Sunday, August 25, 2019

This Seems To Be A System Of Sharing Personal Health Information That Is Rather Out Of Control.

I noticed this last week:

How does Inca collect and share health information?

Updated 1 month ago
Precedence Health Care’s Integrated Care Platform (Inca) is a cloud- based network of digital health and wellness services, including MediTracker mobile application services.
It is important that all users of Inca services understand how the network collects and shares health information (“personal information”) and are aware of their responsibilities for gaining informed consent from patients.
To the extent applicable (if at all), the Health Privacy Principles (or equivalent), which operate in some jurisdictions, should guide your actions. In the absence of applicable Health Privacy Principles, you should refer to relevant Commonwealth, State or Territory privacy legislation, and assistance can also be derived by referring to the website of the Office of the Australian Information Commissioner. You should make sure you are familiar with the applicable principles or other relevant guidance, and also with Precedence Health Care’s Privacy Policy.
Inca collects and shares personal information about patients and other persons under care (also called “consumers”) who consent to this information being stored and shared in the network. This information may come from a variety of sources, including the clinical software systems used by GPs (e.g., Medical Director, Best Practice); other members of the patient’s care team (e.g., allied health professionals, medical specialists); the patient themselves; participating health services and pathology services; and the Commonwealth’s My Health Record.

Inca uses this information to provide a range of health care and wellness services to the patient and their care team.
Prior to contributing a patient’s personal information to be stored in or used by Inca, users must obtain informed consent from patients for the collection and sharing of this information. Ensuring that patients are informed about what will happen with the information that is being shared is a fundamental component of best practice in privacy, so it is important that all Inca users and patients know what information is available on Inca and who has access to that information.
When a patient’s GP or other person authorised by the GP uses Inca to collect personal information from their general practice clinical system, Inca will extract and share the following information:
·         Patient demographics
·         Alcohol consumption and smoking status
·         Allergies and adverse reactions
·         Family and social history
·         Observations and results
·         Current medications
·         Immunisation history
·         Current and past problems
If the patient or the GP does not wish to share some of this information, the GP’s clinical system should provide a means for declaring such data “confidential” and thereby preventing it being sent to Inca. GPs who do not know how to do this should contact the provider of their clinical software.
Inca may also collect and share information obtained from other sources. These include:
·         Information that the GP or any member of the care team or the patient themselves adds to the patient record or to any notes concerning the patient’s care using Inca services, web sites or mobile devices. This information may include contact information, measurements, care plans, assessments, referrals, progress notes, appointments, and other related personal and health information.
·         Information from participating Health Services, including discharge summaries and emergency department attendance.
·         Information obtained from My Health Record. This information may include some or all of the data stored in the patient’s My Health Record.
It is the responsibility of the provider of information stored in or used by Inca, or the person who grants access to such information, to inform the patient of the type of personal information that is so provided or made accessible.
Inca will provide access to a patient’s personal information with the patient’s GP and care team, the patient (or their carer as authorised by the patient), participating Health Services, and some others as necessary to provide the services of Inca. Precedence Health Care may share de-identified data (that is, data from which it is impossible to ascertain who you are) to persons or organisations who are engaged in research, trials and analyses relating to improvements in health and the management of health services. The way Inca shares and protects this information is described in the Precedence Health Care Privacy Policy.
It is important that patients understand what information is being shared, who it is being shared with, and for what purpose. It is the responsibility of the persons providing this information to ensure that each patient is aware that their personal and health information is being stored on a computer system hosted on a secure site in Australia, as described in the Precedence Health Care Privacy Policy.
It is also important for all users of Inca to be aware that this information may not be complete, up to date, or accurate.
In seeking informed consent to participate, patients should be advised that any measurements or notes that they enter into Inca are not continuously monitored and will be available to members of the patient’s care team only when the provider next logs in to Inca. Patients who are concerned about any condition should contact their GP or other health care provider using their normal means (e.g., phone) and should not use Inca for this purpose.
Please contact Precedence Health Care’s Privacy Officer on (03) 9023 0800 or email privacy@precedencehealthcare.com if you have any questions or concerns about our Privacy Policy, or if you wish to suggest improvements. You may also contact your State’s Privacy Commissioner or Ombudsman to get advice about privacy or make a complaint.
Here is the link:
For background Precedence Health run a shared patient data base which is accessible to GPs, Specialists and Allied Health Staff for the purpose of care planning and co-ordinating care. Using their system allows GPs to claim a Medicare Item No for this service. They also provide patient access to the data and have services such as reminders etc in an app.
All that said this system, on its own statements, just sucks information from everywhere (GP systems, health services and the myHR) and pops it into one database. One user, who is now switching it off, revoking consent and getting out has described to me a collection of erroneous and mis-sorted data on their record.
More they seem to be happy to hand out the data to others claiming it is de-identified – and we all know how in-effective that can be!
The rather loose way consent rules for disclosure appear to be enforced is also a worry.
They even have the legendary myHR disclaimer  that “It is also important for all users of Inca to be aware that this information may not be complete, up to date, or accurate.” Doh!
You can see the Privacy Policy here if you wish!
Don’t know about you but none of my information would go anywhere near this if I could help it! It looks like a serious unthought through shambles to me.
What do you think?
David.

7 comments:

  1. Bernard Robertson-DunnAugust 26, 2019 10:19 AM

    Media Release: Doctors, Lawyers, and Privacy Experts Denounce Sharing Patient Health Data for Secondary Use

    https://www.efa.org.au/2019/08/26/media-release-doctors-lawyers-and-privacy-experts-denounce-sharing-patient-health-data-for-secondary-use/

    ReplyDelete
  2. I'm still not clear about this. I thought the Precedence system only shared data with other doctors and health service providers involved in the patient's care.

    What is the evidence they are sharing data willy-nilly with anyone and everyone. It's important we get this very clear.

    As for data accuracy or wrong data being held in a record - that is a different matter which can and should be resolved by the systems developers.

    ReplyDelete
  3. David, I think it reasonable that you to seek clarification from Professor Michael Georgeff and ask him to provide you with a definitive statement for your readers.

    ReplyDelete
  4. I reckon the quote from the INCA web site is pretty clear and speaks for itself - or am I missing something.

    I am also aware of one user as I mention who found the data erroneous and wildly incomplete.

    I would welcome a comment if they have one to offer.

    David.

    ReplyDelete
  5. Smells like money people have taken hold of meditracker. Just went to reset my password and now they want my medicare number as identity. Shame that, looks like another Healthengine style data exploration org.

    ReplyDelete
  6. Just to note I have had a conversation with Prof Georgeff and he agrees that there are some issues with the way their system is explained in the document quoted.

    His key point, as I understand it, is that the patient is in pretty much total control of what information of theirs is shared with a selected number of actors (GP, Allied health etc.) He understands that the data quality may vary but that the GP and patient are responsible for any errors present.

    With respect to the myHR, data sourced from there is on a separate tab, is kep separate, and is occasionally useful if it can be located among the .pdfs (A discharge summary for example).

    He believes the tool can be useful but does understand concerns some may have around who sees what information and concerns re Secondary Use.

    David.


    ReplyDelete
  7. "Prof Georgeff and he agrees that there are some issues with the way their system is explained in the document quoted."

    .... which leads to confusion and misunderstandings
    .... it also reflects deficiencies in Quality Control procedures before information is released

    ReplyDelete