Being a slow Sunday afternoon (a week or so back) just after everyone has gone back to work after the summer holidays, I thought it would be a good time to have a quick look at the new and improved NEHTA web site.
Overall it looks good! Fast, easy to read and now having all the publications easily found and a special section for the newer ones so recent releases are easily found!
Thought I would check out the Links Section. Interesting finds here I must say! Six sites are included:
External Websites
1. Terminologies for the Australian Health Sector
This extranet contains the SNOMED CT download, and associated information on licensing, guides and tools. Access to the material is limited to those holding a current SNOMED CT license with NEHTA.
Comment: clearly a useful site for those needing access to SNOMED CT.
2. HealthConnect
HealthConnect aims to improve the flow of information across the Australian health sector.
Comment: Last updated February 2006 (on the site)with the latest news again seemingly posted in February 2006. This shows just how active the supposed central e-Health Project is in Australia – or maybe its all happening in secret and we will be told later! The site is a total mish-mash of just old and really archival material.
3. Healthelink EHR
NSW Health is piloting a new electronic health record called Healthelink in parts of NSW.
Comment: An invaluable site where an initiative begun before NEHTA was a twinkle in any-ones’ eye is referenced and where the last word in a non-NEHTA compliant privacy approach is being proudly deployed!
4. Australian Health Ministers' Advisory Council
The Australian Health Ministers' Advisory Council (AHMAC) charter is to provide effective and efficient support to the Australian Health Ministers' Conference.
Comment: A web site of a few press releases where the closest thing to e-health mentioned in the last 12 months seems to be the announcement of the removal of State legislative barriers to e-prescribing by March 2007.
5. AHIC - Australian Health Information Council
The Australian Health Information Council (AHIC) advises Health Ministers on how information management and information and communication technology can be harnessed in health care.
Comment: Here is what I got on 20 February, 2007 – and have for the last 3-4 months.
Server not found
Firefox can't find the server at www.ahic.org.au.
* Check the address for typing errors such as ww.example.com instead of www.example.com
* If you are unable to load any pages, check your computer's network connection.
* If your computer or network is protected by a firewall or proxy, make surethat Firefox is permitted to access the Web.
Overall one would have expected just a little better from a brand new site!
6. Standards Australia. Link to Standards Australia's website.
(Actually just the SA IT-14 Health IT Standards Site – not the full SA site.)
Comment: Interestingly this last entry appeared just in the last week or two – maybe following the exciting announcement of the new improved relationship between IT-14 and NEHTA.
This is a useful link so I will provide the URL:
http://www.e-health.standards.org.au/
Maybe next year’s revision could cover a more useful and informative collection of sites from around the country and the world. There is a lot going on out there. My personal top pick, along with an explanation of how the NEHTA projects and this project fit together would be to add the following link:
http://www.humanservices.gov.au/access-card.htm
We live in hope!
David.
Tuesday, February 20, 2007
Sunday, February 18, 2007
Some Gratuitous Advice for IBA Health Ltd regarding iSoft
In the last few days it has become an item of news in the UK financial press that the Australian E-Health Provider IBA Health is considering a purchase of iSoft PLC – the very troubled and probably near to insolvent UK E-Health Vendor.
Ben Woodhead provides good Australian coverage from February 16, 2007 at the following URL:
http://australianit.news.com.au/articles/0,7204,21235671%5e16123%5e%5enbv%5e,00.html
Right up front I need to make it clear I am an IBA Health shareholder but am not an iSoft shareholder – and that having purchased these shares at, or near, their low point a few years back – these shares have been pretty good to me!
It is also reported that the purchase is to be on the basis of a share-swap and that the ongoing operational funding for iSoft will be borrowed by IBA. The reason for this approach is that the on-going funding requirements for iSoft operations are almost certainly more than IBA's cash flow can reasonably support.
Some background (of IBA) is important here – the iSoft story having been laid out a while ago on the blog. (See “How Did iSoft Get into So Much Trouble?” dated October 21, 2006.). The key points are these:
1. IBA is really quite a small company employing of the order of 400 people (June 2006) compared with the approximately 3000 employed by iSoft.
2. In the most current year the company is forecasting revenue of $A74-76 Million with a profit of between $A23-24 Million.
3. The company has been driving for rapid growth in China, Malaysia and Singapore as well as Australia and has only recently purchased a development centre (December, 2005) in Bangalore, India. It is hard to see that these investments can possibly be bedded down.
4. The current market capitalization of $A525 Million really overstates the company size – given market capitalization was roughly one third of that only 12 months ago.
In summary I see IBA as a small-medium company which has been growing quite quickly, has made some sensible purchases to support its growth and is now well positioned as Australia's most promising e-Health company. Also the Asian expansion strategy IBA has been pursuing has been looking increasingly successful and given time looks likely to be very rewarding indeed.
iSoft on the other had is a 'rotting hulk' that has failed to deliver its major promise “Lorenzo” – an integrated clinical software suite for hospitals – and which is drowning under the weight of supporting a range of previously acquired legacy systems.
I am sure that the rationale IBA is contemplating is a 'once in a lifetime' opportunity to gain access to a range of large markets at a very low price. This may be true but the problems that have brought iSoft to where it is today are not going to be magically resolved by the purchase.
I also understand IBA's frustration with its limited success in its home hospital market over the last few years which it probably sees it can remedy through the acquisition of iSoft in order to gain access to sites in NSW and Victoria.
All this does not seem to me to provide a good enough reason to make such a high risk and potentially company destroying move. I say this from the perspective of an E-health specialist who reviewed iSoft's 'foilware' Lorenzo a year or so ago and was not convinced then of the feasibility of their vision – let alone their obvious inability to execute against that vision.
In summary, I think going forward with this merger is a 'bet the company' move which has an alarmingly high risk of failure and which will – almost certainly – have a bad effect on my personal investment!
The sell off (6%-7%) in the value of IBA shares in the period since the plan was announced suggests I am not the only one who thinks this move may ruin a wonderful Australian Health IT fairytale.
Some bargains just need to be left on the shelf!
David.
Disclaimer: The previous article is not offering any form of financial or other advice. Do what you think is right for you (Buy, Sell, Hold or Ignore) in the current situation and don’t blame me if you get it wrong!
Ben Woodhead provides good Australian coverage from February 16, 2007 at the following URL:
http://australianit.news.com.au/articles/0,7204,21235671%5e16123%5e%5enbv%5e,00.html
Right up front I need to make it clear I am an IBA Health shareholder but am not an iSoft shareholder – and that having purchased these shares at, or near, their low point a few years back – these shares have been pretty good to me!
It is also reported that the purchase is to be on the basis of a share-swap and that the ongoing operational funding for iSoft will be borrowed by IBA. The reason for this approach is that the on-going funding requirements for iSoft operations are almost certainly more than IBA's cash flow can reasonably support.
Some background (of IBA) is important here – the iSoft story having been laid out a while ago on the blog. (See “How Did iSoft Get into So Much Trouble?” dated October 21, 2006.). The key points are these:
1. IBA is really quite a small company employing of the order of 400 people (June 2006) compared with the approximately 3000 employed by iSoft.
2. In the most current year the company is forecasting revenue of $A74-76 Million with a profit of between $A23-24 Million.
3. The company has been driving for rapid growth in China, Malaysia and Singapore as well as Australia and has only recently purchased a development centre (December, 2005) in Bangalore, India. It is hard to see that these investments can possibly be bedded down.
