Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, March 17, 2010

AusHealthIT Man Poll Number 12 – Results - 17 March, 2010

The question was:

Should the Rudd Health Program be Approved by the Council Of Australian Government without Publishing Details of the E-Health Proposal.

You Are Kidding?

25 (56%)

Not Sensibly

9 (20%)

Neutral

0 (0%)

Possibly

5 (11%)

Yup, I Trust Them

5 (11%)

Votes 44.

Comment:

Well, that is pretty clear. No clarity on e-Health, no progress on reform!

Thanks again to all who voted.

David.

Weekly Australian Health IT Links - 17-03-2010.

Here are a few I have come across this week.

Note: Each link is followed by a title and a paragraph or two. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or payment.

General Comment:

There is little doubt the key e-Health event of the last week was the Senate Enquiry into the proposed Health Identifier Service. This has had extensive coverage on the blog with all sorts of positions put. It was impressive that on a Saturday the article published on the topic garnered 170 page view and 11 comments in just one day – an indicator of the level of interest I would suggest.

If you missed this article is here:

http://aushealthit.blogspot.com/2010/03/another-4pm-friday-information-release.html

The release of the report of the Senate Report on March 15, 2010 (Monday) will be fascinating after they will have digested almost 10 hours of testimony and 50+ submissions.

Now released, see here:

http://aushealthit.blogspot.com/2010/03/minority-coalition-report-on-hi-service.html

The other story of the week has been the discovery by and reporting of by the Australian of some less than ideal behaviour on the part of Medicare Australia (MA) employees. This has now been well publicised in the professional press as well and will do considerable harm to the relationships between MA and clinicians if not handled well. To date I sense rather more denial than is useful.

On the broader front we are still to see how the Rudd / Roxon Health Reform plans will play out and how easy it will be to align the ducks (read Premiers).

-----

http://www.theaustralian.com.au/australian-it/hospital-networks-key-to-e-health-plan-rudds-health-reform/story-e6frgakx-1225838376605

Hospital networks key to e-health plan: Rudd's health reform

KEVIN Rudd's health reform plan is good news for e-health, according to Deloitte partner Adam Powick, lead author of the National E-health Strategy.

E-health barely rated a mention last week, but Mr Powick told The Australian "no government is going to invest in e-health or IT systems without a reform context, and we clearly have that now".

"Mr Rudd talked about the need to deliver better integrated, better co-ordinated care that's more responsive to patient needs, and about putting in place a health system for the 21st century," he said.

"I'd argue very strongly that you can't do either without electronic communications."

-----

http://www.zdnet.com.au/news/software/soa/Health-ID-allows-people-tracking-Democrats/0,130061733,339301619,00.htm

Health ID allows people tracking: Democrats

By Renai LeMay, Delimiter.com.au
09 March 2010 09:41 AM

The Australian Democrats party has warned that Health Minister Nicola Roxon's Health Identifiers Bill appears similar to the previous Howard government's ill-fated attempt to replace the Medicare Card with what it called an Access Card, which many saw as an attempt to create a national ID card.

In early February, Health Minister Nicola Roxon introduced legislation into Federal Parliament that would introduce a National Health Identifier to be implemented by the middle of 2010.

The health and social services Access Card project was terminated in November 2007 when Kevin Rudd's Labor government took office, ending several years of debate about whether the card was an attempt to introduce a national ID card similar to the Australia Card — dumped as a project back in 1987.

-----

http://www.zdnet.com.au/news/software/soa/Privacy-dominates-Senate-e-health-inquiry/0,130061733,339301725,00.htm

Privacy dominates Senate e-health inquiry

By Ben Grubb, ZDNet.com.au
12 March 2010 04:05 PM

Over the last two days a Senate inquiry has delved into the government's plans to roll-out a 16-digit national healthcare identifier for the majority of Australians, with the main obstacle many parties saw to implementation still being privacy.

The inquiry will hand in a report next week which will help inform debate in the Senate over the Bill.

Health Minister Nicola Roxon referred the Bill to a Senate Committee late February due to high levels of community interest.

The Australian Privacy Foundation, the Public Interest Advocacy Centre and the Cyberspace Law and Policy Centre in the law faculty at the UNSW all spoke at the inquiry.

-----

http://www.smh.com.au/technology/technology-news/computer-bungle-threatens-medical-research-20100312-q460.html

Computer bungle threatens medical research

JULIE ROBOTHAM

March 13, 2010

The federal government's distribution of $379 million in health and medical research funding is in turmoil following the failure this week of a computer system meant to log scientists' applications online.

