Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, April 09, 2014

This Really Is Getting Sillier And Sillier! What Is It The Government Is Trying to Hide?

This appeared a few days ago.

 “No public interest” in PCEHR review release

news The Department of Health has stated it does not believe there is a public interest case for the Federal Government’s review of the troubled Personally Controlled Electronic Health Records project to be released publicly, despite the fact that Health Minister Peter Dutton has stated the document contains “a comprehensive plan for the future of electronic health records in Australia”.
The PCEHR project was initially funded in the 2010 Federal Budget to the tune of $466.7 million after years of health industry and technology experts calling for development and national leadership in e-health and health identifier technology to better tie together patients’ records and achieve clinical outcomes. The project is overseen by the Department of Health in coalition with the National E-Health Transition Authority (NEHTA).
However, in July the Government revealed it had failed to meet it initial 500,000 target for adoption of the system, with only close to 400,000 Australians using the system at that point.
Due to the problems, on 4 November new Coalition Government Health Minister Peter Dutton kicked off a promised review of the PCEHR project. On 20 December, only a month and a half after the review was initiated, Dutton issued a statement noting that he had received its report. “Their report provides a comprehensive plan for the future of electronic health records in Australia,” the Minister said at the time.
However, Dutton has not committed to publicly releasing the findings of the PCEHR Review. As a consequence, in early January, Delimiter filed a Freedom of Information request with the Department of Health seeking to have the full text of the document released under the Freedom of Information Act. Although the department initially stated it did not have a copy of the document at the time of the initial FOI request, a subsequent FOI request showed that the department had by then obtained a copy.
Read the rest of the saga and some commentary here:
It is hard to know what to add to what Renai has written, other than to wish him luck with the new request.
It really is hard to know just what the Government is trying to hide with regard to the fabulously designed, delivered and managed program. Surely nothing of any sort has gone wrong, there has been no waste and the program is now delivering clear cut benefits for the public.
I guess this must not be the case otherwise the Government would have been keen to release such a wonderful score card - or is it that it is a mess and they can’t quite work out what to do despite having been given the PCEHR Review in December which provided a comprehensive way forward?
I wonder where the truth lies?
David.

NEHTA and DoH Break Cover Re CDA Security Issues In EHRs and The PCEHR..

Read all about it here:

http://www.nehta.gov.au/media-centre/news/633-update-on-clinical-document-architecture-and-e-health-records

Enjoy!

David.

Tuesday, April 08, 2014

Again We Seem To Be Seeing Implementation Issues In A Major Hospital System. It Just Seems To Keep Happening.

This appeared a few days ago.

Hospital in chaos over new booking system

Date April 1, 2014

Julia Medew

Health Editor

EXCLUSIVE
Staff at one of Melbourne's largest hospital networks say a new computerised booking system has wreaked havoc over the past year, causing untold distress for vulnerable people and putting lives at risk.
Senior Austin Health employees have told Fairfax Media that the new Patient Choice Booking service at the Austin Hospital and Olivia Newton-John Cancer and Wellness Centre has caused scores of patients to miss crucial appointments with specialists responsible for their care.
This included seriously ill patients, such as organ transplant recipients, cancer patients and those with infectious diseases such as TB and HIV who needed to be seen at particular times to receive continuing tests, medications and other treatment.
When the system was introduced last May, hospital management cancelled about 49,000 future patient bookings with specialist doctors and sent these patients letters advising them of the cancellations and a new booking system.
Under the new regime, patients would receive a letter offering them an appointment around the time that they were previously due to come in.
When they received this letter of offer, they were told to call the hospital if they wanted to negotiate a different time. The letter, which was allegedly only written in English, said patients who needed an interpreter should call to organise one.
Unlike the old system where patients could make bookings up to two years in advance, the new system was meant to provide patients with greater flexibility and reduce the number of patients cancelling, rescheduling or not showing up.
But according to angry staff, the system has been a ''complete disaster'', with many patients either not receiving their letters or not understanding them. This has allegedly caused scores of patients to not attend their appointments or show up at the wrong time.
 Lots more detail here:
This was followed up the next day with the personal view.