4. The current market capitalization of $A525 Million really overstates the company size – given market capitalization was roughly one third of that only 12 months ago.
In summary I see IBA as a small-medium company which has been growing quite quickly, has made some sensible purchases to support its growth and is now well positioned as Australia's most promising e-Health company. Also the Asian expansion strategy IBA has been pursuing has been looking increasingly successful and given time looks likely to be very rewarding indeed.
iSoft on the other had is a 'rotting hulk' that has failed to deliver its major promise “Lorenzo” – an integrated clinical software suite for hospitals – and which is drowning under the weight of supporting a range of previously acquired legacy systems.
I am sure that the rationale IBA is contemplating is a 'once in a lifetime' opportunity to gain access to a range of large markets at a very low price. This may be true but the problems that have brought iSoft to where it is today are not going to be magically resolved by the purchase.
I also understand IBA's frustration with its limited success in its home hospital market over the last few years which it probably sees it can remedy through the acquisition of iSoft in order to gain access to sites in NSW and Victoria.
All this does not seem to me to provide a good enough reason to make such a high risk and potentially company destroying move. I say this from the perspective of an E-health specialist who reviewed iSoft's 'foilware' Lorenzo a year or so ago and was not convinced then of the feasibility of their vision – let alone their obvious inability to execute against that vision.
In summary, I think going forward with this merger is a 'bet the company' move which has an alarmingly high risk of failure and which will – almost certainly – have a bad effect on my personal investment!
The sell off (6%-7%) in the value of IBA shares in the period since the plan was announced suggests I am not the only one who thinks this move may ruin a wonderful Australian Health IT fairytale.
Some bargains just need to be left on the shelf!
David.
Disclaimer: The previous article is not offering any form of financial or other advice. Do what you think is right for you (Buy, Sell, Hold or Ignore) in the current situation and don’t blame me if you get it wrong!
Thursday, February 15, 2007
A Simple Person’s Guide to the Value of Health IT.
A colleague who is preparing university grant applications to fund his planned research in Health IT has recently challenged me to identify what I see as the value that can be derived from the implementation of Health IT. He is concerned that until a case is made that can be understood by laymen (read smart people who just know very little about the specific area) his job in obtaining funds will be harder as will my more general task of trying to sell the proposition to Government and other potential funders of investment in the area.
It considering the answer to the challenge it seems to me the best place to start is to consider what it is we want from an ideal healthcare delivery system. I would suggest the following are at the top of the desiderata:
1. The system should be safe and should not cause any harm either through action or inaction.
2. The system should utilise evidence of treatment efficacy and quality to guide patient care.
3. The system should be as cost- effective and equitable as is reasonably possible.
4. The system should operate as a supportive and interesting environment and be as stress-free as possible workplace.
5. The system should provide a co-ordinated seamless experience in managing a particular episode or care or illness with all those involved having the information they need to do their part without continued reference to the subject of care.
6. The system should, as a result of care delivered and with minimal extra effort, generate the information required to support functions such as academic and clinical research, post marketing surveillance of drug side effects, treatment outcomes, systemic system errors, general health system management and delivery of public health and bio-terrorism services and warnings.
If it is agreed these attributes are about right where the question to be asked is there Health IT in its generic form can make a difference.
Health IT can provide clinical decision support to those making the ‘life and death’ decisions and improve both the consistency and quality of the decision making – reducing errors of all sorts - saving both lives and money.
Appropriate use of Health IT can improve the accuracy of a clinician’s recall of a patient’s important attributes (allergies, current and past illnesses, medicines being used etc), ongoing clinical record keeping and in the process assist in the sharing of information between carers while also making available vital information for use in areas mentioned in point six. This is part of the importance of the electronic health record (EHR).
Health IT can assist in the increasingly overwhelming task of managing clinical knowledge and providing this information to those who need it. Increasingly the stream of information being generated by research and clinical trials is exceeding the capacity of clinicians to absorb the available information and to navigate available knowledge without help.
Health IT, as it has been seen to do in so many other fields of endeavour, can also replace much of the repetitive and drudge activities of the operation and delivery of health services. Service departments (laboratories, pharmacies etc) can be automated to maximise efficiency and quality of service, routine accounting and supply chain management can be optimised, photographic film can be replace by digital imaging improving both ease of use and eliminating film costs etc.
Health IT when combined with appropriate communication technologies can provide the information needed for safe consistent and properly co-ordinated care no matter where the patient is – from the surgery to the hospital to the home.
The combination of EHR technology and its implementation and use by the majority or practitioners, will provide the data-bases required to address the needs of research, management and all the other interests mentioned in point six above.
Of course there are potential risks, barriers and problems that need to be addressed. These include management of the security and privacy of identified clinical information, obtaining the proper levels of investment in appropriate technologies, having adequate trained practitioners to ensure proper system use, the proper allocation of the benefits flowing from Health IT deployment and use between all the stakeholders and having pragmatic standardisation of key areas of the technology to ensure effective system interoperation.
Nevertheless the benefits are demonstrable in all the areas mentioned above, have been proven to be there for the taking at a reasonable level of expenditure. All the risks are manageable and it is essentially just time to get on with it!
David.
It considering the answer to the challenge it seems to me the best place to start is to consider what it is we want from an ideal healthcare delivery system. I would suggest the following are at the top of the desiderata:
1. The system should be safe and should not cause any harm either through action or inaction.
2. The system should utilise evidence of treatment efficacy and quality to guide patient care.
3. The system should be as cost- effective and equitable as is reasonably possible.
4. The system should operate as a supportive and interesting environment and be as stress-free as possible workplace.
5. The system should provide a co-ordinated seamless experience in managing a particular episode or care or illness with all those involved having the information they need to do their part without continued reference to the subject of care.
6. The system should, as a result of care delivered and with minimal extra effort, generate the information required to support functions such as academic and clinical research, post marketing surveillance of drug side effects, treatment outcomes, systemic system errors, general health system management and delivery of public health and bio-terrorism services and warnings.
If it is agreed these attributes are about right where the question to be asked is there Health IT in its generic form can make a difference.
Health IT can provide clinical decision support to those making the ‘life and death’ decisions and improve both the consistency and quality of the decision making – reducing errors of all sorts - saving both lives and money.
Appropriate use of Health IT can improve the accuracy of a clinician’s recall of a patient’s important attributes (allergies, current and past illnesses, medicines being used etc), ongoing clinical record keeping and in the process assist in the sharing of information between carers while also making available vital information for use in areas mentioned in point six. This is part of the importance of the electronic health record (EHR).
Health IT can assist in the increasingly overwhelming task of managing clinical knowledge and providing this information to those who need it. Increasingly the stream of information being generated by research and clinical trials is exceeding the capacity of clinicians to absorb the available information and to navigate available knowledge without help.
Health IT, as it has been seen to do in so many other fields of endeavour, can also replace much of the repetitive and drudge activities of the operation and delivery of health services. Service departments (laboratories, pharmacies etc) can be automated to maximise efficiency and quality of service, routine accounting and supply chain management can be optimised, photographic film can be replace by digital imaging improving both ease of use and eliminating film costs etc.
Health IT when combined with appropriate communication technologies can provide the information needed for safe consistent and properly co-ordinated care no matter where the patient is – from the surgery to the hospital to the home.
The combination of EHR technology and its implementation and use by the majority or practitioners, will provide the data-bases required to address the needs of research, management and all the other interests mentioned in point six above.
