Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, October 11, 2006

The Risks of Paper Records!

The following short article appeared in the Canberra Times a few days ago.

“http://canberra.yourguide.com.au/detail.asp?class=news&subclass=general&story_id=514600&category=General&m=10&y=2006

Dumped files a 'break of faith'
Danielle Cronin
Thursday, 5 October 2006

The dumping of sensitive medical records and personal health information at a Canberra recycling centre was a serious breach of patients' right to privacy, a consumer group said yesterday.

The discovery is detailed in the new annual report from the ACT Community and Health Services Complaints Commissioner who recorded a 13 per cent spike in complaints about the health sector in 2005-06.

Health Care Consumers' Association of the ACT president Russell McGowan said the incident involving health records was a "break of faith" with patients and should not be tolerated.

"Appropriate penalties should be in place for those who do breach that privacy of those consumers," he said.

A spokeswoman for Health Minister Katy Gallagher said the commissioner's recommendations were fully accepted and implemented by the Health Department.

Yesterday, acting Commissioner Roxane Shaw would not disclose where the files had come from or exactly where the documents were found because this could compromise the privacy of those people who were affected.

In her report, Ms Shaw said 28 folders - including two containing sensitive health records and personal health information - were found at a recycling centre.

She launched an investigation but could not determine who last had hold of the folders and how the documents ended up at the recycling centre.

The commissioner's office received 580 inquiries that resulted in 276 complaints in the past financial year - up 13 per cent on 2004-05.

But the number of cases closed was down 13 per cent from 302 in 2004-05 to 262 in 2005-06.

Each complaint could cover up to three issues and there were slightly more grievances about the private health sector than the public system.”

I thought it would be worth having a look at the original report – here is what I found.

Case study 12 – Disclosure of personal health information


Twenty-eight folders were found at a recycling centre and passed to the commissioner.

The folders contained a variety of papers, which included sensitive health records and personal health information. An investigation into the circumstances surrounding the discovery of the folders was undertaken and found that, whilst it was not possible to determine who last had possession of the folders or how the folders came to be at the recycling centre, there were two folders that contained personal health information that had been in the control of a health service provider.

The Acting Commissioner considered that information in light of the Health Records(Privacy and Access) Act 1997 and concluded that, in its arrangements for safeguarding those files, the health service provider appeared to have contravened the Health Records Act and to have acted in disregard of the generally accepted standard of service delivery expected of a health service provider. The files had been lost to the health service provider as the record keeper, and were accessed in a public place by an unauthorised person. The health service provider did not have adequate file tracking systems in place.

The Acting Commissioner concluded also that the health service provider had acknowledged the deficiency in its file management system and had taken steps to implement an appropriate file tracking system to prevent a recurrence. The Acting Commissioner returned to the health service provider the two folders that contained personal health information.

The Acting Commissioner recommended that the health service provider advise the subject(s) of the personal health information found at the recycling centre of the disclosure.

The folders that did not contain personal health information were entered on a register and then disposed of by the Acting Commissioner.”

The reason for raising this report is that it highlights just how insecure, and open to possible leakage and abuse, paper records are. This incident is just the latest I have heard of. Over the years there have been an endless series of stories about records from practices that have closed being found in dumpsters or on a council tip, records that have been faxed to the wrong telephone number, records that have vanished through misfiling and so on.

Those that see the electronic record as a risk have to address the following.

First it is well known that in most major paper based hospitals at least 10% of patient encounters are not undertaken with the complete paper record to hand. The reasons for this are legion and include the record being lost, being locked in someone’s office for completion while the patient has presented to the emergency room and so on. The consequence of the lack of the record on patient treatment, safety and the ability to respond correctly in an emergency is obvious.

Second the paper record can only be in one place at a time. It is either here or there whereas the electronic record can be accessed and updated from as many sites as needed. This means the radiologist can report on the films with full rather than ½ a line of information and so do a much better job.

Third there is really no such thing as a back-up of a paper record. If it is lost, destroyed or stolen it is gone. At least a pretty current copy of the electronic version will always be available on the backup tape.

Fourth the paper record has no intrinsic privacy control mechanism of any sort. Once it is in your hand you can read or copy with no one ever knowing. Not so properly implemented electronic records that provide an audit trail of who read what and when etc.

We need to be clear that paper records have a very great potential for harm, error and simply being un-available. All this cannot improve patient care and should not be tolerated in the 21st Century.

David.

Sunday, October 08, 2006

Even the Irish Recognise the Need for Better Health IT!

In a recent editorial the Editor of the Irish Medical Times (Colin Kerr) found himself lambasting the status quo in Irish E-Health and being frustrated at the lack of progress and the dismally low level of investment.

His remarks were as follows:

=========================================

http://www.imt.ie/displayarticle.asp?AID=11736&NS=1&CAT=18&SID=1

Ireland needs an E-health Minister

Colin Kerr says Ireland needs a Minister for E-health to work closely with the Minister for Health and with other Government departments. We are a nation of pioneers led by Luddites. While, individually, Irish people have been responsible for major breakthroughs in science and technology, this has been in spite of, rather than because of, the assistance they have received from their political leaders. With one or two notable exceptions, our politicians have shown a lack of vision, concentrating on short-term gains at the expense of long-term strategy.

Over the last 20 years, they have paid lip service to making healthcare more accessible through better use of information technology, but have failed to deliver on their promises.

