Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, July 23, 2006

E-Mail Security and Clinical Practice – What’s Sensible?

In The Australian last week an article appeared reporting that a large teaching hospital in Melbourne has been using standard e-mail to send discharge summaries to GPs. Further it was reported that this had been approved by the hospital following a decision by the hospital's privacy committee that the benefits of rapid communication outweighed the risks to patient confidentiality.

The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.

The essential facts are these.

Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.

Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.

Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.

For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.

GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.

The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.

In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.

Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.

David.

Major Success for the CCHIT

This week the Certification Commission for Health IT (CCHIT) announced it had approved 18 providers of ambulatory EHR systems as being fit for purpose, and suited to play their role to develop a functionally rich and interoperable EHR environment in the United States.

Since the CCHIT was only established in late 2004 this is indeed an impressive achievement – made even more so by the fact that it was founded with seed funding from three leading industry associations in healthcare information management and technology – the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology (Alliance).

Only after establishing a track record did the US Federal Department of Health and Human Services (via ONCHIT) grant $7.5M (over three years) to assist in and accelerate the work.

In less than two years certification standards for ambulatory EHRs have been developed and systems have been evaluated against quite robust test scripts. Additionally work is now well advanced in the development of certification requirements for Hospital Information Systems and work has also begun to consider Health Network Infrastructure Certification.

Given that each vendor was charged only $28,000 for the evaluation, it seems clear that the total cost, to get to this present point, of 18 certified commercially available EHRs, has been well under $US5.0M.

This successful outcome shows two things. Firstly it is possible to certify, in less than two years, the quality of ambulatory EHR systems (what we would call office practice systems or GP systems) to what, on my reading, seem to be quite advanced specifications. It is simply not too hard to do despite the claims of many to the contrary.

Secondly it can be done for a sum that is quite modest. Even if the Australian industry could not afford the certification fees – the process could be funded by Government and the same outcomes reached.

One has to ask why this is not happening in parallel with the longer term initiatives being sponsored and funded by NEHTA. There is a clear need, it is doable and affordable and it would make a significant difference.

Let’s just get on with it.

David.

Thursday, July 13, 2006

NEHTA's Approach to Privacy V 1.0

On July 4, 2006 NEHTA released a document entitled NEHTA's Approach to Privacy V 1.0. This report can be found at the following URL:
http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,141/Itemid,139/

In general the document provides a useful, if rather high level, introduction to the privacy issues faced by all those who plan to implement e-health in the real world. We are also told that NEHTA plans to develop Privacy Blueprints (whatever actually they are) for the Provider and Individual Identifier initiatives as well as a later one for the Shared EHR.

In response to the paper I feel the need to make one key criticism and offer a few observations on the traps and pitfalls that lie in wait.

The criticism is that talk of privacy neutrality is naïve. It is critically necessary to distinguish between conceptual privacy neutrality and practical (or privacy as it is actually implemented) neutrality. Preserving the privacy of a patient’s written record is a very different thing from preserving the privacy of a patient’s record when stored, typically with hundreds of others, in a computer system. The threats from leakage and exposure are different as are the methods of auditing access and use. These differences must be clearly recognised and effectively addressed. An example is the ease with which 10,000 records can be stolen on a USB key compared with the same ‘truck-requiring’ effort with paper records.

NEHTA rightly recognises any perceived failures to protect ‘private information’ will have severe consequences for e-health adoption and use.

The crunch will come for NEHTA in ensuring that the Common Principles for the Collection and Handling of Health Information are implemented as robustly and effectively as the public expects.

The number of recent incidents where tens of thousands or patient records have been exposed by a number of healthcare organisations in the US (including the US Department of Veteran’s Affairs), and the public concerns regarding identity theft that have emerged, shows the basis of public concern has moved beyond having their secrets kept to anxiety regarding personal financial loss.

I also offer the following observations based on consultations I have had over the years with consumer and patient advocate bodies.

1. Persecution and discrimination involving the improper use of a range of private health information is not an infrequent experience among those with stigmatizing diseases (AIDS, Hep C, Mental Illness etc), particularly in the fields of employment and in the individuals access to various services. Thus the need for high levels of confidence and certainty against unauthorized disclosure is easily understood, as is the quite reasonable use of multiple identities to avoid exposure – computer systems must allow for this – or risk rejection by users.

2. The right to not know some things (e.g. possible genetic “doom”) is valued and must be respected.

3. People vary widely in the value they place on being able to keep some information secret (e.g. that they have had an abortion or an STD) and systems have to be sensitive to this variation to succeed.

4. Careful consultation with those on the outer (e.g. the mentally ill, the poor and the homeless) is vital to ensure a privacy underclass with little or no access to services is created.