The new system has buckled under the strain of receiving about 3000 applications for prestigious National Health and Medical Research Council project grants, leaving researchers unable to edit the submissions on which their chance of funding and their careers depend.

Les Field, the deputy vice-chancellor of research at the University of NSW, said: ''Researchers repeatedly lost parts of what they had been working on and found it difficult or impossible to make changes or edit their proposals.''

-----

http://www.theaustralian.com.au/australian-it/roxon-folds-and-releases-draft-health-identifier-rules/story-e6frgakx-1225840170232

Roxon folds and releases draft health identifier rules

  • Karen Dearne
  • From: Australian IT
  • March 12, 2010 6:08PM

FEDERAL Health Minister Nicola Roxon has buckled and released proposed draft regulations for the Healthcare Identifiers service, after privacy and security experts told a Senate inquiry the HI Bill could not rationally be considered without the accompanying rules that underpin the legislation.

A consultation paper prepared by the Australian Health Ministers’ Advisory Council was also released late Friday afternoon.

But it may be a case of too little, too late, with the regulations providing little new detail, and failing to address problems with the bill including the compulsory nature of the scheme, under which every Australian will be issued a 16-digit unique healthcare identifier from July 1 for improved medical information-sharing across the health sector.

-----

http://www.e-health-insider.com/news/5724/new_csc_deal_hinges_on_morecambe_bay

New CSC deal hinges on Morecambe Bay

11 Mar 2010

A deal to cut hundreds of millions of pounds from the National Programme for IT in the NHS by cutting back the scope of its main electronic patient record software is set to be signed, if CSC can deliver Lorenzo to an acute trust within two weeks.

E-Health Insider understands that a new deal with CSC for the North, Midlands and East of England hinges on the trust-wide go-live of Lorenzo at University Hospitals of Morecambe Bay NHS Trust by the end of March.

This vital deadline looks set to be missed. In an interview with CIO Magazine last week, Andrew Spence, CSC’s UK director of healthcare strategy, was bullish about progress at Morecambe. “We’re ruthlessly focussed on getting things right for Morecambe Bay,” he said.

-----

http://www.smh.com.au/business/media-and-marketing/apples-future-wont-be-brought-to-you-by-the-letter-i-20100311-q1of.html?rand=1268310338205

Apple's future won't be brought to you by the letter 'i'

March 12, 2010

Apple has been dealt a severe blow, having been told that it no longer has a monopoly on the letter ''i'' as a prefix for all its products. A trademarks tribunal has knocked back Apple's bid to stop a small company from trademarking the name DOPi for use on its laptop bags and cases for Apple products.

Apple argued that the DOPi name - iPod spelt backwards - was too similar to the California-based technology company's popular portable music player, which has sold more than 100 million units worldwide.

Apple has long relied on legal muscle to pursue individuals or companies it sees as infringing on its copyright. That came to a halt when the tribunal rejected its claim that consumers might think that they were buying an Apple product.

.....

Despite being helped by a major law firm, Apple overlooked the fact that there were already a large number of products that have the ''i'' prefix before their name - iSkin and iSoft, to name just two - all of which are operating in the same class of electronic goods.

-----

http://www.computerweekly.com/blogs/tony_collins/2010/03/isoft-loses-a-senior-executive.html

iSoft loses a senior executive

From US health IT website Histalk:

"iSoft loses another senior executive from it's flagship business unit. Just confirmed from internal source that Keith Kirtland, UK&I Commercial and Sales Director resigned earlier this month."

The website reports that Kirtland is the fourth sales director in as many years and his departure may affect "overall sales in the UK for this troubled NPfIT supplier".

In response to the report, an iSoft spokesman said this morning:

"Mr Kirtland left for personal reasons. Tony Bowden, formerly of Initiate, has been appointed business development director for the UK and Ireland business."

-----

http://blogs.crikey.com.au/croakey/2010/03/10/part-1-how-to-save-billions-in-health-costs-john-menadue/

Part 1: How to save billions in health costs – John Menadue

, by Croakey

In the first of two Croakey articles looking at how to cut health costs, John Menadue writes:

“Successive governments in Australia have failed to examine and take action to curb rapidly rising costs and inefficiencies in healthcare. To address these problems would involve confronting special interests with their Canberra lobbying power.

The Opposition is now attempting to frighten us over new taxes to fund healthcare.