In Ireland, public funding makes up approximately 78 per cent of all the money spent on healthcare. Private funding, through insurance arrangements, makes up approximately another 8.5 per cent of funding.

The balance is what individuals pay in ‘out-of-pocket’ expenses — for example, the fees non-medical cardholders pay for general practitioner and other therapy services. In concrete terms, as a sector, health accounted for 28.7 per cent of the Government’s voted revenue expenditure last year.

At €11.36 billion in 2005, health was the single largest cost to the State. It should be pointed out that the health system, as it is now structured, is very people-intensive, with over 70 per cent of the health budget made up of salaries and pensions. Savings might be made if the Government and Health Service Executive (HSE) honoured their commitment to reduce health service staffing — but that’s an argument for another day.

According to the interim Health Information and Quality Authority (iHIQA), and based on international studies, Ireland spent at least €2.8 billion in 2005 on procedures that duplicated one another and on other inefficiencies in the system.

Last November, the Minister for Health and Children, Ms Mary Harney announced overall funding of €12.64 billion for the health services in 2006. This represented an underlying increase of over €1 billion, or 9.25 per cent, over 2005.

As the Minster for Finance said in his Budget Speech (December 2005): “The spending on health at this stage amounts to €3,000 for every citizen in the State or over €9,000 for every taxpayer.”

Negligible spending

When it comes to IT development, Government spending is negligible. The amount that is actually available for capital spending on IT in 2006 (as per the Official Estimates), including Information Society monies, is set at €70 million.

That represents no increase on 2005, or indeed on the figure allocated in 2004. In a recent European study, it emerged that Ireland spends less than 0.5 per cent of its health budget on IT, compared to more than 4 per cent in the Netherlands. There are two main reasons for this.

First, IT spending has never enjoyed a high profile and has traditionally been a poor relation in healthcare funding allocations.

Second, the well-publicised ICT healthcare problems of 2005 have made it even less attractive, politically. As a proportion of total health expenditure, ICT only consumes in the order of 1 per cent. This low level of investment in ICT has left the health system in a very weak position with respect to its ability to manage itself and obtain value from the remaining 99 per cent of health spending. An analysis by the former HeBE (Health Boards Executive) indicated a need for a four to six-fold increase in expenditure in ICT for the health system over the years ahead.

An e-healthy State?

A study on e-health in Ireland was published by the Information Society Commission in December 2004.

The report found that Ireland spends less on ICT in healthcare than (i) investment levels internationally and (ii) accepted ICT investment levels in other economic sectors. It recommended a significant increase in Government spending on ICT in the healthcare sector, to deliver benefits and savings to all stakeholders in the healthcare system.

The strategy was supposed to have been published before the end of 2001. In the event, it was published in July 2004.

The majority of doctors and patients would welcome substantial investment in e-health. The implementation of a well thought out ICT policy should ultimately make our patients happier and healthier.

It will be interesting to see how much money is allocated to e-health in the next budget, but it is not enough to throw money at the health service as has been shown time and time again.

We need somebody in the Government to take personal responsibility for a comprehensive and deliverable information strategy. We have the money now (unlike in the 1980s and most of the 1990s) to do something substantial about remedying the major inequalities in health care services, especially access to services.

We have had the opportunity to learn from our own and others’ mistakes. We have an incredibly skilled group of people working across the private and public aspects of the health system (including the academic and research institutions).

We need a Minister for E-health, who will work closely with the Minister for Health and with other departments, to improve patient mobility.

=========================================

I must say reading this was much like reading “a guide book to the town of my birth” such was the familiarity of what was being said and how much it parallels the Australian progress to date.

(For background Ireland has a population of just over 4 Million and has a per capita GDP that is $US41,000 vs Australia at $US31,000 and 20 Million souls give or take a few)

The health budget is – scaled and corrected for population – looks to be about $A90 Billion (similar to ours) and the growth rate is, worryingly, even a tad higher than Australia at 9.0%+ per annum.

The inefficiency in the Irish system (and information systems) appears to be of almost epic proportions – amounting, when adjusted to $A24 Billion or a good quarter of the budget.

I know of no comparable figures for Australia however even if we are twice as good as the Irish – a very big ask – the opportunity costs of the non-deployment of Health IT in Australia are just enormous – conservatively say $A10 Billion per annum. Note the problems mentioned – duplicated tests, lost information, inadequate information etc - are all familiar to us in the Antipodes!

Even at half this figure I would suggest the idea that a Minister for E-Health is also needed in Australia is pretty compelling. Only with strong and co-ordinated political leadership can the available benefits of Health IT be realised. Imagining the spending $A130 Million over 4 years through NEHTA, without really effective political (read focussed and dedicated Commonwealth Ministerial leadership) commitment and leadership, will make any major difference is pure fantasy. (It is simply not enough)

We need the leadership, a plan and Federal Government insistence that progress be made to get the efficient (and safe and equitable) health system we all want!

How long will we have to wait?

David.

Wednesday, October 04, 2006

Health IT Project Failure – What can be Done to Reduce the Risk?

The following article appeared a day of so on the web. It contains some useful ideas but, as far as Health IT is concerned I suspect there are a few other factor that need to be considered.