Of course there are potential risks, barriers and problems that need to be addressed. These include management of the security and privacy of identified clinical information, obtaining the proper levels of investment in appropriate technologies, having adequate trained practitioners to ensure proper system use, the proper allocation of the benefits flowing from Health IT deployment and use between all the stakeholders and having pragmatic standardisation of key areas of the technology to ensure effective system interoperation.
Nevertheless the benefits are demonstrable in all the areas mentioned above, have been proven to be there for the taking at a reasonable level of expenditure. All the risks are manageable and it is essentially just time to get on with it!
David.
Wednesday, February 14, 2007
Guest Article on Secure Pathology Messaging III - The AAPP Perspective.
Ann Webb, Deputy CEO of the Australian Association of Pathology Practices has written another contribution to the secure messaging discussion, from their perspective. This adds another view to the discussion for all to consider.
Ann writes:
In a guest blog by Dr Ian Colclough (see the entry for February 1, 2007) there were a number of references recently to the position held by pathology laboratories with respect to electronic messaging. It was felt by the Australian Association of Pathology Practices (AAPP) that a clarification of that position may be helpful.
Members of the AAPP provide more than 90% of community pathology services in Australia. The AAPP has a working group in health informatics and has supported standards development in this area for more than 10 years.
Among these standards were the Australian standards that Dr Colclough references for the implementation of HL7 v2.3.1. Indeed the Standards Australia Working Group that has carriage of the AS4700.2 and HB262 was formed through the efforts of AAPP member’s and in 1996 after formally reviewing the available messaging standards (including EDIFACT and PIT) unanimously endorsed the adoption of HL7 and immediately set about producing an Australian implementation guide.
This was first published in 1998 five years after PIT, a simple document format, was developed and adopted by pathology practices to get electronic messaging started in Australia. The structure for reports provides for the transfer of both atomic results and a rendering to ensure that the intended pathology report is conveyed with high fidelity.
Pathology practices have since been involved in a number projects to test and improve these messaging standards including communications with cancer and communicable disease registries.
The AAPP endorses ‘AS4700.2-2004 Implementation of Health Level Seven (HL7) Version 2.3.1 Part 2: Pathology orders and results’. Furthermore member practices currently provide significant volumes of electronic messaging to GPs, Specialists, and hospitals using these standard messages. The Pathology Practices are not the source of delay in widespread standardisation and would be pleased to move their customers to this mode of messaging now. The report receiving systems however have to be capable of managing these messages properly. That PIT is provided at all by AAPP member practices is because that is what their customers have asked for.
The AAPP continues to work closely with Standards Australia and NEHTA to establish the infrastructure that Australia needs for connected health care.
-----------------------------------------
Thanks Ann!
David.
Ann writes:
In a guest blog by Dr Ian Colclough (see the entry for February 1, 2007) there were a number of references recently to the position held by pathology laboratories with respect to electronic messaging. It was felt by the Australian Association of Pathology Practices (AAPP) that a clarification of that position may be helpful.
Members of the AAPP provide more than 90% of community pathology services in Australia. The AAPP has a working group in health informatics and has supported standards development in this area for more than 10 years.
Among these standards were the Australian standards that Dr Colclough references for the implementation of HL7 v2.3.1. Indeed the Standards Australia Working Group that has carriage of the AS4700.2 and HB262 was formed through the efforts of AAPP member’s and in 1996 after formally reviewing the available messaging standards (including EDIFACT and PIT) unanimously endorsed the adoption of HL7 and immediately set about producing an Australian implementation guide.
This was first published in 1998 five years after PIT, a simple document format, was developed and adopted by pathology practices to get electronic messaging started in Australia. The structure for reports provides for the transfer of both atomic results and a rendering to ensure that the intended pathology report is conveyed with high fidelity.
Pathology practices have since been involved in a number projects to test and improve these messaging standards including communications with cancer and communicable disease registries.
The AAPP endorses ‘AS4700.2-2004 Implementation of Health Level Seven (HL7) Version 2.3.1 Part 2: Pathology orders and results’. Furthermore member practices currently provide significant volumes of electronic messaging to GPs, Specialists, and hospitals using these standard messages. The Pathology Practices are not the source of delay in widespread standardisation and would be pleased to move their customers to this mode of messaging now. The report receiving systems however have to be capable of managing these messages properly. That PIT is provided at all by AAPP member practices is because that is what their customers have asked for.
The AAPP continues to work closely with Standards Australia and NEHTA to establish the infrastructure that Australia needs for connected health care.
-----------------------------------------
Thanks Ann!
David.
Tuesday, February 13, 2007
What Might A Privacy Friendly Access Card Look Like?
In this short article I try to suggest there is a way to achieve the benefits of Smartcard technology and at the same time improve the service delivery and efficiency of the Commonwealth Human Services Department while avoiding much, if not all, of the present concerns regarding privacy and function creep.
The approach would involve the following:
1. Having an Access Card that has nothing more visible on it than its name (A Commonwealth Access Card) and a strip where the citizen can write their chosen ID (that could be their name but does not need to have anything to do with their actual name, address etc). (The card face has no photo, no name, no date of birth, no number etc).
An option, if required, for those who need to deal with services by phone, and need to quote a number might be to allow the ID number to be printed on the card at the specific request of the citizen. Normally most would not need this option as they would be obtaining a benefit at a point of service in person with their card.
2. The Access Card holds only four pieces of information electronically.
a> The card’s ID Number and
b> A quality photo of the card owner and
c> The unique biometric identifier code created from the photo and
d> A card expiry date.
3. The Commonwealth Secure Customer Database only holding the ID number, the citizen’s name and the biometric identifier derived from the photo (not the photo itself).
4. The Access Card being secured electronically so it is only usable by Commonwealth Government services authorised by legislation to utilise the Access Card using Commonwealth Government Access Card Readers.
5. The Access Card held information not being accessible by standard PC equipment or card readers.
6. Having the Access Card do nothing but act as a ‘key holder’ for Government services and nothing else (not a “mini-iPod”, e-Health Card, credit card etc)
How should the system be used?
First, when enrolling for an Access Card, high quality (“100 point”) ID is provided and temporarily stored against the ID Number that is to be allocated. At the same time the photo is taken, converted into a biometric, coded biometrically and also stored.
Next, once appropriate verification of the documentation is undertaken, the card is issued with the data mentioned above being stored on it. All information other than the name, the other data used by the electoral commission, the biometric ID code and the ID number are then removed from the secure database and destroyed. (This is necessary to prevent multiple cards being issued for the same person)
Internal Human Services Department systems use the ID number as their key and each collects all the other information they require for their operations when the card is first presented at say a Medicare, Veteran’s Affairs or CentreLink office. Each benefit thus has its own data-base to manage each benefit and linkage of these data-bases would be only permitted for reasons the public are content with.
All Government card readers will be photo display-enabled to facilitate display of the stored image of the customer, which is only held on the card and no-where else, and the name associated with the card. The ID Number is made available only electronically to Government systems and to no other requesters – even if they gain access to a Government card reader. Thus people delivering services can verify an individual’s ID and determine their ID number, but the card is useless to anyone else who is not an identical twin with the same name who can access a Government card reader and persuade the supporting system to provide its ID number. Still better, even if an ID number is known, it cannot be used without a matching card or specific consent from citizens who desire to access services over the phone and who are happy with the risks this involves.
