In this short article I try to suggest there is a way to achieve the benefits of Smartcard technology and at the same time improve the service delivery and efficiency of the Commonwealth Human Services Department while avoiding much, if not all, of the present concerns regarding privacy and function creep.
The approach would involve the following:
1. Having an Access Card that has nothing more visible on it than its name (A Commonwealth Access Card) and a strip where the citizen can write their chosen ID (that could be their name but does not need to have anything to do with their actual name, address etc). (The card face has no photo, no name, no date of birth, no number etc).
An option, if required, for those who need to deal with services by phone, and need to quote a number might be to allow the ID number to be printed on the card at the specific request of the citizen. Normally most would not need this option as they would be obtaining a benefit at a point of service in person with their card.
2. The Access Card holds only four pieces of information electronically.
a> The card’s ID Number and
b> A quality photo of the card owner and
c> The unique biometric identifier code created from the photo and
d> A card expiry date.
3. The Commonwealth Secure Customer Database only holding the ID number, the citizen’s name and the biometric identifier derived from the photo (not the photo itself).
4. The Access Card being secured electronically so it is only usable by Commonwealth Government services authorised by legislation to utilise the Access Card using Commonwealth Government Access Card Readers.
5. The Access Card held information not being accessible by standard PC equipment or card readers.
6. Having the Access Card do nothing but act as a ‘key holder’ for Government services and nothing else (not a “mini-iPod”, e-Health Card, credit card etc)
How should the system be used?
First, when enrolling for an Access Card, high quality (“100 point”) ID is provided and temporarily stored against the ID Number that is to be allocated. At the same time the photo is taken, converted into a biometric, coded biometrically and also stored.
Next, once appropriate verification of the documentation is undertaken, the card is issued with the data mentioned above being stored on it. All information other than the name, the other data used by the electoral commission, the biometric ID code and the ID number are then removed from the secure database and destroyed. (This is necessary to prevent multiple cards being issued for the same person)
Internal Human Services Department systems use the ID number as their key and each collects all the other information they require for their operations when the card is first presented at say a Medicare, Veteran’s Affairs or CentreLink office. Each benefit thus has its own data-base to manage each benefit and linkage of these data-bases would be only permitted for reasons the public are content with.
All Government card readers will be photo display-enabled to facilitate display of the stored image of the customer, which is only held on the card and no-where else, and the name associated with the card. The ID Number is made available only electronically to Government systems and to no other requesters – even if they gain access to a Government card reader. Thus people delivering services can verify an individual’s ID and determine their ID number, but the card is useless to anyone else who is not an identical twin with the same name who can access a Government card reader and persuade the supporting system to provide its ID number. Still better, even if an ID number is known, it cannot be used without a matching card or specific consent from citizens who desire to access services over the phone and who are happy with the risks this involves.
If desired a PIN could be also used to maximise the security of access, even to the photo.
The benefits of this approach are:
1. There is no database created of every Australian Citizen that holds any more information than the electoral role with an ID number and a biometric ID (Note: no photographic image is held by government).
2. No photographic database of citizens is developed.
3. The card, having only a hand written “name” on it, cannot be used by anyone if lost. If use is attempted the embedded picture and the correct name will be displayed by the reader and this will disclose any attempted fraud to the Government operator.
4. If a citizen chooses to apply a PIN the card will be virtually useless if lost.
5. No one is going to ask anyone to produce a blank card to confirm their ID – especially when no useful information is available without a special Government reader. It will not become an instrument of control and oppression as the present proposal risks.
6. Function creep cannot happen except if the network of Government readers is extended and the citizen chooses to use the service that the Access Card enables.
7. The risk of a numbered card causing identity fraud disappears - there is no number on the card.
With this approach the Commonwealth has a strong link between the key it uses to deliver services and the presenting citizen seeking to use those services, thus it can control fraud etc but the card is – still as it should be – just an Access enabler.
The only downside of this approach is that, if the card is lost, full re-identification is required. That dis-incentive of itself should make most people pretty careful with their card!
The point of this commentary is to show it would be possible to design an Access Card system that would be privacy friendly and meet the Government’s objectives.
Why this has not been done is a mystery to me.
David.
Late Note:
In the Financial Review of the 13 Feb 2007 we now learn function creep is running on apace with, among other things, disputes breaking out with the banking sector of the recording of the Access Card ID in banking records and the rules for how such ID can be asked for. The banks say that having to get written consent to record and use the ID is too onerous. My position would be that an Access Card ID is no business of the banks whatsoever, consent or no! Extra function creep number two is that it seems a ‘voluntary’ Aboriginality flag is to be added – as requested by Medicare Australia. Will it never stop!
D.
This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Quote Of The Year
Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"
or
H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."
Tuesday, February 13, 2007
What Might A Privacy Friendly Access Card Look Like?
Sunday, February 11, 2007
What Should be the Practical Outcomes of Health IT Privacy Protections?
In the last year, and most especially since awareness of the Human Services Access Card Project and the NEHTA IHI Project has increased, there has been a lot of legal and technical debate regarding these projects.
What seems to have been missing, for me, is a discussion of what is actually desired as the practical outcome(s) of whatever privacy regime we put in place and why each of those attributes is important. This is to forget for a moment how these outcomes are to be achieved technically but to recognise that in the design of any technical solution privacy has to be an embedded, fundamental design requirement.
My views have been formed from a range of sources, including a range of contributions to the Access Card Debate from the Privacy Commissioner and Prof. Alan Fels and his Taskforce, but I have additionally had the experience of consulting a range of interest groups in this area directly and the strength of their feelings has had a significant effect on my position. In saying this I must point out that with the exception of one or two ‘extremist privacy zealots’ who would require that a clinician were not to take any clinical notes and be subjected to a ‘brain wipe’ the moment a consultation was concluded, most groups and their representatives were balanced and totally reasonable in their concerns.
If I was to try and summarise what I have heard and continue to hear in a sentence or two it would be that people desire to have control over disclosure (to anyone) of health information they see as sensitive for what-ever reason and that if they feel they lack that control they become concerned or worse. There is also a feeling (belief) that health information – especially historical and diagnostic information – is different to financial and other private information in the sense that once disclosed it may not age or become less important over time (knowing a person’s bank balance or credit card number is likely to be only of importance for a short period of time – not so that an individual who has a genetic illness, has had a mental illness or has HIV / AIDS).
While not yet an issue of significant public concern it seems to me that, in an age where discoveries are being made daily, the control and sharing of genetic information will also become a major health information privacy concern over time.
There is also an increasingly pervasive feeling that exercise of control over one’s private information is becoming more difficult in the electronic age and that there is a reducing tendency to trust assurances as to privacy as individuals see their ‘private information’ turn up, unexpectedly, in the hands of all sorts of marketing entities and the like. Trust is also being eroded with the frequency of stories about improper access to information given in confidence to agencies such as the Australian Tax Office and CentreLink.
As yet it seems that most people are happy to share virtually all private information with the key individuals involved in their care on the general, usually unstated, proviso that they will be asked or give consent in some way and that they understand why such sharing is required. (Chronic disease advocacy groups are among those most keen for controlled but necessary information sharing). There are however some groups – especially those who could be described as having either stigmatising or embarrassing illnesses – who desire very considerable control of the use of their information at almost a ‘line by line’ level. If such groups are not provided with such control they will typically withhold information from carers, with the risk of poor or dangerous care being provided.
There is little doubt that individuals with HIV/AIDS, a history of mental illness and others are a major group of owners of multiple Medicare Cards. This permits them to receive care they may otherwise miss out on without disclosing to routine carers information they wish to keep to themselves. Just how this group will be catered for, reasonably, in the present Access Card and NEHTA proposals, is not yet clear to me.
The use of such ‘multiple identities’ is more common than is widely understood and is based on very well grounded fears of discrimination in all sorts of areas of life if some secrets are not kept. Latrobe University has, in a number of reports, highlighted the range and depth of discrimination and disadvantage suffered by many HIV/ AIDS patients.
It should also be noted that for many chronic disease groups the prospect of the use of de-identified information for purposes such as research and public health is strongly supported – just as long as there is no risk of re-identification of the information being possible.
Another poorly recognised issue on the part of city based health policy developers is the impact of even relatively innocuous unauthorised disclosure of information in smaller communities. (The ‘only gay in the village’ effect.) The impact of such disclosure can result in people needing to re-locate or worse and must be carefully addressed in any system design.
Of note also is the need to recognise that health information typically is associated with detailed demographic information (age, sex, address, date of birth etc) and that this information is true ‘grist to the mill’ for those who wish to trace people for whatever reason or who wish to steal identities.
Another issue not often discussed is the need to ensure flows of information to employers, government agencies etc is not prejudicial to gaining or retaining employment or receiving appropriate benefits and payments. Employers are certainly not equipped, in general, to understand or make sense of private health information, and should not receive it without specific consent. The same also applies to insurance companies, recognising that the citizen must understand that a failure to disclose germane information will most probably mean the coverage is void.
All in all it seems to me there is a perception emerging that control of one’s private health information is being steadily eroded and that this is not beneficial to anyone. As I have said before trust is lost if the citizen does not have the final say as to how, within reason, their private health information will be shared and used, and if that is permitted to happen E-Health will struggle to succeed in the way it should.
It is up to the proponents of the Access Card and NEHTA to ensure these ‘unexpected consequences’ of their initiatives are properly handled, that reassurances provided are indeed true and that we don’t create a class of disadvantaged and discriminated against ‘health information privacy refugees’.
David.
What seems to have been missing, for me, is a discussion of what is actually desired as the practical outcome(s) of whatever privacy regime we put in place and why each of those attributes is important. This is to forget for a moment how these outcomes are to be achieved technically but to recognise that in the design of any technical solution privacy has to be an embedded, fundamental design requirement.
My views have been formed from a range of sources, including a range of contributions to the Access Card Debate from the Privacy Commissioner and Prof. Alan Fels and his Taskforce, but I have additionally had the experience of consulting a range of interest groups in this area directly and the strength of their feelings has had a significant effect on my position. In saying this I must point out that with the exception of one or two ‘extremist privacy zealots’ who would require that a clinician were not to take any clinical notes and be subjected to a ‘brain wipe’ the moment a consultation was concluded, most groups and their representatives were balanced and totally reasonable in their concerns.
If I was to try and summarise what I have heard and continue to hear in a sentence or two it would be that people desire to have control over disclosure (to anyone) of health information they see as sensitive for what-ever reason and that if they feel they lack that control they become concerned or worse. There is also a feeling (belief) that health information – especially historical and diagnostic information – is different to financial and other private information in the sense that once disclosed it may not age or become less important over time (knowing a person’s bank balance or credit card number is likely to be only of importance for a short period of time – not so that an individual who has a genetic illness, has had a mental illness or has HIV / AIDS).
While not yet an issue of significant public concern it seems to me that, in an age where discoveries are being made daily, the control and sharing of genetic information will also become a major health information privacy concern over time.
There is also an increasingly pervasive feeling that exercise of control over one’s private information is becoming more difficult in the electronic age and that there is a reducing tendency to trust assurances as to privacy as individuals see their ‘private information’ turn up, unexpectedly, in the hands of all sorts of marketing entities and the like. Trust is also being eroded with the frequency of stories about improper access to information given in confidence to agencies such as the Australian Tax Office and CentreLink.
