Stephen Duckett, Director of the Health Program at Grattan Institute published an article:
“Case study: What can we learn from Australia’s My Health Record experience?”
Karl Auer who comments on such matters, responded to the article with an email to Stephen, copied to a privacy list and his response is published with permission and the following disclaimer:
"This is a guest article; the author does not necessarily agree with other opinions expressed on this blog site."
Hullo Stephen.
Some feedback on your article, found here:
“Facing public distrust over data > privacy, what can the program tell us about the opportunities and challenges of implementing an electronic health record in a complex > healthcare market?”
"Facing public distrust" suggests that the public has it wrong, or that the Government has simply failed to convince the public. It is WAY more than that.
The MHR system, used as it is designed to be used, has no effective privacy protections at all. The supposed protections are a nonsense.
This is not an academic fear, an irrational response or a political position, this is actual technical fact. If you would like more info on exactly why, feel free to ask.
Distrust is not a sufficiently strong response; rejection would be more appropriate.
“The benefits of electronic health records (EHRs) are clear”
No "benefit" is clear until it has been held up against the costs. Some costs and benefits are emergent properties. The benefits and costs of a system depend completely on the actual characteristics of that particular system.
By way of analogy "the benefits of high speed personal travel are clear" but would we have been so quick to adopt the motor car if we had seen the millions of lives it takes (or ruins) every year? Or the amount of land given over to roads and parking? Or the pollution they brought? None of those costs has much to do with personal travel, but they are costs just the same.
“Many patients resent having to repeat their history to every healthcare professional they see. Money is wasted in duplicating diagnostic tests performed before hospital admission that are then repeated on admission, or where the results are not available when required. Emergency care can be compromised due to lack of accessible information.”
Not a single one of the circumstances you mention will be usefully addressed by the My Health Record system. Details are uploaded by medical people after the fact, usually well after the fact. Most stuff uploaded will be delayed, most uploads are summaries. Many health professionals will not upload anything. Many citizens will not be in the system. Many citizens will prevent medical professionals uploading certain information (as it is their right to do).
The material available in th MHR system will NOT be detailed, up-to-the minute information. No competent health professional will risk your life on it or waste their time on it; you will be repeating your medical history to a lot of doctors and nurses yet.
“Digitization can also provide a platform for further enhancements in care delivery, including implementation of evidence-based electronic care paths between primary and secondary (hospital) care, built on improved transfer of information between different healthcare teams.”
This may be true for digitisation generally but it's pretty much a nonsense as far as the MHR is concerned. Using the MHR as an information sharing mechanism would be extraordinarily clunky. Directly sharing information obtained from MHR, without first obtaining the patient's informed consent about what information was being given to whom, would be breaching that patient's privacy.
“Patient engagement in his or her own care can also be improved through EHRs, potentially enhancing health literacy. Decision-support systems and artificial intelligence – which could improve safety and patient outcomes – could also be applied to an EHR in a way that would be impossible with current paper-based systems.”
The first is a very dubious idea, but you never know. As to the rest: The MHR system does not store information in a way that is accessible to automated processing. Most of the documents are and will be PDFs. Many will include handwritten sections.
You've used a motherhood-and-apple-pie phrase, "improve safety and patient outcomes", without providing any real information as to what those are in practice and how specifically the MHR (or any digital system) will bring them about.
Such applications require unfettered sharing of highly personal data. That means they come with *risks* to patients' "safety and outcomes", even if those risks and outcomes are not in the emergency room, the operating theatre or the hospital ward.
“Australia’s ambitious journey to a national, personally-controlled, EHR started a decade ago with a recommendation from a ‘national reform commission’. Dubbed My Health Record, the project is bold in its vision, but has hit several stumbling blocks in the implementation stage that are instructive to other countries looking to develop similar systems.”
"Stumbling blocks"? The phrase implies the issues are trivial. Hopefully by now you are getting the message that problems of the MHR system are anything but trivial. These are not teething problems to be waited out or resolved with a tweak here and there.
MHR is stunted and limited in its vision. A federated system of information islands would have avoided almost every major fault in the current system AND been up-to-date by design.
