(Note - This Version adds an Issue 6, provides an update on the PIA, and has an enhanced conclusion and puts some links in an Appendix. with some extra points on next steps and why they will be hard!)
Submission to The Senate Community Affairs Committee
Enquiry on Personally Controlled Electronic Health Records (Consequential Amendments) Bill 2011 and the Personally Controlled Electronic Health Records Bill 2011.
Submissions due January 12, 2012.
Terms Of Reference.
The (Senate Community Affairs) Committee met in private session on Thursday, 24 November 2011 at 3.32 pm.
The committee resolved to recommend —That (among others) —the provisions of the Personally Controlled Electronic Health Records Bill 2011 and the provisions of the Personally Controlled Electronic Health Records (Consequential Amendments) Bill 2011 be referred immediately to the Community Affairs Legislation Committee for inquiry and report by 29 February 2012 (see appendix 6 for a statement of reasons for referral).
The Reasons for Referral / Principal Issues For Consideration.
· Privacy issues / Privacy Breaches / Penalties for Breaches
· Security of information on the PCEHR
· Questions about the design, functionality and capability of the PCEHR
· Questions regarding the use of consultants, contractors and tenders let or hired by NEHTA in regard to the development of the PCEHR
· The level of functionality of the PCEHR at 1 July, 2012
· Questions around the continuation of NEHTA after 1 July, 2012
· The products that NEHTA designed, made, tested, certified for use in the PCEHR.
· Any other issues the Committee considers appropriate.
Here is the link to the referral.
Author Of Submission.
Dr David G More BSc, MB, BS, PhD, FANZCA, FCICM, FACHI.
Author Contact Details:
Phone +61-2-9438-2851 Fax +61-2-9906-7038
Skype Username : davidgmore
E-mail: davidgm@optusnet.com.au
HealthIT Blog - www.aushealthit.blogspot.com
Twitter @davidmore
Author’s Background.
I am experienced specialist clinician who has been working in the field of e-Health for over 20 years. I have undertaken major consulting and advisory work for many private and public sector organisations including both DoHA and NEHTA.
Previous Submissions on the PCEHR.
I previously provided a Submission on the PCEHR proposal to NHHRC in May, 2009 and the views expressed in that submission remain my position despite the work undertaken by DoHA and NEHTA since.
This submission is available here:
A later submission on the Draft Concept of Operations for the PCEHR from May2011 is found here:
I also provided a submission to the Department of Health and Ageing on the Draft Legislation to support the PCEHR.
This is found here:
Consent for Publication.
I am more than happy for this submission to be made available for public review on the Senate website.
Submission
Introduction
The Senate Community Affairs Committee is faced with a very considerable problem in responding to the Government’s Bills related to the Personally Controlled Electronic Health Records (PCEHR). This is because the Legislation is at the end of a very long process and only with an understanding of steps taken over the last fifteen years will what is being now proposed be able to understood and assessed.
To help the committee in this task I can recommend the following publication from the Parliamentary Library as very useful background reading.
The e health revolution—easier said than done [
HTML] [
PDF 1.02MB] The document is very recent having been published in November, 2011.
The perspective I am adopting in preparing this submission is that of a clinician who has been actively involved in ‘e-Health’ for over two decades. It seems to me that it is important to step back from the Bills and ask the following.
1. Is the proposal for the PCEHR the ideal approach for Australia to be adopting in seeking to move the Health Reform Agenda forward - and if not what might be a better approach?
2. Is the PCEHR proposal an evidence based intervention that has a significant chance of actually improving healthcare outcomes in Australia?
3. Are DoHA and NEHTA ideally led and governed to succeed with such a complex and sensitive initiative and has DoHA, NEHTA and the Government really assessed the risks associated with the PCEHR proposal?
4. Has a Business Case / Cost Value Analysis specifically of the PCEHR proposal been undertaken (rather than generic analyses of ‘e-health’ benefits) and what were the findings from this work to support the present PCEHR plans?
5. What has been put in place to ensure that clinical practitioners will actually use the proposed PCEHR and will what is presently planned successful?