Austin Hospital booking system brings grief to cancer sufferer

Date April 2, 2014

Julia Medew

Health Editor

Until May last year, Kevin Biaggini had no reason to doubt his care at the Austin Hospital. In November 2012, the Ivanhoe father was treated there for liver cancer and thought the medical and administrative staff were excellent.
But when the hospital introduced its new ''Patient Choice'' booking system in May last year, Mr Biaggini said things started to deteriorate. After having a routine MRI scan on May 15 to check his liver was clear of cancer, he received an unexpected phone call 10 days later. The nurse wanted to know why he had not attended an appointment that week.
''Straight away I knew what was in the wind,'' he said.
The nurse went on to tell him the MRI had found more cancer and that he had been scheduled for treatment that week.
''They called me on the assumption I had already been informed, but no letter had been generated, there was no text message, no email - nothing. I said to her, 'This is the first I've heard of it, I'm really shocked,' and she said, 'Oh, maybe it's something to do with the new system.'''
Mr Biaggini, 64, said after having treatment that month, he had a follow-up scan last July, followed by the same experience.
Again a nurse called to ask about a follow-up appointment on the assumption Mr Biaggini knew his most recent scan had found more cancer.
''I just shook my head and thought, 'This is unbelievable,''' he said.
Mr Biaggini, who is now well after receiving a liver transplant in December, said he believed the new booking system had caused the ''appalling cock-ups'' and was letting hospital staff down.
More here:
This has all the hallmarks of a failure of the technical, managerial and project management staff failing to design a ‘fool proof’ migration approach and then testing the plans against the needs of all the different stakeholders.
This is by no means  an unusual story with migration from  the from the old to the newly installed systems being sufficiently tricky project to make many systems last a great deal longer than perhaps they should as many users and managers are wary of the associated risks and disruption.
This has meant for example that I know of laboratory and PMI/ATS systems that have been in place for over 20 years and which are only replaced when the software or hardware vendor goes out of business.
I hope there will be a report in due course that properly analyses what happened and suggests how to avoid such migration issues for others.
David.

Grahame Grieve Provides Analysis Of The PCEHR and More General Security Issues.

For those who need to look closely at the details and possible risks.

Go here:

Further Analysis of CDA vulnerabilities

This is a follow up to my previous post about the CDA associated vulnerabilities, based on what’s been learnt and what questions have been asked.


The link to full blog is :

http://www.healthintersections.com.au/?p=2005

Thanks Grahame.

I guess we will see some official reaction in due course. We sure should.

David.

Monday, April 07, 2014

DoH and NEHTA Are Working To Fix PCEHR Security Issues.

No names and no pack drill but 3 facts regarding the PCEHR are now clear.

1. There is a serious security issue with the PCEHR.

2. NEHTA, Accenture and DoH are aware and are working to see how they can fix it.

3. As of now the problem is not solved.

A press release from someone is expected in due course!

David.

Weekly Australian Health IT Links – 7th April, 2014.

Here are a few I have come across the last week or so.
Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

General Comment

Suddenly the PCEHR seems to have one of its core underpinnings - the use of CDA for clinical document exchange and presentation seems to have a few exploitable security holes. Guess there is some work going on in the background to fix this!
Other than that we have some system issues from Victoria, lack of interest in disclosure of the PCEHR review and ongoing recruitment for PCEHR registrations which seem not to be being used.
The back to the future changes to Windows 8 seems to suggest Microsoft essentially got their interface wrong. Those pesky and change resistant consumers again!
-----

Security vulnerabilities in C-CDA Display using CDA.xsl

Apr04
TL;DR: If you’re using XSLT stylesheets to render C-CDAs in your EHR, make sure you understand the security implications. Otherwise you could be vulnerable to a data breach.
This blog post describes security issues that have affected well-known 2014 Certified EHRs. Please note that I’ve already shared this information privately with the Web-based EHR vendors I could identify, and I’ve waited until they were able to investigate the issues and (if needed) repair their systems.
Last month I observed a set of security vulnerabilities in XSLT “stylesheets” used to display externally-supplied C-CDA documents in many EHRs. To be specific: the CDA.xsl stylesheet provided by HL7 (which has been adopted by many EHR vendors) can leave EHRs vulnerable to attacks by maliciously-composed documents.
-----

CDA Use in the PCEHR: Lessons learned

Posted on April 4, 2014 by Grahame Grieve
I wrote an article for the latest edition of Pulse IT (page 53) called “CDA Use in the PCEHR: Lessons learned”:
One of the key foundations of the PCEHR is that the CDA (Clinical Document Architecture) is used for all the clinical documents that are part of the PCEHR. This article describes the lessons learned from using CDA for the PCEHR.
-----