================================================

http://www.cio.com.au/index.php?id=1952027913&eid=-601

Why Public Sector IT Projects Fail
Sue Bushell

03/10/2006 15:44:47

What makes big-ticket public sector IT projects so uniquely predisposed to fail? Two new recent reports from the UK highlight political expediency and the constant state of flux within governments and government departments as sharing a big part of the blame.

For instance, during the 10 years from 1995 to 2004, UK central government departments endured on average 16 reorganizations a year, including (counted as only one each), Scottish and Welsh devolution.

And while it's axiomatic that "events, dear boy, events" will change government policy, having large projects that spread across years only increase the chances of the project being affected by a change in Ministerial, governmental or a departmental reorganization, says Quocirca Principal Analyst Elaine Axby in a new opinion piece for Robin Bloor's IT-Director.com.

Axby points to the very nature of the public sector to pinpoint some of the other leading causes of failure. Looking at the key project management criteria of time, performance and cost, she says people in the public sector are not very driven by time. With a culture that offers little pressure to get a project out of the door by Christmas, or before a competitor does, public servants find it hard to accurately assess how long things will take.

Performance, or what the project should deliver, is often derailed by hastily introduced policies, and the very wide array of stakeholders who need input into most public sector projects.

"Given that the estimates of time and performance are not very good, then is it surprising that cost estimates are often wildly inaccurate?" she asks.

Moreover government IT projects struggle with the concept of ownership, and frequently do a poor job of managing stakeholders, Axby says.

Axby repeats the tired old line about good project management not being rocket science, and goes on to suggest that really embedding it in the public sector would make a big difference, as would getting proper business ownership and being able to manage scope creep. She also says smaller projects can help.

But she says while all of these measures can ensure public sector IT projects do better, it is the very nature of the business that government organization and priorities will change.

"I can't easily see any end to the stream of negative National Audit Office (NAO) reports - but really adhering to some of the basic principles of project management such as getting the business case right, clear ownership and better stakeholder management would be a big step forward," she concludes.

Meanwhile Butler Group senior research analyst Mike Davis asks: "If you know that your new computer system, designed to process many millions of pounds for hundreds of thousands of people has 52 critical defects, 14 of which cannot obviously be fixed, and that of the 40 previous audits during the development period, 70 percent had identified serious concerns, would you deploy? Well, of course, it depends on the risks vs the expected benefits. For, if even with the faults it is better than the previous system, then there may be an advantage to deployment.

. . . However, what if three years later your staff have to use 600 manual 'workarounds' to the system to get their job done, and productivity has fallen? Then, in my opinion, it wasn't fit for purpose."

That's not just Davis' opinion, he says, but also that of the NAO in its report about the development and implementation of the systems for the UK Child Support Agency (CSA), released in June 2006. The CSA systems were developed by EDS during a three-year period, and went live in March 2003, after getting the "green light" from the UK Treasury's "independent" Office of Government Commerce (OGC).

Davis says he is concerned by the apparent failing of the OGC to recommend the stopping of the project, and concludes it all demonstrates yet again that in public sector IT, project management disciplines are often rejected for political expediency.

================================================

The key point made is that managerial and organisational instability is a major cause of failure. I agree this is important, and indeed, when one reflects on the Public Health Sector it is really a relative rarity to have an Area Health Service CEO or CIO serve out their full five year contract. This flux is due, in part at least, to a combination of Government and Ministerial changes, changing policy priorities, some being perhaps promoted beyond their capabilities and the unexpected events that precipitate management change.

However there are a few others factors I would rate even more highly in Health IT.

First, especially in the public sector, there is often a disconnect between the managerial responsibility placed on a project manager and the freedom to act they are accorded. At times this leads to the “wrong” staff being retained in roles for which they are no longer suited to the detriment of the project as a whole. The disconnect (and budget inflexibility) also often leads to difficulty in attracting and retaining suitably skilled staff as well as excessive delay in staff acquisition. The other problem that is almost universally encountered in Hospital projects in my experience is the “drip feed” of funds and the difficulties in getting suppliers paid. More than once I have seen competent project managers just resign in disgust when they realise they have neither the spending authority, money or the staff to deliver the project they are required to make happen.

Second, because executive health-care management often have a degree of anxiety related to Health IT, often associated with a fairly limited understanding of what is required, at an executive level, for project success, the quality of project sponsorship and support is less than is needed. Senior executives, like everyone else, prefer to stay within their “comfort zone” and if the Health IT project is not within that zone real difficulties are almost inevitable. The project manager has a real responsibility to carry the project sponsor along on the journey, and to make it clear what they must do for the project to be a success on their watch!.

Third, clinicians inevitably see a new system as a very low priority in their “caring for their patients” activities. This will lead to all sorts of difficulties with change management, training and effective use of a new system, unless both executive management are fully committed and real “clinician” evangelists and enthusiasts are recruited to work with their peers.

Fourth, involvement of all relevant categories of clinicians in the selection and later configuration of systems is crucial. The clinicians really have to be confident the system will work for them and be convinced of its value and utility or the project will be at extreme risk before it even starts.

Fifth, there is a real tendency to underestimate the complexity of and the effort required to implement say a new laboratory or patient management system – to say nothing of clinician facing systems such as Computerised Physician Order Entry or Computerised Nursing Documentation which involve virtually all key staff changing the way they work. Careful planning and an really adequate emphasis on education are vital as is developing real clinician ownership of the project.