See point 5:

5. The glacial introduction of e-health. The delivery of health services is a very labour and information intensive activity. The same is true in finance and banking. But whereas the banking sector has revolutionised its information systems, the health sector is still in the horse-and-buggy age. Estimates range from 5% to 10% as the potential savings that could be achieved by efficient and effective implementation of health IT. A 5% improvement would be about $5 b of Australia’s total health spending. Commonwealth Government leadership has been lacking in this area.

-----

http://www.theaustralian.com.au/australian-it/nsw-first-for-health-identifiers/story-e6frgakx-1225839264934

NSW first for health identifiers

  • Karen Dearne
  • From: Australian IT
  • March 10, 2010 4:55PM

NSW public hospital patients will be guinea pigs for the countrywide rollout of healthcare identifiers, with an estimated 4.5 million people signed onto the new system by the state within 18 months.

National E-Health Transition Authority chief executive Peter Fleming told a Senate inquiry into the Healthcare Identifiers (HI) Bill that - once the legislation and as yet undisclosed regulatory controls are passed by Parliament - up to 6 million Australians could have Medicare-assigned unique patient numbers, intended to support clinician access to personal health information, within that timeframe.

NSW Health is spearheading NEHTA's work on linking some 20 separate hospital-issued health identifiers to the new unique personal identifiers, off the back of an upgrade of current radiology information and picture archiving and communications systems.

-----

http://www.theaustralian.com.au/business/industry-sectors/telstra-plan-hits-a-wall/story-e6frg9hx-1225838885252

Telstra split hits a wall

KEVIN Rudd's bill to force the break-up of Telstra looks doomed to fail, with the Coalition and a key cross-bench senator resolving yesterday to vote against it.

Opposition communications spokesman Tony Smith said the Coalition was "utterly opposed" to the move to force Telstra to separate its wholesale and retail arms by denying it access to the spectrum it needed for its future business.

"Labor's legislation is a deliberate assault on Telstra and its 1.4 million shareholders and 30,000 employees," he said.

"(It) is all about trying to prop up their reckless $43 billion national broadband network, which they embarked upon without a cost-benefit analysis or a business plan."

-----

http://www.smh.com.au/business/breakthrough-puts-doctors-in-picture-20100308-psrv.html

Breakthrough puts doctors in picture

GARRY BARKER

March 9, 2010

JUST when attention is refocusing on the $43 billion national broadband network (NBN), and its proponents are saying how much the healthcare industry will benefit from having 100 megabits per second (Mbps) to handle all their gigabit-sized CT and MRI images, along comes an Australian company with a technology capable of delivering 2D, 3D and 4D (animated 3D) images, in colour, over a 4 Mbps line.

For radiologists, cardiologists, oncologists and other specialists who need instant access to increasingly complex and exact medical images the breakthrough is significant.

Sam Hupert, co-founder and executive director of Promedicus, a Melbourne-based global medical practice management and image handling company that developed the new technology, says: "We have overcome the tyranny of the network."

-----

http://www.medicalobserver.com.au/index.php/news/medicare-staff-fined-for-prying-in-records

Medicare staff fined for prying in records

12th Mar 2010

Shannon McKenzie

DOCTORS have voiced alarm at revelations that nearly 1000 Medicare staff have been investigated in the past four years for accessing client records without proper authority.

In a statutory report submitted to the Office of the Privacy Commissioner, Medicare stated that since November 2006, monitoring systems had identified 948 employees who may have accessed confidential client records.

-----

http://www.australiandoctor.com.au/articles/49/0c067b49.asp

Breaches spark privacy fears

11-Mar-2010

By Michael East

There are renewed fears that more investigative powers for Medicare could see abuses of patient confidentiality, following revelations the organisation has investigated almost 1000 employees for suspected security breaches.

Last week Medicare revealed it had investigated 948 cases of confidential client records being accessed by staff since late 2006.

Medicare admitted it had set up a database of records purporting to belong to high-profile celebrities to try to catch staff in the act of accessing unauthorised records.

-----

http://www.afr.com/p/business/technology/wider_reform_sends_health_back_to_H2ZY3U1p1RHAcMzdFJhN3O

Wider reform sends e-health back to triage

Linking the electronic records system to a referendum on health reform may push back its introduction

-----

http://www.canberratimes.com.au/news/local/news/general/doctors-illprepared-for-new-system/1770806.aspx

Doctors ill-prepared for new system

BY MARKUS MANNHEIM, PUBLIC SERVICE REPORTER

09 Mar, 2010 08:42 AM

Doctors are not ready to use a new nationwide records system that assigns all patients a single health number, even though it is scheduled to begin operating in less than four months.