As yet it seems that most people are happy to share virtually all private information with the key individuals involved in their care on the general, usually unstated, proviso that they will be asked or give consent in some way and that they understand why such sharing is required. (Chronic disease advocacy groups are among those most keen for controlled but necessary information sharing). There are however some groups – especially those who could be described as having either stigmatising or embarrassing illnesses – who desire very considerable control of the use of their information at almost a ‘line by line’ level. If such groups are not provided with such control they will typically withhold information from carers, with the risk of poor or dangerous care being provided.
There is little doubt that individuals with HIV/AIDS, a history of mental illness and others are a major group of owners of multiple Medicare Cards. This permits them to receive care they may otherwise miss out on without disclosing to routine carers information they wish to keep to themselves. Just how this group will be catered for, reasonably, in the present Access Card and NEHTA proposals, is not yet clear to me.
The use of such ‘multiple identities’ is more common than is widely understood and is based on very well grounded fears of discrimination in all sorts of areas of life if some secrets are not kept. Latrobe University has, in a number of reports, highlighted the range and depth of discrimination and disadvantage suffered by many HIV/ AIDS patients.
It should also be noted that for many chronic disease groups the prospect of the use of de-identified information for purposes such as research and public health is strongly supported – just as long as there is no risk of re-identification of the information being possible.
Another poorly recognised issue on the part of city based health policy developers is the impact of even relatively innocuous unauthorised disclosure of information in smaller communities. (The ‘only gay in the village’ effect.) The impact of such disclosure can result in people needing to re-locate or worse and must be carefully addressed in any system design.
Of note also is the need to recognise that health information typically is associated with detailed demographic information (age, sex, address, date of birth etc) and that this information is true ‘grist to the mill’ for those who wish to trace people for whatever reason or who wish to steal identities.
Another issue not often discussed is the need to ensure flows of information to employers, government agencies etc is not prejudicial to gaining or retaining employment or receiving appropriate benefits and payments. Employers are certainly not equipped, in general, to understand or make sense of private health information, and should not receive it without specific consent. The same also applies to insurance companies, recognising that the citizen must understand that a failure to disclose germane information will most probably mean the coverage is void.
All in all it seems to me there is a perception emerging that control of one’s private health information is being steadily eroded and that this is not beneficial to anyone. As I have said before trust is lost if the citizen does not have the final say as to how, within reason, their private health information will be shared and used, and if that is permitted to happen E-Health will struggle to succeed in the way it should.
It is up to the proponents of the Access Card and NEHTA to ensure these ‘unexpected consequences’ of their initiatives are properly handled, that reassurances provided are indeed true and that we don’t create a class of disadvantaged and discriminated against ‘health information privacy refugees’.
David.
Tuesday, February 06, 2007
Where Could NEHTA Actually Add Value?
In this article I attempt to identify the tasks and objectives that NEHTA should be addressing rather than what is presently happening. The strategic perspective I am adopting is one that says there are two key priorities for virtually all health service organisations and that NEHTA’s efforts should be predominantly focussed on supporting, enabling and facilitation these two (urgent) priorities.
The two key priorities are that first health services should be safe and effective and second that health services should be economically efficient while being equitably accessible and distributed where ever that is possible.
The implications of ‘safe and effective’ include that no unnecessary harm is done, that needed treatments are not omitted and that where possible the care provided is based on up-to-date evidence. There is an implicit implication here that recognises that modern clinical practice is so complicated that only with automated support and well designed systems (both manual and electronic) can ‘safe and effective’ care be demonstrably delivered. Another clear implication is that all deliverers of care must be provided with the best possible tools and circumstances to ensure their patients have the best outcomes.
Efficiency and equity of access I would suggest are matters of common sense and common humanity. We should not be wasteful in delivery of care and we should ensure that all who need care can receive it without unreasonable delay.
Secondary priorities include the collection and management of information that both permits and enables the health system to operate in a coordinated and coherent fashion, be well managed and have a sensible balance between preventative and curative care.
Un-stated, but implicit in all of the above, is that everyone touching the health system is treated with respect, compassion and that their personal privacy and individual autonomy is fully respected and guarded.
NEHTA’s mission should be identify, specify, define and recommend the attributes of the Health IT systems required to optimally support the overall health system which has these objectives and goals. This it should be doing by working with the relevant stakeholders (including clinicians, relevant service providers (Pharmacists, Laboratories, Radiologists etc) ,Health IT providers, Health Departments and Institutions and consumers) to identify out what is needed and then develop innovative ways to have such systems delivered and a coherent fashion.
It seems to me, based on the Rapid Learning Approach identified in two recent blog entries, that where the main value lies is not so much in having systems, but having them actually used in the delivery of care. This means we need usable, quality systems, with rich functionality in decision support etc, in use in our General Practices, Specialist Offices and Hospitals. We also need to have them communicating successfully and safely the clinical information needed both to deliver care and understand what is happening out in ‘the field’. The systems also need to be able to ‘take care of business’ and thus appropriate links to Medicare Australia and other funders are important.
Additionally careful analysis of referral and prescription information and the associated systems is important. Also it is important not to ignore the needs of the public health sector in monitoring illness and warning of possible bio-terrorism. Analysis of where technology can assist in delivery of mental and aged care services is also needed urgently – although much is already known much of the relevant information seems a little fragmented at present in Australia.
On the basis that we know all provision of all the necessary systems is doable the first major task for NEHTA should be to develop a the National E-Health Strategy and Business Case and Broad Implementation Plan that, treating the health system holistically, maps a practical achievable and incrementally achievable roadmap of activities and investment.
Secondary activities should centre around utilising the work done both here and overseas to define and specify functionally the minimum standards for GP, Specialist, Hospital and Ancillary Systems. The CCHIT model in the US is one to consider with relevant changes to suit local conditions and business requirements for certifying systems once the system capabilities and connectivity is defined.
With hospital systems it may be valuable to develop common specifications against which State health systems can conduct procurements. Such systems are major investments and no doubt support from a skilled national entity would be welcome.
In essence what I am suggesting is that NEHTA should be working to ensure, as quickly as possible, quality systems are certified and health providers are able to procure / purchase them in the confidence they will be fit for purpose and deliver the benefits expected while having the basic levels of interoperability needed to enable practical information flows and clinical messaging around the health system. Note I am also keen that key enabling work, terminologies etc, also continue and that NEHTA be resourced to ensure deadlines promised to the Health IT community are actually delivered. That way the available products will be so much better!
It is up to the Health IT system providers to offer competent certifiable products and services and the health system to address how best to facilitate the required investment and ensure benefits are distributed to those who incur the costs and undertake the additional work.
I recognise that this outline is very high level and will require major change management. However, nothing here ‘rocket science’, the technologies are proven and implementable and the risks can be managed reasonably easily. Additionally the implementation can be phased and incremental so mistakes are learnt from and risk further minimised.
An approach of this type could, in a five year time frame, dramatically improve the safety, effectiveness and manageability of our health system. It would be good if NEHTA just forgot about identity management (others are doing it), academic interoperability frameworks, shared EHRs and the like for this period and facilitated getting the basic proven technologies implemented and used. Once the local operational systems of high quality are in place the challenge of enhanced information sharing can be addressed incrementally over time – just as is happening elsewhere in the world (witness the ground up Regional Information Network Approach in the US and the scaling back of the information content on “the Spine” in the UK NHS)
David.
The two key priorities are that first health services should be safe and effective and second that health services should be economically efficient while being equitably accessible and distributed where ever that is possible.
The implications of ‘safe and effective’ include that no unnecessary harm is done, that needed treatments are not omitted and that where possible the care provided is based on up-to-date evidence. There is an implicit implication here that recognises that modern clinical practice is so complicated that only with automated support and well designed systems (both manual and electronic) can ‘safe and effective’ care be demonstrably delivered. Another clear implication is that all deliverers of care must be provided with the best possible tools and circumstances to ensure their patients have the best outcomes.
Efficiency and equity of access I would suggest are matters of common sense and common humanity. We should not be wasteful in delivery of care and we should ensure that all who need care can receive it without unreasonable delay.
Secondary priorities include the collection and management of information that both permits and enables the health system to operate in a coordinated and coherent fashion, be well managed and have a sensible balance between preventative and curative care.
Un-stated, but implicit in all of the above, is that everyone touching the health system is treated with respect, compassion and that their personal privacy and individual autonomy is fully respected and guarded.
NEHTA’s mission should be identify, specify, define and recommend the attributes of the Health IT systems required to optimally support the overall health system which has these objectives and goals. This it should be doing by working with the relevant stakeholders (including clinicians, relevant service providers (Pharmacists, Laboratories, Radiologists etc) ,Health IT providers, Health Departments and Institutions and consumers) to identify out what is needed and then develop innovative ways to have such systems delivered and a coherent fashion.
It seems to me, based on the Rapid Learning Approach identified in two recent blog entries, that where the main value lies is not so much in having systems, but having them actually used in the delivery of care. This means we need usable, quality systems, with rich functionality in decision support etc, in use in our General Practices, Specialist Offices and Hospitals. We also need to have them communicating successfully and safely the clinical information needed both to deliver care and understand what is happening out in ‘the field’. The systems also need to be able to ‘take care of business’ and thus appropriate links to Medicare Australia and other funders are important.
Additionally careful analysis of referral and prescription information and the associated systems is important. Also it is important not to ignore the needs of the public health sector in monitoring illness and warning of possible bio-terrorism. Analysis of where technology can assist in delivery of mental and aged care services is also needed urgently – although much is already known much of the relevant information seems a little fragmented at present in Australia.
On the basis that we know all provision of all the necessary systems is doable the first major task for NEHTA should be to develop a the National E-Health Strategy and Business Case and Broad Implementation Plan that, treating the health system holistically, maps a practical achievable and incrementally achievable roadmap of activities and investment.
Secondary activities should centre around utilising the work done both here and overseas to define and specify functionally the minimum standards for GP, Specialist, Hospital and Ancillary Systems. The CCHIT model in the US is one to consider with relevant changes to suit local conditions and business requirements for certifying systems once the system capabilities and connectivity is defined.
With hospital systems it may be valuable to develop common specifications against which State health systems can conduct procurements. Such systems are major investments and no doubt support from a skilled national entity would be welcome.
In essence what I am suggesting is that NEHTA should be working to ensure, as quickly as possible, quality systems are certified and health providers are able to procure / purchase them in the confidence they will be fit for purpose and deliver the benefits expected while having the basic levels of interoperability needed to enable practical information flows and clinical messaging around the health system. Note I am also keen that key enabling work, terminologies etc, also continue and that NEHTA be resourced to ensure deadlines promised to the Health IT community are actually delivered. That way the available products will be so much better!
It is up to the Health IT system providers to offer competent certifiable products and services and the health system to address how best to facilitate the required investment and ensure benefits are distributed to those who incur the costs and undertake the additional work.
I recognise that this outline is very high level and will require major change management. However, nothing here ‘rocket science’, the technologies are proven and implementable and the risks can be managed reasonably easily. Additionally the implementation can be phased and incremental so mistakes are learnt from and risk further minimised.
An approach of this type could, in a five year time frame, dramatically improve the safety, effectiveness and manageability of our health system. It would be good if NEHTA just forgot about identity management (others are doing it), academic interoperability frameworks, shared EHRs and the like for this period and facilitated getting the basic proven technologies implemented and used. Once the local operational systems of high quality are in place the challenge of enhanced information sharing can be addressed incrementally over time – just as is happening elsewhere in the world (witness the ground up Regional Information Network Approach in the US and the scaling back of the information content on “the Spine” in the UK NHS)
David.
Sunday, February 04, 2007
Australian E-Health Policy – Is NEHTA’s Board Steering in the Right Direction?