I would argue strongly that the answer to all six questions is a resounding no and the rest of my submission will develop the arguments to support this view.
I am firmly of the view that without radical re-design and re-scoping the PCEHR Program will be seen by history and a profoundly flawed initiative which was badly executed and one which continues a sorry line of similar initiatives as recounted in the Parliamentary Library report mentioned above.
The very recent appointment of Ms Tanya Plibersek as the Federal Health Minister - replacing Ms Nicola Roxon - may result in some dramatic reassessments of a range of Health sector initiatives and it is quite possible that there may be some fundamental changes to the PCEHR program as a result. It seems unlikely clarity will emerge on this score before submissions close on January 12, 2012.
Specific Issue Responses.
Issue 1. Is the PCEHR the right approach for Australia?
On the basis of research extending back over a decade there is good reason to judge that there is not a single successful approach to the delivery of Health IT initiatives. As well documented by the Parliamentary Library report a range of quite different approaches have had success.
I believe it is true to say that the most success has been seen with initiatives which are designed to deliver current, trustworthy and complete information regarding a patient to the professional clinical decision maker. Ideally delivery of this information is also supported by point of care clinical decision support.
This has usually involved some point of care computer system linked to a messaging system or some centralised databases where the relevant information is held.
It is such an approach that has worked well in Denmark (messaging based) or Kaiser Permanente (more centralised approach).
In both these and other successful initiatives the use by the clinician of the information to manage the patient has focussed clinician effort on ensuring information accuracy and ensuring information currency.
For quite inexplicable reasons such considerations have been ignored and the PCEHR is intended to be an aggregation of information extracted from live, used systems and for this information to be shared - under patient control - with other healthcare providers. The complexity and potential for confusion - to say nothing of the interference with clinician workflow - of this sort of plan is obvious and clearly ill-considered.
The conceptual design for the PCEHR appears no-where in the 2008 National E-Health Strategy and seems to have been invented in the bowels of the Department of Health and Ageing and NEHTA with virtually no consultation in response to a concept (and a concept only) found in the Health Reform Report from the HRRC in 2009. No similar initiative has been planned or undertaken anywhere else in the world that I am aware of.
At its heart the proposed PCEHR System is a aggregation of data-base information from diverse sources which is held and managed in parallel (and not replacing) information already held by providers and government on other systems.
A fundamental issue with such a parallel approach is that it lacks a ‘single source of truth’ for each piece of information and so violates, at its very core, one of the basic tenants of trusted information management. Bluntly, from an information management perspective, the approach is indefensible.
Issue 2. Is there any evidence the PCEHR will make a significant difference to patient safety and clinical outcomes?
I understand that Government, as a whole, is a strong supporter of evidence based policy. As presently planned the PCEHR is unique in the world and is being implemented without any structured evaluation of a completed pilot or prototype. In this situation it can be safely asserted the PCEHR is a very expensive policy experiment unsupported by any evidence of utility, value or safety.
Issue 3. Are DoHA and NEHTA ideally led and governed to succeed with such a complex and sensitive initiative and has DoHA, NEHTA and the Government really assessed the risks associated with the PCEHR proposal?
All the evidence supports the statement that developing a nation Health IT infrastructure is a complex and difficult project which, if experience is any guide, takes many years and typically has a range of false starts and need for reworking.
To address such a difficult and complex undertaking expert leadership and governance is critical for success.
These short paragraphs from a recent article make it clear what is being talked about:
“Information governance is akin to an accountability wrapper for Enterprise Information Management (EIM). A useful definition that speaks to the unique importance of information governance in health care organizations is:
To ensure that the organization has the leadership and organizational structures, policies, procedures, technology and controls for enterprise information management that represent the highest standards for legal, ethical, and business practice to serve patients, stakeholders and advance the public good.
Governance of information assets has become every bit as important to advancing the organization’s mission as other dimensions of governance and effective governance should be driven by boards of directors and senior leadership. In fact, many hospital boards are now holding senior management accountable for steps being taken to avoid breaches of data. Information exchange and greater transparency and public accountability for outcomes and cost raise the stakes. Senior leadership and boards should begin now to articulate their vision for information governance and EIM.”