People have been telling successive Governments this for literally decades, only to be persistently ignored.
A massive centralised database is *so* much easier to understand, not to mention saleable and useful in so many ways completely unrelated to health. Why, in the MHR legislation, is there specific provision for making the data available to commercial entities, Government agencies and law enforcement? What has that got to to with health?
Forgive my cynicism, but when a good way of achieving an objective is persistently ignored in favour of a much, much worse way that coincidentally is a really good way to achieve a bunch of other unrelated things, the suspicion must arise that the real objective has not been shared.
MHR certainly *should* be instructive to other countries - a clear example of how not to do it. It is just a pity that our country did not look at what other countries had done before we went down the same path as the UK, with a system almost indistinguishable from the one they implemented and discarded.
As to being "personally controlled", that is almost completely untrue. Let me detail the ways in which your MHR record is NOT personally controlled:
- it is opt-out. The vast majority of people ending up in the system will not have consciously consented to being in it. Nor, typically, will the very young, the very old, the very vulnerable and the less educated.
- you cannot opt out after November 15 this year.
- if you don't opt out, your future ability is limited to "cancelling" your record. This makes it unavailable as a health record, but it remains in the system and very much available to the system operators, and thus to Government agencies, commercial interests and law enforcement.
- you cannot remove documents that you have uploaded (with a few exceptions). You can only upload corrected versions.
- you cannot remove documents uploaded by someone else (with a few exceptions).
- you cannot edit or replace documents uploaded by someone else.
- you cannot tell who has seen your record
- you cannot prevent people accessing your record (there is a PIN system, but it is per document and the default is "no PIN"). The PIN system does not apply to access by government agencies or law enforcement, who will have unfettered, warrantless access to all your health data. Greg Hunt has promised to add some restrictions, but it's just a promise at this point. And some of his promises seem unlikely to be achievable, such as the complete deletion of a record.
- the legislation has sanctions against misuse of data in the system, but offers no protection to the data once it has left the system. So a document downloaded by (say) a doctor's receptionist and stored in the doctor's system thereafter completely evades the sanctions provided in the legislation.
- other people can opt you in *even after you opt out*
“EHRs could offer big potential gains for Australia’s healthcare industry, with promises of substantial savings, better care and improved convenience”
You say that as if it is obvious, but it is not obvious at all. It depends utterly on the nature of the particular EHR. Your entire article talks about a fictional "EHR", but in ways that make it sound as if you are describing the actual MHR. The actual MHR we now face is not your fictional idealised one at all.
“Precisely because of this complexity, EHRs could offer big potential gains for Australia’s healthcare industry, with promises of substantial savings, better care and improved convenience.”
Again - it is not obvious at all that the MHR system, or any other system, would bring such benefits, nor is it at all obvious what the costs would be if they did. And by costs I do not mean just dollars.
“The initial EHR design was strong on personal autonomy: consumers would have personal control over what was in their record.”
That has never been the case, if you mean the MHR. There has never been a real thing called "the EHR". Perhaps you mean the PCEHR?
“Healthcare providers, especially medical practitioners, were skeptical about this model, arguing that they could not know whether key information was missing or deleted from the record.”
They will continue to not know! The MHR system does not in any way address that issue. Yet Greg Hunt and others continue to spruik the "emergency room scenario" as if MHR data will be relevant, complete, up-to-the minute and reliable. It is not, and with the current design can never be.
In fact, I am not sure it is even theoretically possible to have any health record system where that can be true. The provision of complete and up-to-date information in a system would be antithetical to personal control by the patient.
“and, most importantly, a change from user opt-in to opt-out. This is where the project started to encounter serious difficulties: the public had not been properly prepared for this shift, and was mistrustful of the EHR program, despite patient organizations and many HCPs promoting the potential benefits.”
So now EHR really does mean MHR?
I wonder what "proper preparation" you would think would be appropriate for MHR. I would have rather liked to see the actual legislation presented with honest costs and honest benefits, rather than half- truths (and frequent actual falsehoods) from various Government spokespeople.
In discussion with several doctors, nurses, receptionists I have been *appalled* at the almost complete lack of understanding of even the simplest aspects of how the MHR system is supposed to work, or of its benefits or its dangers.