5. Trust is not a commodity that is as widely available as it used to be – especially of government – and communication of what is happening in the area of Health Information Privacy is vital. Also there needs to be a high level of conservatism and a measured pace of change for success in implementation.

6. Most in the community support secondary use of information for research as long as they are aware the use is happening. This needs to be fostered by openness by the information holders about what research is being done and what the benefits may be.

The privacy issue is a serious ‘hot potato’. Every effort needs to be made to get it right in order for e-health to succeed. We can only hope NEHTA will adopt a sensitive, careful and consultative approach when it comes to implementation.

David.

Sunday, July 09, 2006

How to Really Fail at a Health IT Strategy.

To those of us in the Health IT community who genuinely care about health sector reform and the ongoing sustainability of our health services, it seems that we will need to get mobilised in order to try to change the directions that NEHTA is taking.

Before expanding on why I think this is so let me first say that I would really like NEHTA to succeed, but their approach however is, I believe, setting them up for failure before they start. A big call? I don’t think so, not after having been involved in and observed large scale Health IT implementations from all over the world for over 20 years.

How do you make a program like the one NEHTA plans fail? The things you do are as follows:

1. You don’t have a well considered, fully stakeholder consulted and clearly articulated program plan.

2. You don’t have a publicly persuasive and credible and robust business case supporting your plan.

3. You avoid detailed consultation with stakeholders, such as the software industry, on the impact of your activities so they are unsure of just what is happening and why?

4. You imagine grass roots clinicians (doctors, nurses and ancillary providers) will just accept what you offer when you choose to offer it.

5. You don’t have a well developed and open communication strategy that anticipates the information needs of your stakeholders.

6. You take advice from sources who are so unsure of their ground they seek anonymity.

7. You ignore, or redo, the work which was previously well done.

8. You have your implementation organisation operate with a culture of secrecy and non-disclosure.

9. You provide no clear outcome based indications of what will be achieved and by when.

10. You ensure the survival of the implementation organisation (NEHTA) by pursuing a non-transparent, complex, failure prone long term vision (if one actually exists), at the expense of the clear needs of the health system, which is to have decisive and doable projects undertaken promptly and focussed on assisting health care delivery.

The lessons of history are that clinical systems initiatives have never worked if the workers at the coal face - the doctors and nurses - are not convinced and keen to adopt.

I leave it as an exercise for the reader to work out how much NEHTA is doing right. My guess is that if even three of the above are not addressed, let alone ten, NEHTA will fail.

How many points do you think NEHTA has right on its present course?

David.

Sunday, July 02, 2006

What is Happening in Electronic Decision Support in Australia?

There has been a recognition in Australia for a number of years of the importance of electronic decision support (EDS) in improving the quality and safety of healthcare services. This recognition lead to some significant national work being undertaken in the late 1990’s and early 2000’s which cuminated in the creation of a very comprehensive national strategy entitled “Electronic Decision Support for Australia’s Health Sector - Report to Health Ministers by the National Electronic Decision Support Taskforce” which was published in November 2002. This report provided a comprehensive review of the then state of the art and a comprehensive set of recommendations.

Implementation of the recommendations was passed to the National Electronic Decision Support Steering Committee which is a subcommittee of the Australian Health Information Council (AHIC). Since that time an evaluation methodology for EDS has been developed and published by AHIC in 2003 and a work plan for 2004 has also been published.

However, after that, as best as can be determined nothing of consequence has happened and indeed only one of the fourteen high priority recommendations appears to have been actioned (the evaluation methodology) in the last three and a half years.

This is an amazing example of the ball simply being dropped due to what can only be stupidity and the inability to understand what benefits could be derived from following the roadmap.

Four years later we see the US produce, via the American Medical Informatics Association (AMIA) a similar plan. AMIA brought together experts from all over the US and convened a number of workshops and conferences in the following twelve months leading to the development of “A Roadmap for National Action on Clinical Decision Support” which was published on June 13, 2006. I can sadly report the US document reaches the same conclusions and suggests similar actions to the earlier Australian report.

Wake up Australia! You are being very badly served by the present crop of e-Health bureaucrats.

AHIC should either get on with it or resign in protest!

David.

Just Who Do They Think They are Fooling?

Earlier this week an eight page brochure entitled “e-Health NewsLetter” June 2006 appeared in my e-mail inbox. A nicely produced eight page brochure which was suggesting all was absolutely wonderful with all the e-health projects being sponsored by the (what was thought to be up until now the defunct) HealthConnect program.

Oh joy…all will be well in e-health I thought – such a professional polished brochure can only contain good and exciting news.

