Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, December 07, 2014

The Office Of The Information Commissioner Audits the National E-Health Record System for 2013-14.

This report was released a week or so ago:

National Repositories Service — eHealth record System Operator: Audit report

Audit report
Information Privacy Principles audit
Section 27(1)(h) Privacy Act 1988
Audit undertaken: January 2014
Draft report issued: May 2014
Final report issued: November 2014
Here is the link.
The findings of the audit are summarised here and should be read closely to pick out how much is apparently not up to scratch.
----- Begin extract.

Part 11 — Summary of recommendations

Recommendation 1 — use of appropriate definitions

11.1 It is recommended that the System Operator review and revise all eHealth security policy and procedure documents (including any related training material) so that the terminology used throughout the documents is consistent with the Privacy Act. In particular the documents should be amended so that they:
  • employ the terms ‘personal information and ‘sensitive information’ as defined in the Privacy Act
  • take into account recent amendments to the Privacy Act.

Auditee response

11.2 Agreed. The policies, procedures and training material will be updated to better reflect the  terminology use in both the Privacy Act and PCEHR Act.

Recommendation 2 — emphasise Privacy Act obligations

11.3 It is recommended that the System Operator consider reviewing its high level eHealth security policies and procedure documents to ensure that, where appropriate, they reflect the System Operator’s Privacy Act obligations to protect personal information and the manner in which these obligations will be met.

Auditee response

11.4 Agreed. The policies, procedures and training material will be updated to better emphasise the System Operator’s privacy obligations and manner in which to meet these obligations.

Recommendation 3 — review for readability

11.5 It is recommended that the System Operator review all eHealth system security policies to ensure they can be readily understood by management, non-technical and new staff or external persons who need to review this material by:
  • providing more contextual information as to the relationship between the documents (such as the related documents’, ‘intended audience’ and ‘document map’ tables described above)
  • ensuring the content of the documents is consistent, up to date, easy to follow, explains key concepts and terms and reflects current practice.

Auditee response

11.6 Agreed. The policies, procedures and training material will be updated to improve usability for a range of readers. 

Recommendation 4 — implement overall privacy control mechanism

11.7 It is recommended that the System Operator implement a formal written central privacy management function. This could involve appointing a person or designating a group of people (eg a committee or working group involving all relevant staff) as the focal point for privacy advice and solutions on the eHealth record system.

Auditee response

11.8 Agreed. A working group comprising relevant staff will be established as the focal point for privacy advice. In the longer term, the establishment of a Privacy and Security Committee will be considered as part of the Government’s response to recommendations from the Review of the PCEHR.

Recommendation 5 — manage collaboration risks

11.9 It is recommended that the System Operator review the use of the IMS (in consultation with the other eHealth stakeholders) and System Operator’s EDRMS system for eHealth incident handling. The risks highlighted above may be managed by:
  • general risk profile — undertaking a TRA and a PIA on the use of the IMS and the System Operator’s EDRMS system for eHealth activities, with particular reference to their adequacy in the eHealth incident management context and the effectiveness of their access controls
  • policy risk — ensuring consistency of protocols used by each stakeholder that govern the use of the IMS 
  • access risk — considering smaller restricted IMS communities and if possible restrict access to tickets containing personal or sensitive information to personnel in the community who need access
  • access risk/trusted insider risk — utilising dynamic passwords and/or other forms of authentication (for example RSA tokens)
  • access risk/trusted insider risk — ensuring all personnel accessing incident information on the IMS have the necessary baseline clearance
  • trusted insider risk — if possible limiting or preventing downloading of material from the IMS
  • trusted insider risk/Monitoring risk — if possible and appropriate, the System Operator could consider real time monitoring of IMS usage, especially as the amount of incident information held in the IMS increases over time
  • shadow data base risk — considering whether the information in the IMS and in the System Operator’s EDRMS system can be destroyed or de-identified in accordance with the Archives Act 1983.
If the above measures cannot be implemented effectively, the System Operator should consider:
  • relocating incident information (from both the IMS and the System Operator’s EDRMS system) to a location within the NRS
  • implementing its own incident tracking system, under the direct control of the System Operator and used solely for managing eHealth system incidents.

Auditee response

11.10  Agreed. The IMS will be reviewed, the above recommendations considered and resulting improvements added to continuous security improvement program.
----- End Extract.
This is really amazing.
Despite the audit being rather constrained and purely document based the recommendations really suggest the System Operator (i.e. The Secretary of DOH and Accenture) have a lot to do and soon.
Documents that are unreadable, complicated and not fit for purpose apparently are really not good enough.
Just how is it all this was not sorted ages ago?