(By the way, were you aware that the Government pays medical practices to enroll people in the MHR system - often, in fact usually, without the subjects' knowledge or consent?)
I am reasonably convinced that most health professionals who have promoted the MHR system (or its predecessors) have been touting what they thought it was, not what it actually was. Amazingly, I rather suspect that most Government people promoting the system are doing this too!
And sadly I have to say that you seem to be doing pretty much the same, though you are more discussing than touting.
“The big concern was privacy. The governing legislation – developed when My Health Record was an opt-in model – was relatively lax about releasing information, however this was no longer appropriate for a more wide-ranging opt-out-only public EHR,”
It wasn't ever appropriate. It was just marginally less damaging when people at least had the option of not participating, and when the default would protect people from their own ignorance.
It seems odd that you would suggest that being "relatively lax about releasing information" could ever be even remotely acceptable for medical information.
“In the meantime, Australia is lagging behind in EHR implementation. “
Lagging behind whom or what?
“HCPs still transmit information and data about patients by fax. “
Fax is point-to-point. It's difficult to intercept except at the endpoints, interception between the endpoints takes a lot of specialised knowledge, and no endpoint is a honeypot. The medium is not inherently copyable. Interception at the endpoint takes a significant amount of time and requires the physical presence of an attacker. Any attacker would be able to access relatively few records. Access would be expensive and slow with very high risk of discovery (unless the attacker was on staff in which case all communication methods are equally compromised), while for the legitimate user the rate of access is easily sufficient. So fax is actually not a bad means of transferring private data as long as the fax machines are not located in public spaces.
I'm not seriously suggesting a fax-based system. My point is just that things need to be considered for what they are. New is not necessarily better.
Your article is largely fact-free, vague, and devoid of any critical analysis of the actual flaws in the MHR. You used "EHR" sometimes to mean a fictional idealised system, and sometimes to refer to real systems, leading to a confusion between attributes of the fictional system and attributes of the PCEHR and the MHR systems.
For an article emanating from a largely respected organisation it was extremely disappointing.
The MHR is the health sector's NBN. It's a basically good idea that has been perverted to fit political and administrative ends rather than the practical ends it was supposed to serve. In both cases the architects of the system steadfastly refused to listen to competent technical advice. The results were systems that did not achieve their stated goals; both were completely predictable disasters, ludicrously expensive, and will just have to be discarded and done again.
Regards, Karl Auer.
Postscript 11.00 am Nov 12, 2018
Overnight I saw a response from Prof Duckett which I reproduce with his permission:
Postscript 11.00 am Nov 12, 2018
Overnight I saw a response from Prof Duckett which I reproduce with his permission:
Thanks Karl I did not think there was anything I said in the article which could have led you to believe that when I said 'Facing public distrust' I was suggesting the public got it wrong. It is not my view that the public's concerns were invalid. You then go on to suggest that the examples I give of the benefits of My Health Record will not be addressed by the current design. Think of these scenarios: once uploaded allergies do not need to be re-entered every time, laboratory results and filled prescriptions can be a direct feed etc. I just do not agree with you here. As to the rest of your points, I agree that there are a lot of improvements that still can and should be made to the My Health Record. The issue is surely whether you throw it away and start with a redesign, and I hinted in the article that I thought the current design is now a bit antiquated, or whether you modify the system as it goes along. My view is there are benefits, even with the current design, which should not be dismissed. We should be working to improve it. Stephen Stephen Duckett Director, Health Program Grattan Institute
D.
15 comments:
Karl Auer's perceptive and well reasoned comments to Stephen Duckett serve to once again highlight the very serious shortcomings of the MHR. The futility of continuing unquestioningly to promote the MHR will be readily apparent to every politician prepared to carefully contemplate what Karl Auer is saying to Stephen. Thank you David for bringing this most important piece to our attention.
An excellent contribution something that should have been the core of the ADHA purpose. Another insight was in the Finacial Review today regarding Tyde.