If desired a PIN could be also used to maximise the security of access, even to the photo.
The benefits of this approach are:
1. There is no database created of every Australian Citizen that holds any more information than the electoral role with an ID number and a biometric ID (Note: no photographic image is held by government).
2. No photographic database of citizens is developed.
3. The card, having only a hand written “name” on it, cannot be used by anyone if lost. If use is attempted the embedded picture and the correct name will be displayed by the reader and this will disclose any attempted fraud to the Government operator.
4. If a citizen chooses to apply a PIN the card will be virtually useless if lost.
5. No one is going to ask anyone to produce a blank card to confirm their ID – especially when no useful information is available without a special Government reader. It will not become an instrument of control and oppression as the present proposal risks.
6. Function creep cannot happen except if the network of Government readers is extended and the citizen chooses to use the service that the Access Card enables.
7. The risk of a numbered card causing identity fraud disappears - there is no number on the card.
With this approach the Commonwealth has a strong link between the key it uses to deliver services and the presenting citizen seeking to use those services, thus it can control fraud etc but the card is – still as it should be – just an Access enabler.
The only downside of this approach is that, if the card is lost, full re-identification is required. That dis-incentive of itself should make most people pretty careful with their card!
The point of this commentary is to show it would be possible to design an Access Card system that would be privacy friendly and meet the Government’s objectives.
Why this has not been done is a mystery to me.
David.
Late Note:
In the Financial Review of the 13 Feb 2007 we now learn function creep is running on apace with, among other things, disputes breaking out with the banking sector of the recording of the Access Card ID in banking records and the rules for how such ID can be asked for. The banks say that having to get written consent to record and use the ID is too onerous. My position would be that an Access Card ID is no business of the banks whatsoever, consent or no! Extra function creep number two is that it seems a ‘voluntary’ Aboriginality flag is to be added – as requested by Medicare Australia. Will it never stop!
D.
The approach would involve the following:
1. Having an Access Card that has nothing more visible on it than its name (A Commonwealth Access Card) and a strip where the citizen can write their chosen ID (that could be their name but does not need to have anything to do with their actual name, address etc). (The card face has no photo, no name, no date of birth, no number etc).
An option, if required, for those who need to deal with services by phone, and need to quote a number might be to allow the ID number to be printed on the card at the specific request of the citizen. Normally most would not need this option as they would be obtaining a benefit at a point of service in person with their card.
2. The Access Card holds only four pieces of information electronically.
a> The card’s ID Number and
b> A quality photo of the card owner and
c> The unique biometric identifier code created from the photo and
d> A card expiry date.
3. The Commonwealth Secure Customer Database only holding the ID number, the citizen’s name and the biometric identifier derived from the photo (not the photo itself).
4. The Access Card being secured electronically so it is only usable by Commonwealth Government services authorised by legislation to utilise the Access Card using Commonwealth Government Access Card Readers.
5. The Access Card held information not being accessible by standard PC equipment or card readers.
6. Having the Access Card do nothing but act as a ‘key holder’ for Government services and nothing else (not a “mini-iPod”, e-Health Card, credit card etc)
How should the system be used?
First, when enrolling for an Access Card, high quality (“100 point”) ID is provided and temporarily stored against the ID Number that is to be allocated. At the same time the photo is taken, converted into a biometric, coded biometrically and also stored.
Next, once appropriate verification of the documentation is undertaken, the card is issued with the data mentioned above being stored on it. All information other than the name, the other data used by the electoral commission, the biometric ID code and the ID number are then removed from the secure database and destroyed. (This is necessary to prevent multiple cards being issued for the same person)
Internal Human Services Department systems use the ID number as their key and each collects all the other information they require for their operations when the card is first presented at say a Medicare, Veteran’s Affairs or CentreLink office. Each benefit thus has its own data-base to manage each benefit and linkage of these data-bases would be only permitted for reasons the public are content with.
All Government card readers will be photo display-enabled to facilitate display of the stored image of the customer, which is only held on the card and no-where else, and the name associated with the card. The ID Number is made available only electronically to Government systems and to no other requesters – even if they gain access to a Government card reader. Thus people delivering services can verify an individual’s ID and determine their ID number, but the card is useless to anyone else who is not an identical twin with the same name who can access a Government card reader and persuade the supporting system to provide its ID number. Still better, even if an ID number is known, it cannot be used without a matching card or specific consent from citizens who desire to access services over the phone and who are happy with the risks this involves.
If desired a PIN could be also used to maximise the security of access, even to the photo.
The benefits of this approach are:
1. There is no database created of every Australian Citizen that holds any more information than the electoral role with an ID number and a biometric ID (Note: no photographic image is held by government).
2. No photographic database of citizens is developed.
3. The card, having only a hand written “name” on it, cannot be used by anyone if lost. If use is attempted the embedded picture and the correct name will be displayed by the reader and this will disclose any attempted fraud to the Government operator.
4. If a citizen chooses to apply a PIN the card will be virtually useless if lost.
5. No one is going to ask anyone to produce a blank card to confirm their ID – especially when no useful information is available without a special Government reader. It will not become an instrument of control and oppression as the present proposal risks.
6. Function creep cannot happen except if the network of Government readers is extended and the citizen chooses to use the service that the Access Card enables.
7. The risk of a numbered card causing identity fraud disappears - there is no number on the card.
With this approach the Commonwealth has a strong link between the key it uses to deliver services and the presenting citizen seeking to use those services, thus it can control fraud etc but the card is – still as it should be – just an Access enabler.
The only downside of this approach is that, if the card is lost, full re-identification is required. That dis-incentive of itself should make most people pretty careful with their card!
The point of this commentary is to show it would be possible to design an Access Card system that would be privacy friendly and meet the Government’s objectives.
Why this has not been done is a mystery to me.
David.
Late Note:
In the Financial Review of the 13 Feb 2007 we now learn function creep is running on apace with, among other things, disputes breaking out with the banking sector of the recording of the Access Card ID in banking records and the rules for how such ID can be asked for. The banks say that having to get written consent to record and use the ID is too onerous. My position would be that an Access Card ID is no business of the banks whatsoever, consent or no! Extra function creep number two is that it seems a ‘voluntary’ Aboriginality flag is to be added – as requested by Medicare Australia. Will it never stop!
D.
Sunday, February 11, 2007
What Should be the Practical Outcomes of Health IT Privacy Protections?
In the last year, and most especially since awareness of the Human Services Access Card Project and the NEHTA IHI Project has increased, there has been a lot of legal and technical debate regarding these projects.
What seems to have been missing, for me, is a discussion of what is actually desired as the practical outcome(s) of whatever privacy regime we put in place and why each of those attributes is important. This is to forget for a moment how these outcomes are to be achieved technically but to recognise that in the design of any technical solution privacy has to be an embedded, fundamental design requirement.
My views have been formed from a range of sources, including a range of contributions to the Access Card Debate from the Privacy Commissioner and Prof. Alan Fels and his Taskforce, but I have additionally had the experience of consulting a range of interest groups in this area directly and the strength of their feelings has had a significant effect on my position. In saying this I must point out that with the exception of one or two ‘extremist privacy zealots’ who would require that a clinician were not to take any clinical notes and be subjected to a ‘brain wipe’ the moment a consultation was concluded, most groups and their representatives were balanced and totally reasonable in their concerns.