On the 30th January 2007 The Australian published a long article entitled “ Doing the numbers on e-health” by Karen Dearne which was described as the “world according to Dr Ian Reinecke” CEO of the National E-Health Transition Authority (NEHTA).
It seems to me that a sensible way to approach the article is to endeavour to distil what was being said or implied and to offer commentary on that basis. As the comments were made by the NEHTA CEO it seems fair to assume he is accurately reflecting the views and understanding of the NEHTA Board and it is my plan to address the apparent policy directions and choices being made by that Board, based on the position reflected in the comments documented in the Australian.
First it was obvious throughout the interview that NEHTA has no sense of urgency about advancing the e-health agenda. We are told that the business case for the National Shared Electronic Health Record (SEHR) may be ready for Council of Australian Governments (COAG) in 2007 (or if not 2007, hopefully 2008) although it was not clear, even if ready, whether it could actually make it onto COAG's agenda. Elsewhere we are told that (presumably) after approval has been given it will take three years (at least) to develop before it can be progressively implemented (over how long is not specified). What this says is that implementation may start in 2011 at the earliest and then proceed at presumably an equally relaxed pace.
Given Australia has been working on a variety of Shared EHR proposals since a House of Representatives Report in 1997 it is just flabbergasting that it can take a decade to get to the stage of developing a business case for e-Health which is yet to be completed or released. (The UK, the US and Canada did this years ago.) Worse it seems they are then prepared to wait another un-specified number of years to actually begin to deliver benefits in terms of patient safety and the quality of care – to say nothing of health sector efficiency. We know from studies overseas the opportunity costs of not implementing Health IT are billions of dollars in benefits forgone per annum (Canada thinks about six billion per annum in their country, which is similar in size to Australia) but it seems clear the NEHTA Board is content to just ignore such costs and proceed at the current leisurely pace. NEHTA itself, in documents published almost a year ago, has shown it understands this opportunity cost – so where is the action?
The lack of urgency with which NEHTA is proceeding becomes even clearer when it is recognised that responsibility for development of the SEHR was passed to NEHTA from the Commonwealth Health Department in April 2005. What progress has been made since then has not been obvious to this observer. Very little - is likely to be the answer given the interview comment like “A lot of that detail will start to move into the public domain, and (the SEHR) will be the subject of intensive work over the next 12 months”.
Second we are told by Dr Reinecke that “My understanding is that the access card will operate quite separately from the healthcare identifier. At this point there's really no place where the projects intersect.”
Just how can this be right?. The Access Card is going to allocate an identifier for use in the access of Health Services - how then can it be that this doesn't intersect with the identifier NEHTA plans to allocate for use in the Health Sector? If this proceeds all it means is that essentially every user of the Health Sector will have two identifiers on their health records – one from Minister Ian Campbell and one from NEHTA. I wonder does the Board understand just how bizarre and potentially wasteful this is?
Worse than that, the NEHTA identifier is likely to be the less robust of the two and yet it is the one that is intended to assure reliable linkage of health records rather than the much more carefully verified Access Card identifier!
Even more difficult to follow is that NEHTA thinks it can provide a health identifier for $15 million a year over three years ($45 million) and the Access Card project is costed at over $1.1 billion over about four years. Someone surely has their costings badly wrong?
Third we are told that it is NEHTA's preference to change the law so they can mine the most reliable of the Medicare client databases for names and addresses to populate their identity database.
I wonder what Professor Alan Fels of the Access Card Privacy Task Force and Ms Karen Curtis of the Commonwealth Privacy Commission would think of this proposal to covertly, and without consent, mine a Medicare database for details provided by citizens in good faith. My suspicion is that they would be gravely concerned. The Board should certainly make sure they are consulted (if it hasn’t) before any more money is spent.
Last we learn that NEHTA is confident the Standards it needs will be ready and that great progress is being made. This is true to the extent that we see the emergence of pragmatism and a sense of urgency in the US and also work in the UK to simplify implementation of HL7 V3.0. While progress is being made at a good pace on the Healthcare Services Specification Project Overview (a collaboration between HL7 and OMG) this work is unlikely to be ready for “prime-time” anytime soon.
It should be remembered that when NEHTA was conceived its job was to *quickly* choose amongst the available (and evaluated) standards - now it is trying to write the standards, which will probably take a decade to agree upon and even longer to generate the evidence that says they actually work. The much lower risk profile for using proven currently working standards versus scrapping them for their obvious defects (they will have these, by definition, of course) and going for long term high risk standards development has never been discussed, nor acknowledged. It is a fundamental shift in NEHTA's program, and seems to almost have happened by accident. Yet it is a profound shift. For this to happen without anyone worrying about it, seems to show an apparent loss of control on the part of the Board in its oversight of NEHTA’s direction.
Without rehearsing again all the other matters I have raised over the last month or two it seems to me that the NEHTA Board has not demonstrated (after two years) it is up to the task of providing National E-Health Leadership and delivering the required oversight to NEHTA. If NEHTA’s CEO reflects the Board’s priorities and views accurately, and I am sure he does, it is my opinion that, on the public evidence to hand, the Board is strategically inept, ill-informed, technically out of its depth, out of touch with the e-health community and stakeholders and their requirements and simply inadequate to the task.
It would be of value to the whole E-Health domain in Australia if the NEHTA Board was to produce a paper documenting their understanding of the issues raised herein and their proposed strategic action plan to address them.
I would also suggest a lot of the problems we now see are related to the loss of the Australian Health Information Council (AHIC) and its role in providing technical and strategic governance of NEHTA. AHIC is apparently to be re-constituted in the next few months (after a two year hiatus) but unless it is properly constituted, resourced and empowered this may be more of a hindrance than a help. We will see.
What I was hoping to hear, and didn’t, was that work on a National E-Health Strategy was well underway and that calls from a large number of stakeholders for improved pragmatism, responsiveness, transparency and consultation from NEHTA’s stakeholders and customers were being taken seriously and actioned. I would also have liked to hear that NEHTA was going to push for rapid progress in implementation of the Health IT applications and approaches that are known to work in saving lives and improving efficiency while pursing its long term R&D agenda. No such luck it seems!
The E-Health Domain is one area where a Commonwealth takeover and Commonwealth leadership is to be welcomed!
David.
It seems to me that a sensible way to approach the article is to endeavour to distil what was being said or implied and to offer commentary on that basis. As the comments were made by the NEHTA CEO it seems fair to assume he is accurately reflecting the views and understanding of the NEHTA Board and it is my plan to address the apparent policy directions and choices being made by that Board, based on the position reflected in the comments documented in the Australian.
First it was obvious throughout the interview that NEHTA has no sense of urgency about advancing the e-health agenda. We are told that the business case for the National Shared Electronic Health Record (SEHR) may be ready for Council of Australian Governments (COAG) in 2007 (or if not 2007, hopefully 2008) although it was not clear, even if ready, whether it could actually make it onto COAG's agenda. Elsewhere we are told that (presumably) after approval has been given it will take three years (at least) to develop before it can be progressively implemented (over how long is not specified). What this says is that implementation may start in 2011 at the earliest and then proceed at presumably an equally relaxed pace.
Given Australia has been working on a variety of Shared EHR proposals since a House of Representatives Report in 1997 it is just flabbergasting that it can take a decade to get to the stage of developing a business case for e-Health which is yet to be completed or released. (The UK, the US and Canada did this years ago.) Worse it seems they are then prepared to wait another un-specified number of years to actually begin to deliver benefits in terms of patient safety and the quality of care – to say nothing of health sector efficiency. We know from studies overseas the opportunity costs of not implementing Health IT are billions of dollars in benefits forgone per annum (Canada thinks about six billion per annum in their country, which is similar in size to Australia) but it seems clear the NEHTA Board is content to just ignore such costs and proceed at the current leisurely pace. NEHTA itself, in documents published almost a year ago, has shown it understands this opportunity cost – so where is the action?
The lack of urgency with which NEHTA is proceeding becomes even clearer when it is recognised that responsibility for development of the SEHR was passed to NEHTA from the Commonwealth Health Department in April 2005. What progress has been made since then has not been obvious to this observer. Very little - is likely to be the answer given the interview comment like “A lot of that detail will start to move into the public domain, and (the SEHR) will be the subject of intensive work over the next 12 months”.
Second we are told by Dr Reinecke that “My understanding is that the access card will operate quite separately from the healthcare identifier. At this point there's really no place where the projects intersect.”
Just how can this be right?. The Access Card is going to allocate an identifier for use in the access of Health Services - how then can it be that this doesn't intersect with the identifier NEHTA plans to allocate for use in the Health Sector? If this proceeds all it means is that essentially every user of the Health Sector will have two identifiers on their health records – one from Minister Ian Campbell and one from NEHTA. I wonder does the Board understand just how bizarre and potentially wasteful this is?
Worse than that, the NEHTA identifier is likely to be the less robust of the two and yet it is the one that is intended to assure reliable linkage of health records rather than the much more carefully verified Access Card identifier!
Even more difficult to follow is that NEHTA thinks it can provide a health identifier for $15 million a year over three years ($45 million) and the Access Card project is costed at over $1.1 billion over about four years. Someone surely has their costings badly wrong?
Third we are told that it is NEHTA's preference to change the law so they can mine the most reliable of the Medicare client databases for names and addresses to populate their identity database.
I wonder what Professor Alan Fels of the Access Card Privacy Task Force and Ms Karen Curtis of the Commonwealth Privacy Commission would think of this proposal to covertly, and without consent, mine a Medicare database for details provided by citizens in good faith. My suspicion is that they would be gravely concerned. The Board should certainly make sure they are consulted (if it hasn’t) before any more money is spent.
Last we learn that NEHTA is confident the Standards it needs will be ready and that great progress is being made. This is true to the extent that we see the emergence of pragmatism and a sense of urgency in the US and also work in the UK to simplify implementation of HL7 V3.0. While progress is being made at a good pace on the Healthcare Services Specification Project Overview (a collaboration between HL7 and OMG) this work is unlikely to be ready for “prime-time” anytime soon.
It should be remembered that when NEHTA was conceived its job was to *quickly* choose amongst the available (and evaluated) standards - now it is trying to write the standards, which will probably take a decade to agree upon and even longer to generate the evidence that says they actually work. The much lower risk profile for using proven currently working standards versus scrapping them for their obvious defects (they will have these, by definition, of course) and going for long term high risk standards development has never been discussed, nor acknowledged. It is a fundamental shift in NEHTA's program, and seems to almost have happened by accident. Yet it is a profound shift. For this to happen without anyone worrying about it, seems to show an apparent loss of control on the part of the Board in its oversight of NEHTA’s direction.
Without rehearsing again all the other matters I have raised over the last month or two it seems to me that the NEHTA Board has not demonstrated (after two years) it is up to the task of providing National E-Health Leadership and delivering the required oversight to NEHTA. If NEHTA’s CEO reflects the Board’s priorities and views accurately, and I am sure he does, it is my opinion that, on the public evidence to hand, the Board is strategically inept, ill-informed, technically out of its depth, out of touch with the e-health community and stakeholders and their requirements and simply inadequate to the task.
It would be of value to the whole E-Health domain in Australia if the NEHTA Board was to produce a paper documenting their understanding of the issues raised herein and their proposed strategic action plan to address them.
I would also suggest a lot of the problems we now see are related to the loss of the Australian Health Information Council (AHIC) and its role in providing technical and strategic governance of NEHTA. AHIC is apparently to be re-constituted in the next few months (after a two year hiatus) but unless it is properly constituted, resourced and empowered this may be more of a hindrance than a help. We will see.