The Senate's Community Affairs Committee will meet today to discuss the Healthcare Identifiers Service, which is designed to allow patient information to be shared more easily among medical workers and researchers.

The service is scheduled to operate from July 1 if Parliament passes the legislation that underpins it. But the Australian Medical Association says the IT network remains unbuilt and most surgeries lack the software needed to use the numbers.

-----

http://www.zdnet.com.au/news/software/soa/New-pathology-system-for-Vic-hospitals/0,130061733,339301628,00.htm

New pathology system for Vic hospitals

By Jacquelyn Holt, ZDNet.com.au
09 March 2010 01:59 PM

Australian e-health provider, LRS Health, has beat larger international competitors to win a five-year deal to provide e-health systems and support for Victoria's largest hospital group, Southern Health.

LRS Health began implementing its MediPath pathology management system in hospitals in October last year, with plans to go live in April. The company will provide 24-hour support for the system.

The system will process around 1.5 million pathology tests Southern Health deals with annually. The group services approximately 32 per cent of metropolitan Melbourne across 40 sites including five major hospitals.

-----

http://www.theaustralian.com.au/australian-it/lrs-health-wins-five-year-pathology-service-contract/story-e6frgakx-1225838383511

LRS Health wins five-year pathology service contract

LOCAL e-health software maker LRS Health has won a minimum five-year contract to supply pathology management services for Victoria's Southern Health, which provides almost one-third of the state's specialist services.

It was selected for its MediPATH system, beating large multinationals such as Cerner and GE.

Southern Health has more than 40 sites around Melbourne, including five major hospitals, and MediPATH will process about 1.5 million pathology tests required for patients each year.

-----

http://www.theaustralian.com.au/australian-it/confusion-reigns-on-health-id-heathcare-idenfiers-bill/story-e6frgakx-1225838380483

Confusion reigns on health ID: Heathcare Idenfiers Bill

SOFTWARE makers, doctors, consumer groups and lawyers remain perplexed by the design and context of the Healthcare Identifiers Bill being accorded a rushed Senate inquiry this week.

Despite a seven-day deadline, 39 submissions on the controversial bill were lodged by Friday, with the community affairs committee set to hold eight hours of hearings this week before reporting to parliament on Monday.

The Australian Medical Association, Consumers Health Forum and Medical Software Industry Association support, in principle, a national scheme of unique healthcare identifiers for patients, but doctors, allied providers and healthcare organisations say the lack of detail makes risk assessment difficult.

-----

http://computerworld.co.nz/news.nsf/management/health-it-board-drafts-e-health-plan

Health IT Board drafts e-health plan

Draft strategy for industry comment expected by the end of March

By Randal Jackson | Wellington | Monday, 8 March, 2010

A first draft national IT plan for health will be made available for sector comment on March 31 and is expected to be finalised by June 30.

Graeme Osborne, chairman of the National Health IT Board, says he expects the government’s Shared Services Agency to take the lead in deciding IT directions “with our support”.

Health Minister Tony Ryall wants savings of $700 million over five years by having common back office systems for the country’s 21 district health boards.

-----

Enjoy!

David.

Tuesday, March 16, 2010

What Will Happen Next With the Health Identifier Bill?

As reported in the last 24 hours we now have had the Inquiry and have the Report from the Senate on the Healthcare Identifiers Bills (2010).

See here:

http://aushealthit.blogspot.com/2010/03/senate-recommends-passage-of-hi-service.html

And here:

http://aushealthit.blogspot.com/2010/03/minority-coalition-report-on-hi-service.html

The Bills has already passed the House of Representatives:

http://aushealthit.blogspot.com/2010/03/parliament-house-of-representatives-is.html

While it is clear the Labor Government is happy to pass the Bills in their present form the same is by no means clear as far as the Coalition is concerned.

The Opposition has a pretty strong position in the Senate and these sections of their Minority Report make one feel they may really want some changes (from a principled perspective I believe).

Especially these three areas appear to be of concern to the Opposition. (Quoted from the report).

Stand alone provisions

During the course of the inquiry, the Department of Health and Ageing indicated that this legislation was intended to stand alone as purely establishing the Health Identifiers and not for any future purposes.

The Bill does not achieve this given the various provisions that defer provisions for inclusion in regulation, for example; clauses 9, 21 and 22.

In relation to clause 9 (1) - It is recommended that the classes of healthcare providers be included in the Bill as a schedule.