If I was to try and summarise what I have heard and continue to hear in a sentence or two it would be that people desire to have control over disclosure (to anyone) of health information they see as sensitive for what-ever reason and that if they feel they lack that control they become concerned or worse. There is also a feeling (belief) that health information – especially historical and diagnostic information – is different to financial and other private information in the sense that once disclosed it may not age or become less important over time (knowing a person’s bank balance or credit card number is likely to be only of importance for a short period of time – not so that an individual who has a genetic illness, has had a mental illness or has HIV / AIDS).
While not yet an issue of significant public concern it seems to me that, in an age where discoveries are being made daily, the control and sharing of genetic information will also become a major health information privacy concern over time.
There is also an increasingly pervasive feeling that exercise of control over one’s private information is becoming more difficult in the electronic age and that there is a reducing tendency to trust assurances as to privacy as individuals see their ‘private information’ turn up, unexpectedly, in the hands of all sorts of marketing entities and the like. Trust is also being eroded with the frequency of stories about improper access to information given in confidence to agencies such as the Australian Tax Office and CentreLink.
As yet it seems that most people are happy to share virtually all private information with the key individuals involved in their care on the general, usually unstated, proviso that they will be asked or give consent in some way and that they understand why such sharing is required. (Chronic disease advocacy groups are among those most keen for controlled but necessary information sharing). There are however some groups – especially those who could be described as having either stigmatising or embarrassing illnesses – who desire very considerable control of the use of their information at almost a ‘line by line’ level. If such groups are not provided with such control they will typically withhold information from carers, with the risk of poor or dangerous care being provided.
There is little doubt that individuals with HIV/AIDS, a history of mental illness and others are a major group of owners of multiple Medicare Cards. This permits them to receive care they may otherwise miss out on without disclosing to routine carers information they wish to keep to themselves. Just how this group will be catered for, reasonably, in the present Access Card and NEHTA proposals, is not yet clear to me.
The use of such ‘multiple identities’ is more common than is widely understood and is based on very well grounded fears of discrimination in all sorts of areas of life if some secrets are not kept. Latrobe University has, in a number of reports, highlighted the range and depth of discrimination and disadvantage suffered by many HIV/ AIDS patients.
It should also be noted that for many chronic disease groups the prospect of the use of de-identified information for purposes such as research and public health is strongly supported – just as long as there is no risk of re-identification of the information being possible.
Another poorly recognised issue on the part of city based health policy developers is the impact of even relatively innocuous unauthorised disclosure of information in smaller communities. (The ‘only gay in the village’ effect.) The impact of such disclosure can result in people needing to re-locate or worse and must be carefully addressed in any system design.
Of note also is the need to recognise that health information typically is associated with detailed demographic information (age, sex, address, date of birth etc) and that this information is true ‘grist to the mill’ for those who wish to trace people for whatever reason or who wish to steal identities.
Another issue not often discussed is the need to ensure flows of information to employers, government agencies etc is not prejudicial to gaining or retaining employment or receiving appropriate benefits and payments. Employers are certainly not equipped, in general, to understand or make sense of private health information, and should not receive it without specific consent. The same also applies to insurance companies, recognising that the citizen must understand that a failure to disclose germane information will most probably mean the coverage is void.
All in all it seems to me there is a perception emerging that control of one’s private health information is being steadily eroded and that this is not beneficial to anyone. As I have said before trust is lost if the citizen does not have the final say as to how, within reason, their private health information will be shared and used, and if that is permitted to happen E-Health will struggle to succeed in the way it should.
It is up to the proponents of the Access Card and NEHTA to ensure these ‘unexpected consequences’ of their initiatives are properly handled, that reassurances provided are indeed true and that we don’t create a class of disadvantaged and discriminated against ‘health information privacy refugees’.
David.
What seems to have been missing, for me, is a discussion of what is actually desired as the practical outcome(s) of whatever privacy regime we put in place and why each of those attributes is important. This is to forget for a moment how these outcomes are to be achieved technically but to recognise that in the design of any technical solution privacy has to be an embedded, fundamental design requirement.
My views have been formed from a range of sources, including a range of contributions to the Access Card Debate from the Privacy Commissioner and Prof. Alan Fels and his Taskforce, but I have additionally had the experience of consulting a range of interest groups in this area directly and the strength of their feelings has had a significant effect on my position. In saying this I must point out that with the exception of one or two ‘extremist privacy zealots’ who would require that a clinician were not to take any clinical notes and be subjected to a ‘brain wipe’ the moment a consultation was concluded, most groups and their representatives were balanced and totally reasonable in their concerns.
If I was to try and summarise what I have heard and continue to hear in a sentence or two it would be that people desire to have control over disclosure (to anyone) of health information they see as sensitive for what-ever reason and that if they feel they lack that control they become concerned or worse. There is also a feeling (belief) that health information – especially historical and diagnostic information – is different to financial and other private information in the sense that once disclosed it may not age or become less important over time (knowing a person’s bank balance or credit card number is likely to be only of importance for a short period of time – not so that an individual who has a genetic illness, has had a mental illness or has HIV / AIDS).
While not yet an issue of significant public concern it seems to me that, in an age where discoveries are being made daily, the control and sharing of genetic information will also become a major health information privacy concern over time.
There is also an increasingly pervasive feeling that exercise of control over one’s private information is becoming more difficult in the electronic age and that there is a reducing tendency to trust assurances as to privacy as individuals see their ‘private information’ turn up, unexpectedly, in the hands of all sorts of marketing entities and the like. Trust is also being eroded with the frequency of stories about improper access to information given in confidence to agencies such as the Australian Tax Office and CentreLink.
As yet it seems that most people are happy to share virtually all private information with the key individuals involved in their care on the general, usually unstated, proviso that they will be asked or give consent in some way and that they understand why such sharing is required. (Chronic disease advocacy groups are among those most keen for controlled but necessary information sharing). There are however some groups – especially those who could be described as having either stigmatising or embarrassing illnesses – who desire very considerable control of the use of their information at almost a ‘line by line’ level. If such groups are not provided with such control they will typically withhold information from carers, with the risk of poor or dangerous care being provided.
There is little doubt that individuals with HIV/AIDS, a history of mental illness and others are a major group of owners of multiple Medicare Cards. This permits them to receive care they may otherwise miss out on without disclosing to routine carers information they wish to keep to themselves. Just how this group will be catered for, reasonably, in the present Access Card and NEHTA proposals, is not yet clear to me.
The use of such ‘multiple identities’ is more common than is widely understood and is based on very well grounded fears of discrimination in all sorts of areas of life if some secrets are not kept. Latrobe University has, in a number of reports, highlighted the range and depth of discrimination and disadvantage suffered by many HIV/ AIDS patients.
It should also be noted that for many chronic disease groups the prospect of the use of de-identified information for purposes such as research and public health is strongly supported – just as long as there is no risk of re-identification of the information being possible.
Another poorly recognised issue on the part of city based health policy developers is the impact of even relatively innocuous unauthorised disclosure of information in smaller communities. (The ‘only gay in the village’ effect.) The impact of such disclosure can result in people needing to re-locate or worse and must be carefully addressed in any system design.
Of note also is the need to recognise that health information typically is associated with detailed demographic information (age, sex, address, date of birth etc) and that this information is true ‘grist to the mill’ for those who wish to trace people for whatever reason or who wish to steal identities.