Lastly is it clear that all organisations need to develop organisational competence and teamwork with Health IT. I think the best way to do this is to choose one or two easily “doable” projects and get them done on time and within budget. Only once this capability is proven should an organisation try the larger and more complex implementations. Success, as they say, builds on success.

David.

Sunday, October 01, 2006

Privacy Issues Related to the Proposed Access Card.

The following is a very draft discussion paper I and a few colleagues have been working on for the Privacy Assessment of the proposed Commonwealth Access Card. All the views have been developed my me and are NOT ACHI policy at this point in any way at all. I would be interested in any comments any reader may have.

David.

Privacy Issues and Facts Related to the Proposed Access Card.

Discussion Draft – October 1, 2006

Background to the Submission.

The Commonwealth Government is planning to introduce a smartcard based Access Card which will be used as proof of identity for all adult individuals who wish to access services provided by the Commonwealth Department of Human Services. Among other things use of the card will be necessary to obtain payments from both Medicare and Centrelink.

The card is intended to replace 17 health and social services cards, including the Medicare card, health care cards and veteran cards.

Because of concerns regarding the possible impact on individual’s privacy the Professor Alan Fels AO has been asked to chair the Access Card Consumer and Privacy Task Force to address consumer and privacy issues related to development of the health and social services access card by Minister for Human Services Mr Joe Hockey.

The Australian College of Health Informatics (ACHI)

The Australian College of Health Informatics is Australia's peak health informatics professional body. As such the College is concerned that information technology be effectively and successfully implemented in support of healthcare service delivery.

Because of this core interest, and ACHI’s recognition that lack of trust in the ability of information technology to manage private information correctly and securely on the part of the populace could risk successful Health IT implementations, ACHI has an interest in ensuring that the implementation of the Access Card addresses patient privacy appropriately.

ACHI’s View on the Overall Access Card Proposal.

ACHI has no firm view on the policy correctness of the introduction of the Access Card (and the large and complex technology infrastructure needed to support it) as it is presently proposed.

ACHI does however note that a project of this scale does carry very significant implementation risks, due to both its scale and complexity, which will need to be very carefully managed if the current estimates off costs, benefits and timelines are to be met.

Additionally ACHI does have concern that the Access Card is not as voluntary, in a practical sense, as Government has stated. The inability to access Medicare, Centrelink and similar benefits would place significant cost on most citizens who chooses not to have the Access Card. For those with major medical expenses or those on Centrelink income support it is essentially compulsory in all but name. This point is raised because the virtually compulsory nature of the Access Card has significant privacy implications as will be explored below.

Note: This submission assumes that only identification data will be held on the Access Card. The issues that arise if the card functionality extends beyond this (i.e. the card becomes a partial electronic health record) are very complex and would require more detailed review (covering data segmentation on the smartcard, currency of information, primary and secondary data use, emergency, de-identification, pseudonymisation and so on) and are beyond the scope of the Access Card as we presently understand it.

Comments on Privacy Aspects of the proposed Access Card

The Australian College of Health Informatics (ACHI) would like to offer the following for consideration in regard to possible privacy issues surrounding the proposed access card.

1. ACHI is a strong supporter of the Australian National Privacy Principles as a framework for consideration of privacy issues but also believes that Identifiable Personal Health Information requires protection and handling beyond what is offered in the NPP because of the potential sensitivity of such information.

This point has been recognised by the existence of specific legislation in both the Commonwealth and a number of State Jurisdictions specially focussed on preservation of Health Information Privacy and Confidentiality.

The complexity and sensitivity of the issue can be appreciated by recognising that the National Health Privacy Code, whose development was begun in by Health Ministers in 2000 has yet (in October 2006) to be finalised, and that the only evidence of this work being undertaken in now not on the DoHA web site but in the National Archive.

The lack of agreement on this code would argue for care in the storage of Health Information on the Access Card or its attendant backup repository systems until this code is finalised.

2. ACHI is of the view that unless the possible privacy issues surrounding the proposed Access Card are carefully and rigorously framed and developed, and that public opinion is satisfied with the privacy management outcomes developed, there will be substantial public resistance to the adoption and use of the Card.

3. ACHI believes that the threats to personal privacy from electronic records and paper based records are sufficiently different as to require separate consideration, despite the similarity of the objectives to be met with each type of record. As an example 10000 paper records require a major logistic effort to steal whereas 10000 complete electronic patient records could easily be stolen on a 25gm USB Key.

ACHI also recognises that there are also efficiency and process advantages possible with well designed identity management systems. It would be of great value to the health sector if a trusted and privacy enhancing identifier were available to support Electronic Health Record initiatives.

4. ACHI understands the importance of accurate identification of individuals for both patient safety as well as fraud control and is concerned that any system that is devised has sufficient safeguards and protections to ensure extremely low risk of mis-identification. ACHI also recognises that any identification system is only as robust and reliable as its weakest link and that the processes around enrolling, maintaining and securing the identity information held must be very reliable indeed. This means that any temptation to cut cost corners that lead to compromise of the integrity of the system need to be strenuously resisted.

ACHI also recognises that healthcare, unlike other industries must also be flexible in it's direct communication with individuals and be able to reflect the name/s by which the individual is comfortable (preferred name). In this context the issues of identification become more complex than in other environments,. Accuracy must 'vie' with human requirements as well as the need for identification in emergency.

