Apparently we are to know lots more tomorrow.
I look forward to clarity I must say! I wonder will e-Health get a major mention?
The announcement will be live on Sky News at 12:30pm I am told.
David.
This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Apparently we are to know lots more tomorrow.
I look forward to clarity I must say! I wonder will e-Health get a major mention?
The announcement will be live on Sky News at 12:30pm I am told.
David.
The following is the current state of my Draft – Comments please! Most changes are in the second ½ of the document. I plan to submit Thursday so I have no technical problems.
----- Begin Submission.
Topic: Enquiry into the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010
Submission Author:
Dr David G More BSc, MB, BS, PhD, FFARACS, FCICM,FACHI.
Author’s Background. The author of this submission is an experienced specialist clinician who has been working in the field of e-Health for over 20 years.
General Points on the Bills.
First without seeing the associated regulations it is impossible for the Senate committee to know what we are actually going to wind up with as a final implemented system. As the Late US President Ronald Regan put it "Trust but Verify" The Senate should insist in seeing at least the proposed draft regulations.
Second the Bills are being treated in isolation from the larger e-Health agenda for which there is at present no effective leadership, organisation or governance as recommended in the 2008 National E- Health Strategy which was developed for the Australian Health Ministers Council (AHMC) by Deloittes and subsequently agreed. To be undertaking legislation and implementation with this gap not addressed is, as Sir Humphrey would say ‘exceptionally courageous’ or maybe his worst grade – that of ‘politically suicidal’.
Third to not be undertaking small and large scale pilot implementations before a nationwide rollout is, in my view just foolhardy and just nonsensical. No responsible organisation just switches on a national system of this scale without a lot of operational testing etc. The whole project poses massive risk from an organisation that has been found wanting in other much less complex implementations. (e.g. Medicare Easyclaims). Internationally and at a State level in Australia there have been very many difficulties with many such projects and very few obvious successes.
Fourth it would seem to be quite strange to be passing legislation for the HI Service without being clear what comes next. A COAG proposal is being developed by Department of Health Ageing for a fuller E-Health approach at the time of this submission but is still secret. The time for legislation is when that fuller agenda is public and has been debated by stakeholders.
Fifth there is no evidence there will be wide-spread use of the HI Service until there are some arrangements put in place to ensure they have their reasonable time and costs rebated in some form. I am informed NEHTA has approached their Board on this matter – but in absence of this approval the entire Health Identifier Service risks being an expensive white elephant
Sixth it now seems there are some issues surrounding the behaviour of Medicare Australia staff in regard to the handling of personal information.
The following report appeared on March 2, 2010 and raises significant issues in my view.
MORE than one in six Medicare Australia employees is suspected of having spied on confidential client records in the past financial year.
In a statutory personal information digest submitted to the federal Privacy Commissioner, Medicare reports 948 staff members out of a total of 5887 employees were being tracked on an unauthorised access database as at June 30 last year.
This was up from the 750 employees under surveillance at the end of June 2008.
That same year, Medicare set up a "high-profile individual" database with records belonging to 250 people -- apparently as a honeypot for snoops. The purpose was said to be "to assist with identifying unauthorised access to information" held in agency systems by tracking staffers who sought to look at the medical history of famous Australians.
Apart from Medicare card numbers, names and addresses, healthcare provider details and benefit summaries, sensitive data includes medical and financial information.
Unlike other agencies such as Centrelink, Medicare does not disclose privacy breach statistics in its annual reports.
The full article is found here:
Clearly such staff cannot be trusted to manage the even more sensitive information that is planned to be held in the Electronic Record System being proposed by Medicare Australia and NEHTA.
Seventh, while the HI System does not provide for the look up of patient name and address information it can, by returning an identifier when queried with a name, date of birth and address, confirm the validity of a name and address pair which may assist in unwanted tracking down of individuals who would rather avoid this happening (e.g. domestic violence victims)
I have written more about this topic here:
http://aushealthit.blogspot.com/2010/03/there-might-be-major-hole-in-design-of.html
Last, while there is no doubt there would be major benefit from a smooth running efficient National Identifier System the costs of ongoing delivery and maintenance (recording births, deaths, address changes and so on for some 22 million souls) are not addressed and may be very considerable. Other options exist for addressing Health Identification but these have never been explored and there has never been a business case developed .