Another issue not often discussed is the need to ensure flows of information to employers, government agencies etc is not prejudicial to gaining or retaining employment or receiving appropriate benefits and payments. Employers are certainly not equipped, in general, to understand or make sense of private health information, and should not receive it without specific consent. The same also applies to insurance companies, recognising that the citizen must understand that a failure to disclose germane information will most probably mean the coverage is void.
All in all it seems to me there is a perception emerging that control of one’s private health information is being steadily eroded and that this is not beneficial to anyone. As I have said before trust is lost if the citizen does not have the final say as to how, within reason, their private health information will be shared and used, and if that is permitted to happen E-Health will struggle to succeed in the way it should.
It is up to the proponents of the Access Card and NEHTA to ensure these ‘unexpected consequences’ of their initiatives are properly handled, that reassurances provided are indeed true and that we don’t create a class of disadvantaged and discriminated against ‘health information privacy refugees’.
David.
Tuesday, February 06, 2007
Where Could NEHTA Actually Add Value?
In this article I attempt to identify the tasks and objectives that NEHTA should be addressing rather than what is presently happening. The strategic perspective I am adopting is one that says there are two key priorities for virtually all health service organisations and that NEHTA’s efforts should be predominantly focussed on supporting, enabling and facilitation these two (urgent) priorities.
The two key priorities are that first health services should be safe and effective and second that health services should be economically efficient while being equitably accessible and distributed where ever that is possible.
The implications of ‘safe and effective’ include that no unnecessary harm is done, that needed treatments are not omitted and that where possible the care provided is based on up-to-date evidence. There is an implicit implication here that recognises that modern clinical practice is so complicated that only with automated support and well designed systems (both manual and electronic) can ‘safe and effective’ care be demonstrably delivered. Another clear implication is that all deliverers of care must be provided with the best possible tools and circumstances to ensure their patients have the best outcomes.
Efficiency and equity of access I would suggest are matters of common sense and common humanity. We should not be wasteful in delivery of care and we should ensure that all who need care can receive it without unreasonable delay.
Secondary priorities include the collection and management of information that both permits and enables the health system to operate in a coordinated and coherent fashion, be well managed and have a sensible balance between preventative and curative care.
Un-stated, but implicit in all of the above, is that everyone touching the health system is treated with respect, compassion and that their personal privacy and individual autonomy is fully respected and guarded.
NEHTA’s mission should be identify, specify, define and recommend the attributes of the Health IT systems required to optimally support the overall health system which has these objectives and goals. This it should be doing by working with the relevant stakeholders (including clinicians, relevant service providers (Pharmacists, Laboratories, Radiologists etc) ,Health IT providers, Health Departments and Institutions and consumers) to identify out what is needed and then develop innovative ways to have such systems delivered and a coherent fashion.
It seems to me, based on the Rapid Learning Approach identified in two recent blog entries, that where the main value lies is not so much in having systems, but having them actually used in the delivery of care. This means we need usable, quality systems, with rich functionality in decision support etc, in use in our General Practices, Specialist Offices and Hospitals. We also need to have them communicating successfully and safely the clinical information needed both to deliver care and understand what is happening out in ‘the field’. The systems also need to be able to ‘take care of business’ and thus appropriate links to Medicare Australia and other funders are important.
Additionally careful analysis of referral and prescription information and the associated systems is important. Also it is important not to ignore the needs of the public health sector in monitoring illness and warning of possible bio-terrorism. Analysis of where technology can assist in delivery of mental and aged care services is also needed urgently – although much is already known much of the relevant information seems a little fragmented at present in Australia.
On the basis that we know all provision of all the necessary systems is doable the first major task for NEHTA should be to develop a the National E-Health Strategy and Business Case and Broad Implementation Plan that, treating the health system holistically, maps a practical achievable and incrementally achievable roadmap of activities and investment.
Secondary activities should centre around utilising the work done both here and overseas to define and specify functionally the minimum standards for GP, Specialist, Hospital and Ancillary Systems. The CCHIT model in the US is one to consider with relevant changes to suit local conditions and business requirements for certifying systems once the system capabilities and connectivity is defined.
With hospital systems it may be valuable to develop common specifications against which State health systems can conduct procurements. Such systems are major investments and no doubt support from a skilled national entity would be welcome.
In essence what I am suggesting is that NEHTA should be working to ensure, as quickly as possible, quality systems are certified and health providers are able to procure / purchase them in the confidence they will be fit for purpose and deliver the benefits expected while having the basic levels of interoperability needed to enable practical information flows and clinical messaging around the health system. Note I am also keen that key enabling work, terminologies etc, also continue and that NEHTA be resourced to ensure deadlines promised to the Health IT community are actually delivered. That way the available products will be so much better!
It is up to the Health IT system providers to offer competent certifiable products and services and the health system to address how best to facilitate the required investment and ensure benefits are distributed to those who incur the costs and undertake the additional work.
I recognise that this outline is very high level and will require major change management. However, nothing here ‘rocket science’, the technologies are proven and implementable and the risks can be managed reasonably easily. Additionally the implementation can be phased and incremental so mistakes are learnt from and risk further minimised.
An approach of this type could, in a five year time frame, dramatically improve the safety, effectiveness and manageability of our health system. It would be good if NEHTA just forgot about identity management (others are doing it), academic interoperability frameworks, shared EHRs and the like for this period and facilitated getting the basic proven technologies implemented and used. Once the local operational systems of high quality are in place the challenge of enhanced information sharing can be addressed incrementally over time – just as is happening elsewhere in the world (witness the ground up Regional Information Network Approach in the US and the scaling back of the information content on “the Spine” in the UK NHS)
David.
The two key priorities are that first health services should be safe and effective and second that health services should be economically efficient while being equitably accessible and distributed where ever that is possible.
The implications of ‘safe and effective’ include that no unnecessary harm is done, that needed treatments are not omitted and that where possible the care provided is based on up-to-date evidence. There is an implicit implication here that recognises that modern clinical practice is so complicated that only with automated support and well designed systems (both manual and electronic) can ‘safe and effective’ care be demonstrably delivered. Another clear implication is that all deliverers of care must be provided with the best possible tools and circumstances to ensure their patients have the best outcomes.
Efficiency and equity of access I would suggest are matters of common sense and common humanity. We should not be wasteful in delivery of care and we should ensure that all who need care can receive it without unreasonable delay.
Secondary priorities include the collection and management of information that both permits and enables the health system to operate in a coordinated and coherent fashion, be well managed and have a sensible balance between preventative and curative care.
Un-stated, but implicit in all of the above, is that everyone touching the health system is treated with respect, compassion and that their personal privacy and individual autonomy is fully respected and guarded.
NEHTA’s mission should be identify, specify, define and recommend the attributes of the Health IT systems required to optimally support the overall health system which has these objectives and goals. This it should be doing by working with the relevant stakeholders (including clinicians, relevant service providers (Pharmacists, Laboratories, Radiologists etc) ,Health IT providers, Health Departments and Institutions and consumers) to identify out what is needed and then develop innovative ways to have such systems delivered and a coherent fashion.
It seems to me, based on the Rapid Learning Approach identified in two recent blog entries, that where the main value lies is not so much in having systems, but having them actually used in the delivery of care. This means we need usable, quality systems, with rich functionality in decision support etc, in use in our General Practices, Specialist Offices and Hospitals. We also need to have them communicating successfully and safely the clinical information needed both to deliver care and understand what is happening out in ‘the field’. The systems also need to be able to ‘take care of business’ and thus appropriate links to Medicare Australia and other funders are important.