5. ACHI is concerned about the proliferating array of individual person identification systems and believes there should be rationalisation of all these different efforts to minimise cost and maximise data quality. (i.e. the NEHTA identifier and access control initiatives, Minister Abbott’s Health Smartcard, the Access / Smartcard Initiative, Passport ID, the Document Verification System for Attorney General's and Medicare / Centrelink's current ID systems.). The impact of the intersection of these various systems in the future is very hard to predict and may be very damaging to public confidence and trust.

6. ACHI supports the apparent current direction to restrict the information content on the Access Card to just that required for identification to minimise scope creep and the potential abuse of other data which may be held on the card. The scope creep in the uses of the Canadian SIN and the US SSN should be taken as a serious warning as to the risks of permitting un-authorised use of strong individual identifiers and should be specifically legislated against.

7. ACHI believes that it should be recognised that as the Access Card provides access to all Government Benefits (including Medicare and Centrelink Payments) it is, for all practical purposes, a compulsory Identity Card, despite Government claims to the contrary. ACHI would like careful consideration to be given to provision of some granularity in requirement for use of identity in certain circumstances. Simple denial of access without the use of the Access Card may impose unreasonable additional costs on some small segments of the community.

8. ACHI is concerned that there are a significant number of people in the community who, quite legitimately, feel they need multiple “functional” identities to avoid discrimination or persecution and to obtain a degree of peace of mind regarding their access to care. An example of this is the patient with a potentially stigmatising disease (e.g. HIV/AIDS, an STD or mental illness etc) who wishes to preserve their confidentiality regarding that illness while being able to access ordinary care locally.

Unless two “practical” identities are possible the individual is unable to be confident their very sensitive information will only be disclosed when they want it disclosed. (There is good evidence of significant prejudice and persecution when such material is involuntarily released to make these concerns more than reasonable, as does the potential choice individuals may make to not seek necessary care.) ACHI believes development of an approach to meet the needs of such individuals with regard to their avoiding discrimination and prejudice needs to be carefully considered, while recognising the inherent difficulties this poses.

Consultation with the bodies representing those living with HIV / AIDS, Hepatitis C, Mental Illness and Genetic Risk is vital before the operational and privacy frameworks are finalised.

9. ACHI believes that prior to implementation there should be a comprehensive privacy impact assessment, as recommended by the Privacy Commissioner, in her office's submission. This will ensure the whole (including the Access Card, supporting systems and potential uses) , current, proposal gets a fully detailed privacy review. We would also like to see the complete KPMG Business Case for the Access Card be released for public scrutiny, review and comment before the Access Card is finally given the go-ahead. Such release would clarify a range of aspects of the Government’s business case for the Access Card which are presently unclear.

10. ACHI believes there must be legislative controls to ensure all forms of record linking and secondary use based on the Access Card identifier(s) is fully transparent and subject to careful privacy review.

11. ACHI believes there must be legislative controls to ensure the production of the Access Card will never be required by any entity other than the appropriate Government Agencies. (Strict prohibition of use of Access Card for video hire etc).

12. ACHI believes, as does the Privacy Commissioner, that there must be very tight controls on the use of the Access Card identifier for data-linkage and data-mining purposes. Given the Access Card database will be a virtual repository of identification for 16 million Australians it is clear there will be temptations by some agencies to use the Access Card system for linkages which the public would find highly problematic from a privacy perspective. The governance structures set up to manage the overall system must be robust enough to ensure such any use is strictly regulated and in the individual as well as national interest before being approved. (The approach taken to separate Medicare and PBS data is a useful model in this regard).

13. ACHI is concerned that the IT Infrastructure that will be required to support the Access Card will ultimately require a very considerable and quite high risk project be undertaken. The quality of the management of the security and privacy controls built into the system will be vital to the overall project success.

14. ACHI understands the importance of identification in the e-Health environment and would be interested to understand whether the Public Health Sector could reasonably leverage the work undertaken with the Access Card to assist the effectiveness of E-Health implementations which are in the interest of both patients and their carers.

Friday, September 29, 2006

The Access Card Could be Really Expensive, Costly and Delayed!

In the last few weeks a general theme that has been emerging in E-Health Commentary, both here and overseas, has been the increasingly clear recognition that very large national IT projects have a habit of running well over time and budget, sometimes to quite amazing levels, and that, conversely locally driven and managed projects seem to be able to deliver increasingly successfully.

Witness the problems in the UN NHS Connecting for Health Programme which have come to light recently both in the choice of both lead contractor (Accenture) and key software provider (iSoft). It seems both these organisations have yet to fully disclose just how bad the losses and outcomes will be for the UK.

Hard on this news we now find another major project in a different country is similarly apparently running off the rails. The following release from Ovum (The Global ICT advisor) says it all.

“http://www.ovum.com/news/euronews.asp?id=4907

Update on the German electronic health card: more costs, more delays...

Hot on the heels of further delays to the introduction of the electronic health card, comes news of much higher costs than previously expected. An independent cost-benefit analysis produced by Booz Allen Hamilton and commissioned by Gematik, the company in charge of the implementation and the running of the project, concluded that costs are likely to be around €3.9bn rather than €1.4bn previously expected, and could be as high as €7bn. And this sum doesn't include the €585m cost of issuing of the cards.