The full article by Linda L Kloss (former CEO of the American Health Information Association) is found here.
Sadly we do not presently have either the leadership or the governance frameworks to address most of the issues raised. Before the PCEHR is implemented it is vital there be legislated best practice to ensure community expectations are met for information integrity, security, privacy and so on.
The present legislation fails utterly in this area.
The gap is made even more obvious by the following statements in an unreleased NEHTA document from late 2008 when proposing a predecessor to the PCEHR in a business case which was not actioned.
----- Begin Extract.
National e-health governance arrangements must provide three major functions:
· strategic oversight and public accountability
· management and operation
· regulation and privacy.
Strategic oversight and public accountability
Implementing a national IEHR for Australia is a major business change. There are significant and complex issues in successfully managing this change, including policy, regulation, consultation, incentives and education. Many of these will be deeply connected and related to broader health policy and service issues.
The overall governance of the e-health work program outlined in this paper will rest with Health Ministers who are ultimately accountable for the safety, quality and outcomes of the health system. Consistent with this expectation, strategic oversight of the work program will be provided by the Australian Health Ministers’ Conference (AHMC). In order to fulfil these responsibilities, AHMC will be supported by its existing advisory committees. In particular, it is recommended that AHMC be supported by the Australian Health Ministers’ Advisory Council (AHMAC) which will be responsible for approving a detailed National IEHR Service Work Plan based on the schedule in this business case. AHMAC will also conduct gateway reviews at major milestones throughout the delivery of the work plan and publicly report on progress and achievements. AHMAC will determine the national policies, priorities and strategic directions for e-health and health information, and establish the required regulatory and institutional arrangements.
Management and operation
In line with the National E-Health Strategy, it is recommended that a governance board and e-health entity be established to successfully manage the delivery of the National IEHR Service Work Plan (as it is approved by AHMAC). Consistent with previous recommendations, the new board and e-health entity will incorporate stakeholder consultation in a systematic and structured way, thus ensuring that stakeholders are able to shape the design and implementation of e-health activities. This level of stakeholder engagement will be critical to effective national leadership, capacity building and uptake. A new board and entity is required as no existing organisation is sufficiently well equipped to manage such engagement, nor to manage the business change and focus on delivery envisaged by this business case. Features of the proposed board and entity will be:
· An independent, skill-based national e-health governing board accountable for retaining the connection between the overall strategy (and desired health outcomes) and on-the-ground implementation. The board will support a structured approach to assessing the implications on the agreed plan of changes in policy, strategy, funding mix or execution priorities, and will work with governments to ensure that their significant investment remains on track to deliver the planned outcomes.
· An e-health entity with clear accountability for delivery of the agreed plan. This entity will be charged with establishing clear agreements with jurisdictions and clarifying respective roles and responsibilities for delivery of the planned outcomes. The entity will require significant program management and health service delivery expertise and will work closely with the e-health governing board to:
– broker required sector collaboration
– manage key program risks and issues throughout delivery
– inform consumers and providers about the program
– report on specific measures of the program’s success.
Between COAG agreement to the National IEHR Business Case and the start of the work plan on 1 July 2009, an IEHR Project Taskforce will need to be established to consult, design, establish and launch the new national e-health governance arrangements.
Health Ministers will determine the preferred model for establishing the new national e-health governance arrangements, which will involve a transition process during the establishment phase of the work plan. Two options have been identified, both of which will require a significant program of work to implement. They are:
1 Reconstitute NEHTA to be the new e-health entity and subsume all functions required to deliver the work plan. This includes rebranding and refocussing NEHTA from a ‘transition’ authority to an e-health implementation body. Significant new capabilities including program management and health service delivery expertise would need to be developed by NEHTA to ensure its capacity to deliver this broader scope of functions, or
2 Continue NEHTA as the body charged with the significant task of developing and deploying core national e-health infrastructure (including finalising identifiers and authentication services, and standards development, conformance and compliance). A new national e-health entity would also be established focussed on delivering the broader work plan. NEHTA would report to the national e-health entity on the components of the work plan it is responsible for, with NEHTA’s role to be reviewed in three years.