Additionally careful analysis of referral and prescription information and the associated systems is important. Also it is important not to ignore the needs of the public health sector in monitoring illness and warning of possible bio-terrorism. Analysis of where technology can assist in delivery of mental and aged care services is also needed urgently – although much is already known much of the relevant information seems a little fragmented at present in Australia.
On the basis that we know all provision of all the necessary systems is doable the first major task for NEHTA should be to develop a the National E-Health Strategy and Business Case and Broad Implementation Plan that, treating the health system holistically, maps a practical achievable and incrementally achievable roadmap of activities and investment.
Secondary activities should centre around utilising the work done both here and overseas to define and specify functionally the minimum standards for GP, Specialist, Hospital and Ancillary Systems. The CCHIT model in the US is one to consider with relevant changes to suit local conditions and business requirements for certifying systems once the system capabilities and connectivity is defined.
With hospital systems it may be valuable to develop common specifications against which State health systems can conduct procurements. Such systems are major investments and no doubt support from a skilled national entity would be welcome.
In essence what I am suggesting is that NEHTA should be working to ensure, as quickly as possible, quality systems are certified and health providers are able to procure / purchase them in the confidence they will be fit for purpose and deliver the benefits expected while having the basic levels of interoperability needed to enable practical information flows and clinical messaging around the health system. Note I am also keen that key enabling work, terminologies etc, also continue and that NEHTA be resourced to ensure deadlines promised to the Health IT community are actually delivered. That way the available products will be so much better!
It is up to the Health IT system providers to offer competent certifiable products and services and the health system to address how best to facilitate the required investment and ensure benefits are distributed to those who incur the costs and undertake the additional work.
I recognise that this outline is very high level and will require major change management. However, nothing here ‘rocket science’, the technologies are proven and implementable and the risks can be managed reasonably easily. Additionally the implementation can be phased and incremental so mistakes are learnt from and risk further minimised.
An approach of this type could, in a five year time frame, dramatically improve the safety, effectiveness and manageability of our health system. It would be good if NEHTA just forgot about identity management (others are doing it), academic interoperability frameworks, shared EHRs and the like for this period and facilitated getting the basic proven technologies implemented and used. Once the local operational systems of high quality are in place the challenge of enhanced information sharing can be addressed incrementally over time – just as is happening elsewhere in the world (witness the ground up Regional Information Network Approach in the US and the scaling back of the information content on “the Spine” in the UK NHS)
David.
Sunday, February 04, 2007
Australian E-Health Policy – Is NEHTA’s Board Steering in the Right Direction?
On the 30th January 2007 The Australian published a long article entitled “ Doing the numbers on e-health” by Karen Dearne which was described as the “world according to Dr Ian Reinecke” CEO of the National E-Health Transition Authority (NEHTA).
It seems to me that a sensible way to approach the article is to endeavour to distil what was being said or implied and to offer commentary on that basis. As the comments were made by the NEHTA CEO it seems fair to assume he is accurately reflecting the views and understanding of the NEHTA Board and it is my plan to address the apparent policy directions and choices being made by that Board, based on the position reflected in the comments documented in the Australian.
First it was obvious throughout the interview that NEHTA has no sense of urgency about advancing the e-health agenda. We are told that the business case for the National Shared Electronic Health Record (SEHR) may be ready for Council of Australian Governments (COAG) in 2007 (or if not 2007, hopefully 2008) although it was not clear, even if ready, whether it could actually make it onto COAG's agenda. Elsewhere we are told that (presumably) after approval has been given it will take three years (at least) to develop before it can be progressively implemented (over how long is not specified). What this says is that implementation may start in 2011 at the earliest and then proceed at presumably an equally relaxed pace.
Given Australia has been working on a variety of Shared EHR proposals since a House of Representatives Report in 1997 it is just flabbergasting that it can take a decade to get to the stage of developing a business case for e-Health which is yet to be completed or released. (The UK, the US and Canada did this years ago.) Worse it seems they are then prepared to wait another un-specified number of years to actually begin to deliver benefits in terms of patient safety and the quality of care – to say nothing of health sector efficiency. We know from studies overseas the opportunity costs of not implementing Health IT are billions of dollars in benefits forgone per annum (Canada thinks about six billion per annum in their country, which is similar in size to Australia) but it seems clear the NEHTA Board is content to just ignore such costs and proceed at the current leisurely pace. NEHTA itself, in documents published almost a year ago, has shown it understands this opportunity cost – so where is the action?
The lack of urgency with which NEHTA is proceeding becomes even clearer when it is recognised that responsibility for development of the SEHR was passed to NEHTA from the Commonwealth Health Department in April 2005. What progress has been made since then has not been obvious to this observer. Very little - is likely to be the answer given the interview comment like “A lot of that detail will start to move into the public domain, and (the SEHR) will be the subject of intensive work over the next 12 months”.
Second we are told by Dr Reinecke that “My understanding is that the access card will operate quite separately from the healthcare identifier. At this point there's really no place where the projects intersect.”
Just how can this be right?. The Access Card is going to allocate an identifier for use in the access of Health Services - how then can it be that this doesn't intersect with the identifier NEHTA plans to allocate for use in the Health Sector? If this proceeds all it means is that essentially every user of the Health Sector will have two identifiers on their health records – one from Minister Ian Campbell and one from NEHTA. I wonder does the Board understand just how bizarre and potentially wasteful this is?
Worse than that, the NEHTA identifier is likely to be the less robust of the two and yet it is the one that is intended to assure reliable linkage of health records rather than the much more carefully verified Access Card identifier!
Even more difficult to follow is that NEHTA thinks it can provide a health identifier for $15 million a year over three years ($45 million) and the Access Card project is costed at over $1.1 billion over about four years. Someone surely has their costings badly wrong?
Third we are told that it is NEHTA's preference to change the law so they can mine the most reliable of the Medicare client databases for names and addresses to populate their identity database.
I wonder what Professor Alan Fels of the Access Card Privacy Task Force and Ms Karen Curtis of the Commonwealth Privacy Commission would think of this proposal to covertly, and without consent, mine a Medicare database for details provided by citizens in good faith. My suspicion is that they would be gravely concerned. The Board should certainly make sure they are consulted (if it hasn’t) before any more money is spent.
Last we learn that NEHTA is confident the Standards it needs will be ready and that great progress is being made. This is true to the extent that we see the emergence of pragmatism and a sense of urgency in the US and also work in the UK to simplify implementation of HL7 V3.0. While progress is being made at a good pace on the Healthcare Services Specification Project Overview (a collaboration between HL7 and OMG) this work is unlikely to be ready for “prime-time” anytime soon.
It should be remembered that when NEHTA was conceived its job was to *quickly* choose amongst the available (and evaluated) standards - now it is trying to write the standards, which will probably take a decade to agree upon and even longer to generate the evidence that says they actually work. The much lower risk profile for using proven currently working standards versus scrapping them for their obvious defects (they will have these, by definition, of course) and going for long term high risk standards development has never been discussed, nor acknowledged. It is a fundamental shift in NEHTA's program, and seems to almost have happened by accident. Yet it is a profound shift. For this to happen without anyone worrying about it, seems to show an apparent loss of control on the part of the Board in its oversight of NEHTA’s direction.