Sadly it is not the case. What is in fact contained in the Newsletter, which for some odd reason was not found with a Google search for ["e-health newsletter" healthconnect] on July 2, 2006, is a sad illustrated repeat of all the failures and lack of progress we have seen over the last six years.

I finally located an on line copy at http://www.health.gov.au/ehealth/. It was made available on 28 June, 2006 according to the download page. Quite odd that there is not even a pointer to it on the HealthConnect web site itself. Clearly this brochure is meant to be very low key indeed in its public exposure.

What do we learn from the contents?

Firstly we discover the national consumer health information line (Healthinsite), after 5 plus years of operation receives less that 12,000 unique visitors a day. Hardly usage that Google or Yahoo would see as a commercial threat. (I must say however the site is valuable and really should be much better marketed to the public – pity the good work is not more widely known.)

Secondly we hear that a few months ago the Council of Australian Governments provided $130 million over 3-4 years to identify patients and health providers and progress clinical terminologies. Still no idea how the identity systems will relate to the proposed Access card of course.

Next we get a recital of all the various HealthConnect Trials that have been conducted over the last 4-5 years.

We discover that South Australia is implementing a proof of concept care co-ordination system because SA has the oldest patients in the country and need it most. No specific technology, patient groups, time lines, outcomes etc are discussed so we will all just have to wait and see.

In the Northern Territory is seems the Shared EHR has been such a success that it has needed to be supplemented with point to point (P2P) messaging of clinical information (i.e. secure e-mail between doctors). The discussion also has real issues regarding tense. Part of the document implies a lot is up and working and then further on there are comments saying that what is being done will comply with yet to be finalised standards. I know the evaluation of the initial NT trials were very negative and have no certainty much is really happening at present either.

The latest news from the Townsville trial is that everyone thought it was a good idea. Again, no discussion of what difference it made, how many better outcomes achieved etc

From NSW we hear that the Health-E-Link project began a pilot implementation in March and is a great success because only five percent of patients have opted out. Commentary recently suggests the trial is not going all that well technically – and certainly there have been no public claims of progress I have seen. Again we need to wait and see – a franker discussion of numbers enrolled, access made to records would provide a few facts to support the brochure assertions.

In Victoria and Western Australia there have been broadband implementations which may improve regional communications and provide VoIP and e-mail etc. Clinical benefits are not yet apparent and the costs of service provision are a major issue in the WA project continuing after Commonwealth Funding ends.

Lastly, in Tasmania Hospital Systems have been modified to send an e-mail or fax, based on patient administrative system data, when a patient is admitted or discharged. Possibly useful – but rather a far cry from the Shared EHR vision which HealthConnect was meant to be about.

In essence this brochure is simply an admission of failure, after what is said to be $200 Million spent, to demonstrate a single improved clinical outcome.

It is really quite serious when a government publication is so carefully crafted to conceal the lack of progress and to provide quotes and commentary which are frankly untrue.

David.

Sunday, June 25, 2006

An Interesting Week for Australian Health IT

It has been an interesting week for Australian Health IT. First big bit of news was that there seems now to have emerged some concern from our political masters, at least on the opposition side, that Australia’s progress with e-health leaves a good deal to be desired.

As reported in the Australian a few days ago, in an article colourfully entitled “E-Health on Life Support says Labor”, Ms Julia Gillard delivers a withering attack on the performance of the government in the e-health arena.

Among other things she points out:

"We have to face the fact that a national e-health system is at least a decade off"

"Responsibilities have shifted, programs have changed names and the plethora of committees and advisory groups continues to grow," she said.

"In Senate estimates, we learnt that Human Services Minister Joe Hockey had made the decision in May - unannounced - to scrap the Medicare smartcard.

"We also learned that HealthConnect no longer exists as a program, leaving only three small initiatives running in South Australia, the Northern Territory and Tasmania.

"Indeed, HealthConnect has disappeared from the Health Department's lexicon, and there is some revisionist history at work."

The only legacy after four years and $200 million spent on HealthConnect was a "lessons learned" report in 2005 that identified a lack of "the underlying infrastructure and connectivity" critical to a successful implementation, she said.”

The lack of apparent co-ordination between the planned Services Access Card and the NEHTA Individual Health Identifier initiative were also strongly criticised - seeming as they do to duplicate each other's function to a large degree.

Of course she is right… the whole thing has deteriorated into a visionless fiasco. I only hope when, at some time in the future, Labor comes to Government these comments will be remembered and something constructive and properly considered be done.

For a little good news, in contrast, we also learned this week that, despite some delays and difficulties the UK NHS Connecting for Health initiative is actually making some significant progress. This is very good news and offers just a tiny sliver of hope for us south of the equator! It is worth reproducing the summary of the report made by iHealthBeat.