I wonder what an audit of the overall PCEHR program would reveal if this was what was found with a very constrained and limited paper review?
David.

AusHealthIT Poll Number 247 – Results – 07th December, 2014.

Here are the results of the poll.

Is The Government So Distracted By 'Barnacles' At Present That E-Health And The Fate Of The PCEHR Has Fallen Between The Cracks?

Yes 32% (46)

Probably 34% (49)

Neutral 3% (5)

Probably Not 20% (28)

No 7% (10)

I Have No Idea 3% (5)

Total votes: 143

A pretty clear response with a majority seeing evidence that the Government has lost focus on e-Health.

Good to see a clear outcome and lots of votes.

Again, many, many thanks to all those that voted!

David.

Saturday, December 06, 2014

Weekly Overseas Health IT Links - 06th December, 2014.

Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----

Many Companies Shifting Mission Critical Apps to Cloud

NOV 26, 2014 10:08am ET
The cloud is being widely adopted for applications important to business success, according to a new study by Forrester Research conducted on behalf of Infosys, a provider of consulting and outsourcing services.
A large majority of the 300 organizations in the United States, United Kingdom, Germany, France and Australia surveyed by Forrester in July and August, 2014 (81 percent) said they’re either using or planning to use critical apps in the cloud in the next two years.
The survey found that cost savings is no longer the primary driver for leveraging cloud services, with 77% of organizations considering agility to be the key driver.
-----

Testing times for Epic at Cambridge

25 November 2014   Sam Sachdeva
Cambridge University Hospital NHS Foundation Trust was forced to declare a “major incident” and divert ambulances to other hospitals for five hours after its new electronic patient record became unstable a week after go-live.
The trust has also had “significant problems” with its pathology system, with problems matching test results to patients. It has asked GPs to stop all routine blood tests at short notice.
The trust says most of the problems reported by its local clinical commissioning group occurred shortly after go-live and are being addressed.
A report on the Epic implementation from the NHS Cambridgeshire and Peterborough CCG was presented to a recent meeting of the Cambridgeshire County Council’s health committee, which is investigating pressures on the local healthcare system.
-----

'Curious' workers fired for sneaking looks at 112 private e-health records

The Canadian Press
Published Thursday, November 27, 2014 8:10AM PST
VICTORIA - Vancouver Island's health authority has fired two employees it says peaked at patients' private health files to satisfy their personal curiosity.
Island Health says it investigated after receiving allegations in early October that staff members were inappropriately accessing personal information.
The authority concluded 112 individuals' records were observed, even though the employees were not authorized, and it has since notified and apologized to the affected people.
-----

Top 10 health IT predictions for 2015

Posted on Nov 26, 2014
By Mike Miliard, Editor
In 2015, hospitals will – and should – make more advanced use of "third platform" technologies based on mobile tools, social channels, data analytics and the cloud, according to a recent report from IDC Health Insights.
With healthcare costs unsustainable, but these new technologies now ubiquitous, IDC officials say hospital CIOs will increasingly be turning to new tools – especially as consumers expect healthcare to be as responsive to their wants and needs as other industries.
Meanwhile, cybersecurity concerns, care coordination and patient engagement will continue to be top concerns, spurring new approaches to IT as hospitals develop increasingly sophisticated digital strategies to improve care quality, broaden access and drive efficiency.
-----

Study: Barriers impact use of public health data

November 25, 2014 | By Katie Dvorak
Despite an increase in health data collection, barriers remain to gaining and using the information to improve care, according to a study from the University of Pittsburgh Graduate School of Public Health.
Those barriers hamper decision-making efforts and hurt attempts to tackle global health threats, according to the analysis, published in BMC Public Health and funded by the Bill & Melinda Gates Foundation and the National Institutes of Health.
-----

Why Healthcare Security Must Be Top Priority for CIOs

Author Elizabeth Snell | Date November 24, 2014

Eight CIOs met to discuss healthcare security issues and what they can do to best mitigate cybersecurity risks.