What I was hoping to hear, and didn’t, was that work on a National E-Health Strategy was well underway and that calls from a large number of stakeholders for improved pragmatism, responsiveness, transparency and consultation from NEHTA’s stakeholders and customers were being taken seriously and actioned. I would also have liked to hear that NEHTA was going to push for rapid progress in implementation of the Health IT applications and approaches that are known to work in saving lives and improving efficiency while pursing its long term R&D agenda. No such luck it seems!
The E-Health Domain is one area where a Commonwealth takeover and Commonwealth leadership is to be welcomed!
David.
Saturday, February 03, 2007
A Weekend Treat!
Just a short note to let everyone who has a moment on the weekend that the Robert Wood Johnson Foundation has posted a fabulous presentation on their web site entitled “Can Health IT Enhance the Pace and Power of Research? The Case for Rapid Learning Systems” dated Jan 23, 2007. The URL is:
http://www.rwjf.org/newsroom/activitydetail.jsp?id=10195&type=3
Those involved in the roughly one hour presentation are described as follows:
“Carolyn Clancy, director of the Agency for Healthcare Research and Quality joins national technology experts, including David Eddy and Lynn Etheredge, to showcase ways in which EHRs are making rapid advances in diabetes and cancer care, how rapid-learning capabilities will help accelerate personalized health care, and how, through rapid learning, doctors will do a much better job of advising patients. Also featured are John R. Lumpkin, M.D., M.P.H., RWJF senior vice president and director of the Health Care group and Joel Kupersmith, M.D., Chief Research & Development Officer, Veterans Health Administration. (HHS Secretary Michael O. Leavitt, originally scheduled, is unable to attend.)”
This is a very serious cast and this presentation is by far the best way to gain an initial appreciation of the key contents of the Health Affairs special issue on Rapid Learning Health IT and its implications.
I would highly commend this to all readers of my blog.
David.
http://www.rwjf.org/newsroom/activitydetail.jsp?id=10195&type=3
Those involved in the roughly one hour presentation are described as follows:
“Carolyn Clancy, director of the Agency for Healthcare Research and Quality joins national technology experts, including David Eddy and Lynn Etheredge, to showcase ways in which EHRs are making rapid advances in diabetes and cancer care, how rapid-learning capabilities will help accelerate personalized health care, and how, through rapid learning, doctors will do a much better job of advising patients. Also featured are John R. Lumpkin, M.D., M.P.H., RWJF senior vice president and director of the Health Care group and Joel Kupersmith, M.D., Chief Research & Development Officer, Veterans Health Administration. (HHS Secretary Michael O. Leavitt, originally scheduled, is unable to attend.)”
This is a very serious cast and this presentation is by far the best way to gain an initial appreciation of the key contents of the Health Affairs special issue on Rapid Learning Health IT and its implications.
I would highly commend this to all readers of my blog.
David.
Thursday, February 01, 2007
Guest Article II - Supporting Diversity in Views.
Today's guest article is from a frequent commenter who asked for a little more space to present his views. Others are welcome to also ask for space!
Short Biography of Our Guest.
Dr.Ian Colclough has over 30 years experience in medical informatics in a career spanning medical practice, hospital administration and strategic and tactical sales and marketing in the corporate sector in Australia, South Africa and the United Kingdom. He has been involved in the research, development and design of hospital administration and departmental clinical systems, medical practice systems, the computerised medical record, patient profile systems and occupational health and safety systems.
That 'sensible' Roadmap
Tom Bowden touches on some very important points when presenting what he describes as “a sensible ‘roadmap’ for secure health messaging in Australia”.[1]
His arguments have merit and bear careful consideration. Is it a sensible roadmap? If yes – why has no-one come up with it earlier? If no – we need to know why it is not sensible. This is the sort of question NEHTA has been established to answer.
In posing his question - “However Can We Get to A Connected Health Sector from where we are today? ” - Tom echoes a presentation given by Ian Reinecke at the Health-e-Nation Conference in 2005: “e-Health – Getting There from Here”. Ian said that the new company (NEHTA) “will provide the critical standards and infrastructure required to support connectivity and interoperability of electronic health information systems across Australia”. How far have we travelled along that road?
The Pathology Sector
Many will argue strongly with Tom's view that “Australia's track-record in health sector automation (e-health) is among the worst in the developed world” [1]! Few, however will differ with his claim that the way to speed up implementation of much-needed health sector reforms is to put in place a universal communications framework. This is predicated on the proviso that the framework is independent of any one messaging vendor and accessible by all.
He asks “why Australia's health system (is) so substantially lacking in connecting its primary care sectors by comparison with Holland, New Zealand, and some of the Scandinavian countries” [1].In seeking the answer he points to the Pathology sector as offering the most expedient way forward.
Pathology laboratories are high-volume transaction-based entities totally dependent on sophisticated computer software systems to manage their large complex enterprises. In the 1970’s they were at the forefront of health care computing and over the last three decades they have continued to invest heavily in deploying ICT to deliver efficiencies and drive down costs.
Significant rationalisation of this sector occurred throughout the 1990’s. This led to the emergence of a small number of very large pathology providers such as Sonic, Healthscope and Symbion. Also, around 1992-1993 a small group of Australian laboratories collaborated to develop a way to deliver pathology reports by e-mail using standard print-file formats. This led to development of the Pathology Information Transfer (PIT) messaging format as an expedient way to solve the immediate problem at hand.
Pathology Information Transfer
PIT has served the pathology sector well to-date. It has however not been adopted elsewhere outside of Australia. Other countries have adopted either HL7 or some other alternative, such as EDIFACT which is used widely in Scandinavian countries. This has left Australia hostage to its own solution; one which developed locally through necessity and which, through its widespread adoption, ultimately became a de-facto standard throughout Australia.
Within this context Tom makes the point that the PIT message is “unable to be usefully incorporated within an electronic medical record” [1] (EMR) as it can only be displayed in its entirety and stored as an object. This means that, unlike an HL7 message, the PIT message cannot be broken down into separate data elements which can each be incorporated into the EMR. Hence PIT messages do not easily allow for follow-up recalls, the monitoring and display of trends using graphs and bar chats, and large scale epidemiological and other population-based research studies.
Clearly the widespread use of PIT as a de-facto Australian standard has ‘severely hampered adoption of internationally supported messaging standards within the Australian health sector”
[1].
The vendor community would agree that the best opportunity to initiate the adoption of widespread electronic communications throughout the Primary and Secondary care sectors is to drive into place as quickly as possible the deployment of automated secure messaging (based on internationally accepted standards) between pathology centres (and radiology) and their medical practice clients.
The argument for the immediate adoption and standardisation of HL7-based messaging is well founded and should receive widespread support.
HL7 Messaging Standards
In passing, it is important to note that the National E-Health Transition Authority (NEHTA) has stated that pathology providers “have indicated support for the open, web service standards (which) NEHTA has proposed and that they (the pathology providers) understand the benefits they would bring in a contestable market.” [2] That having been said however NEHTA has also noted that pathology providers “perceive a business imperative to address the issues arising from the current market situation” … and more importantly … “they are considering creating a message environment that will still form barriers to cross-sector connectivity and interoperability[2].”!
Regardless of whether they have a vested interest in maintaining the status quo or not the pathology service providers need to accept that PIT's days are over. They should move on without further delay. How might this be achieved? Should it be left to market forces alone to address, or to the State and Federal Governments, or to NEHTA? Or should the vendor community together with their clients, the pathology providers, drive the changeover? Ideally, Government should provide appropriate support to the vendor community to enable them to 'assist' their clients to make the change.
There is a further point about PIT which needs to be borne in mind. Part of its attraction could be that the reporting pathologist is legally liable for the content and accuracy of the pathology report. By sending information in the PIT format the pathologist has taken all legally necessary and reasonable steps to ensure the results in the report cannot be altered. (Just like an Acrobat .PDF file.) At the medical practice end the report is simply attached to the patient record as a document.
When dispatching HL7 format results, the reporting pathologist needs to be satisfied that the atomic data that will populate the patient clinical record, at the medical practice, is similarly protected. This requires some additional software complexity at the medical practice end to ensure that these results cannot be altered. The associated complexities of cross-mapping the incoming results definitions to those of the clinical desktop system also need to be addressed.
Nevertheless, HL7 V2.3.1 is the method of choice for transmitting pathology messages. There are sufficient numbers of organisations and people well versed in HL7 in Australia today to drive HL7 standards based solutions into place. The changeover to HL7 will be a formidable exercise given that the majority of pathology results being delivered today use the proprietary, non-standards-based, PIT message format. To bring this change about will require astute enlightened leadership underpinned by some very sophisticated strategies and a finely-honed understanding of all parties that will be impacted by the change and the obstacles and issues that will be encountered. The key to the solution lies in the strategies required to effect the change and the political will to bring it about. Careful analysis of the problem reveals that it can be resolved reasonably quickly.
Tom is not alone in expressing the thoughts of many in the vendor community when he says, “the really sad thing is that Australia has already spent huge amounts of effort and money developing many of the standards, support services, systems and capabilities needed to do the job” …. and … “that the basic tools to enable there to be a connected health sector do exist; they are just not being used properly. [1]”
He observes that “the National e-Health Transition Agency (NEHTA) is using very little of the immense amount of work that was already underway prior to its formation” …. and that …. “based upon the present rate of progress it is likely to be some years before we see any implementable results. [1]”
Standards can be so contentious
The standards argument is divisive and very complex. Yet, all would agree that work on developing standards and resolving the many conflicts and issues involved is very important. The unresolved issues however should not be permitted to impede the development of interoperability between software vendors. Nor should they be permitted to impede the step-by-step resolution of problems encountered in building an integrated, shared, longitudinal Electronic Health Record (EHR) for widespread use across all health sectors. [3]
On this subject David More presents a well reasoned view in his recent blog on Archetypes and Standards 4. He points to the "considerable successes achieved in the Health Sector with messaging technologies including EDIFACT and HL7 V2.x.". He also notes that "to-date - in the messaging arena - HL7 V3.0 and EN13606 are still in the process of development and tools and implementations are by no means common.[4]"
In terms of the ‘clinical data’ to be transmitted, it is clear from his discussion that much of the work based around standardising ways of storing and retrieving the atomic elements of information required to populate the EHR over a patient's lifetime is still in its infancy and evolving slowly.
It should be apparent that NEHTA has a major R&D role to play in the years ahead. That being the case the marketplace cannot and should not be made to wait until NEHTA has completed its deliberations on the many complex and elusive issues which it is trying to solve. Rather, the Government's and Health Departments should embrace David's call for a dual approach. One which supports "appropriate and promising R&D" ……. "blended with dramatically more energetic investment and deployment of systems which are already known to work and for which evidence as to their value is quite unarguable" [4].
Engaging 'the' stakeholders
NEHTA was established to drive forward critical e-health initiatives. Its governance is under a Board of Directors made up of CEOs from the Health Departments of the Federal, State and Territory jurisdictions across Australia.
The jurisdictions provide NEHTA's funding. As a consequence they are stakeholders and also NEHTA's only shareholders. However, they are not the only stakeholders to be impacted by NEHTA's work; far from it. The IT vendor community, medical, pharmacy and allied health care practices, hospitals, nursing homes, aged care and community health centres, and others, have a major vested interest as stakeholders in NEHTA's outcomes.