Report Notes Achievements, Delays in NHS IT Program
by Colleen Egan, iHealthBeat Associate Editor
June 20, 2006

The United Kingdom's National Health Service has been under scrutiny since 2002 when it launched in its National Program for IT, which was intended to modernize the NHS' computer systems in an effort to improve care quality. The National Audit Office in a new report looks at the IT program's advances and shortcomings, and makes recommendations for future progress.

According to a report, which was issued last week, the massive IT program's "scope, vision and complexity is wider and more extensive than any ongoing or planned health care IT program in the world, and it represents the largest single IT investment in the UK to date."

The report, "The National Program for IT in the NHS," which was submitted to the House of Commons last week, assesses the state of the IT program, including:

• Progress being made in comparison to the program's original plans and costs;
• Steps being taken to implement the program;
• How the IT systems have been procured; and
• How the NHS is preparing to use the systems.

Schedule and Budget Status

The main goal of the IT program is to "improve services rather than reduce costs," and availability of the IT program's services have "largely exceeded contractual goals," according to the report. As of April 2006, the "Choose and Book" electronic scheduling system was being used for 12% of appointments, and the electronic prescribing program is being used at about 15% of physician offices and pharmacies. In addition, 80,000 active users and 168,000 staff members have registered with the NHS' e-mail system, called NHSmail.

Despite progress on some aspects of the IT program, other components have been postponed. For example, the National Data Spine was up and running on time, but some parts intended to enhance functionality have been delayed, according to the report. Also delayed are the first phases of the NHS Care Records Service, which will make certain parts of a patient's medical records available to caregivers.

The IT program is working to control costs by fostering "vigorous competition" among vendors and by using its buying power to negotiate reduced prices, according to the report. For example, NHS will renew its license for Microsoft desktop product prices for the "lowest prices in the world," according to the report. Overall savings from these types of agreements are estimated at about $1.6 billion.

The report estimates gross spending on the IT program over the 10-year timeframe (2004-2005 to 2013-2014) will be about $22.8 billion. However, Lord Warner, the minister of state for reform who is responsible for the program, in May estimated the total expenditure on NHS IT over 10 years at close to $36.8 billion.

Moving Forward

As the NHS proceeds with the IT program, the report states that successful implementation hinges on three areas:
  • Making sure IT suppliers deliver on time systems that meet the NHS' needs;
  • Ensuring that NHS organizations participate in implementing the program's systems; and
  • Getting the support of NHS staff and the public to use the technology.

The report recommends that the NHS and the Department of Health focus on communication, training, management and evaluation as the departments further their IT plans. For example, the Department of Health and NHS Connecting for Health, which is an agency of the Department of Health, inform NHS organizations and staff as to when certain parts of the IT program will be delivered, and NHS organizations should tell members and staff how the implementation schedule will affect them, according to the report.

Also, NHS Connecting for Health should "continue its strong management of suppliers' performance" to make sure vendors are delivering components of the IT program on time, a process that includes imposing contractual penalties, the report states. In addition, the report recommends that the Department of Health, NHS Connecting for Health and the NHS develop training and development programs for staff and commission studies to evaluate the impact of the IT program and the experiences of organizations that have implemented the technology. ”

I hope our Government is watching and seeing how far they are slipping behind to the cost “in both blood and treasure” of the Australian population.

David.

Sunday, June 18, 2006

Clinical Decision Support - A Major Contribution

Informatics group outlines clinical decision-support 'road map'

Supportive policy and new financial incentives are needed to increase healthcare's adoption of clinical decision-support systems, according to a report produced by the American Medical Informatics Association. The report said that providers are often reluctant to purchase clinical decision-support systems because doing so might increase liability, not be cost-efficient, and privacy regulations hinder them from accessing patient data.

The report also said that a lack of sharing best practices and providing feedback to vendors has stymied the development of adequate systems that are easy to customize. "Thus, lessons learned in clinical use, which could be used to greatly improve the efficiency, acceptability, and value of CDS (clinical decision support) tools, are translated into improved products and implementation strategies very slowly, if at all." Moreover, there is "no mechanism for post-marketing surveillance" and that prevents improvement. The AMIA report suggests that demonstration projects should be launched by 2008, and they could lead to the development of better systems that are more widely used. In 2005, the federal government's Office of the National Coordinator for Health Information Technology commissioned the association to write the report. The association is an organization that studies the development of medical informatics and has 3,000 members made up of providers and researchers. Read the Roadmap for National Action on Clinical Decision Support.

By Joseph Mantone / HITS staff writer

Go here and read - this is vital and important stuff and it is crucial the recommendations get adopted!

http://www.amia.org/inside/initiatives/cds/

David.