All the above points ignore the various risks to privacy and identity protection which I am sure others will provide detailed submissions upon.
In summary it is my professional opinion that the community is entitled to be presented with legislation that takes a far more holistic view of the way e-Health systems and services are to be delivered to Australians and addresses clearly and systematically all the possible risks that are associated with the implementation of large complex systems as well as providing an optimal framework for governance, leadership, privacy protection and engagement with the caring professions and consumers who are going to be required to use these systems.
The present proposed legislation is deeply inadequate and there are major implementation risks with the project overall which I do not believe have been treated frankly by the enthusiasts for this Bill in its present form. I find it concerning that there are a number or organisations who are not specialists in e-Health who are lobbying for passage of the bill, without any apparent in depth understanding of the risks this project runs, unless the plans for its delivery are dramatically improved.
Finally I have to point out that we have had at least a lost decade of (essentially no) progress in e-Health. We are presently at a cusp and if the right path is not chosen and implemented it will be another decade before e-Health realises its promise in Australia. Right now I do not believe we are on the right path.
Dr David G More.
----- End Submission.
Thanks in advance for any suggestions.
David.
The following appeared today – March 2, 2010.
Karen Dearne
From: The Australian
March 02, 2010 12:00AM
REVELATIONS that Medicare Australia has investigated 1058 employees for possible unauthorised access to client records in the past three years may rock a Senate inquiry into the controversial Healthcare Identifiers Bill.
The bill has been dogged by concerns over patient privacy raised by consumer health, privacy and technology advocates.
Australian IT uncovered evidence that 948 staff out of a total 5887 employees were being tracked via an Unauthorised Access database as at June 30, 2009 for apparently snooping among client files without a valid reason.
But a Medicare spokesman has disputed the one-in-six figure provided to the federal Privacy Commissioner in a statutory report, saying that by December 2009, 1058 cases had been investigated since surveillance started in November 2006. "Of these, 54 per cent were found to be unauthorised access, although about 30 per cent of these cases involved staff accessing their own record," the spokesman said.
"About 43 per cent were found to be legitimate access, and investigations are still in progress in relation to the other 3 per cent."
It is understood the internal surveillance system was introduced as part of a Medicare crackdown on privacy breaches.
Health Minister Nicola Roxon has been relying on Medicare's reputation as a secure handler of Australians' personal information as it prepares to launch a nationwide Healthcare Identifier service from July 1 -- provided enabling legislation is passed in time.
.....
But the unexpected news of snooping by Medicare staff has set off alarm bells.
"These figures suggest hundreds or thousands of patient records may have been accessed without authorisation over the past few years," says Australian Privacy Foundation health spokeswoman Juanita Fernando.
"Healthcare authorities have always claimed Medicare staff respect people's privacy yet the federal government is currently considering a bill that extends `birth to grave' access to the private information of all Australians to an additional 600,000 individuals."
Dr Fernando said it was perplexing that health authorities had not provided details of alleged data breaches at a time when "HI bills that further reduce our privacy rights are before parliament".
.....
The full article is here:
What to say? At first glance it looks like Medicare Australia needs a full blown ‘cultural renovation’ before getting involved in the HI Service and the planned Electronic Health Records Service. They are certainly not up to it at present and won’t be for a while I would suggest.
The clear implication of all this is that we must see and be confident in all the governance arrangements for the HI Service and what may follow before we pass legislation that does not provide the public with some real protections against such ‘snooping’.
To not fix this will be a nail in the coffin of e-Health more generally as it will have a major impact on public trust.
Looks like a little more work on the HI Service Legislation submission is needed!
David.
Those who have been following the development of the Health Identifier (HI) Service by Medicare / NEHTA will be aware that a key document is that one describing the Concept of Operations for the HI Service.
The document is found here for those who do not have access to it.
http://www.nehta.gov.au/component/docman/doc_download/872-concept-of-operations
A key part of the document describes the process by which one obtains a person’s IHI.
