Sunday, August 12, 2018
We Have To Think Very Carefully Just What We Want Now The myHR Is In Some State Of Flux!
Maybe I am being a little optimistic but I think the controversy over the ADHA plans for the myHR offers an opportunity to consider the best way forward for Digital Health in Australia without the straightjacket of the centralised myHR as envisaged by the present proponents – or at the very least making major changes of the parameters surrounding it.
On the issues of changes it seems to me among the worthwhile ones may be:
1. Making the default security settings such that you (the information owner) have to consent to any sharing of information rather than having to specifically block sharing.
2. Making the idea of “standing consent” be recognised for the nonsense it is in the sharing of personal health information, and require specific consent on all occasions.
3. Making the overall consent model of the myHR fully opt-in with the ability to restrict / delete the entire record – as well as the ability to download and preserve the record in a machine readable form.
4. Making available a suitable MBS item number to make it worthwhile for the GP to curate the record with the patient to ensure accuracy and currency of the data held in the system.
5. Allowing the capacity for the patient to print out a summary of their myHR to carry in their wallet to assist should they fall ill or be injured.
6. Full military grade encryption of the data-base to ensure breaches of the system lead to minimal data loss as well as two factor individualised authentication – with appropriate audit trail – to ensure it is very hard to get away with anonymous penetration of the system.
7. Specific measures to harden the security of the GP and Pharmacy endpoints to access the system with all other access removed except in secured emergency rooms. Uploads of information would still be permitted by Pathology, Radiology etc. but allied health, podiatrists and the like would be excluded. This means that just identified pharmacists and doctors can access the system – and no one else other than the patient – who also requires two factor ID.
8. Careful review of the situations regarding minors, estranged partners to ensure maximum user safety and privacy.
That is what I see as needed – at the least – to make the myHR acceptable.
The alternatives are a range of other non-centralised options such as linked regional health information exchanges with operating parameters similar to the above, direct on-line access to beefed up GP systems or various shapes of card based systems. This short blog can’t resolve which of these would be best – but a proper strategic review of the whole box and dice is needed.
We can’t have the feeling of ‘sunk cost mourning’ block a much brighter future?
What do you think? Please add suggestions for both scenarios - total change or major revamp!
Posted by Dr David G More MB PhD at Sunday, August 12, 2018