NEHTA's governing stakeholders are predominantly driven by imperatives arising from the highly politically sensitive public hospital (tertiary) sector. Yet, in many ways NEHTA has more to offer the Primary and Secondary care sectors than the Tertiary hospital sector. Hence, the absence of Primary and Secondary care sector stakeholder representation and influence at the highest level of NEHTA's governance is disconcerting; more so, should the immediate e-health needs of the Primary and Secondary care sectors become bogged down by the complex web of e-health and ICT related issues and politics so prevalent in the Tertiary care sector.
Fundamentally, the Primary and Secondary care sectors (organisationally, functionally and politically) are quite distinct from the Tertiary (hospital) sector; even more so when it comes to categorising health-ICT vendors into the particular health sector niche which each predominantly services.
A strong case can be made for allocating significant resources to focussing on addressing some of the more immediate e-health needs of the Primary and Secondary sectors separately from the needs of the Tertiary sector. The urgency of this is further reinforced by Ian Reinecke's comment that "we need to be carefully aligned with the powerful players internationally"[5]. Reflecting on this leads one to enquire as to which powerful international players NEHTA may have in mind. Could they be Cerner, Philips, GE Healthcare, and Siemens?
Whoever it may be it seems to indicate that NEHTA has blatantly failed to appreciate that the Primary and Secondary care sectors are not the domain of the powerful international players. Rather, they are serviced, professionally and competently, by a cohort of small, highly skilled, agile, homebred software vendors. Some have made very impressive inroads internationally. Some are at the cutting edge of standards-based implementation projects that test the operability of HL7 V3 and OpenEHR technology as an investment in advancing towards the EHR. They work in a market sector in which the powerful international players have shown little or no interest!
In February 2006, NEHTA discussed the consequences of a “proliferation of incompatible systems and technologies” and it noted that “harnessing the capabilities of software vendors and service providers in the health sector to provide this connectivity will be a key to success” [2]. In light of this the time has come to clearly distinguish between what activities should be classified as R&D and what should be classified as ‘implementable today’.
It is time to reconsider what benefits could flow from drawing upon and utilizing a lot more of that 'pre-existing effort and the skills and expertise' so readily available in the vendor community.
HL7Messaging – What is NEHTA’s view?
In order to achieve widespread standardisation of messages there needs to be a process in place to achieve consistency when implementing standards.
Few would disagree that Australia should “define one standard for each purpose and rigorously enforce it ……… to prevent proliferation of non-standard formats.” [1] The general consensus among industry experts seems to be that Australia should implement HL7 V2.3.1 (AS 4700.2) as the minimum health industry standard.
A strong case can be made for populating medical practice records with discrete results without further delay as opposed to continuing with the PIT format. As this can be achieved using HL7 V2.3.1 and transmitted under control of the HL7 messaging protocol it is clear that HL7 V2.3.1 provides a nationally consistent base from which to move forward building upon what is readily available today.
NEHTA’s view on messaging standards is unclear at this time although it would be enormously beneficial to everyone if it could be clarified quickly.
Australian Health Messaging Laboratory
Tom comments that the Australian Healthcare Messaging Laboratory (AHML) has an important role to play in helping to secure the consistent deployment of HL7 messaging standards by software vendors.
AHML, as part of the Collaborative Centre for eHealth (CCeH) based at the University of Ballarat, is unique in Australia. Having been accredited by the National Association of Testing Authorities (NATA) it has positioned itself to act as an on-line test-bed laboratory for the technical evaluation and certification of electronic messages in healthcare applications being deployed by vendors in more than 30 countries. It is therefore well placed to test for conformance and monitor compliance against Australian and International Standards.
State jurisdictions and the Federal Government have a vested interest in securing AHML's future as the central reference point for HL7 messaging standards[6]. It should not be too problematic to find the funding required for this to happen without undue delay.
This will likely necessitate AHML having to be constituted formally as a Reference Laboratory. Under this arrangement AHML's funding should be derived from a mix of Government support and self-generated revenue. Its staff and management should be focused entirely on the testing, certification and compliance of messages against standards. The Reference Laboratory will need to be seen to operate transparently and impartially, totally devoid of any potential for the development of conflicts which could arise should its management and staff elect to undertake consulting assignments where they may be compromised by competing against vendors whose messaging software is subject to AHML testing.
HL7 V2.3.1 is widely implemented, tried and proven. It offers substantial benefits over PIT and even more importantly, it provides a way for the entire e-health community in Australia to move forward. It is therefore time for a seriously concerted effort to be made to move the pathology sector away from PIT towards the adoption of HL7 V2.3.1 or above. This seems to be a very good way to go for the next few years and it can be done today; delivering enormous benefits with minimal pain by using standards which have a good track record of runs on the board worldwide. An important element in driving the uptake of standards is to implement strategies which will create a dynamic contestable market environment.
Is there a better way?
There has to be a better way to move the e-health agenda forward. Tom lists three strategic options for the way ahead, opting for some form of collaborative partnership in which “small, specialised service organisations are given government backing and modest financial incentives[1]” to achieve sector integration.
In broad principle the concept of a ‘collaborative environment’ has the most likelihood of succeeding. It should be appreciated however that the optimal selection and order of enrollment of ‘participants’ is not a straightforward exercise. It is absolutely imperative that the setting up of a ‘collaborative structure’ (consortium) is done thoroughly and properly at the outset in order to contain risk and ensure the consortium’s longevity and success.
Collaborative consortia are quite complex to construct, more so in the health sector than in most other industries. Building a successful Health-E-ConsortiumTM requires a unique business model and organisational structure. The partners must work in harmony together, where often they are in competition with each other. They must be committed, highly motivated, well led and well rewarded, and they must be prepared to work in an environment which promotes a culture that is based on trust, a concern for each other's profitability, and a mutual commitment to customer satisfaction.
References.
[1.] Bowden T, A Connected Health Sector – However Can We Get There From Here? (16 January 2007) Guest Blogger Article www.aushealthit.blogspot.com
[2.] NEHTA, Towards a Secure Messaging Environment – An E-Health Transition Strategy Version 1.0 – 2/02/2006 For Comment, page 6.
[3.] Colclough I, Comment attached to Implementation Really Matters (8 January 2007) Blogger Article www.aushealthit.blogspot.com
[4.] More D, Archetypes, Standards and All That Jazz - Part 2 (28 January 2007) Blogger Article www.aushealthit.blogspot.com
[5.] Dearne K, Doing the numbers on e-health - the world according to Dr Ian Reinecke, The Australian (30 January 2007) IT Business, page 3.
[6.] Australian Health Messaging Laboratory, Available Test Profiles, accessed 30 January 2007, http://www.ahml.com.au
© Copyright 1 February 2007
Dr Ian Colclough - Integrated Marketing and e-Health Strategies
ihsipl@smartchat.net.au, 0412 059 392
Note: These views are those of our guest commentary provider and should be read as such. This forum is to provide a space for comment and debate and I hope this contribution helps. Thanks Ian.
David.
Short Biography of Our Guest.
Dr.Ian Colclough has over 30 years experience in medical informatics in a career spanning medical practice, hospital administration and strategic and tactical sales and marketing in the corporate sector in Australia, South Africa and the United Kingdom. He has been involved in the research, development and design of hospital administration and departmental clinical systems, medical practice systems, the computerised medical record, patient profile systems and occupational health and safety systems.
Secure Health Messaging - Where to tomorrow?
An independent commentary on “A Connected Health Sector”.
An independent commentary on “A Connected Health Sector”.
That 'sensible' Roadmap
Tom Bowden touches on some very important points when presenting what he describes as “a sensible ‘roadmap’ for secure health messaging in Australia”.[1]
His arguments have merit and bear careful consideration. Is it a sensible roadmap? If yes – why has no-one come up with it earlier? If no – we need to know why it is not sensible. This is the sort of question NEHTA has been established to answer.
In posing his question - “However Can We Get to A Connected Health Sector from where we are today? ” - Tom echoes a presentation given by Ian Reinecke at the Health-e-Nation Conference in 2005: “e-Health – Getting There from Here”. Ian said that the new company (NEHTA) “will provide the critical standards and infrastructure required to support connectivity and interoperability of electronic health information systems across Australia”. How far have we travelled along that road?
The Pathology Sector
Many will argue strongly with Tom's view that “Australia's track-record in health sector automation (e-health) is among the worst in the developed world” [1]! Few, however will differ with his claim that the way to speed up implementation of much-needed health sector reforms is to put in place a universal communications framework. This is predicated on the proviso that the framework is independent of any one messaging vendor and accessible by all.
He asks “why Australia's health system (is) so substantially lacking in connecting its primary care sectors by comparison with Holland, New Zealand, and some of the Scandinavian countries” [1].In seeking the answer he points to the Pathology sector as offering the most expedient way forward.
Pathology laboratories are high-volume transaction-based entities totally dependent on sophisticated computer software systems to manage their large complex enterprises. In the 1970’s they were at the forefront of health care computing and over the last three decades they have continued to invest heavily in deploying ICT to deliver efficiencies and drive down costs.
Significant rationalisation of this sector occurred throughout the 1990’s. This led to the emergence of a small number of very large pathology providers such as Sonic, Healthscope and Symbion. Also, around 1992-1993 a small group of Australian laboratories collaborated to develop a way to deliver pathology reports by e-mail using standard print-file formats. This led to development of the Pathology Information Transfer (PIT) messaging format as an expedient way to solve the immediate problem at hand.
Pathology Information Transfer
PIT has served the pathology sector well to-date. It has however not been adopted elsewhere outside of Australia. Other countries have adopted either HL7 or some other alternative, such as EDIFACT which is used widely in Scandinavian countries. This has left Australia hostage to its own solution; one which developed locally through necessity and which, through its widespread adoption, ultimately became a de-facto standard throughout Australia.
Within this context Tom makes the point that the PIT message is “unable to be usefully incorporated within an electronic medical record” [1] (EMR) as it can only be displayed in its entirety and stored as an object. This means that, unlike an HL7 message, the PIT message cannot be broken down into separate data elements which can each be incorporated into the EMR. Hence PIT messages do not easily allow for follow-up recalls, the monitoring and display of trends using graphs and bar chats, and large scale epidemiological and other population-based research studies.
Clearly the widespread use of PIT as a de-facto Australian standard has ‘severely hampered adoption of internationally supported messaging standards within the Australian health sector”
[1].
The vendor community would agree that the best opportunity to initiate the adoption of widespread electronic communications throughout the Primary and Secondary care sectors is to drive into place as quickly as possible the deployment of automated secure messaging (based on internationally accepted standards) between pathology centres (and radiology) and their medical practice clients.
The argument for the immediate adoption and standardisation of HL7-based messaging is well founded and should receive widespread support.
HL7 Messaging Standards
In passing, it is important to note that the National E-Health Transition Authority (NEHTA) has stated that pathology providers “have indicated support for the open, web service standards (which) NEHTA has proposed and that they (the pathology providers) understand the benefits they would bring in a contestable market.” [2] That having been said however NEHTA has also noted that pathology providers “perceive a business imperative to address the issues arising from the current market situation” … and more importantly … “they are considering creating a message environment that will still form barriers to cross-sector connectivity and interoperability[2].”!
Regardless of whether they have a vested interest in maintaining the status quo or not the pathology service providers need to accept that PIT's days are over. They should move on without further delay. How might this be achieved? Should it be left to market forces alone to address, or to the State and Federal Governments, or to NEHTA? Or should the vendor community together with their clients, the pathology providers, drive the changeover? Ideally, Government should provide appropriate support to the vendor community to enable them to 'assist' their clients to make the change.