An extract - In April, Tyde co-founder Romain Bonjean was upbeat about the two-year-old company's future, but things have turned quickly as the government backflipped on allowing Tyde and other third party developers access to personal data with the consent of the individual. The government has also reneged on allowing heath insurers access to personal data with consent, which Mrs Bonjean says, is a "disaster" since private health insurers are driving innovation in care coordination.
Raises the question - just what has Tim Kelsey been selling behind closed doors? And did the Minister know?
Thank you David for posting this and a thanks to Karl Auer for penning it. Karl Auer highlights some very real patterns in the story telling around the government project. The way the MyHR is presented is confusing if not misleading. Even the advertising depicts a system and application that does not truely reflect the systems actual interface or capability.
The politicians of both major parties have checkmated each other into a "heads I win, tales you lose scenario". Only the independents have the power to right what's wrong, but even then Kerryn Phelps is showing signs she doesn't fully appreciate what's wrong.
And even if the politicians did read Karl's comments, reading doesn't equate to comprehension.
They have had ample opportunity over the last decade to address the underlying issues with Senate Enquiries and numerous submissions but, as some predicted, the many conflicting arguments across multiple submissions served only to confuse the politicians leaving them impotent.
Stephen's view is "... the current design, ..... should not be dismissed. We should be working to improve it.".
Come now Stephen. You seem to be suggesting that the architecture is sound and a good basis upon which to continue building the system going forward. If that is not the case and the system needs to be re-designed and re-architected (in marketing fluff the word is re-platformed) then rather than trying to build a new system over or around the existing one the sensible thing to do is to terminate the current system, stop wasting millions of dollars trying to fix what is inherently faulty and go back to the drawing boards. I seem to recall there was an article in PulseIt to that end in the last 12 months. I may be a lone voice in that regard, but I think not.
In a response to Karl and Stephen I said:
The myhr was designed
1) to be opt-in
2) to connect health data, not upload it to a central database. A small
database was needed for ID and a few other things
3) to use a smartcard to control access and identify individual users
4) based upon getting explicit consent.
The government wants to change to opt-out and implied consent the other two are not in the current design
There are 400,000 GP visits per day. If each GP spends 3 minutes
considering if they need to update a patient's myhr (there's a 27 page
AMA guide, so it isn't quick and easy) and then updating it, then my
back of an envelop calculation is that this will cost the health
industry $500m-$1b per year just for GP data entry.
The benefits need to be far more than this to justify the total costs
and risks. The benefits have never been quantified, it's all snake oil.
Finally, this is a patient record and the patient is responsible for its
accuracy and completeness. How many Australians are willing and able to
take on this responsibility? AFAIK, they've never been asked so no-one
knows.
Bernard, I do recall in either the strategy or supporting material the ADHA claim cashable benefits of around the $100 million, well short of your reasonable financial cost just for creation, which of course will also lead to an increased cost in having to read that information.
And a side note: at least you provided a method behind your figures.
From a long and vitally interesting perspective Why Did Google Hire Geisinger CEO Dr. David Feinberg?
Most of today’s at-home wearables generate reams of data (heart rhythms and blood sugar readings). Doctors don’t want all that data clogging up their electronic health record systems nor do they want patients rushing into the office every time a single number seems out of line. What doctors want is smarter technology.
Re claims of benefits, the only ones I remember are in these (totally unjustified and unreliable)
PCEHR Review 2013
http://content.webarchive.nla.gov.au/gov/wayback/20150322014955/http://www.doctorconnect.gov.au/internet/main/publishing.nsf/Content/46FEA5D1ED0660F2CA257CE40017FF7B/$File/FINAL-Review-of-PCEHR-December-2013.pdf
Using 21st Century Tools to overcome the ‘fear of frying’ and build success. Presentation by Professor Mukesh Haikerwal (World Medical Association and NEHTA) and Chris Bartlett (Booz & Company) at Healthcare Information Management Systems Society conference, 2013
https://vdocuments.mx/healthcare/overcoming-fear-of-health-technology-programs.html
If you look really hard, the Royle review copied (and doctored to remove the PCEHR callout) a graph from the 21 Century Tools document.
The claim was $400m from a fully populated summary health record - no costs though.