In relation to Clause 9 (5) - The Bill should prescribe the requirements for assigning a healthcare identifier.

In evidence, Mr Lou Andreatta, Acting First Assistant Secretary, Primary and Ambulatory Care, Department of Health and Ageing said: "The e-health strategy is a sequential strategy. The building blocks need to be in place before we look at what products or functionality can be rolled out in the future. The emphasis has been on getting those building blocks in place – the secure messaging, the identifier service." (Hansard, March 10, 2010 CA22)

These comments are surprising given the staggering amount of funding that have been allocated to e-health since its inception. Indeed, it reaffirms the concerns raised by Coalition Senators during the hearing as to the Department's ability to deliver such a major project.

Furthermore, while implementers may have a clear view of the extent of the intended roll-out, the proposed legislation, with its "building block" strategy, could be used as the basis for the roll-out of further products or functionality. This serves as a warning that, when implemented, this strategy could be used for other purposes.

Parliamentary scrutiny to address ‘function creep’

Under the Healthcare Identifiers Bill, health information may be disclosed for other purposes not detailed in the Bill, where that disclosure is ‘authorised under another law.’ This means that it might be authorised by other commonwealth, state or territory legislation, or even by any regulations or other legislative instruments made under such laws.

The Coalition believes that where other agencies seek access to the Individual Healthcare Identifier (IHI) or any information attached to it, the access to such information should not be granted automatically by virtue of other commonwealth legislation, regulations or state or territory legislation, but only if authorised by express amendments made to the principal Bills. This will ensure that the Commonwealth Parliament retains direct oversight and responsibility for any increase in the entitlement to access information by government agencies.

To that end the Coalition proposes that clause 15 (2)(b) and clause 26 (2)(b) of the Healthcare Identifiers Bill be deleted. On that basis, the provisions of Clause 19 (2) (b) (ii) should be reviewed.

Coalition Senators note that this view is consistent with the Privacy Impact Assessments (PIAs) undertaken into the Bills and the view of the Australian Privacy Foundation.

In evidence, Dr Juanita Fernando, Chair of the Health Subcommittee of the Foundation said the proposed new system was "worse than the current system, because the health identifier is going to provide a way to index all of that ([personal health care) information. So whereas previously I might have breached information security at some hospital somewhere and I then had to find out how I could get that person's individual records from all the various departments – their tax records, their surgical records, their outpatient records and so on and so forth – with the HI I have got the key to all of that information." (Hansard, March 10, 2010 CA2)

Dr Fernando also said: "So it is important that there be penalties or some ways of ensuring that information security breaches are slated home to the people who created the environment in which patient care is operating. The health identifier bill actually indemnifies servants of the Crown. If the health identifier bill is such a robust bill, then it is interesting that servants of the Crown are indemnified…Although the legislation contains penalties for individuals who commit information fraud or who use information for purposes other than those intended by the health identifier bill, because consumers do not have direct access to that health identifier how are they going to know that their information has been breached?"(Hansard, March 19, 2010 CA3).

Patient control of Individual Healthcare Identifier

Under the Bills the allocation of the Individual Healthcare Identifier (IHI) is compulsory. The health care recipient neither requests nor agrees to its provision, and may not even be aware that an IHI has been allocated to them. Moreover, there is nothing in the bills to prevent access to health services being made conditional upon the allocation of a number or its use.

The Coalition appreciates the importance of ensuring that the benefits of modern health care are available to as many citizens as possible. It thus supports the Bill’s intention to provide an IHI to all Australians. However, the Coalition also recognises that to better safeguard privacy, patients should control their health records.

In balancing these concerns the Coalition believes, therefore, that while providing an IHI, Australian citizens should have the right to ‘opt out’ and not be required to possess an IHI or have their IHI linked to the Department, other Departments or functions within those Departments.

However, importantly, the Coalition believes that the provision of healthcare services must not be made conditional (or de-facto conditional) upon possessing an IHI.

The Coalition notes that the Privacy Impact Assessments (PIAs) conducted into the Bills opposed the compulsory provision of an IHI to Australian citizens.

In evidence, Dr Fernando of the Australian Privacy Foundation said: "..this is going to be the most-up-to-date, well-maintained database of Australians' names, addresses and ages that is in existence at the moment. So this is going to be the richest source of data that exists in Australia at the moment." (Hansard, March 10, 2010 CA2)

Dr Roger Clarke, also of the Australian Privacy Foundation, said the database "represents a honey pot. If you are in organised crime or if you are a kid in a back bedroom with considerable skills who is looking for interesting things to break into, you look for the honey pots that have got substantial amounts of data that could be interesting." (Hansard, March 10, 2010 CA4).