Regulation and privacy
Privacy safeguards must be in place to promote consumer and healthcare provider confidence, uptake and benefits of e-health initiatives. Related to this, there must be clear consent processes for access to and use of health information and participation in e-health initiatives. There must also be sufficient regulation to ensure that practice conforms with policy, legislation and standards and to promote sustainability of the e-health market, including minimising the risk of market monopolisation.
Without a robust privacy and regulatory regime, it will not be possible to deliver the next stage of the national e-health work program. The current patchwork of health privacy legislation across the country is a major barrier to implementation of e-health initiatives. In addition, some e-health initiatives, such as the health identifiers, which is a critical dependency for the IEHR, will require specific enabling legislation.
The key regulation and privacy functions will:
· promote the access, interoperability and sustainability of the national e-health market
· protect the integrity, privacy and security of health information in both paper and electronic environments
· provide compliance, complaints and enforcement arrangements for health information privacy and e-health systems.
The regulatory and privacy functions will need to be managed outside of the governance board and e-health entity, probably through existing jurisdictional health information privacy and complaints regulators. The e-health entity will, however, be responsible for identifying and managing dependencies between this work and the broader National IEHR Service Work Plan.
Work is already well underway by AHMC on the development of a National Health Information Regulatory Framework (NHIRF) through AHMAC. This includes developing legislative proposals that will provide nationally consistent health privacy legislation and authorisation for health identifiers. It will be important to publicly consult early on these proposals, which is currently planned in February-March 2009. Governments are expected to take a draft NHIRF Bill to their respective parliaments in November 2009.
----- End Extract.
Even NEHTA recognised what is needed is far from what DoHA and the Government are presently proposing and saying it will be fixed up ‘later’ with regulations is really just not good enough.
It is of note that the recently released Privacy Impact Assessment for the PCEHR (prepared for the Department by Minter Ellison) - which was released just before Christmas - identified a number of governance issues it felt needed to be addressed.
See here:
It seems to me that persisting with the concept of the PCEHR System being controlled by a ‘System Operator’ who is simultaneously also the Secretary of the Commonwealth Health Department has the potential to lead to many issues around conflict of interest in handling sensitive consumer health information.
Further discussion of the problems of clinical risk is provided under Issue 6.
Issue 4. Is there a business case / business justification specifically for the PCEHR rather than generic ‘feel good’ benefits studies that examine approaches that are vastly different from the PCEHR.
When well deployed there is evidence that Health Information Technology can improve the quality, safety and efficiency of healthcare.
NEHTA’s own internal analysis shows the major benefits from Health IT deployment are in:
1. Clinical Decision Support (50%)
2. Clinical Messaging Efficiencies (30)
3. Internal Community Provider and Hospital Provider Efficiencies (20).
Source: NEHTA Presentation - AFR Conference February 2007
For reasons that are not at all clear these benefits are not where the emphasis, indeed much attention at all, is focussed by the PCEHR program. There is really no evidence that sharing basic health summaries - under patient control - is likely to provide much in the way of tangible benefits or improvements in patient safety.
The best work done on this comes from the UK and professional academic evaluations of the UK’s Shared Care Record - have ranged between dismal and very disappointing with quite low access and use of available records.
Issue 5. What has been put in place to ensure that clinical practitioners will actually use the proposed PCEHR and will what is presently planned successful?
At present it is planned that usage of the PCEHR will be on an ‘opt-in’ basis i.e. it is up to the consumer of clinician to decide if they wish to use the system.
Given that inevitably there will be both negative workflow an time consequences it seems very unlikely the system will be used without some compensating financial incentives which, at present, have been ruled out.
Both the AMA and the RACGP have warned that without appropriate incentives usage will be minimal and adoption - if it happens - will be at a snail’s pace.
Adoption and use by clinicians will also be inhibited by uncertainty as to the reliability and completeness of the information held within the PCEHR.
Consumer use is also likely to be very low as many of the services that have been found to be useful for consumers (e-mail access to practitioners, ease of arranging appointments and repeat prescriptions and similar interactive services) are not catered for in the present PCEHR design.