There is a further point about PIT which needs to be borne in mind. Part of its attraction could be that the reporting pathologist is legally liable for the content and accuracy of the pathology report. By sending information in the PIT format the pathologist has taken all legally necessary and reasonable steps to ensure the results in the report cannot be altered. (Just like an Acrobat .PDF file.) At the medical practice end the report is simply attached to the patient record as a document.
When dispatching HL7 format results, the reporting pathologist needs to be satisfied that the atomic data that will populate the patient clinical record, at the medical practice, is similarly protected. This requires some additional software complexity at the medical practice end to ensure that these results cannot be altered. The associated complexities of cross-mapping the incoming results definitions to those of the clinical desktop system also need to be addressed.
Nevertheless, HL7 V2.3.1 is the method of choice for transmitting pathology messages. There are sufficient numbers of organisations and people well versed in HL7 in Australia today to drive HL7 standards based solutions into place. The changeover to HL7 will be a formidable exercise given that the majority of pathology results being delivered today use the proprietary, non-standards-based, PIT message format. To bring this change about will require astute enlightened leadership underpinned by some very sophisticated strategies and a finely-honed understanding of all parties that will be impacted by the change and the obstacles and issues that will be encountered. The key to the solution lies in the strategies required to effect the change and the political will to bring it about. Careful analysis of the problem reveals that it can be resolved reasonably quickly.
Tom is not alone in expressing the thoughts of many in the vendor community when he says, “the really sad thing is that Australia has already spent huge amounts of effort and money developing many of the standards, support services, systems and capabilities needed to do the job” …. and … “that the basic tools to enable there to be a connected health sector do exist; they are just not being used properly. [1]”
He observes that “the National e-Health Transition Agency (NEHTA) is using very little of the immense amount of work that was already underway prior to its formation” …. and that …. “based upon the present rate of progress it is likely to be some years before we see any implementable results. [1]”
Standards can be so contentious
The standards argument is divisive and very complex. Yet, all would agree that work on developing standards and resolving the many conflicts and issues involved is very important. The unresolved issues however should not be permitted to impede the development of interoperability between software vendors. Nor should they be permitted to impede the step-by-step resolution of problems encountered in building an integrated, shared, longitudinal Electronic Health Record (EHR) for widespread use across all health sectors. [3]
On this subject David More presents a well reasoned view in his recent blog on Archetypes and Standards 4. He points to the "considerable successes achieved in the Health Sector with messaging technologies including EDIFACT and HL7 V2.x.". He also notes that "to-date - in the messaging arena - HL7 V3.0 and EN13606 are still in the process of development and tools and implementations are by no means common.[4]"
In terms of the ‘clinical data’ to be transmitted, it is clear from his discussion that much of the work based around standardising ways of storing and retrieving the atomic elements of information required to populate the EHR over a patient's lifetime is still in its infancy and evolving slowly.
It should be apparent that NEHTA has a major R&D role to play in the years ahead. That being the case the marketplace cannot and should not be made to wait until NEHTA has completed its deliberations on the many complex and elusive issues which it is trying to solve. Rather, the Government's and Health Departments should embrace David's call for a dual approach. One which supports "appropriate and promising R&D" ……. "blended with dramatically more energetic investment and deployment of systems which are already known to work and for which evidence as to their value is quite unarguable" [4].
Engaging 'the' stakeholders
NEHTA was established to drive forward critical e-health initiatives. Its governance is under a Board of Directors made up of CEOs from the Health Departments of the Federal, State and Territory jurisdictions across Australia.
The jurisdictions provide NEHTA's funding. As a consequence they are stakeholders and also NEHTA's only shareholders. However, they are not the only stakeholders to be impacted by NEHTA's work; far from it. The IT vendor community, medical, pharmacy and allied health care practices, hospitals, nursing homes, aged care and community health centres, and others, have a major vested interest as stakeholders in NEHTA's outcomes.
NEHTA's governing stakeholders are predominantly driven by imperatives arising from the highly politically sensitive public hospital (tertiary) sector. Yet, in many ways NEHTA has more to offer the Primary and Secondary care sectors than the Tertiary hospital sector. Hence, the absence of Primary and Secondary care sector stakeholder representation and influence at the highest level of NEHTA's governance is disconcerting; more so, should the immediate e-health needs of the Primary and Secondary care sectors become bogged down by the complex web of e-health and ICT related issues and politics so prevalent in the Tertiary care sector.
Fundamentally, the Primary and Secondary care sectors (organisationally, functionally and politically) are quite distinct from the Tertiary (hospital) sector; even more so when it comes to categorising health-ICT vendors into the particular health sector niche which each predominantly services.
A strong case can be made for allocating significant resources to focussing on addressing some of the more immediate e-health needs of the Primary and Secondary sectors separately from the needs of the Tertiary sector. The urgency of this is further reinforced by Ian Reinecke's comment that "we need to be carefully aligned with the powerful players internationally"[5]. Reflecting on this leads one to enquire as to which powerful international players NEHTA may have in mind. Could they be Cerner, Philips, GE Healthcare, and Siemens?
Whoever it may be it seems to indicate that NEHTA has blatantly failed to appreciate that the Primary and Secondary care sectors are not the domain of the powerful international players. Rather, they are serviced, professionally and competently, by a cohort of small, highly skilled, agile, homebred software vendors. Some have made very impressive inroads internationally. Some are at the cutting edge of standards-based implementation projects that test the operability of HL7 V3 and OpenEHR technology as an investment in advancing towards the EHR. They work in a market sector in which the powerful international players have shown little or no interest!
In February 2006, NEHTA discussed the consequences of a “proliferation of incompatible systems and technologies” and it noted that “harnessing the capabilities of software vendors and service providers in the health sector to provide this connectivity will be a key to success” [2]. In light of this the time has come to clearly distinguish between what activities should be classified as R&D and what should be classified as ‘implementable today’.
It is time to reconsider what benefits could flow from drawing upon and utilizing a lot more of that 'pre-existing effort and the skills and expertise' so readily available in the vendor community.
HL7Messaging – What is NEHTA’s view?
In order to achieve widespread standardisation of messages there needs to be a process in place to achieve consistency when implementing standards.
Few would disagree that Australia should “define one standard for each purpose and rigorously enforce it ……… to prevent proliferation of non-standard formats.” [1] The general consensus among industry experts seems to be that Australia should implement HL7 V2.3.1 (AS 4700.2) as the minimum health industry standard.
A strong case can be made for populating medical practice records with discrete results without further delay as opposed to continuing with the PIT format. As this can be achieved using HL7 V2.3.1 and transmitted under control of the HL7 messaging protocol it is clear that HL7 V2.3.1 provides a nationally consistent base from which to move forward building upon what is readily available today.
NEHTA’s view on messaging standards is unclear at this time although it would be enormously beneficial to everyone if it could be clarified quickly.
Australian Health Messaging Laboratory
Tom comments that the Australian Healthcare Messaging Laboratory (AHML) has an important role to play in helping to secure the consistent deployment of HL7 messaging standards by software vendors.
AHML, as part of the Collaborative Centre for eHealth (CCeH) based at the University of Ballarat, is unique in Australia. Having been accredited by the National Association of Testing Authorities (NATA) it has positioned itself to act as an on-line test-bed laboratory for the technical evaluation and certification of electronic messages in healthcare applications being deployed by vendors in more than 30 countries. It is therefore well placed to test for conformance and monitor compliance against Australian and International Standards.
State jurisdictions and the Federal Government have a vested interest in securing AHML's future as the central reference point for HL7 messaging standards[6]. It should not be too problematic to find the funding required for this to happen without undue delay.
This will likely necessitate AHML having to be constituted formally as a Reference Laboratory. Under this arrangement AHML's funding should be derived from a mix of Government support and self-generated revenue. Its staff and management should be focused entirely on the testing, certification and compliance of messages against standards. The Reference Laboratory will need to be seen to operate transparently and impartially, totally devoid of any potential for the development of conflicts which could arise should its management and staff elect to undertake consulting assignments where they may be compromised by competing against vendors whose messaging software is subject to AHML testing.
HL7 V2.3.1 is widely implemented, tried and proven. It offers substantial benefits over PIT and even more importantly, it provides a way for the entire e-health community in Australia to move forward. It is therefore time for a seriously concerted effort to be made to move the pathology sector away from PIT towards the adoption of HL7 V2.3.1 or above. This seems to be a very good way to go for the next few years and it can be done today; delivering enormous benefits with minimal pain by using standards which have a good track record of runs on the board worldwide. An important element in driving the uptake of standards is to implement strategies which will create a dynamic contestable market environment.
Is there a better way?
There has to be a better way to move the e-health agenda forward. Tom lists three strategic options for the way ahead, opting for some form of collaborative partnership in which “small, specialised service organisations are given government backing and modest financial incentives[1]” to achieve sector integration.
In broad principle the concept of a ‘collaborative environment’ has the most likelihood of succeeding. It should be appreciated however that the optimal selection and order of enrollment of ‘participants’ is not a straightforward exercise. It is absolutely imperative that the setting up of a ‘collaborative structure’ (consortium) is done thoroughly and properly at the outset in order to contain risk and ensure the consortium’s longevity and success.
Collaborative consortia are quite complex to construct, more so in the health sector than in most other industries. Building a successful Health-E-ConsortiumTM requires a unique business model and organisational structure. The partners must work in harmony together, where often they are in competition with each other. They must be committed, highly motivated, well led and well rewarded, and they must be prepared to work in an environment which promotes a culture that is based on trust, a concern for each other's profitability, and a mutual commitment to customer satisfaction.
References.
[1.] Bowden T, A Connected Health Sector – However Can We Get There From Here? (16 January 2007) Guest Blogger Article www.aushealthit.blogspot.com
[2.] NEHTA, Towards a Secure Messaging Environment – An E-Health Transition Strategy Version 1.0 – 2/02/2006 For Comment, page 6.
[3.] Colclough I, Comment attached to Implementation Really Matters (8 January 2007) Blogger Article www.aushealthit.blogspot.com
[4.] More D, Archetypes, Standards and All That Jazz - Part 2 (28 January 2007) Blogger Article www.aushealthit.blogspot.com
[5.] Dearne K, Doing the numbers on e-health - the world according to Dr Ian Reinecke, The Australian (30 January 2007) IT Business, page 3.
[6.] Australian Health Messaging Laboratory, Available Test Profiles, accessed 30 January 2007, http://www.ahml.com.au
© Copyright 1 February 2007
Dr Ian Colclough - Integrated Marketing and e-Health Strategies
ihsipl@smartchat.net.au, 0412 059 392
Note: These views are those of our guest commentary provider and should be read as such. This forum is to provide a space for comment and debate and I hope this contribution helps. Thanks Ian.
David.
Tuesday, January 30, 2007
Have you Noticed Your Control of Your Personal Private Information is Vanishing?
In this article I am going to suggest that the race to maximise Government intrusion in citizens lives is presently being comprehensively won by the UK (with its multi-biometric compulsory national ID Card). Even worse, in the last day or so we learn from e-Health Insider that the UK Government wants to move to link many of its databases to simplify administration and reduce errors – to ensure not a single move you make goes unrecorded!.
The US is presently managing to come second in my view with the vagaries of the US Health Insurance Portability and Accountability Act (HIPAA) permitting large amounts of identified health information to move between service providers and payers with essentially no control on the part of the individual, almost daily leaks of identified information on the web or from mislaid lap-top computers and recently discovered privacy invasions such as warrantless wiretaps and covert house searches on the basis of perceived protection of “National Security”.
Sadly, however, we also now have our own Governments working out how best it can catch up and minimise the number of barriers that exist to a complete individually detailed dossier being built on all of us.