----- End Report Extract.

It seems to me what happens next depends on how seriously the opposition takes these problems – and with Mr Abbott (the Opposition Leader) being ‘oppositional’ – one can only guess. At some point I guess the Shadow Health Minister – Mr Dutton also needs to get into the loop.

The second issue is that time is really short. Here are the sitting days available:

http://www.aph.gov.au/Senate/work/sitting/2010/sitting.htm

As I read this if not passed in the next 2 days (Wed and Thu) it is held up till the 3 day Budget session in May and then we have the Winter Recess into July.

Even limited ‘mucking about’ on the part of the Opposition is going to delay things big time it appears as even the smallest change then has to go back to the Reps to be agreed.

We do live in interesting times!

David.

Late Addition:

It looks like the Senate will debate the Bills after May, 11 2010 - 3rd on the agenda after the CPRS and Education Bills. Hard to know how the Service can start on July 1 with this timetable.

D.


Sudden Increase in E-Health Blogging in Australia.

I had always thought I had found a topic so obscure that there would be very little interest in adding to the space.

Seems I was wrong!

We now have Mr Charles Wright blogging away on matters e-Health as well.

See here for all the latest.

http://www.ehealthcentral.com.au/

Incidentally I also noticed there is more related blogging activity happening here:

http://www.thehealthhub.org.au/pg/mod/blog/everyone.php

It is a bit slow at present, but you never know when it might decide to kick along. Maybe a few more HISA people can contribute to kick it along.

I also hear the there are others thinking of joining the space – no names, no packdrill!

Welcome all!

David.

Minority Coalition Report on HI Service Bill.

For completeness, here is are the main points the Opposition made in their Minority Report.

MINORITY REPORT BY COALITION SENATORS

Senate Inquiry into Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010

Coalition members of the Committee support the implementation of e-health in Australia and share the concerns of all Committee members in relation to these Bills to underpin that implementation.

These concerns include:

Protecting the privacy of Australian healthcare consumers;

'Function creep', the potential for the use of Healthcare Identifiers to be extended to other purposes;

The possibility of the scheme not being ready for implementation by July 1, 2010, in less than four months.

However, Coalition members feel very strongly that assurances from the Government alone that these matters have, and will be, addressed are insufficient to allay those concerns.

We contend that the Bills require amendment to ensure that the privacy of healthcare consumers is maintained and that individual Healthcare Identifiers cannot become de facto Australia Cards.

Coalition Committee members contend that stronger Parliamentary scrutiny of this legislation is needed to overcome these very significant concerns.

----- End Executive Summary.

This is found – with details – at the bottom of this report.

http://www.aph.gov.au/senate/committee/clac_ctte/healthcare_identifier/report/report.pdf

It will be interesting to see what is finally passed through the Senate.

David.

Monday, March 15, 2010

Senate Recommends Passage of HI Service Legislation With Some Amendments.

Read the outcome here:

http://www.aph.gov.au/senate/committee/clac_ctte/healthcare_identifier/report/report.pdf

The key is here:

Recommendation 1

1.1 The committee recommends that NEHTA, in partnership with the Department of Health and Ageing and Medicare Australia, take steps to more effectively engage all healthcare stakeholders in the establishment of the Healthcare Identifiers Service. These steps should include at least the following elements:

(a) involvement of key healthcare stakeholder groups, including state and territory governments, private and community health providers, and healthcare consumer groups, in the development of a Healthcare Identifiers Service implementation plan which covers the period from the successful passage of the bills to 30 June 2012;

(b) the publication of this plan for public comment prior to its finalisation; and

(c) the development and implementation of a targeted education and communication strategy which targets both healthcare providers and healthcare consumers, and which clearly lays out the facts behind healthcare identifiers and provides contacts for people to access further detailed information. This strategy should be implemented prior to the Healthcare Identifiers Service coming into effect on 1 July 2010.

It is pretty clear the Committee is not happy with the implementation planning and communication with the public. What a surprise!

It is really pretty sad that the Senate has not taken more seriously the advice of those who point out the lack of implementation skills and privacy understanding of those who contributed.

My view is still that this is a fatally flawed organisation attempting something that is way beyond its competence and that still does not understand what it exists for - serving the Health Sector. We shall see if I am right or wrong - but not soon - given what we will see in the implementation plan is hardly a beginning by 2012.