In the Use Cases provided the individual turns up to a health care provider (with or without a Medicare Card (A Trusted Data Source Identifier) and when the details are entered, and an exact match is found, the IHI is returned for incorporation in the patient record.
If no match is found – or multiple matches are found – the address is used to get an exact match and all the entered information and the IHI is provided by the HI service in return.
What this means – among other more useful attributes – is that we will now have 600,000 healthcare providers who now all have a way to confirm a name, DOB and sex and address for accuracy. Either an IHI will be retuned – details are correct and current – or an error will be returned and an unverified IHI process follows.
The issue is that this is the biggest and hopefully most reliable name, DOB and Address data base in the country that can now be used by all sorts of people for all sorts of reasons to confirm current details – some valid and some possibly considerably less so!
Better still it also offers a batch update capability so all sorts of options can be checked for validity!
The Australian Electoral Commission has a similar system but you can disappear easily from it by moving or never registering to vote – and of course children are not covered by the AEC – and you have to search one at a time.
It seems to me the sheer number of people who can access this environment make it virtually certain there will be abuse and it will be very hard to detect such abuse as those who do it can just claim typing inaccuracy.
It seems to me making sure such a facility is not abused and that no harm will flow is another very good reason to conduct a range of scaled pilots of a live and working system.
If there are clever, and possibly other, ways to abuse the HI Service we need to find out sooner rather than later. There is really only one way to do this and that is live progressively scaled testing.
David.
Last week I published a blog pointing readers at a very amusing firsthand account of life within the interstices of DoHA written a one Myles Peterson.
The blog is found here:
http://aushealthit.blogspot.com/2010/02/truth-about-department-of-health-and.html
Over the weekend I was sent a link covering DoHA’s response.
The Sunday Age had a fantastic whistleblower piece from an ex-insider at the current federal government's health department.
It's a cracker of a read from start to finish, exposing policy on the run, bureaucratic money-wasting verging on rorts and the frustration of being inside a system that seems to value announcements over action. [Note: department's detailed and angry response has been added to the end of this blog]
Of course, it should be taken with a grain of salt. We don't know if the author has any undisclosed axes to grind, though his background as a video game reviewer and World of Warcraft gamer (see the first comment here) speaks more to me of genial nerd than Machiavelli.
And of course any refugee from any government bureaucracy, of any political colour, will have war stories like this.
But one thing caught my eye in particular - the bit about the YourHealth website.
Back mid last year we were waiting with bated breath for the final report of the Health and Hospitals Reform Commission, a massive review of health policy that had been through an exhausting series of public consultations.
Finally the thing was released... and Rudd announced... another exhausting series of public consultations, to discuss its contents and proposals.
He made the announcement one morning in front of a backdrop with a logo I had not seen before, and a web address that was unfamiliar to me: YourHealth.gov.au.
But his speech made no mention of this, as far as I can recall.
And the website came up blank. There was no such site.
The rest of the saga and the Departmental response can be read here:
http://blogs.theage.com.au/triage/archives/2010/02/yourhealthbodgyrushedgovau.html
Great fun – as are the comments that follow.
Enjoy.
David.
As reported a day or so ago the Senate is conducting a short enquiry into the Health Identifiers Bill. The deadline for response is very tight indeed.
THE controversial Healthcare Identifiers Bill has been referred to a Senate inquiry, but interested parties will need to meet a very tight deadline for comment, with a report due back before federal parliament by March 15.
The Senate Scrutiny of Bills committee said the HI bill "seeks to introduce a significant change by implementing a national system to assign healthcare identifiers for consumers and providers".
Under the proposed law, introduced by federal Health Minister Nicola Roxon, unique identifiers will be mandatorily issued to all Australians by Medicare Australia, which will operate the HI regime.
If the bill is passed, from July 1 all Australians will be issued with a 16-digit unique number linked to existing Medicare numbers, while all medical providers and healthcare organisations will also be given a unique 16-digit identifier.
Unique identifiers provide a key foundation for more widespread information-sharing of patient records across the health sector, and are intended to ensure correct assignment of personal data in electronic health record systems, and secure exchange of communications between doctors.
