influential role.

Grahame Grieve said...

> spending money without defined or obtainable benefits has not been a Constraint to date

no, youre right. But only a small amount of money by a single party, which is easier to sell, particularly in terms of potential benefits. OTOH, fixing the records would cost more money then you can sell as a single project, and more parties would have to risk on it. You need a really good value proposition on that

For a while, I've been saying that the real benefit of the MyHR is that it got us a national system without a social consensus disaster. That would be cheap for a #billion or so, compared to a stasis we had before that. But when I look around now... I'm not sure that's a good claim anymore

Unknown said...

I am a GP. The MHR in current form is a complete dud. I called a patient in to discuss the results of their bone density and they were annoyed as their chiropractor had already advised them of the result and told them what to do. I am tempted to stop uploading all results to the MHR to prevent this happening again. The problems with the MHR are complex. There are 2 other solutions. Only accessible by a doctor or only eligible to have a MHR if you qualify for a team care arrangement. Either would solve all problems.