Passage of this legislation, with the recommendations, might give us a fighting chance of getting it right, but sadly I doubt it. We shall see and will be watching!

David.

For All Those Who Think it Will Be Easy To Track Misuse of the HI Service – The Real World Intrudes!

There has been a lot of discussion in the Senate Inquiry and elsewhere regarding the protections offered by the use of audit trails within the Health Identifier Service. These are meant to be in place to ensure that if unwarranted access to the service is made it will be detected and that the individual will be able to find out who has been accessing their record.

Fundamental to the HI Service having audit trails that are of any value all users of the service need to have their identity authenticated.

To meet this need NEHTA say they have NASH.

That is the National Authentication Service for Health.

This gives the basics – From June 2008.

NASH & the Authentication Vision

The vision for authentication in the Australian health sector is that provider authentication should use a strong credential (smartcard with PKI certificate) issued by a NASH-accredited organisation. All e-health transactions and records that need to be electronically signed will use standard credentials.

The goal is to issue NASH credentials to all healthcare professionals over the next five years.

NEHTA‘s vision for NASH is:

A healthcare community and professional smartcard system that supports and facilitates the use of e-health information, for example unique healthcare identifiers and the individual electronic health record (IEHR), within the whole Australian community.

Coordination of smartcards and reader supply arrangements for health professionals and employees.

Provision of support for the smartcard implementation and operation to jurisdictions, software vendors and end users.

Design and delivery of support arrangements that meet the needs of jurisdictions and software vendors.

Provision of a trusted authentication service that addresses the data protection and privacy requirements of stakeholders and regulators.”

Source: NEHTA Brochure on eHealth ID – Dated 6/6/2008

Note that this is a vision for 600,000+ smartcards etc

I have written about this in detail here:

http://aushealthit.blogspot.com/2010/01/reality-of-fully-operational-hi-service.html

We have also been alerted to the fact that NASH is running very late and looks like failing here:

http://aushealthit.blogspot.com/2009/11/this-is-really-sad-take-careful-read-of.html

Indeed it seems the only robust authentication to be in place anytime soon is the Medicare HESA System.

You can read about this here:

http://www.medicareaustralia.gov.au/provider/vendors/pki/index.jsp

While both Location and Individual Certificates do exist the use of the Individual ones is very low as there is essentially no reason to do so.

In parallel we have these observations about the way clinical staff behave.

A culture amongst some NHS staff of sharing passwords

The Scottish Parliament has recognised a "a culture amongst some NHS staff of sharing IT usernames and passwords", according to a report in The Scotsman.

It says:

"Health professionals and the Scottish Government, giving evidence to the committee, pointed to greater levels of security and traceability of access to electronic portal systems compared to traditional paper records. But they also acknowledged "a culture amongst some NHS staff of sharing IT usernames and passwords".

.....

It's not an encouraging comment at a time when the national roll-out of NHS Connecting for Health's NPfIT Summary Care Records in England is gathering pace.

This is from the report published this month by the Scottish Parliament's Health and Sport Committee:

.....

"Both health professionals and Scottish Government officials pointed to the greater levels of security and traceability of access that an electronic portal system provides over a traditional paper record.

"There was recognition however, of a culture amongst some NHS staff of sharing IT usernames and password.

"This was especially true amongst junior doctors in busy hospitals where it had arisen as a matter of convenience as a result of busy medical staff needing quick and almost continuous access to hospital IT system.

"The issue of locum or temporary staff gaining access to hospital IT systems for short periods of time was also a problem that had given rise to this culture."

Links here:

http://www.computerweekly.com/blogs/tony_collins/2010/03/a-culture-amongst-some-nhs-sta.html

More on all this is found here:

Do NHS systems and NHS procedures encourage smartcard-sharing?

In response to the article on this blog "a culture among some NHS staff of smartcard sharing" GP Gavin Jamie writes:

"I am sure it is no surprise to many that it is often the IT systems that implicitly encourage password sharing. If two people use a computer then the switch process is more like logging out and logging back in again in Windows than the instant switch you see behind a bar or with point of sale systems.

"Procedures too often encourage this system. As a junior doctor it was routinely a week before I ever received my pass around the hospital and so for the first few days, when nobody knew my face, I would bang on the door and be let into sensitive locations. I am sure systems have not changed.

"24 hour cover for lost passwords/cards and instant issuing of credentials is expensive and difficult but unless there are no situations where sharing a password is acceptable then a culture of acceptance will develop."