In previous articles I have made the point that it seems to me that unless citizens are certain private health and, possibly more important, genetic information can be safely confided to healthcare providers, with essentially no risk of disclosure, virtually all efforts in the e-health domain will be put at risk. Simply put citizens will not confide in organisations and individuals they do not feel they can trust.
The lack of trust that exists in the community has been made clear by two recent events.
On January 21, 2007 the Australian Privacy Foundation announced the 2006 Orwells which are awarded for the worst privacy intrusions of the year. The awards went to the following – as reported in their press release:
“The ‘Orwells’ as they are known around the world after the author of ‘1984’, have been awarded for privacy intrusions including:
• electronic health records without consent, leading BBA judge Dr Roger Magnusson to warn that “[this] could threaten public trust in what could be an immensely valuable tool for improving both individual and population health"
• negligent disclosure of international financial transactions to US authorities
• the ‘access card’ – in reality a national identity card
• a business that uses GPS units to track junk mail deliverers
• ‘reverse search’ phone directories, outflanking their supposed prohibition
• insensitive collection of sexual health data in a university research study
• federal legislation that turns thousands of private sector employees into government snoops
• call centre nurses interrogating employees about sick leave
Commenting on the overall awards, BBA judge Laura Sigal said “The more our information is available to the prying eyes of government and corporate interests, the less freedom we enjoy."
It is of note that violations in the Health Sector featured so prominently and that the first listed (HealtheLink) was noted as having just the risk I have identified in earlier blog articles.
The second event has been the release of an initial batch of comments regarding the exposure draft of the Human Services (Enhanced Service Delivery) Bill 2007 just a few days ago. The Office of Access Card received over 120 submissions responding to the draft bill.
It is interesting that the Access Card was nominated for the People’s Choice Award Orwell.
Big Brother Award judge Dean Wilson felt this well-deserved for the: “relentless campaign of disinformation and doublespeak surrounding the Access Card project.”
On the basis of the submissions made so far it would seem the campaign has not satisfied the concerns of virtually all interest groups, except those with something to sell to Government.
Among those who offered many criticisms were all the ‘usual suspects’ who have had long standing concerns about the whole project (The Privacy Foundation, EFA etc) but also some much less aligned entities such as the AMA, the Privacy Taskforce set up by the Access Card program and even the Office of the Commonwealth Privacy Commissioner (OCPC).
Among the major concerns raised were (besides the near universal condemnation of having a truncated consultation period over the Christmas / New Year period):
1. The drafting of the Bill has left a lot of important, highly privacy sensitive issues, up to the discretion of the bureaucrats without providing firm legislative direction as to how things are to be done.
2. The Bill says the citizen owns the physical Access Card but the Data held is owned by the Commonwealth. It is totally unclear just how anyone is assisted by that.
3. The fact that Medicare payments require use of the Access Card meant that for all practical purposes virtually everyone would need a card and that it really is a de-facto National ID Card.
4. The lack of strength in the wording of the draft Bill that the card was not to be an ID Card. As it stands it says “It is not an object of this Act that access cards be used as national identity cards”, rather than something like “It is an object of this Act to ensure that the Access Card is not used as and does not become a national identity card.”
5. The apparently expanding (and unannounced until now) amount of information to be displayed on the front of the card (title, Date of Birth, Place of Birth etc) which is turning it more and more into an ID Card.
6. The lack of appeal mechanisms from Government decisions in a number of areas.
7. The apparent inability of citizens to block access to address information to protect themselves from harassment, stalking, attack and so on.
8. The apparent liability of a clinician who asks whether they can have your Access Card to access your (voluntary) health information to huge fines and gaol.
9. An apparent lack of clarity on the retention policy regarding identity documents which are provided to achieve registration. Not deleting them would create an unprecedented database on most of Australia’s citizens which has not existed previously.
10. Apparent conflict between the Draft Bill and current practice as to what age an Access Card can be issued to an individual.
11. Total failure to appreciate delivery of services that are to be reimbursed but which need to be provided anonymously (e.g STD services, HIV Testing etc) for the protection of the individuals privacy and to ensure treatment is sought.
There are obviously many more details that could be discussed but from this list it is clear to me that the proposed legislation is deeply flawed and needs to be re-thought based on a much narrower expectation of what the card is to do (i.e. provide access to services) and not what it may morph into unless more clearly defined (i.e. a National ID Card).
All these issues are, of course, separate from the concerns of those who fear all this numbering and identifying the Australian citizenry is simply an unwarranted and dangerous intrusion into individual’s rights to personal privacy and autonomy. We in Australia are ever so lucky to have both the Access Card Project and NEHTA busily working away to allocate us all a range of apparently un-co-ordinated identifiers! Frankly it is a farce.
It seems to me the concerns of entities such as the OCPC, the AMA and the Access Card Privacy Task Force should be taken exceptionally seriously and if they are not fully addressed by alterations to the proposed Bill the public should be more than a little concerned.
Without being apocalyptic about it there is a real sense that some core Australian freedoms are under threat with this present draft. There is also a real risk that the vulnerable and the infirm will fall through the cracks and suffer disproportionately if all their possible problems are not fully and sensitively addressed.
David.
The US is presently managing to come second in my view with the vagaries of the US Health Insurance Portability and Accountability Act (HIPAA) permitting large amounts of identified health information to move between service providers and payers with essentially no control on the part of the individual, almost daily leaks of identified information on the web or from mislaid lap-top computers and recently discovered privacy invasions such as warrantless wiretaps and covert house searches on the basis of perceived protection of “National Security”.
Sadly, however, we also now have our own Governments working out how best it can catch up and minimise the number of barriers that exist to a complete individually detailed dossier being built on all of us.
In previous articles I have made the point that it seems to me that unless citizens are certain private health and, possibly more important, genetic information can be safely confided to healthcare providers, with essentially no risk of disclosure, virtually all efforts in the e-health domain will be put at risk. Simply put citizens will not confide in organisations and individuals they do not feel they can trust.
The lack of trust that exists in the community has been made clear by two recent events.
On January 21, 2007 the Australian Privacy Foundation announced the 2006 Orwells which are awarded for the worst privacy intrusions of the year. The awards went to the following – as reported in their press release:
“The ‘Orwells’ as they are known around the world after the author of ‘1984’, have been awarded for privacy intrusions including:
• electronic health records without consent, leading BBA judge Dr Roger Magnusson to warn that “[this] could threaten public trust in what could be an immensely valuable tool for improving both individual and population health"
• negligent disclosure of international financial transactions to US authorities
• the ‘access card’ – in reality a national identity card
• a business that uses GPS units to track junk mail deliverers
• ‘reverse search’ phone directories, outflanking their supposed prohibition
• insensitive collection of sexual health data in a university research study
• federal legislation that turns thousands of private sector employees into government snoops
• call centre nurses interrogating employees about sick leave
Commenting on the overall awards, BBA judge Laura Sigal said “The more our information is available to the prying eyes of government and corporate interests, the less freedom we enjoy."
It is of note that violations in the Health Sector featured so prominently and that the first listed (HealtheLink) was noted as having just the risk I have identified in earlier blog articles.
The second event has been the release of an initial batch of comments regarding the exposure draft of the Human Services (Enhanced Service Delivery) Bill 2007 just a few days ago. The Office of Access Card received over 120 submissions responding to the draft bill.
It is interesting that the Access Card was nominated for the People’s Choice Award Orwell.
Big Brother Award judge Dean Wilson felt this well-deserved for the: “relentless campaign of disinformation and doublespeak surrounding the Access Card project.”
On the basis of the submissions made so far it would seem the campaign has not satisfied the concerns of virtually all interest groups, except those with something to sell to Government.
Among those who offered many criticisms were all the ‘usual suspects’ who have had long standing concerns about the whole project (The Privacy Foundation, EFA etc) but also some much less aligned entities such as the AMA, the Privacy Taskforce set up by the Access Card program and even the Office of the Commonwealth Privacy Commissioner (OCPC).
Among the major concerns raised were (besides the near universal condemnation of having a truncated consultation period over the Christmas / New Year period):
1. The drafting of the Bill has left a lot of important, highly privacy sensitive issues, up to the discretion of the bureaucrats without providing firm legislative direction as to how things are to be done.
2. The Bill says the citizen owns the physical Access Card but the Data held is owned by the Commonwealth. It is totally unclear just how anyone is assisted by that.
3. The fact that Medicare payments require use of the Access Card meant that for all practical purposes virtually everyone would need a card and that it really is a de-facto National ID Card.
4. The lack of strength in the wording of the draft Bill that the card was not to be an ID Card. As it stands it says “It is not an object of this Act that access cards be used as national identity cards”, rather than something like “It is an object of this Act to ensure that the Access Card is not used as and does not become a national identity card.”
5. The apparently expanding (and unannounced until now) amount of information to be displayed on the front of the card (title, Date of Birth, Place of Birth etc) which is turning it more and more into an ID Card.
6. The lack of appeal mechanisms from Government decisions in a number of areas.
7. The apparent inability of citizens to block access to address information to protect themselves from harassment, stalking, attack and so on.
8. The apparent liability of a clinician who asks whether they can have your Access Card to access your (voluntary) health information to huge fines and gaol.
9. An apparent lack of clarity on the retention policy regarding identity documents which are provided to achieve registration. Not deleting them would create an unprecedented database on most of Australia’s citizens which has not existed previously.
10. Apparent conflict between the Draft Bill and current practice as to what age an Access Card can be issued to an individual.
11. Total failure to appreciate delivery of services that are to be reimbursed but which need to be provided anonymously (e.g STD services, HIV Testing etc) for the protection of the individuals privacy and to ensure treatment is sought.
There are obviously many more details that could be discussed but from this list it is clear to me that the proposed legislation is deeply flawed and needs to be re-thought based on a much narrower expectation of what the card is to do (i.e. provide access to services) and not what it may morph into unless more clearly defined (i.e. a National ID Card).
All these issues are, of course, separate from the concerns of those who fear all this numbering and identifying the Australian citizenry is simply an unwarranted and dangerous intrusion into individual’s rights to personal privacy and autonomy. We in Australia are ever so lucky to have both the Access Card Project and NEHTA busily working away to allocate us all a range of apparently un-co-ordinated identifiers! Frankly it is a farce.
It seems to me the concerns of entities such as the OCPC, the AMA and the Access Card Privacy Task Force should be taken exceptionally seriously and if they are not fully addressed by alterations to the proposed Bill the public should be more than a little concerned.
Without being apocalyptic about it there is a real sense that some core Australian freedoms are under threat with this present draft. There is also a real risk that the vulnerable and the infirm will fall through the cracks and suffer disproportionately if all their possible problems are not fully and sensitively addressed.
David.
Sunday, January 28, 2007
Archetypes, Standards and All That Jazz – Part 2.
Well it has been an interesting week since I published my short article on archetypes. Sadly the conversation has gone on in a number of places (for quite sensible reasons) but it is hard to form an overview – much less try to distil what I have learnt and heard from all the discussion.
Before reading further I suggest those interested visit the openEHR site and review the “aus health it” thread, starting at the 21 January, 2007 entry. It can be found at:
http://www.openehr.org/advice/openehr-clinical/maillist.html
Initially, for some reason my e-mail is deferred and then rejected at the site (since I am not a registered member) so following some of the conversation can be a little difficult.
The following points summarise my conclusions on all this and the more general Health environment. They are based on private e-mails, the list above and the blog content and comments.