There is a high risk of the entire program becoming a very expensive white elephant and the only way this risk can be sensibly mitigated is to conduct some at-scale trials to optimise and fine tune what is delivered before a major roll-out is initiated.
A very useful summary of the report with links appeared here a little while ago.
New Institute of Medicine Report on Health IT and Patient Safety
POSTED BY: Robert Charette / Mon, November 14, 2011
The IOM study was necessarily narrow in scope, and therefore the Committee did not look at issues such as "... whether health IT should be implemented, access to health IT products, medical liability, privacy, security, and standards." The Committee recognizes these critical issues need to be addressed, but its mission was to examine "..the aspects of health IT directly pertaining to safety."
The Committee report stated that:
"It is widely believed that, when designed and used appropriately, health IT can help create an ecosystem of safer care while also producing a variety of benefits such as reductions in administrative costs, improved clinical performance, and better communication between patients and caregivers. In this view, it can be a positive, transformative force for delivering health care. However, the assumption that the aforementioned benefits are highly correlated with health IT has not been adequately tested and there are some indications that the features needed to acquire one benefit may actually frustrate efforts to achieve another. In particular, there is a growing concern that health IT designs that maximize the potential for administrative and economic benefit may be creating new paths to failure.'
While the Committee discovered that "... specific types of health IT can improve patient safety under the right conditions, ... those conditions cannot be replicated easily and require continual effort to achieve."
More disheartening - but not surprising - is that the Committee found that sufficient evidence-based information to make informed judgments about how health IT improves - or even harms - patient safety is not available. The report states that:
"We tried to balance the findings in the literature with anecdotes from the field but came to the realization that the information needed for an objective analysis and assessment of the safety of health IT and its use was not available. This realization was eye-opening and drove the committee to consider ways to make information about the magnitude of the harm discoverable."
The report goes on to state that "... little published evidence could be found quantifying the magnitude of the risk."
There is much more found here:
I provided commentary and further links here:
In late December questioning from the Australian newspaper revealed the following.
Patient safety a mystery at Health
- by: Karen Dearne
- From: Australian IT
- December 23, 2011 6:00AM
THE federal Health department is in the dark about patient safety implications in its introduction of the personally controlled e-health record program.
The department is responsible for the rollout of the Gillard government's half-billion-dollar system, and is now in a rush to have it operational by July 1. Sharon McCarter, head of the eHealth Systems and Implementation branch, has told The Australian the department does not have any patient safety risk assessments in relation to the huge IT and change management project.
The Australian recently lodged a Freedom of Information request for "any document of any name performing the function of examining risks to patient safety and/or examining the risks from the perspectives of patients".
Clinical risk assessments should contain detailed analysis of all potential software error scenarios, provide a guide to identifying and reporting flaws and address mitigation procedures.
But the FOI request has been declined by Ms McCarter "as the documents do not exist".
"We have undertaken reasonable steps to identify any documents relevant to your request held in the department, including a thorough search of the department's electronic and paper records and the department's contracts listed on AusTender,” she wrote in the rejection letter.
"The department has been unable to identify any document we hold at this time (that is) relevant."
Instead, Ms McCarter said, Nehta was responsible for ensuring patient safety.
Lots more here:
It is really difficult to understand just why DoHA has not done any work in this area it can report and why the only work that has appeared from NEHTA in the domain of patient safety has been process rather than outcome orientated. Systems that may harm consumers need the positive assurance of safety through carefully controlled use and evaluation of that use.
Responses To Issues Raised In Enquiry Referral.
Most of the issues raised in the points associated with the reference to a Senate Enquiry properly fall under the headings of leadership and governance I have explored above.
On the NEHTA specific issues raised it is clear that there are a very wide range of views regarding NEHTA’s performance over the last almost six years. My personal view is that the organisation is culturally flawed and while having sensible objectives has become a victim of managerial spin and an excessive user of public relations personnel to hide fundamental under-delivery.