Taking into account the five-year introduction phase, overall cost is estimated at €5.2bn, which will exceed expected savings of €4.4bn by €800m.

Comment: Gematik's management board is still digesting Booz Allen Hamilton's analysis and is not ready to comment on its results. However, it is certain that the e-health card will go ahead, since its introduction is integral to the German code of social law.

However, the question arises: why is Gematik commissioning a cost-benefit analysis now, in the middle of the project? Before the project began, an initial study determined costs of around 1.4bn versus annual savings of €1.7bn, which sounded promising.

The German government's plans are regarded as the most ambitious telematics project in Europe currently under way. Though other countries such as the UK, France, and Italy are engaged in related projects, their scale in terms of functionality and number of users are smaller. The high complexity of the e-health card, involving 80 million insured citizens, 123,000 general practitioners, 65,000 dentists, 2,200 hospitals, 21,000 pharmacies and 270 health insurance companies, makes it a very large challenge. And the communication, or rather the lack of it, between the involved parties is causing delays in the execution of the project.

We are still a couple of years away before all 80 million insurants are due to have their e-health cards. Gematik has been issuing specifications of the necessary equipment and is testing its market suitability. No tests with patient have started yet, but they will begin in two states this autumn and will be extended to six other sates in 2007. In every step of this long-drawn process, specifications will be altered and adapted to arising problems.

This is a prestigious undertaking for the German government. Its success is not only important for its own standing, but would act as a showpiece for the German IT industry and help it win similar projects in other countries which are currently looking at introducing such a system. Every time one breaks new ground, unforeseen difficulties can arise. But given the many challenges that this project has had to face so far, this news will give more ammunition to its critics.”

The scale and reach of this project obviously has some parallels to the planned Joe Hockey Access Card, indeed while Germany is obviously a larger country, the scope of the Australian project appears to be broader.

A few points deserve to be especially highlighted.

First, even at the half way point, it seems the project will cost rather than save money. Over five years the net loss is presently estimated to be $A1.36 Billion (at today’s exchange rate. It leaves one to wonder just how credible the huge benefits identified in the KPMG report actually are. ($A3.0 Billion in benefits over ten years seems just a trifle optimistic!)

Second the total cost of the project must certainly give some pause for thought!. The current planned cost of the German card is estimated at €5.2 Billion ($A8.84 Billion). Given, on a population basis Germany is about four times the size of Australia this suggests a realistic cost for the Australian Access card (not assuming the Germans get any economies of scale) is $A2.2 Billion. The suggested budget of $A1.1 Billion would look to be a good deal short of what will finally be needed.

Third it seems clear the current Access Card time frame (System implemented by 2008 or 2009 at the latest) seems very, very ambitious indeed based on the German experience.

Fourth it is very clear that the Access Card implementation needs to be very carefully phased and piloted so that all the technical, change management and privacy issues are fully understood and solved on a small scale before a large scale rollout is attempted.

One is forced to the conclude that unless the Australian Access Card team are much smarter than the Germans (unlikely since this is their second generation health card implementation) or we are at serious risk of having a very under-funded, delayed and loss making Access Card implementation which carries all the risks of a very large and very complex IT implementation in the public sector.

It might be a very good idea to have Booze Allen Hamilton (who reviewed the German implementation) review thoroughly the Australian plans, and assure all concerned that all the known issues have been addressed, before we get stuck with a real loser.

David.

Wednesday, September 27, 2006

iSoft and CCHIT – What’s the Link?

A key theme in any discussion of e-health is how to foster adoption and use of Health Information Technology (Health IT). In the last few days a few reports have come together to remind me that this issue is not being addressed in a reasonable way in Australia, but that at least some hopeful signs are emerging elsewhere.

Firstly we have had the reports of the last few days, from both The Australian and e-Health Insider in the UK, of the apparently continuing problems about iSoft plc’s contracts and viability both here and in the UK. The essential messages seem to be that there were some distortions of the selection process by which iSoft has been engaged and not enough scrutiny of the future plans the company said it was assured of delivering in now well past time-frames. This is bad news both for the company and its customers despite all public announcements to the contrary.

On the good news side we have the news announced yesterday regarding the Certification Commission for Healthcare Information Technology (CCHIT) release of the most recent drafts of its functional and interoperability criteria both for ambulatory and inpatient systems.

The mission for CCHIT is to “accelerate the adoption of health information technology by creating an efficient, credible and sustainable product certification program.” These specification are evolving in a studied, obviously competent and purposeful way towards a vision of really excellent, clinically sound and valuable systems which, as they are certified, purchased and implemented, will make a real difference to the quality and safety of the US Healthcare System.

How are these two items linked? I would suggest they are linked through the lack of a national Health IT certification process in Australia than has permitted purchases by State hospital systems of software of poor quality that, it appears, lacks a future. We have seen issues in hospital software selection, cited here, in Tasmania, Victoria, NSW and Queensland (who are still being sued by a disappointed vendor as far as I know).

As far as ambulatory care systems are concerned we also have a situation where both functionality and interoperability between different system providers is hardly assured (to say the least).

CCHIT works by taking only the approved and fully implemented and tested standards, merging them with the priorities of the American Health Information Community and developing a functional and interoperability requirements that are required for certification. They also signal their direction well in advance to give the vendors time to develop what is required that they may not have at a particular point in time.

