As readers here will know I have been banging about the fact that am not sure the WA PHN should have a monopoly of national GP data aggregation and reporting.
Consistent with that this appeared last week.
The problem with PHNs as masters of the dataverse
They aspire to be the overlords of population (that is, your patients’) data, but they aren’t qualified, organised or well governed enough.
Not many GPs have a great idea of what happens to their patient data once it gets sucked out of their system by a Pen CS or equivalent software data extraction tool, in what manner it is sucked, and even what is actually sucked out.
It wasn’t long ago that one GP practice in Victoria worked out that, having agreed to have its data sucked away for the purpose of chasing a PIP quality improvement (QI) incentive payment, which required just a few key data fields, that every single field on every patient was taken by the data extractor.
It turned out that this was happening with a lot of practices at the time.
Most practices around the country were lured into this eclectic manner of patient data sharing by the PIP QI payment scheme, which was launched in a hurry and without any formal framework for data governance (that got published by the Australian Institute of Health and Welfare only last year, amid the covid mayhem).
We sort of just fell into the whole PIP QI program without really thinking at all about issues of data governance, audit, reporting and management.
Practices agreed because all practices need more money and it was easy money. They were being assured that everything would be OK by their primary health network (PHN), by the data extractors and by the government.
Two years down the track from that disorganised start and the power dynamics of controlling GP-sourced deidentified patient data is starting to shift radically into the hands of PHNs, something that many GP practices may probably not be entirely comfortable with, without some better government assurances and oversight.
The shift has been assisted significantly by the Department of Health, which has funded the PHNs in the past few years to build their own data-extraction software to compete with the commercial extractors, to build a giant centralised “data lake” of nearly all the PHN-collected data across Australia out of Western Australia (Primary Health Insights), and even to apply to the ACCC for, and be granted, the right to exercise monopoly-type powers over this GP data in Australia.
The DoH provided Western Australian Primary Healthcare Alliance (WAPHA) a $10 million grant just over two years ago to build the infrastructure for a giant centralised data lake in WA, and then a further few million to a couple of other Queensland-based PHNs in the past year or so, to build new extraction software so the PHNs could go around the commercial providers, mainly PEN CS.
The government ignored the argument put to it by the Medical Software Industry Association (MSIA), on behalf of many of its members, that granting not-for-profit government quangos money to compete with private-sector companies, which had built and established their businesses based on private investment and fair competition, was inherently unfair (it was) and that the track record of PHNs building and running their own software was abysmal (it was).
The reasons provided by WAPHA (and we guess by default the DoH, which controls them) for building a giant data lake to hold GP data in WA, using an alliance of 27 PHNs to collect and manage the data, and assuming a monopoly position on GP de-identified patient data by centralising systems into one giant facility out of WA servicing all 27 PHNs, actually make sense.
Rather than have 27 inexperienced and differently constituted and governed PHNs try to build and run data extraction, conduct governance, and perform complex analytics on the data, all separately, WAPHA, in agreement with those 27 PHNs, decided it was best to pool resources and build one giant and modern facility with the appropriate centralised expertise to help all 27 PHNs manage their data.
That is a good idea.
But if you scratch the surface of this idea, and start to understand the power dynamics of this data ownership, the “good” starts to unravel pretty quickly in the not-too-distant future, at least as far as GPs are concerned.
“Great, now I have to worry about what my PHN is actually doing with my patient data? How do I do that, my day job, restructure the practice for payroll tax compliance in between, deal with the idiot in Room 7, stay married, and stay afloat?”
Good point, so bear with me just a little here, as I think this is more about awareness of what is going on at this point than having to take time out to fix anything immediately.
It’s worth knowing what is going on a bit better as this data is owned by you and your patients, not the PHNs or government, and at some point, there might be some opportunity for practices and their representative organisations to address some of the obvious issues that are likely emerge from this loosely-cobbled-together initiative.
Is a giant data lake of all GP data, run by a WA-based PHN, a safe bet?
Easy answer: “No, not really.”
Rule number 1 of big data governance these days is, “don’t put all your eggs in one basket … it’s not a matter of if you get hacked these days, it’s just a matter of when”.
Which is why you don’t centralise data with lots of loosely governed access points these days. Oops, there goes the My Health Record.
Modern data security architecture for stuff such as patient records mandates using cloud-based “distributed data architectures”, which use secure, standards-based means of sharing data on the cloud, and cloud security protocols.
In a lay person’s terms, have your data in a lot of places, so if one spot does get hacked, you don’t lose it all in one go.
If everyone with a smaller data pool runs their data to modern web-based data-sharing protocols, the data will be more secure, more securely shareable and be of better quality because “locals” will be managing the input quality.
Setting up an ecosystem for sharing like this requires a lot of co-ordination and agreement among service providers. We haven’t managed to do it in Australia yet, but countries such as Israel, Denmark and the US have, so it is feasible.
One issue some organisations subconsciously have with such a distributed setup is that if you allow the data to sit distributed (but accessible) in local data centres, you distribute power.
If you centralise a dataset, as WAPHA are doing, you centralise investment, money and power.
Vastly more here:
https://medicalrepublic.com.au/the-problem-with-phns-as-masters-of-the-dataverse/68150
An interesting and detailed read and worth a browse to see just how far this could run off the rails!
David.
3 comments:
Isn’t the AHIW the national data custodian under that secondary use legislation?
This smells like another stupid idea by the ex CEO of ADHA ( not the English chap)
There's a long saga of GP data collection in Australia & other countries. Funding, withdrawing funding, who is doing it, methods used, what's done with it, the good, the bad & the totally unusable. Talk to the academics that ran the BEACH program & compare that with what you're told by the health departments, PHN's & commercial suppliers.
Why is this a danger to you and me? Why is the lack of governance and legislation of data use a threat to your community? Look at the US and Roe v Wade, now do you think little apps like period trackers, location tracking, health records will not be turned into ‘secondary use’?
And this is a democracy of the highest standing supposedly.
I would like to thank all those conspiracy loving, witch burning, ant-vac religious nut jobs, for working tirelessly to make their fears a reality and allow a cancer to enter our ways of life and destroy a country of a majority to good folks. It will happen here.
I am not saying that is the goal of the PHN people, I am saying their and the governments of Australia lack of due care will allow this to happen with ease.
Post a Comment