CDA Security Issues and implications for FHIR

Posted on April 5, 2014 by Grahame Grieve
Overnight, Josh Mandel posted several security issues with regard to CDA:
This blog post describes security issues that have affected well-known 2014 Certified EHRs. Please note that I’ve already shared this information privately with the Web-based EHR vendors I could identify, and I’ve waited until they were able to investigate the issues and (if needed) repair their systems.
Josh identified 3 issues:
  1. Unsanitized nonXMLBody/text/reference/@value can execute JavaScript
  2. Unsanitized table/@onmouseover can execute JavaScript
  3. Unsanitized observationMedia/value/reference/@value can leak state via HTTP Referer headers
-----

“No public interest” in PCEHR review release

news The Department of Health has stated it does not believe there is a public interest case for the Federal Government’s review of the troubled Personally Controlled Electronic Health Records project to be released publicly, despite the fact that Health Minister Peter Dutton has stated the document contains “a comprehensive plan for the future of electronic health records in Australia”.
The PCEHR project was initially funded in the 2010 Federal Budget to the tune of $466.7 million after years of health industry and technology experts calling for development and national leadership in e-health and health identifier technology to better tie together patients’ records and achieve clinical outcomes. The project is overseen by the Department of Health in coalition with the National E-Health Transition Authority (NEHTA).
However, in July the Government revealed it had failed to meet it initial 500,000 target for adoption of the system, with only close to 400,000 Australians using the system at that point.
-----

Medicare Local keen to get patients used to e-health system

Posted Mon 31 Mar 2014, 2:00pm AEDT
Educating patients about new electronic health services in South Australia's north and west is the next big task for Medicare Local Country North SA.
E-health allows GPs to update patient records stored on a central database.
The e-health system gives GPs, hospitals and pharmacists access to detailed and accurate patient records.
Medicare Local's Sarah Wiles says most GPs are prepared.
-----

Hospital in chaos over new booking system

Date April 1, 2014

Julia Medew

Health Editor

EXCLUSIVE
Staff at one of Melbourne's largest hospital networks say a new computerised booking system has wreaked havoc over the past year, causing untold distress for vulnerable people and putting lives at risk.
Senior Austin Health employees have told Fairfax Media that the new Patient Choice Booking service at the Austin Hospital and Olivia Newton-John Cancer and Wellness Centre has caused scores of patients to miss crucial appointments with specialists responsible for their care.
This included seriously ill patients, such as organ transplant recipients, cancer patients and those with infectious diseases such as TB and HIV who needed to be seen at particular times to receive continuing tests, medications and other treatment.
-----

Austin Hospital booking system brings grief to cancer sufferer

Date April 2, 2014

Julia Medew

Health Editor

Until May last year, Kevin Biaggini had no reason to doubt his care at the Austin Hospital. In November 2012, the Ivanhoe father was treated there for liver cancer and thought the medical and administrative staff were excellent.
But when the hospital introduced its new ''Patient Choice'' booking system in May last year, Mr Biaggini said things started to deteriorate. After having a routine MRI scan on May 15 to check his liver was clear of cancer, he received an unexpected phone call 10 days later. The nurse wanted to know why he had not attended an appointment that week.
''Straight away I knew what was in the wind,'' he said.
The nurse went on to tell him the MRI had found more cancer and that he had been scheduled for treatment that week.
-----

Startup's stethoscope adapter gets to the heart of the matter

Doctors can add the device to their stethoscopes and send heartbeat data to their phones
Seeing the latest smartphone makes some people's hearts beat faster. Now there's an app that can hear them.
The app, from a company called Eko Devices, works with a device that attaches to a standard analog stethoscope. Via the Bluetooth Low Energy protocol, the Eko adapter sends the audio from the stethoscope to the doctor's phone or tablet for recording, viewing, analysis and sharing. The six-person company demonstrated its product at the Demo Enterprise conference in San Francisco Thursday.
Digitizing the heart and lung sounds that a stethoscope picks up allows doctors to view them as waveforms, giving them another tool to detect potential ailments. Digital stethoscopes have been on the market for years, but Eko's accessory allows doctors who prefer traditional analog devices to bring them into the digital age.
-----
Dan Munro, Contributor
3/30/2014 @ 10:28PM