Without rehearsing again all the other matters I have raised over the last month or two it seems to me that the NEHTA Board has not demonstrated (after two years) it is up to the task of providing National E-Health Leadership and delivering the required oversight to NEHTA. If NEHTA’s CEO reflects the Board’s priorities and views accurately, and I am sure he does, it is my opinion that, on the public evidence to hand, the Board is strategically inept, ill-informed, technically out of its depth, out of touch with the e-health community and stakeholders and their requirements and simply inadequate to the task.
It would be of value to the whole E-Health domain in Australia if the NEHTA Board was to produce a paper documenting their understanding of the issues raised herein and their proposed strategic action plan to address them.
I would also suggest a lot of the problems we now see are related to the loss of the Australian Health Information Council (AHIC) and its role in providing technical and strategic governance of NEHTA. AHIC is apparently to be re-constituted in the next few months (after a two year hiatus) but unless it is properly constituted, resourced and empowered this may be more of a hindrance than a help. We will see.
What I was hoping to hear, and didn’t, was that work on a National E-Health Strategy was well underway and that calls from a large number of stakeholders for improved pragmatism, responsiveness, transparency and consultation from NEHTA’s stakeholders and customers were being taken seriously and actioned. I would also have liked to hear that NEHTA was going to push for rapid progress in implementation of the Health IT applications and approaches that are known to work in saving lives and improving efficiency while pursing its long term R&D agenda. No such luck it seems!
The E-Health Domain is one area where a Commonwealth takeover and Commonwealth leadership is to be welcomed!
David.
It seems to me that a sensible way to approach the article is to endeavour to distil what was being said or implied and to offer commentary on that basis. As the comments were made by the NEHTA CEO it seems fair to assume he is accurately reflecting the views and understanding of the NEHTA Board and it is my plan to address the apparent policy directions and choices being made by that Board, based on the position reflected in the comments documented in the Australian.
First it was obvious throughout the interview that NEHTA has no sense of urgency about advancing the e-health agenda. We are told that the business case for the National Shared Electronic Health Record (SEHR) may be ready for Council of Australian Governments (COAG) in 2007 (or if not 2007, hopefully 2008) although it was not clear, even if ready, whether it could actually make it onto COAG's agenda. Elsewhere we are told that (presumably) after approval has been given it will take three years (at least) to develop before it can be progressively implemented (over how long is not specified). What this says is that implementation may start in 2011 at the earliest and then proceed at presumably an equally relaxed pace.
Given Australia has been working on a variety of Shared EHR proposals since a House of Representatives Report in 1997 it is just flabbergasting that it can take a decade to get to the stage of developing a business case for e-Health which is yet to be completed or released. (The UK, the US and Canada did this years ago.) Worse it seems they are then prepared to wait another un-specified number of years to actually begin to deliver benefits in terms of patient safety and the quality of care – to say nothing of health sector efficiency. We know from studies overseas the opportunity costs of not implementing Health IT are billions of dollars in benefits forgone per annum (Canada thinks about six billion per annum in their country, which is similar in size to Australia) but it seems clear the NEHTA Board is content to just ignore such costs and proceed at the current leisurely pace. NEHTA itself, in documents published almost a year ago, has shown it understands this opportunity cost – so where is the action?
The lack of urgency with which NEHTA is proceeding becomes even clearer when it is recognised that responsibility for development of the SEHR was passed to NEHTA from the Commonwealth Health Department in April 2005. What progress has been made since then has not been obvious to this observer. Very little - is likely to be the answer given the interview comment like “A lot of that detail will start to move into the public domain, and (the SEHR) will be the subject of intensive work over the next 12 months”.
Second we are told by Dr Reinecke that “My understanding is that the access card will operate quite separately from the healthcare identifier. At this point there's really no place where the projects intersect.”
Just how can this be right?. The Access Card is going to allocate an identifier for use in the access of Health Services - how then can it be that this doesn't intersect with the identifier NEHTA plans to allocate for use in the Health Sector? If this proceeds all it means is that essentially every user of the Health Sector will have two identifiers on their health records – one from Minister Ian Campbell and one from NEHTA. I wonder does the Board understand just how bizarre and potentially wasteful this is?
Worse than that, the NEHTA identifier is likely to be the less robust of the two and yet it is the one that is intended to assure reliable linkage of health records rather than the much more carefully verified Access Card identifier!
Even more difficult to follow is that NEHTA thinks it can provide a health identifier for $15 million a year over three years ($45 million) and the Access Card project is costed at over $1.1 billion over about four years. Someone surely has their costings badly wrong?
Third we are told that it is NEHTA's preference to change the law so they can mine the most reliable of the Medicare client databases for names and addresses to populate their identity database.
I wonder what Professor Alan Fels of the Access Card Privacy Task Force and Ms Karen Curtis of the Commonwealth Privacy Commission would think of this proposal to covertly, and without consent, mine a Medicare database for details provided by citizens in good faith. My suspicion is that they would be gravely concerned. The Board should certainly make sure they are consulted (if it hasn’t) before any more money is spent.
Last we learn that NEHTA is confident the Standards it needs will be ready and that great progress is being made. This is true to the extent that we see the emergence of pragmatism and a sense of urgency in the US and also work in the UK to simplify implementation of HL7 V3.0. While progress is being made at a good pace on the Healthcare Services Specification Project Overview (a collaboration between HL7 and OMG) this work is unlikely to be ready for “prime-time” anytime soon.
It should be remembered that when NEHTA was conceived its job was to *quickly* choose amongst the available (and evaluated) standards - now it is trying to write the standards, which will probably take a decade to agree upon and even longer to generate the evidence that says they actually work. The much lower risk profile for using proven currently working standards versus scrapping them for their obvious defects (they will have these, by definition, of course) and going for long term high risk standards development has never been discussed, nor acknowledged. It is a fundamental shift in NEHTA's program, and seems to almost have happened by accident. Yet it is a profound shift. For this to happen without anyone worrying about it, seems to show an apparent loss of control on the part of the Board in its oversight of NEHTA’s direction.
Without rehearsing again all the other matters I have raised over the last month or two it seems to me that the NEHTA Board has not demonstrated (after two years) it is up to the task of providing National E-Health Leadership and delivering the required oversight to NEHTA. If NEHTA’s CEO reflects the Board’s priorities and views accurately, and I am sure he does, it is my opinion that, on the public evidence to hand, the Board is strategically inept, ill-informed, technically out of its depth, out of touch with the e-health community and stakeholders and their requirements and simply inadequate to the task.
It would be of value to the whole E-Health domain in Australia if the NEHTA Board was to produce a paper documenting their understanding of the issues raised herein and their proposed strategic action plan to address them.
I would also suggest a lot of the problems we now see are related to the loss of the Australian Health Information Council (AHIC) and its role in providing technical and strategic governance of NEHTA. AHIC is apparently to be re-constituted in the next few months (after a two year hiatus) but unless it is properly constituted, resourced and empowered this may be more of a hindrance than a help. We will see.
What I was hoping to hear, and didn’t, was that work on a National E-Health Strategy was well underway and that calls from a large number of stakeholders for improved pragmatism, responsiveness, transparency and consultation from NEHTA’s stakeholders and customers were being taken seriously and actioned. I would also have liked to hear that NEHTA was going to push for rapid progress in implementation of the Health IT applications and approaches that are known to work in saving lives and improving efficiency while pursing its long term R&D agenda. No such luck it seems!
The E-Health Domain is one area where a Commonwealth takeover and Commonwealth leadership is to be welcomed!
David.
Subscribe to:
Posts (Atom)