Healthcare CIOs admit that it’s not a matter of if their health systems will be breached, it is a question of when their healthcare security systems will be attacked. That was one of several issues discussed by healthcare leaders at the second annual Scottsdale Institute CIO Summit earlier this year.
A Summit report explained strategies that can be used to address emerging informatics requirements for the nation’s healthcare systems. However, finding the best ways to protect against cyber criminals and other health data attacks was a common area of concern among the eight CIOs who attended the summit.
-----

What Healthcare Can Learn From CHS Data Breach

Security breach that exposed personal data on 4.5 million Tennessee healthcare system patients offers key lessons to prevent similar cyber attacks.
11/25/2014 08:36 AM
Paula Knippa
Commentary
Tennessee-based Community Health Systems (CHS) disclosed in its Form 8-K SEC filing in August that its computer network had been hacked at least twice in April and June of 2014 through criminal cyber attacks originating from China. All healthcare organizations can learn from one health system's breach.
CHS -- which owns, operates, and leases 206 hospitals across 29 different states -- confirmed that these hacking incidents resulted in the theft of non-medical, patient-identifying information of 4.5 million individuals who had, in the last five years, been referred to or received services from physicians affiliated with CHS. This information included patient names, addresses, birthdates, telephone numbers, and social security numbers.
Although CHS portrays the attacks as incidents in which hackers used highly sophisticated malware and technology to attack its system -- and were thereby able to bypass its security measures to access the personal data of millions of patients -- sources closer to the investigation have described a different scenario. According to these sources, CHS's system was hacked through a test server that was never intended to be connected to the Internet at all. Because Internet connectivity was not contemplated, the security features that would -- and should -- be deployed in a live production server were not installed on the test server.
-----

Institute for Healthcare Improvement's Frank Federico: Technology can't dictate care

November 25, 2014 | By Katie Dvorak
If implemented well, technology can do great things for healthcare, but providers can't let it dictate how to do their work, says Institute for Healthcare Improvement Executive Director Frank Federico.
"We can't let use of technology unintentionally harm patients because we didn't anticipate the possibility that harm could occur and put safeguards in place to mitigate it," he said in a recent interview.
One major issue hospitals and healthcare facilities face is alarm fatigue, and Federico said it is a pervasive problem that is unlikely to be fixed with one solution. He questions whether doctors have become immune to constant alarms.
-----

Teaching hospitals can provide a unique testbed for innovation

November 25, 2014 | By Susan D. Hall
Teaching hospitals can provide the resources and environment needed to effectively test out digital innovations and bring them to market, according to an article at Harvard Business Review.
Digital innovators need to try out their ideas in real-world settings, something teaching hospitals are uniquely positioned to provide, according to authors Louis A. Shapiro, president and CEO of Hospital for Special Surgery in New York City, and C. Mark Angelo, the hospital's vice president of innovation and business development.
They point to a system developed at the hospital to reduce waste in the process of sizing orthopedic implants to the patient. If the implant is opened, but the wrong size, it's discarded, leading to substantial waste. And multiple components from different manufacturers can be confusing as well.
-----

Transforming Decision Support and Reporting

Scott Mace, for HealthLeaders Media , November 25, 2014

New technology is enabling easier access to information, creating collaborative care team interaction and improved clinical outcomes.

This article appears in the November 2014 issue of HealthLeaders magazine.
The next generation of decision-support technology leverages natural language processing (NLP)and continues to evolve by scouring unstructured text and presenting evidence-based medicine to providers in new, accessible, and interesting ways.
In two of the latest examples, clinicians themselves contribute via a growing set of predefined queries, as evidenced by Partner HealthCare's use of QPID, a queriable patient inference dossier technology recently spun out into its own Boston-based company; as well as threaded, Facebook-like conversations behind the firewall, as epitomized by the Mayo Clinic's recent six-month pilot test of Dabo, a technology developed by a San Francisco–based company in which Mayo has an ongoing investment. The result of both initiatives, executives say, is energized physicians who are helping themselves and each other achieve healthcare's Triple Aim: improving the patient experience of care, improving the health of populations, and reducing the per capita cost of healthcare.
-----

In Lakeport, CA, a Population Health Laboratory is Born

Scott Mace, for HealthLeaders Media , November 25, 2014

A firsthand look at how a population takes on improving its population health.

The prospect of a bunch of healthcare investors investing in California's unhealthiest county as a business opportunity may strike you as a bit wacky.
But longtime readers of this column have seen this story unfolding as twice before I wrote about investor Esther Dyson's vision of lifting the health of an entire town through a combination of entrepreneurial spirit, a radical rethinking of healthcare, a dash of technology, and community organizing.
When I last visited Dyson's nonprofit startup, HICCup (for Health Initiative Coordinating Council), it had just put out its call for participants in a bold five-year experiment: Single out five communities of 100,000 population or less, then use those communities as hothouses of healthcare innovation, attracting investment capital and innovators to upend previous cultures of isolation and disease and replace them with cultures of cooperation and health.
-----

Will Google Glass make it in healthcare?