There's a huge difference between "smarter technology" (which doctors are getting in spades) and the digitisation of medical records and other data. The first is useful and provides current, accurate data on the patient (although not always at point of care)
The second is mainly administrative record keeping that goes stale very quickly.
myhr is certainly having an impact.
Dr Bob Walker is closing his great clinic
And today this:
"Leading start-up investors have criticised the federal government's "disastrous" rollout of the My Health Record system aimed at digitising medical records, saying the policy instability is crushing innovation.
Australian health IT start-up Tyde is the creator of the first consumer-focused app – a single point to access and manage records and appointments that can join the entire family's health records together – for the federal government's My Health Record that is being rolled out by the Australian Digital Health Agency."
and
"I think Greg Hunt's decision to bend to the Senate inquiry is sending digital health backward in Australia. The agreement the agency issued to us is crazy. One day we can store data with consent, and the other day we can't."
"It's completely destroying Australian digital health innovation," he added."
Tyde may well have a vested interest and they may be overly optimistic about the volume and accuracy of data in myhr, but it's the "policy instability is crushing innovation" that needs to be taken seriously.
A story uploaded to a mailing list. Permission to repost has been requested and obtained. It is a public forum, and I've removed identifying info.
"Over the past two years I've experienced professionals in the health system at their most impressive.
Two surgeons, three oncologists, two gastroenterologists, two GPs, one hematologist, four hospitals as inpatient, three different hospital emergency departments, many pathologists, and more. I soon found that not one of them had records that gave anything like a complete story, so I collected records from all of them and created my own complete set chronologically, on paper, now in four manilla folders and a 5th folder dedicated to 28 scans (PET,MRI,Xray etc).
None of the records was or is on My Health Record. My emergency department experiences are all related to infections not accident trauma or the like so I am sufficiently alert to be able to take the latest folder with me which the doctors always grab with glee.
The folder has an inside cover summary of conditions and treatments with specialists names etc. A short version is in my wallet with my driving licence which as an over 70 yrs old I'm required by law to always carry when driving.
Questions I've pondered are whether paper is superior in my circumstances to a digital copy, what information is critical, and how best to present it. My experience is that the information on paper has been immediately accessible under all of the circumstance when it has been useful, more so that if it were in digital format (stored on what?).
Keeping the information up-to-date is a matter of discipline, not means.
I believe My Health Record is a good idea badly designed and implemented, and until it is made reliable and is universally used then I have to take responsibility for maintaining my own records and making them available when needed.
It's not privacy of my information that concerns me, it's whether it's complete, up-to-date, and easily accessed."
The “innovation” Tyde is talking about is a concerning language. It appears the ADHA has at some stage been presenting patient data. Seems Tyde for one has built a business model around this and the changes have brought that to a grinding holt. Perhaps as someone once posted this is about ‘safe, seamless, secret harvesting of citizens data. They offer states TK view of open data was data freely available if you open your chequebook
I would question the need for a "redesign", I think getting the government out of the game of design and into the realm of standards compliance is what is needed. Government does not design new treatments or drugs, they try and make sure that anything used is safe and complies with standards.
If we had high quality, atomic, standards compliant data then it could be moved around at will, probably mostly on a point to point basis, which requires explicit consent and preserves privacy. You need to get consent to send information to people involved in a persons care today and its rarely denied. The originator and recipient of the data should be producing and consuming the data reliably and this is just not the case. The default is still paper, or in the case of MyHR pdf or "ePaper" and we will not see any major benefit until we get good quality compliant data. Once you have that then anything is possible, even sending it to a repository, but primarily medical data should be sent point to point, but in a lossless manner.
If the web was a centralized repository of pdfs would it be as useful as it is today? The modern web works because browsers, html and javascript etc have become reasonably compliant and the same evolution has been denied to health information by ?well meaning public servants who do not have a clue. If the requirement for sending or receiving health data was strict standards compliance with any data format in use, information could flow and we could see real innovation in the use of the data. Stuffing pdfs into a central database is only useful for surveillance!
Stuffing pdfs into a central database is only useful for surveillance! I am not sure they are all that useful in a modern surveillance world. Other than that I completely agree Andrew.
Post a Comment