Having the CCHIT does two important things. Firstly it provides system developers with a clear set of system requirements and objectives. Secondly it provides system purchasers with an assurance, if they stick with the approved products, they will be purchasing competent systems that are being developed to meet real clinical and operational needs, and which have a future.

What is needed, to avoid further unwise purchases both in the private and public sectors, is for NEHTA to rapidly move to replicate the role the CCHIT is playing and for the Commonwealth to ensure there is a clear plan and clear strategic guidance as to the directions e-health needs to move in. This inevitably means resurrecting and funding an Australian Health Information Council like entity and charging it to provide the big picture directional guidance to both NEHTA’s certification arm and the software development community.

Very useful documentation already exists and could be swiftly tailored to meet Australian requirements. The time to get such certification and strategic direction setting capability in place is now to avoid further waste and “spinning of wheels” and to give the software providers confidence to invest for the benefit of all.

It will be the development of strategically and clinically valuable systems by commercially viable and confident software providers that will make Health IT adoption easier and be one further step to a better and safer healthcare system.

David.

Saturday, September 23, 2006

Electronic Prescribing – What is Needed to Move Forward?

Both in the USA and in the UK there are major efforts underway to increase the amount of prescribing done electronically. Additionally, as reported a little while ago in an article here, the Commonwealth is moving to ensure that by early next year there will be no regulatory or legislative barriers to introduction of E-prescribing (EP) in Australia.

The reason adoption is sought is that it is now very good evidence that EP has the capacity to substantially reduce the frequency of Adverse Drug Events (ADEs) and that if this is achieved considerable human suffering and cost can be avoided.

The objective of EP is to deliver to the dispensing pharmacist a prescription from the prescriber that is error free and which can then be dispensed in an error free fashion to the patient. Subsidiary objectives may include maximising the use of generic medication, where appropriate (to also reduce treatment costs), and assisting the pharmacist with accurate and timely claiming of the costs of medication from either the Pharmaceutical Benefits Scheme or the patient depending on the circumstances.

Analysis of the prescribing process identifies three distinct phases (plus financial settlement and inventory management which will not be discussed further as these are simple business processes which are already quite highly automated and well understood.)

Phase 1 is Prescription Creation.

Prescription creation can be done electronically in a number of ways. The simplest is to use a computer to capture the patient details, and then from a data base of available preparations select the appropriate medications and package size and print out a form ready for manual signing. This is now quite widely done and offers the benefit of providing the pharmacist a legible prescription from which to work to dispense. This approach is grossly sub-optimal in 2006 as there is no error prevention or decision support contained in this basic model and the risk of errors in re-entry of the medication information in the dispenser’s system is real and demonstrable, despite the legibility.

The much to be preferred option is that the clinical encounter which is to result in an EP should be documented in an Electronic Health Record for that patient that will contain a range of relevant information to assist with the quality of the prescribing. The system ideally will have a list of the patients active diagnoses, the patients current problem, current regular medication (and ideally complementary substances taken) and basic physiological and other information such as height, weight, age, renal function and so on as well as such things as known allergies etc.

With this information available, and with access to tools such as the electronic Therapeutic Guidelines, as the prescription is developed the clinician not only is alerted to possible interactions and other contra-indications but can easily confirm the appropriateness of the therapy proposed. The literature evidence that well designed systems with these capabilities save lives and money is now unequivocal (see article on this site from a month or so ago).

Such EHR based systems are really the basic client the prescribing clinicians should be using in 2006, especially as the requirements for such systems and what is needed for utility and interoperation is well understood.

Phase 2 is Prescription Transport.

In essence once the quality prescription is created there are two possibilities for . Firstly the prescription can be printed out and given to the patient to present for dispensing or, if legally acceptable, a secure token, containing the prescription, can be given to the patient to be used by the dispenser’s system.

The simplest way of linking the prescriber and dispensing computers I believe is to have the prescribing system write a two dimensional barcode onto the printed prescription. Such barcodes can hold the full written information on the prescription and can be scanned into the dispensing system is less than a second or so. The dispensing system then displays the medications to be dispensed for checking and one the pharmacist is satisfied the dispensing and label printing is completed. The prescription is then marked as having been dispensed and if repeats are authorised the necessary paper work is created. This process benefits the patient (accurate communication with pharmacist) and the pharmacist (avoids the need for data entry). Fraud is prevented by using appropriate encryption of the information stored on the barcode to ensure the clear-text contents of the prescription matches the barcode.

The second approach would be to electronically transmit the prescription directly from the prescriber to the dispenser. This is done in the USA to an increasing extent. In Australia community pharmacy is very concerned that direct transmission might give the prescriber too much commercial influence and so the Pharmacy Guild is totally opposed to any proposal of this sort – despite its obvious attraction in a technical sense.

It seems likely that this problem is best overcome by the creation of a national “store and forward” EP Network. The patient presents at the pharmacy of their choice and provides the paper script or a token and the full prescription is then pulled down from the network. (The 2 dimensional barcode seems simpler and cheaper I must say)

This would seem likely to involve a greater cost than simple point to point messaging of barcoding and it would seem reasonable that any additional costs be bourn by the pharmacists as a whole.

A network of this sort would also have major privacy and security implications, as it creates a large database of essentially every prescription in the country, and may need to be very carefully thought through. Secondary use of this data may however provide some useful and clinically relevant information.