For some reason the topic is quite a 'hot button'. Despite that, all I am really saying is that I believe there are sufficient uncertainties regarding the successful deployment of archetypes to mean more work is required before ISO ballots and standardisation are undertaken. I must say I did not expect the idea to be quite so controversial (the article received four times the usual number of page views in less than two days).
1. Despite concerns regarding interoperability and so on, there is no doubt that there exist a number of commercial providers who offer very usable hospital and ambulatory care systems. In the hospital arena one only needs to think of EPIC, Cerner, McKesson, MiSys, IBA Health and a range of others. In the ambulatory care environment the Certification Commission for Healthcare Information Technology (CCHIT) (www.cchit.org) has certified a range of Ambulatory Systems (over 30 at last count) ensuring quite rich functionality is also available in that sector. This, when combined with experience in Australia, the UK and Scandinavia, makes it quite clear some reasonable level of ambulatory practice automation is more than feasible.
Incrementally more difficult certification criteria, year on year, as applied in the US, will ensure both functionality and interoperability improve over time for both ambulatory and hospital systems. The very recent announcements from Healthcare Information Technology Standards Panel (HITSP) (www.ansi.org/hitsp), as well as the January 2007 IHE Connectathon, only confirms a quite rapid march towards both improving functionality as well as practical, standards based interoperability.
The problem is not that these systems do not work to improve both safety and efficiency but that as yet they are not widely implemented. This bears repeating, the problem is not system capability but the level of deployment.
2. There have been very considerable successes achieved in the Health Sector with messaging technologies including EDIFACT and HL7 V2.x. To date – in the messaging arena - HL7 V3.0 and EN13606 are still in the process of development and tools and implementations are by no means common.
I do not believe standardisation is appropriate for these and other development technologies at this time and feel the Draft Standard for Trial Use (DSTU) approach is preferable by far, until such time as proven, demonstrable, properly scaled, implementations are available.
Use of a DSTU style of progress provides developers and implementers with clear directional guidance and allows progress to be made while preserving flexibility ;more so if the outcomes are less than ideal for modifications to be made.
This being said I do appreciate a “chicken or egg” argument, especially a point made regarding the failure of commercial use and investment until something becomes a Standard. However I believe the OMG / W3C / DSTU approach requiring implementation before finalisation is still to be preferred
3. The transfer (or communication) of a partial or complete Electronic Health Record (EHR) from one system to another system of a different origin, while preserving both the information and the meaning and context of the patient data is a non-trivial task. Even so, it is still an important and very useful objective. The effort to enable communications of patient information between just two providers in the GP2GP program in UK makes it abundantly clear that this is a non-trivial task. Further, as noted above, more general standards in this area are still under development.
4. At another level again there are a number of attempts to develop approaches which will ultimately lead to a standardised way of storing and retrieving longitudinal EHR information which may have been captured over a patient's lifetime. Clearly, for this to be made to work it is crucial to create a methodology that associates clinical observations and activity with its meaning unambiguously, and to be able to reliably document clinical encounters using a consistent approach that does not change over the life of the record.
It is also intended that different implementations of the standardised approach should be able to reliably and safely understand, interpret, process and fully utilise a clinical record from another system – providing so called 'semantic interoperation' if done correctly. Both the openEHR project(www.openehr.org) and HL7 V3.0 (www.hl7.org) aim to achieve this (with minor variations as to scope).
Both approaches have adopted what is called 'two layer' modelling where a basic reference data model is supported by a descriptive mechanism (called an archetype or template) which defines the information content and how it is represented. The outcome of this approach is that as many archetypes as are needed (to represent and describe the information required in a clinical record) can be developed separate from the basic data model which defines the EHR's overall framework. A requirement for this approach to work is that as well as knowing the basic data model, each system must utilise a common set of archetypes or templates to attach the clinical meaning and values to the data.
It is worth noting that the open MRS (Medical Record System) (www.openMRS.org) also implements a two layer concept based model. This system has been used successfully to create purpose-built systems for managing limited clinical domains (such as HIV in Africa). To date I am not aware of any significant production systems based on the other architectures (although I am assured they are coming soon!).
5. It is now becoming clear that the efforts of ONCHIT in the US are bearing considerable fruit (see http://www.dhhs.gov/healthit/), as I believe are those of the UK's Connecting for Health Program (see http://www.connectingforhealth.nhs.uk/)to say nothing of a range of private sector initiatives (Kaiser Permanente Health Connect for example and the ONCHIT trials of prototypes for the US National Health Information Network). This work is really starting to get there, looks to be picking up pace, and is likely, overtime, to simply and pragmatically move forward gathering major benefits while exploiting the proven (and not the experimental) already available Standards. I know where I will be looking for the evidence of real impacts on people's lives and indeed where much of it can be found (see last paragraph).
Sadly, the strategy free zone we call NEHTA is slipping further behind, as best as can be determined, due to a the lack of committed government support and the usual problems associated with herding the fractious States into any coherence.
Where this leaves me is with a quite clear view that very useful Health IT systems are available today and that a dual approach of supporting appropriate and promising R&D needs to be blended with dramatically more energetic investment and deployment of systems which are already known to work and for which the evidence as to their value is quite unarguable.
My priority is, with so much benefit possible and so many lives able to be saved by simply “getting on with it” I think it is vital there is as much more energy focussed on dissemination of what works today than there is on the development of the hoped for 2009 model for Health IT.
This view is very much confirmed by the Health Affairs Online Theme Issue On Rapid Learning Through Health IT referred to in my blog article of the 27th January 2007. The gap between what we are doing today and the good that is possible is huge and must be addressed at a gallop not a dawdle.
David.
Before reading further I suggest those interested visit the openEHR site and review the “aus health it” thread, starting at the 21 January, 2007 entry. It can be found at:
http://www.openehr.org/advice/openehr-clinical/maillist.html
Initially, for some reason my e-mail is deferred and then rejected at the site (since I am not a registered member) so following some of the conversation can be a little difficult.
The following points summarise my conclusions on all this and the more general Health environment. They are based on private e-mails, the list above and the blog content and comments.
For some reason the topic is quite a 'hot button'. Despite that, all I am really saying is that I believe there are sufficient uncertainties regarding the successful deployment of archetypes to mean more work is required before ISO ballots and standardisation are undertaken. I must say I did not expect the idea to be quite so controversial (the article received four times the usual number of page views in less than two days).
1. Despite concerns regarding interoperability and so on, there is no doubt that there exist a number of commercial providers who offer very usable hospital and ambulatory care systems. In the hospital arena one only needs to think of EPIC, Cerner, McKesson, MiSys, IBA Health and a range of others. In the ambulatory care environment the Certification Commission for Healthcare Information Technology (CCHIT) (www.cchit.org) has certified a range of Ambulatory Systems (over 30 at last count) ensuring quite rich functionality is also available in that sector. This, when combined with experience in Australia, the UK and Scandinavia, makes it quite clear some reasonable level of ambulatory practice automation is more than feasible.
Incrementally more difficult certification criteria, year on year, as applied in the US, will ensure both functionality and interoperability improve over time for both ambulatory and hospital systems. The very recent announcements from Healthcare Information Technology Standards Panel (HITSP) (www.ansi.org/hitsp), as well as the January 2007 IHE Connectathon, only confirms a quite rapid march towards both improving functionality as well as practical, standards based interoperability.
The problem is not that these systems do not work to improve both safety and efficiency but that as yet they are not widely implemented. This bears repeating, the problem is not system capability but the level of deployment.
2. There have been very considerable successes achieved in the Health Sector with messaging technologies including EDIFACT and HL7 V2.x. To date – in the messaging arena - HL7 V3.0 and EN13606 are still in the process of development and tools and implementations are by no means common.
I do not believe standardisation is appropriate for these and other development technologies at this time and feel the Draft Standard for Trial Use (DSTU) approach is preferable by far, until such time as proven, demonstrable, properly scaled, implementations are available.
Use of a DSTU style of progress provides developers and implementers with clear directional guidance and allows progress to be made while preserving flexibility ;more so if the outcomes are less than ideal for modifications to be made.
This being said I do appreciate a “chicken or egg” argument, especially a point made regarding the failure of commercial use and investment until something becomes a Standard. However I believe the OMG / W3C / DSTU approach requiring implementation before finalisation is still to be preferred
3. The transfer (or communication) of a partial or complete Electronic Health Record (EHR) from one system to another system of a different origin, while preserving both the information and the meaning and context of the patient data is a non-trivial task. Even so, it is still an important and very useful objective. The effort to enable communications of patient information between just two providers in the GP2GP program in UK makes it abundantly clear that this is a non-trivial task. Further, as noted above, more general standards in this area are still under development.
4. At another level again there are a number of attempts to develop approaches which will ultimately lead to a standardised way of storing and retrieving longitudinal EHR information which may have been captured over a patient's lifetime. Clearly, for this to be made to work it is crucial to create a methodology that associates clinical observations and activity with its meaning unambiguously, and to be able to reliably document clinical encounters using a consistent approach that does not change over the life of the record.
It is also intended that different implementations of the standardised approach should be able to reliably and safely understand, interpret, process and fully utilise a clinical record from another system – providing so called 'semantic interoperation' if done correctly. Both the openEHR project(www.openehr.org) and HL7 V3.0 (www.hl7.org) aim to achieve this (with minor variations as to scope).
Both approaches have adopted what is called 'two layer' modelling where a basic reference data model is supported by a descriptive mechanism (called an archetype or template) which defines the information content and how it is represented. The outcome of this approach is that as many archetypes as are needed (to represent and describe the information required in a clinical record) can be developed separate from the basic data model which defines the EHR's overall framework. A requirement for this approach to work is that as well as knowing the basic data model, each system must utilise a common set of archetypes or templates to attach the clinical meaning and values to the data.
It is worth noting that the open MRS (Medical Record System) (www.openMRS.org) also implements a two layer concept based model. This system has been used successfully to create purpose-built systems for managing limited clinical domains (such as HIV in Africa). To date I am not aware of any significant production systems based on the other architectures (although I am assured they are coming soon!).
5. It is now becoming clear that the efforts of ONCHIT in the US are bearing considerable fruit (see http://www.dhhs.gov/healthit/), as I believe are those of the UK's Connecting for Health Program (see http://www.connectingforhealth.nhs.uk/)to say nothing of a range of private sector initiatives (Kaiser Permanente Health Connect for example and the ONCHIT trials of prototypes for the US National Health Information Network). This work is really starting to get there, looks to be picking up pace, and is likely, overtime, to simply and pragmatically move forward gathering major benefits while exploiting the proven (and not the experimental) already available Standards. I know where I will be looking for the evidence of real impacts on people's lives and indeed where much of it can be found (see last paragraph).
Sadly, the strategy free zone we call NEHTA is slipping further behind, as best as can be determined, due to a the lack of committed government support and the usual problems associated with herding the fractious States into any coherence.
Where this leaves me is with a quite clear view that very useful Health IT systems are available today and that a dual approach of supporting appropriate and promising R&D needs to be blended with dramatically more energetic investment and deployment of systems which are already known to work and for which the evidence as to their value is quite unarguable.
My priority is, with so much benefit possible and so many lives able to be saved by simply “getting on with it” I think it is vital there is as much more energy focussed on dissemination of what works today than there is on the development of the hoped for 2009 model for Health IT.
This view is very much confirmed by the Health Affairs Online Theme Issue On Rapid Learning Through Health IT referred to in my blog article of the 27th January 2007. The gap between what we are doing today and the good that is possible is huge and must be addressed at a gallop not a dawdle.
David.
Subscribe to:
Posts (Atom)