But health consumer and privacy advocates have warned of the dangers of abuse or exposure of personal medical information, as well as the potential for government-issued numbers to morph into a broader national identity scheme.
The Senate Community Affairs committee will have to consider whether the bill contains sufficient privacy safeguards, the operation of the HI service, including access to identifiers, and its relationship to the wider national e-health agenda and future electronic health records.
Written submissions should be lodged by March 5, and public hearings are expected to be held in Canberra on March 9-10.
More here:
The story was also picked up here
Health Minister Nicola Roxon has referred the e-health Bill for the introduction of a universal identifying health number — the Healthcare Identifiers Bill — to a Senate Committee.
According to the minister's office, the Bill was introduced to the Senate Standing Committee on Community Affairs to satisfy "ongoing community and stakeholder interest".
"Whenever there are high levels of community interest in [a] bill it's very common practice for a bill to be referred to the committee," Roxon's spokesperson Katie Hall told ZDNet.com.au.
The committee is expected to look into privacy safeguards in the Bill, which involves the issue of a unique 16-digit unique number to Medicare members, medical providers and healthcare organisations. The committee will also look at the operation of the services required to utilise the numbers, and the Bill's expected role in the national e-health agenda.
More here:
Here are the full details of the enquiry.
On 24 February 2010 the Senate referred the Healthcare Identifiers Bill 2010; for inquiry and report.
The Healthcare Identifiers Bill 2010 establishes the national e-health Healthcare Identifiers Service to provide that patients, healthcare providers and provider organisations can be consistently identified.
The Healthcare Identifiers (Consequential Amendments) Bill 2010 (introduced with the Healthcare Identifiers Bill 2010) amends the Health Insurance Act 1973 to authorise the Chief Executive Officer of Medicare to delegate functions to support the Healthcare Identifiers Service (HIS); and Privacy Act 1988 to: provide that the HIS comes under the jurisdiction of the Privacy Commissioner; and make amendments consequential on the Personal Property Securities (Consequential Amendments) Act 2009.
The following issues were outlined for the Committee to consider during the inquiry:
• privacy safeguards in the Bill
• operation of the Healthcare Identifier Service, including access to the Identifier
• relationship to national e-health agenda and electronic health records.
Submissions should be received by 05 March 2010. The reporting date is 15 March 2010.
The Committee is seeking written submissions from interested individuals and organisations preferably in electronic form submitted online or sent by email to community.affairs.sen@aph.gov.au as an attached Adobe PDF or MS Word format document. The email must include full postal address and contact details.
Alternatively, written submissions may be sent to:
Department of the Senate
PO Box 6100
Parliament House
Canberra ACT 2600
Australia
Notes to help you prepare your submission are available from the website at http://www.aph.gov.au/senate/committee/wit_sub/index.htm. Alternatively, the Committee Secretariat will be able to help you with your inquiries and can be contacted on telephone +61 2 6277 3515 or facsimile +61 2 6277 5829 or by email to community.affairs.sen@aph.gov.au.
Inquiries from hearing and speech impaired people should be directed to Parliament House TTY number 02 6277 7799. Adobe also provides tools at http://access.adobe.com/ for the blind and visually impaired to access PDF documents. If you require any special arrangements to enable you to participate in the Committee's inquiry, please contact the Committee Secretariat.
Once the Committee accepts your submission, it becomes a confidential Committee document and is protected by Parliamentary Privilege. You must not release your submission without the Committee's permission. If you do, it will not be protected by Parliamentary Privilege. At some stage during the inquiry, the Committee normally makes submissions public and places them on its website. Please indicate if you want your submission to be kept confidential.
For further information, contact:
Department of the Senate
PO Box 6100
Parliament House
Canberra ACT 2600
Australia
Phone: +61 2 6277 3515
Fax: +61 2 6277 5829
Email: community.affairs.sen@aph.gov.au
This information is found here:
http://aph.gov.au/Senate/committee/clac_ctte/healthcare_identifier/info.htm
My Draft Submission is as follows and I would welcome comments and suggestions.