More with links here:

http://www.computerweekly.com/blogs/tony_collins/2010/03/do-npfit-systems-encourage-pas.html

So where are we?

The answer is that both technically and culturally we do not have in place the protections needed to assure an audit trail worth the name exists, or will exist in the foreseeable future, for the HI Service.

We have been told a range of porkies I believe, and when people notice how they have been misled I suspect we will notch down the trust level in e-Health yet further.

David.

Sunday, March 14, 2010

Confirmation That Medicare Australia Staff Need Some Serious Retraining.

The following appeared the day before yesterday.

70 substantiated privacy breaches in 2009: Medicare

  • Karen Dearne
  • From: Australian IT
  • March 12, 2010 5:37PM

MEDICARE Australia's eBranch head Sheila Bird has told a Senate inquiry that there were 70 substantiated privacy breaches from investigations into around 950 employees suspected of having had unauthorised access to client records.

The figures on alleged snooping, contained in a statutory report to the federal Privacy Commissioner and revealed in The Australian, indicate around one in six staff were being tracked on an “unauthorised use” database. The database held records relating to "approximately 948 staff members as at June 30, 2009", out of a total 5887 employees.

In the previous year, 750 individuals were identified on the unauthorised access database as being under surveillance for possible access to confidential personal information, including medical and financial details.

The story sparked particular concern about the potential for staff to browse client records without a valid reason during a Senate inquiry into the Rudd Government's Healthcare Identifiers Bill.

The bill will empower Medicare to issue a unique, 16-digit patient identity number to every Australian from July 1, in support of greater exchange of medical information across the health sector.

Ms Bird said the report in The Australian was "wrong".

However, the story included comment and information provided by Medicare, including the agency's claim that 1058 cases had been investigated since 2006, with 54 per cent found to be unauthorised access - although 30 per cent of these incidents involved staff browsing their own records.

Ms Bird provided the same information to the inquiry, and agreed under questioning that approximately 948 staff members had been investigated for possible unauthorised access to records in the year up to June 2009.

"That is the number that were investigated," she told the inquiry. "They were not found, in more than half those cases, to have actually had unauthorised access.

"(Most) involved a staff member looking at their own record. This is contrary to policy and staff are disciplined for doing so, however it is not a privacy breach.

"In 2008-09, there were 70 privacy breaches. In the first half of this financial year, there have been 16 privacy breaches."

Ms Bird said a range of disciplinary measures were available, from "a rap over the knuckles, demotion, fines and dismissal".

More here:

http://www.theaustralian.com.au/australian-it/substantiated-privacy-breaches-in-2009-medicare/story-e6frgakx-1225840159226

The issue is also covered here:

Medicare staff fined for prying in records

12th Mar 2010

Shannon McKenzie

DOCTORS have voiced alarm at revelations that nearly 1000 Medicare staff have been investigated in the past four years for accessing client records without proper authority.

In a statutory report submitted to the Office of the Privacy Commissioner, Medicare stated that since November 2006, monitoring systems had identified 948 employees who may have accessed confidential client records.

Further investigations found breaches of protocol in 54% of cases, though a third of these related to Medicare staff accessing their own records. ranging from counselling to fines and even termination of employment were taken against those found in breach.

One person has been sacked and more than 70 have resigned as a result of accessing client files without authority.

Dr Rod Pearce, chair of the AMA council of general practice, said the figures vindicated previous GP fears about handing over patient records for Medicare compliance audits.

“It’s terrible – this is exactly what we were always concerned about,” he said.

......

A spokesperson for Medicare said there would be an audit log of all access to healthcare identifier systems, which would be used to identify potential inappropriate access. Customers would also be able to use the log to learn when their UHI record had been accessed.

More here (registration required):

http://www.medicalobserver.com.au/index.php/news/medicare-staff-fined-for-prying-in-records

A few comments:

First we all need to appreciate the difficulty Medicare is under in managing this sort of thing. It happens with all sorts of ‘honey pot’ databases. That however is not real excuse for having good monitoring and firm rule enforcement, as well as ongoing education programs, to keep the level as low as possible.

Second, given we now know provider identifiers will not have real audit trails in place for a few years there needs to be a public discussion about how the HI service should be introduced to minimise the risks seen here.

Third, from the Senate evidence it seems all is not well despite some ill constructed claims to the contraty.

Last it was the second report that got me a mention in the House of Reps debate. Funny that you blog away and its only the published comments elsewhere that get picked up. Oh well!

David.