This appeared a couple of days ago.
‘Deeply concerned’: Victoria’s new no-consent health data sharing scheme
Denham Sadler
National Affairs Editor
The state government is planning to improve information sharing between health services through the creation of a new digital database and the involuntary collection of individual health data, in an effort to combat the currently fragmented patient health information system.
But the scheme has been criticised by the likes of the Australian Privacy Foundation, Liberty Victoria and the Australian Doctors Federation for its lack of consent required, potential for the database to become a “honeypot” for hackers, and that it could jeopardise doctor-patient confidentiality.
The Victorian budget in May included a commitment to reform and consolidate public pathology services in the state, including through improvements to laboratory information systems. This would include the creation of a health information exchange to be hosted and supported by the state health department – a centrally hosted solution in the cloud environment that is “highly available, scalable and reliable”.
The Victorian government has issued a tender notice for this work looking for an off-the-shelf solution from the private sector, closing on 20 December.
Legislation underpinning the new data-sharing scheme has already passed the lower house and is expected to be debated in the Legislative Council before the end of the year. The bill formalises the linkage of patient medical and health information into a single portal, which can be accessed by authorised users such as doctors or other clinicians.
Information collected in the database will span five years in the past of an individual’s health records.
If passed by the state Parliament, the scheme will come into effect in February 2023 in order to give time for the solution to be developed. It will include public hospitals and health services, metropolitan hospitals, ambulance services and forensic mental health units.
Information to be shared in the database and with authorised users includes prescribed medicines, allergies, admissions, discharge summaries and other alerts.
Unlike the highly controversial federal My Health Record scheme, there will be no ability for Victorians to opt out of this medical health sharing scheme.
The legislation also includes two new criminal offences to deal with the potential unauthorised access of data in the scheme, and for accessing it for unauthorised purposes, with two years imprisonment.
“The availability of complete and accurate health information at the right time and at the right place will save lives and is essential to providing the very best care for patients,” Labor MP Shaun Leane said in Parliament.
“We recognise that a consolidated picture of a patient’s medical and health history is essential to the provision of safe and high-quality care in our public hospitals. In Victoria, critical health information is currently spread across different health services, in separate systems and in paper records. This fragmentation of patient health information often means that clinicians manually gather patient health information, through fax or phone calls.”
The state government has argued that the new database will be more secure than the current system using fax and phone calls.
But the Australian Privacy Foundation has serious concerns with the proposal, and has sent a series of questions to the government and health department. The organisation is now in discussions with senior personnel from the Department of Health and Human Services over these issues.
The main concerns are over a lack of consent, independent oversight and a risk that it will get in the way of doctor-patient confidentiality, Australian Privacy Foundation health committee chair Juanita Fernando said.
“Given the proposed exponential expansion of the Victorian data collection, consent should be active, in the form of a clear, freely given, specific, informed and unambiguous indication of the individual’s agreement to the collection, holding, management and retention of personal information by health authorities,” Ms Fernando told InnovationAus.
“The bill erodes protection of the patient-doctor confidentiality, and so the high quality patient care that requires patient openness, trust and confidence in their clinicians. This may prove disastrous in the context of mental health concerns and other conditions linked to the social determinants of health.”
The Australian Doctors Federation (ADF) also shared concerns the scheme could impair trust between clinicians and patients.
“The ADF maintains that quality healthcare requires patient trust and confidence, and appropriate health informatics and high integrity data to aid clinical decision making,” the organisation said.
“Unfortunately, governments have a very poor track record at implementing trustworthy systems, which provide quality health information whilst maintaining the confidence of doctors and patients. The ADF recommends that the proposal not proceed until these and other key questions are publicly debated, carefully examined and resolved.”
Liberty Victoria has also said it is concerned about the privacy implications of the plan, and there needs to be better public consultation on this.
“This Victorian bill has no provisions for opt-in or opt-out, all patients are in and their consent is not required. There are no provisions for the de-identification of at-risk individuals. All data is open to all users of the system,” Liberty Victoria said.