There are many really dedicated and smart people working for NEHTA but sadly they seem to be being led by some quite flawed management who seem to have lost touch of the fact that their role is to assist the health system implement systems which will make a positive difference and not to pursue technical objectives for their own sake.
The persistent complaints and negative comments coming from many sources - including many of those who have left or still work for NEHTA - really suggests there are real problems that need resolution - ‘No smoke without fire’ would seem to apply here.
The continuing flow of negative information from a range of ‘Netians’ (as they term themselves) to my blog from a range of sources tends to confirm my view.
I suspect submissions from the Medical Software Association and the Australian Privacy Foundation (as well as the reporting found in the mainstream press) will confirm my impression.
I also expect there will be vociferous support for NEHTA, especially from those who stand to lose financially if there are cut-backs in NEHTA’s promotional and support budgets.
Given the technical nature of much of the material that is likely to be discussed I recommend the Committee appoint an independent expert adviser in e-health to the Committee Secretariat to ensure fair but properly revealing testimony.
Issues I Believe Need To Be Explored By Committee That Are Not Mentioned In the Referral.
There are some specific questions I would commend to the committee.
Why the haste with implementation of a program as complex as the PCEHR?
Why was the National E-Health Strategy Not Funded and Implemented following its release and approval by Health Ministers in 2008?
Why has actually been the live real-world adoption and use of the Health and Use of the Health Identifier Service?
What tangible benefits have been thus far delivered to Australian Patients as a direct result of NEHTA’s work over the last six years?
Has the Australian Public received value for money for the hundreds of millions invested in Commonwealth E-Health projects and how has this been quantified?
Summary Concluding Remarks.
I believe - having reviewed all the submissions and taken evidence - that the Committee will be left with a choice of three paths.
First it may decide to recommend the PCEHR program continue, NEHTA be given on going funding and await developments over the next few years with the passage of the legislation in its present form.
Second it may decide to instigate urgent checkpoint reviews of the PCEHR Program Components and NEHTA to assess the cost / risk benefit of what is underway and to recommend changes to the programs and legislation to ensure there is a maximal chance of overall success in the longer term.
Third it might decide to recommend that a carefully considered National E-Health Governance Framework be developed and implemented and that when that is achieved the operations of NEHTA and the PCEHR program be reviewed and aligned to a more practical and realistic set of objectives as per the 2008 Deloittes National E-Health Strategy - which should be properly funded.
My preference would be very much for the third path to be chosen.
In suggesting the path I am recommending I am fully cognisant of the political and personal risk adopting such a path - given the financial and reputational issues that have become integrally associated with the PCEHR Program.
My view is that the old motto of ‘doing something properly, or not at all’ very much applies in the present circumstances. To attempt a ‘patch up job’ may be politically attractive but if the key flaws in leadership, governance, adoption and system architecture / design are not addressed it will be very much a case of ‘throwing good money after bad’!
As a final comment I believe it is important to step back and ask the question as to whether we actually need - as a nation - an essentially centralised Electronic Health Record system operated by Government. We know the primary benefits of EHR Systems from providing quality timely information to healthcare providers with some secondary benefits possibly flowing from using EHR Systems to share information between providers and with consumers. In this real world it may very well be that there are other approaches which might turn out to be both more quickly implemented, less privacy threatening, equally benefical, less costly and more enthusiastically adopted by providers. At the very least this needs to be tested before proceeding down the current path!
Appendix.
Links To Relevant Blog Posts.
As noted by the report undertaken by the Parliamentary Library there are vociferous supporters of what is being done in the e-Health domain by the Government and there are also a considerable number of experts who have great concern about what is happening from a range of perspectives.
As also pointed out in the report there is a community of concerned experts who contribute to my blog and who form a small coalition hoping for more care and thought being applied to the overall initiative.
It also needs to be pointed out there are a number of web-sites, typically sponsored by NEHTA among others, who complain remorselessly about ideas and concepts found on my blog.
The links following provide some insight into the sort of discussions and positions put. (Note much of the contributed material is anonymous as people are concerned for the careers and prospects should they be identified.). These posts reflect details of recent thinking in the area - since the Parliamentary Library Report cited earlier.