Setting Healthcare Interop On Fire

There’s a new software standard for sharing health data that’s gaining a lot of interest and support. Still in “prototype” format, it’s called Fast Health Interoperable Resources or FHIR (pronounced ‘fire’) and the early interest is more than just curiosity. Several high profile projects ‒ including the new CommonWell Health Alliance ‒ are actively testing the new software framework.
The reason for all the excitement is relatively easy to understand ‒ even if you don’t care to understand anything about software in healthcare. In a nutshell, many of the “behind‒the‒scenes” software standards and techniques that we all take for granted as part of our online web experiences (like shopping, travel and banking) are making a kind of formal debut in healthcare.
FHIR is the “HTML” of healthcare. It’s based on clinical modeling by experts but does not require implementer’s to understand those details. Historically healthcare standard were easy for designers and hard for implementor’s. FHIR has focused on ease of implementation. John Halamka ‒ CIO at Harvard and Beth Israel Deaconess Medical Center
-----

GS1 Recallnet Healthcare goes live to streamline total recall process in the Australian Healthcare Industry

Created on Tuesday, 01 April 2014
The recall process for therapeutic goods in the Australian healthcare sector is set to become streamlined with GS1 Recallnet Healthcare going live on Tuesday 1 April 2014.
 Developed over four years by GS1 Australia in association with the National E-Health Transition Authority (NEHTA), the Therapeutic Goods Administration (TGA), state and territory health departments and a number of medical device and pharmaceutical suppliers and industry associations, GS1 Recallnet Healthcare is an electronic product recall notification management system for therapeutic goods.
-----

Net’s forever: protect your integrity

1st Apr 2014
THE pace of technological advancement in healthcare has been phenomenal in my professional lifetime.
I am not just talking about PET scans, MRI and robotic surgery, but the everyday accessible desktop-type technology that has transformed clinical practice and practice management. Being a reasonably early adopter, I remember the installation of our new state-of-the-art fax machine.
For the first time, with this magical technology we could instantly send and receive letters and results over the phone. What we did not realise was that the images on thermal paper faded within a few years and so faxes were useless as a long-term record and we would need a more durable format.
I also remember the first computers we installed in the clinic. Our secretaries loved them because they no longer had to bend and stretch to retrieve and file those heavy paper folders and managing the appointments became much simpler.
-----

Paraplegic walks tall with bionic backpack

Date April 1, 2014 - 3:42PM

Kate Hagan

Radi Kaiuf was confined to a wheelchair for 20 years after being shot in the spine while fighting for the Israeli army in Lebanon in 1988.
But a chance meeting with Israel computer scientist Amit Goffer at a rehabilitation centre in Tel Aviv changed all that.
Dr Goffer, who became a quadriplegic in a car accident in 1997, asked Mr Kaiuf if he'd like to try something new - a bionic walking machine that he had developed.
-----

Analytica delivers positive usability trials for e-health treatment system

Monday, March 31, 2014 by Proactive Investors
Analytica has successfully completed phases 1 to 3 of the usability trials for the PeriCoach system.
Analytica's (ASX: ALT) shares are expected to open firmer this morning following the successful completion of phases 1 to 3 of the usability trials for the PeriCoach system.

PeriCoach is an e-health treatment system for women who suffer Stress Urinary Incontinence, which is a very large market considering 1 in 3 women worldwide are affected.

The incontinence pad market in the U.S. is $5 billion, and forecast to grow to $7 billion by 2017.

-----

Fiona Coote celebrates life 30 years since her first heart transplant

Date April 4, 2014

Rachel Browne

Social Affairs Reporter

When Fiona Coote had a heart failure in 1984, a transplant was the only option. Three decades later, one of the surgeons who operated on the teenager believes heart transplants will soon be a thing of the past.
The director of heart-lung surgery and transplantation at St Vincent's Hospital, Phillip Spratt, says technological advances in artificial heart pumps will make transplant surgery redundant.
Almost 40 per cent of patients at the hospital's heart-lung transplant unit have the devices implanted, which keep them alive for years, in some cases until they undergo surgery.
-----