Posted on Nov 24, 2014
By Eric Wicklund, Editor, mHealthNews
The lifespan of Google Glass might just be short-lived, with the technology facing an increasing amount of public criticism in recent months. But does it fare a little better in healthcare? Industry stakeholders say, "yes."
A recent online newsletter listed Google Glass as among the top 10 tech failures in 2014. And among several other publications, Time opined that it doesn't see a future for the eyewear, adding that "most of us don't want to go around town looking like Star Trek's Geordi LaForge." 
The opinion here? Don't break Glass just yet.
-----

Most patients willing to share health data with researchers, employers

November 24, 2014 | By Katie Dvorak
A majority of patients would be willing to share their healthcare information with researchers, employers, health plans, and their doctors, according to a Truven Health Analytics-NPR Health Poll.
More than 3,000 people responded to the survey, which included questions on information sharing, electronic medical records and privacy concerns.
More than two-thirds or 68 percent of the respondents said they would be OK with sharing health information anonymously with researchers. According to the survey's author, that number increases with level of education and income. Millennials, those 35 and younger, were the most likely to be willing to share information anonymously at about 70 percent.
-----

MEDTECH legislation limits regulation of EHRs, decision support

November 24, 2014 | By Dan Bowman
Forthcoming legislation drafted by Sens. Orrin Hatch (R-Utah, pictured) and Michael Bennett (D-Colo.) looks to exempt electronic health records and clinical decision support software from oversight by the U.S. Food and Drug Administration.
The legislation--the Medical Electronic Data Technology Enhancement for Consumers' Health (MEDTECH) Act--outlines five areas of the Federal Food, Drug, and Cosmetic Act, in all, to be amended. The bill's language says that the following should not be deemed "devices within the meaning" of the earlier law:
  1. Software intended for administrative or operational support of a healthcare facility
  2. Products unrelated to clinical treatment of a disease or disorder
  3. EHRs that "functionally represent a medical chart, including patient history records, but excluding diagnostic image data," as long as the EHR system is "validated prior to marketing"
  4. Software intended to format, organize or otherwise present clinical laboratory test report data prior to analysis
  5. Software for analyzing and supporting the display or printing of patient or other medical information for supporting or providing prevention, diagnostic or treatment recommendations to clinicians
-----

Study: Cost-Savings Can Occur When EHRs Default to Generic Medication Options

November 21, 2014
Physicians will prescribe fewer brand name drugs and can curb health spending when an electronic health record (EHR) defaults to show the generics first, according to a research study.
The study, led by researchers at the Perelman School of Medicine, The Wharton School and the Center for Health Incentives and Behavioral Economics (CHIBE) at the University of Pennsylvania, is published in a recent issue of Annals of Internal Medicine.  The researchers looked at four ambulatory clinics (two internal medicine and two family medicine) in the University of Pennsylvania Health System between June 2011 and September 2012 and evaluated the difference in prescribing behavior for three commonly prescribed classes of medications between family medicine and internal medicine physicians. They underwent an intervention where family docs were shown both brand name and generic medication options within the EHR medication prescriber portal, but internal medicine physicians were shown a different display of only the generic medication options.
-----

A Worry In Theory, Medical Data Privacy Draws A Yawn In Practice

November 20, 201411:25 AM ET
Scott Hensley
NPR
When it comes to health records, how concerned are Americans about what happens to their personal information?
We asked in the latest NPR-Truven Health Analytics Health Poll. And, in a bit of surprise to me, the responses showed that, in general, worries don't run very high.
First, we learned that nearly three-quarters of people see doctors who use electronic medical records. So the chances are good that your medical information is being kept digitally and that it can be served up to lots of people inside your doctor's office and elsewhere.
-----

Where Do Americans Stand on Health Privacy?

NOV 26, 2014 7:28am ET
A survey of more than 3,000 Americans conducted in August with results released this month finds 5 percent of respondents have been notified that their medical records were breached. The highest rate of notifications—16 percent—was among respondents with an income above $100,000.
Truven Health Analytics and National Public Radio conducted the poll; the organizations do monthly polls on a variety of healthcare issues and the August poll focused on privacy issues. While more than two-thirds of respondents said they are willing to share health information anonymously with researchers, some worry about the privacy of their records that other stakeholders possess.
“Sixteen percent of respondents have privacy concerns regarding health records held by their health insurer,” according to a summary of survey results. “Fourteen percent have concerns about records held by their hospital, 11 percent with records held by their physician, and 10 percent with records held by their employer.”
-----

Big HIT Changes May Be Coming Soon

NOV 21, 2014 9:29am ET
By 2020, 80 percent of healthcare data will pass through the cloud at some point in its lifetime, as providers seek to leverage cloud based technologies and infrastructure for data collection, aggregation, analytics and decision-making. And, 65 percent of consumer transactions with healthcare organizations will be mobile by 2018.
Those are some of the near-term predictions for the healthcare industry by research firm IDC Health Insights. The predictions are meant to provide healthcare executives with a basic framework for evaluating and initiating IT initiatives—now and in the foreseeable future. Among IDC’s other predictions:
*With healthcare costs rising, operational inefficiency will become critical at 25 percent of hospitals resulting in the development of a data-driven digital hospital strategy requiring budgeting in 2016. 
-----