----- Begin Submission.
Topic: Enquiry into the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010
Submission Author:
Dr David G More BSc, MB, BS, PhD, FFARACS, FCICM,FACHI.
Author’s Background. The author of this submission is an experienced specialist clinician who has been working in the field of e-Health for over 20 years.
General Points on the Bills.
First without seeing the associated regulations it is impossible for the Senate committee to know what we are actually going to wind up with as a final implemented system. As the Late US President Ronald Regan put it "Trust but Verify" The Senate should insist in seeing at least the proposed draft regulations.
Second the Bills are being treated in isolation from the larger e-Health agenda for which there is at present no effective leadership, organisation or governance as recommended in the 2008 National E- Health Strategy which was developed for the Australian Health Ministers Council (AHMC) by Deloittes and subsequently agreed. To be undertaking legislation and implementation with this gap not addressed is as Sir Humphrey would say ‘exceptionally courageous’.
Third to not be undertaking small and large scale pilot implementations before a nationwide rollout is, in my view just foolhardy and just nonsensical. No responsible organisation just switches on a national system of this scale without a lot of operational testing etc. The whole project poses massive risk from an organisation that has been found wanting in other much less complex implementations. (e.g. Medicare Easyclaims). Internationally and at a State level in Australia there have been very many difficulties with many such projects and very few obvious successes.
Fourth it would seem to be quite strange to be passing legislation for the HI Service without being clear what comes next. A COAG proposal is being developed by Department of Health Ageing for a fuller E-Health approach at the time of this submission but is still secret. The time for legislation is when that fuller agenda is public and has been debated by stakeholders.
Fifth there is no evidence there will be wide-spread use of the HI Service until there are some arrangements put in place to ensure they have their reasonable time and costs rebated in some form. I am informed NEHTA has approached their Board on this matter – but in absence of this approval the entire Health Identifier Service risks being an expensive white elephant
Last, while there is no doubt there would be major benefit from a smooth running efficient National Identifier System the costs of ongoing delivery and maintenance (recording births, deaths, address changes and so on for some 22 million souls) are not addressed and may be very considerable. Other options exist for addressing Health Identification but these have never been explored and there has never been a business case developed .
All the above points ignore the various risks to privacy and identity protection which I am sure others will provide detailed submissions upon.
In summary it is my professional opinion that the community is entitled to be presented with legislation that takes a far more holistic view of the way e-Health systems and services are to be delivered to Australians and addresses clearly and systematically all the possible risks that are associated with the implementation of large complex systems as well as providing an optimal framework for governance, leadership, privacy protection and engagement with the caring professions and consumers who are going to be required to use these systems.
The present proposed legislation is deeply inadequate and there are major implementation risks with the project overall which I do not believe have been treated frankly by the enthusiasts for this Bill in its present form.
Dr David G More.
----- End Submission
I would be keen to have comments that can improve this draft.
David.
About 4 weeks ago I posted the two documents I had been sent.
See here:
http://aushealthit.blogspot.com/2010/02/what-fun-nehta-lets-its-health.html
After a request from NEHTA I took the – claimed to be draft - documents down, on the understanding NEHTA would release the finalised documents in reasonable period.
See here:
http://aushealthit.blogspot.com/2010/02/request-to-take-files-off-line.html
Well it now appears that the strategy is being actioned. We have the new web-site (www.ehealthinfo.gov.au) and we have banner ads appearing a on the RACGP web site.
A check on the NEHTA website and my e-mail inbox finds no such documents.
With all that in mind it seems the time has come to allow readers to know what to expect next!
The files can again be downloaded here:
http://moreassoc.com.au/downloads/Healthcare%20Identifiers%20Comms%20Strategy%20A.pdf
and here:
http://moreassoc.com.au/downloads/Healthcare%20Identifiers%20Comms%20Strategy%20B.pdf
Enjoy reading and as they say forewarned is forearmed!
I will note in passing – as free advice to NEHTA – their case for fostering provider adoption looks flimsy at best.
This time the files come down when NEHTA releases the finals – if any later versions actually exist.
Enjoy.
David.