“Liberty Victoria holds serious concerns for the potential of the suggested central database to become a vulnerable ‘honeypot’ for personal data. All patient data including the identifiers at each clinic and hospital are to be stored. The database would be a major target for exploitation by hackers and organised crime and there is insufficient focus on protecting this personal information.”
Lots more here:
https://www.innovationaus.com/deeply-concerned-victorias-new-no-consent-health-data-sharing-scheme/
I have already mentioned this dreadful plan before. See here:
https://www.blogger.com/blog/post/edit/23447705/2168823117248129519
The more you read about what is planned the more it is clear that there are key aspects of this proposal that are deeply flawed.
First it is absurd not to be able to opt-out of the system. With the situation planned that any clinician can access all the data not to be able to avoid all sorts of potential risks by being able to remove detailed personal information is just appalling!
Secondly, as far as I know, there is no patient access to the data to be able to know what is held and to correct the inevitable errors.
Third to go to data that is up to five years old and was collected under a different data quality and protection regime guarantees omissions and inaccuracy. I wonder how clear they plan to be in identifying the other users whose patient records are being raided and what protections will exist for errors made in the past and shared just now – no one is perfect.
Having seen the numbers who have chosen to opt-out of the #myHR one really wonders what the Victorian Government thinks it is doing in introducing a compulsory and privacy invasive State system.
As far as I know there is little to no evidence that systems like what is proposed - a centralised patient database with various access paths – has much in the way of clinical, economic or patient safety benefit. It would be fascinating to see how the benefits were spun and just what costs were envisaged. Much better privacy preserving and decentralised approaches to the problem exist I reckon!
A leak of even the Exec. Summary of the Cost / Benefit and Option Analyses would be great fun for all!
This is a privacy invasive and clinically unproven monster the Victorian Upper House should reject.
David.
6 comments:
It is just lazy governance, lazy design and shows Australia is easy pickings.
It seems to me that Shaun Leane MP has a clear understanding of what is the full intent of this project.
“The availability of complete and accurate health information at the right time and at the right place will save lives and is essential to providing the very best care for patients,” Labor MP Shaun Leane said in Parliament.
“We recognise that a consolidated picture of a patient’s medical and health history is essential to the provision of safe and high-quality care in our public hospitals. In Victoria, critical health information is currently spread across different health services, in separate systems and in paper records. This fragmentation of patient health information often means that clinicians manually gather patient health information, through fax or phone calls.”
The wheel begins turning through the mudflats once again. Another useless endeavor about to roll-out at hug expense to all Victorians. Thank you Shaun for the clarity.
The devil is always in the details.
What happens when:
* Someone moves to Victoria. Will they be required to supply five years of their health data to Vic Health? How long would they be given to acquire it. What if it is inaccurate/incomplete?
* Someone visits Victoria and requires health care?
* Someone leaves Victoria, either for another state or overseas? Will they be given a copy of their data - after all "a consolidated picture of a patient’s medical and health history is essential to the provision of safe and high-quality care in our public hospitals". Will their data be completely deleted after they have left?
What does "Information collected in the database will span five years in the past of an individual’s health records." mean? If someone was born with a disability/ condition, will that information still be in the record after five years? Or does it only refer to when it was collected, not when the medical event happened?
What happens if someone has a condition that lasts longer then five years? Will some data be deleted, leaving only the previous five years?
If they have followed best practice there should be a document that details all the functional/non-functional requirements, an information architecture and a complete set of use cases. None of that should be classified as it only describes what the system is designed to do so that everyone can understand what it is for.
If such a document does not exist, then everyone will be guessing what the system is supposed to do and the end result will be chaos and useless. Sound familiar?
If it does exist, why can it not be made public, there's no health data in it.
He is an electrician!!! As for credentials to pontificate from on high about a healthIT project of such complexity and scope - you can decide.
@4.53pm. He is an electrician!!!
He stopped being an electrician in 1999 when he became a Union rep, then a State MP.
MP -> Master Pontificater.
ScoMo was a marketer. I'd prefer someone who can actually have a lightbulb moment.
Post a Comment