Four Predictions for 2015 -- A Mixture of New and Old Shifts

by Terry Fouts Monday, November 24, 2014
Reflecting on 2014, the health care landscape has become clearer in some regards and murkier in others. ICD-10 was once again delayed, and there's a lot of debate on whether the new date will stick. Many providers attested to Stage 1 meaningful use, but the timelines for stages 2 and 3 have come under serious scrutiny among large provider groups. Major shifts are still hanging in the balance. We are reminded of Medicare -- now a solid and beneficial institution -- and the alignment of politicians and physician groups against it. The implementation of diagnostic-related groups is another example of a seismic shift that is now well accepted.
These topics will certainly take center stage next year -- but what other changes do we have in store? After observing the health care industry for 40-plus years, here are some of my main predictions for 2015.

1. Care, Testing Will Progressively Move to Patients' Homes

Beyond the rise of telemedicine and telehealth -- which will certainly increase in popularity due to the growing provider shortage -- home testing devices will become increasingly popular, especially among patients with chronic conditions. With 75% of national health care spending going toward the treatment of chronic diseases (two-thirds of Medicare beneficiaries have at least two chronic conditions and they account for 93% of Medicare spending), a number of providers will start pushing for better and safer electronic data transfers.
-----

New IT strategy will aim to build coherence for patients

Minister for Health Leo Varadkar outlines ehealth strategy at Dublin conference

Elaine Edwards
Setting out a new IT strategy for the health service will be a key target for the HSE’s new chief information officer when he takes up his post next month, according to Minister for Health Leo Varadkar.
Richard Corbridge will join the HSE from the NHS National Institute for Health Research. Implementing the Government’s ehealth strategy will be among his responsibilities.
Ireland spends just 0.85 per cent of its health budget on IT, compared with an EU range of 2–3 per cent. Asked whether he would increase this to support the governance and delivery of the Government’s ehealth strategy, Varadkar said that once the new IT strategy for the HSE had been finalised, “we will have a clearer picture of the level of investment needed”.
-----

Enjoy!
David.

Friday, December 05, 2014

I Would Really Like People To Make Claims For Health IT Outcomes After They Are Proven, Not Hoped For!

This appeared last week:

St Stephen's Hospital's digital system on show

Carlie Walker | 27th Nov 2014 4:00 PM
DELEGATES from major private and public hospitals throughout Australia are visiting St Stephen's Hospital in Hervey Bay this week, keen to learn the secrets of efficiency and improved care unlocked by the hospital's digital system.
Richard Royle, executive director of UnitingCare Health, said the state-of-the-art facility had impressed those gathered so far during the three-day event, with delegates from hospitals, banks and the CSIRO anxious to see the system in practice.
"It's terrific for the Fraser Coast," he said.
Mr Royle said because information was recorded directly into an online electronic system, it virtually eliminated the chances of the wrong treatment being given to patients.
Because nurses were not tied down with paperwork or trying to decipher handwritten notes, prescriptions or instructions, that freed them up to spend more time with patients, which was a major benefit, Mr Royle said.
Mr Royle said all equipment in the hospital had a GPS tracker attached, where if a nurse needed to track a wheelchair, they needed only check the location of the GPS device, eliminating the need for them to search for equipment.
Mr Royle said mistakes were made in every hospital throughout the world, but the system in place at St Stephens went a long way to eliminating human error.
Errors could no longer be made by misinterpreting handwriting on prescriptions because all information was recorded digitally.
Each patient was also given a barcode and the barcode was used to digitally record any allergies the patient might have and exactly the prescription they needed.
If a doctor tried to prescribe a drug that the patient was allergic to, an alarm would sound when it was scanned into the digital system, Mr Royle said.
Lots more here:
When you read things like this you really have to wonder:
“Mr Royle said because information was recorded directly into an online electronic system, it virtually eliminated the chances of the wrong treatment being given to patients.”
Of course error reduction relies on the clinician ordering quality as much as it relies on quality information flows.
Equally the time spent in data entry can easily be as long as hand-writing notes - albeit there are real benefits for spending the time.
What I would like to see is some before after snapshots of error rated, time spent, costs etc. etc.
I am sure this system will make a positive difference but it would be nice to know that the scale of impacts have been measured - not claimed in advance!
David.