Phase 3 is Prescription Dispensing.

Community pharmacy has been using pharmacy systems for dispensing for many years and once an electronic copy of the prescription is available within the pharmacists computer dispensing and labelling can proceed as usual. The advantage for the pharmacist is avoiding any data entry and any possibility of error in the prescription assessment process. Of course the wrong pack can still be picked off the shelf but this is known to be very rare indeed in the presence of a clearly legible prescription.

Before concluding it is important to realise this article has oversimplified a number of aspects of EP. The medication terminologies to be used in prescription communication are still to be standardised and are important as is some remaining work on other aspects of EP Standards, not to say the excellent work has already been done via the MediConnect Trials, flawed though they were in their final implementations.

Standards Australia have already published work covering the use of HL7 messaging to transfer prescription information the it is important this work is progressed and utilized.

Essentially there a major community benefits to flow from a considered and comprehensive implementation of EP in Australia, there are very few significant barriers remaining to its progress. The work needs to be proceed as soon as possible under the agreed standards frameworks.

What is needed now is the availability of effective, quality EP client systems which provide reliable, consistent and safe decision support and the definition of the technical approach(s) to be adopted the get the prescription from the clinician to the pharmacist.

David.

Monday, September 18, 2006

A Brief for the Australian National Audit Office regarding E-Health

Reflecting on yesterday’s commentary it occurred to me that it may be useful to offer some suggestions as to the rocks the Australian National Audit Office should look under in developing a performance review of Australian E-Health.

In broad terms Performance Audits (Which is the type of audit I feel is needed in e-health) address the following:

1. The existence of, and the suitability of the Information and Communications Technology Strategy that has been or is being implemented.

2. The practicality, quality, project management skills and resource availability applied to ensure successful implementation the project plans.

3. The quality and insight of the Risk Management Plans associated with the project.

4. The business case for implementation of the ICT Strategy being implemented.

5. The outcome of the project in terms of service improvements, financial savings or other relevant evaluation criteria.

6. The degree to which lessons learnt during the project have been disseminated to ensure minimum repetition of mistakes and financial waste.

7. The closeness of the actual delivery of the project and its expected outcomes to those identified in the strategy, planning and business case documentation.

It seems to me that the implementation of e-health, both at a national and state level, has been littered with a range of major projects which have not met expectation (for timing and delivery) and for which there has been very little evaluation made public to foster organisational learning.

First among these must be the HealthConnect initiative. To date there has been a minimum of transparency as to both costs and benefits for this whole program. Despite repeated claims that the notional $128M project is on track and on budget there seems to be very little to show for these funds. A hard look is clearly warranted.

It may be that what is actually required with respect to HealthConnect is a review, in detail, of each of the pilots and implementations as well as the overall strategy. Most important will be to understand what benefits, if any, have been delivered in terms of improved patient care and patient safety.

Second it seems there needs to be an audit of the performance of the governance structures surrounding e-health in Australia. It is no secret that since 1995 there have been a number of reports into the area.

These have included the 1995 Health Communications Network Report, the 1997 House of Representatives Report, the 1998 NOIE Reports such as the 1998/9 Unstoppable Rise of E-Health Report, the 1999 Health On-Line Report, the July 2000 Report to Health Ministers of the National Electronic Health Record Task Force and the 2004 Boston Consulting Group E-Health review at least. In parallel there have also been a range of State Health Department Reports. To date these reports have led to a range of trials which are admitted to have not resulted in any significant national implementation. After all this time the National E-Health Transition Authority has the view that “the momentum for e-health is rising and that the stage is set for Governments to consider a national system of electronic health records". Dr Ian Reineke (CEO, NEHTA - As of April 2006). ANAO really needs to investigate what has gone wrong for over a decade and what is needed to fix things. The opportunity cost of a wasted decade must be assumed to be massive.

Thirdly it has been suggested by Mr Abbott (Federal Health Minister) that the Commonwealth has invested close to $1.0 Billion over the last decade in provision of such programs as the Practice Incentive Program and Broadband for Health. Both these were aimed at improving GP computing. An public audit of the outcomes, learnings and benefits of this expenditure is clearly overdue.

Fourth it seems delivery of benefits from Supply Chain Reform are coming much more slowly than they could or should for the Health Sector. Careful review of the issues here could be very valuable and save real money.

Lastly a strong case can be made for a review of the range of identity and identification programs being sponsored by the Commonwealth which are clearly needing to be rationalised. The importance of the requirements of the Health Sector in this area cannot be underestimated.

Someone needs to be asking just how the NEHTA IHI and IPI initiatives, Minister Abbott’s Health Smartcard, the Access / Smartcard Initiative, Passport ID, the Document Verification System for Attorney General's and Medicare / Centrelink's current ID systems are to be co-ordinated and managed for both efficiency and cost effectiveness.

While not the responsibility of ANAO (but rather the state equivalents) there seems little doubt the procurement processes of Health IT in NSW Health, the Victorian HealthSmart Project, the continuing delays in Queensland Health’s IT implementations and the use of scanned records in Tasmania could all stand careful audit scrutiny.

Clearly there is lots to be done. Let’s hope some one will take up the torch and get all this back on the rails.

What score out of ten do you think these various initiatives would achieve if fairly audited?

David.