Windows 8.1 Update: Microsoft Hits Reverse, Adds Windows 7 Features

With its Windows 8.1 Update, announced today, MicrosoftMSFT -0.17% is looking in the rearview mirror—and putting the car in reverse. But for all the people who have wanted Windows 8 to work more like Windows 7, that’s the right direction.
On April 8—coincidentally the same day that Microsoft cuts off Windows XP support—a free Windows 8.1 Update will bring mouse and keyboard users some much needed relief with some small but useful system tweaks.
“Our goal is to bring back the familiar,” Chaitanya Sareen, Microsoft Principal Program Manager Lead on Windows, told me as he demonstrated some of the new features last week.
There are three that I think will significantly aid people making the transition from a traditional version of Windows, including XP or 7, to Microsoft’s now slightly-less-brave new world.
-----

Microsoft unveils Cortana digital assistant, reinstates Start menu

Date April 3, 2014

Dina Bass, Ian King

  • Windows 8.1 reinstates the Start menu
  • Windows Phone gets Siri-like assistant
  • Windows Phone free to handset makers
Microsoft has renewed its push to catch up with Apple and Google in mobile devices, unveiling updated Windows Phone software with voice-search features and offering it for free to makers of smartphones and tablets.
Microsoft, which previously charged a licensing fee of $5 to $15 per device, will offer it without charge to makers of smartphones and smaller tablets with screens of less than nine inches, the company revealed at its Build developers conference in San Francisco on Wednesday (Thursday morning Australian time).
The new Windows Phone 8.1 software for smartphones and tablets includes a voice-controlled digital assistant called Cortana, similar to Apple's Siri, and will be rolled out to existing Windows Phone 8 users over the coming months.
-----
Enjoy!
David.

Sunday, April 06, 2014

It Appears There Are Some Significant Security Issues With The PCEHR. I Wonder When There Will Be An Official Comment?

The following appeared in the last day or so.

Security vulnerabilities in C-CDA Display using CDA.xsl

Apr04
TL;DR: If you’re using XSLT stylesheets to render C-CDAs in your EHR, make sure you understand the security implications. Otherwise you could be vulnerable to a data breach.
This blog post describes security issues that have affected well-known 2014 Certified EHRs. Please note that I’ve already shared this information privately with the Web-based EHR vendors I could identify, and I’ve waited until they were able to investigate the issues and (if needed) repair their systems.
Last month I observed a set of security vulnerabilities in XSLT “stylesheets” used to display externally-supplied C-CDA documents in many EHRs. To be specific: the CDA.xsl stylesheet provided by HL7 (which has been adopted by many EHR vendors) can leave EHRs vulnerable to attacks by maliciously-composed documents.
I plan to follow up with posts describing:
  • a real-world case where a vendor was affected by these issues
  • a set of security best practices that can help avoid these and other issues
  • the unfortunate state of EHR vendor security vulnerability reporting protocols

Three fundamental attacks

Many vendors appear to be using (slightly tweaked versions of) the CDA.xsl that comes with HL7′s C-CDA release. This provides potential attackers with a highly visible, leveragable target.
My analysis revealed at least three ways to craft a malicious C-CDA. The first two vulnerabilities allow the execution of arbitrary JavaScript code within the C-CDA viewer. For example, an attacker could steal browser cookies and application state, and post them back to an external server. The third vulnerability allows the C-CDA viewer URL to leak to an external server.
All the technical details of the three issues can be found here:
I was alerted to this blog post by a technical guru who said there were significant issues to be addressed both by the PCEHR Program and NEHTA as well as some of the GP system providers who used CDA Stylesheets.
I am sure there is significant effort being put into working out what exactly to do right now.
This is clearly an evolving story and I suggest people keep an eye open for information from Government and NEHTA and the mainstream press.
I also look forward to more posts from the US blogger explaining what he is recommending as appropriate fixes etc.
David.

AusHealthIT Poll Number 212 – Results – 6th April, 2014.

Here are the results of the poll.

Does The Current Government Have A Plan To Deliver An E-Health Framework Over The Next Few Years That Will Improve The Efficiency, Quality and Safety Of The Health System?

For Sure 0% (0)

Probably 1% (1)

Neutral 0% (0)

Probably Not 37% (26)

No Way 56% (40)

I Have No Idea 6% (4)

Total votes: 71

A very clear outcome with more than 90% thinking the Government seems to be lacking a plan that might deliver what is intended. Hardly good news for the future.

Again, many thanks to all those that voted!

David.