Sometimes one hears something that stretches credulity, but the plans just announced by the NSW Commerce Department’s Office of the Chief Government Information Office truly “take the biscuit”!
A plan entitled People First – A new direction for ICT in NSW which is said to be the NSW Government ICT Strategic Plan was announced at 9.00am on Thursday 27th July 2006 by the NSW Minister for Commerce, John Della Bosca
It is said that this is “an innovative Government ICT Plan that sets the framework for a coordinated government-wide approach to planning, expenditure and allocation of ICT resources.
It represents a major change in ICT policy direction and will pave the way for a new and more effective way of service delivery for the NSW Government.
The Plan provides a strategic framework to make better use of technology to improve the efficiency and effectiveness of services and systems, both within government and the wider community.
It will allow NSW Government Agencies to work together within a coordinated strategic framework to aggregate ICT initiatives to minimise costs and maximise the use of common applications, infrastructure and processes.
Savings will be redirected to key frontline services such as health, education, policing, disability services and information.”
The claims made in the body of the plan are that it: -
• Will be implemented over 4 years, commencing July 2006.
• Targets initiatives that are inevitable, which no one agency can do singularly, that are common and repeatable between agencies and which provide strategic value.
• Removes the technological barriers that inhibit both the reform of government and e-government initiatives.
• Results in savings of over half a billion dollars over four years.
The claim is made in the detailed document that the plan:
“Directs ICT savings to key front-line services such as health, education, policing, disability services, home and community care, transport and housing.”
Excellent one thinks – a bit more for the areas that need it. But read on. Then we find the following:
“ICT capital expenditure will be reduced by $350 million and recurrent ICT expenditure reduced by $215 million over four years.”
So not only is there no extra money for the front line – worse $565 million over four years is being pulled out the NSW Public Sector IT Budget.
If you believe this will provide improvements in health service delivery, the police and transport systems and so on – you are clearly a believer in the tooth fairy!
On the basis of what is written in this document the whole plan is nothing more than a money saving initiative wrapped up in a collection of pretty A3 charts.
What a pathetic farce!
David.
Monday, August 07, 2006
Saturday, August 05, 2006
Oh HealthConnect! – You Have Done it Again!
A few days ago I was told that the South Australian HealthConnect Project has suddenly burst into life after a period of relative inactivity. Intrigued I thought I should have a look and see what was going on and I found that recent activity was indeed in evidence.
Those who have been following the HealthConnect saga will be aware that it has been Tasmania, the Northern Territory and South Australia where projects have been initiated. In South Australia (SA) there are two streams of activity. The first is an extension of the Broadband for Health Project for SA with some extra support on implementation of security.
The second, and more interesting, is the planning of a project (to go live in November 2006) to provide a basic Shared Electronic Health Record (SEHR) (accessible by the GP, Patient and other Carers) to assist in the communication and sharing of patient specific health information to better co-ordinate and deliver care.
The SEHR and messaging environment is to be provided by Ozdocsonline. They can be found at Ozdocsonline.com.au.
What a very good idea I hear the loud cries – and I cannot but agree. As always, however, the devil is in the detail.
Before discussing that detail, let us briefly consider what attributes we would expect from a Commonwealth / State Government funded Shared EHR Project. I suggest we would expect at least:
1. The use of an open, rather than proprietary, SEHR and messaging platform.
2. Adherence to the national technological standards directions being defined by NEHTA.
3. Interoperability and synchronisation between the GPs local Electronic Health Record and the SEHR record to the extent that both contain the same information to ensure patient safety.
4. At least a HeSA level of security for information flows between the systems of the various users of the SEHR to ensure clear accountability on the part of all users regarding the information stored in the SEHR.
5. Use of the necessary coding and terminology sets to ensure information was captured in a comparable and computable form.
6. Access to the service would be free to the patient (ideally).
What is proposed is that the Ozdocsonline portal will become the central, and proprietary, access point from which patients and their carers will contribute and retrieve information – largely in the form of free uncoded text. The shared record will consist of some key demographic information and then a series of entries (which are either unstructured encounter documentation or itemised action plans) which, it is hoped, over time will become a useful record.
Now, while I am a long time supporter of the idea that progress will only be made in e-health if the various actors just get on with it - this proposal frankly seems a bridge to little!
Among the issues I also see around the planned operation of this proposal are:
1. The patient is apparently charged a fee every time they leave the practitioner a question, prescription repeat request and so on. (Ozdocsonline collects the funds and remits to the GP monthly).
2. The practitioner will need to record information twice – in their computer system and in the on-line system. This may slow the GP down just a little and lead to quite slow adoption.
3. The use of clear text e-mail to let the various actors in the operation know the other has made a referral, a change or whatever. This has the possibility of leading to a deluge of e-mail and further delay for the GP, as well as providing some information, some may not want disclosed, to others.
4. The proposal does not meet the expectations for a publicly funded SEHR trial given the learnings already made in this area so far (e.g the importance of information coding, the importance of client GP systems etc).
It is clear to me that this plan – as presently evolved – is seriously underdeveloped and quite inconsistent with even the broadest outlines of where e-health in Australia should be heading.
I find it amazing that the funding for Development of the Web Based Community Care Plan Management Tool Ozdocsonline is coming from the iTOL program in the Department of Communications, Information Technology and the Arts, rather than the Commonwealth Department of Health. Maybe that explains why the special health privacy and standards issues have not been addressed as one might have hoped.
The motivation for this project is excellent, and if well executed it could make a difference. However, sadly the currently plan for its conduct is, I believe, badly flawed and needs serious review.
David
Those who have been following the HealthConnect saga will be aware that it has been Tasmania, the Northern Territory and South Australia where projects have been initiated. In South Australia (SA) there are two streams of activity. The first is an extension of the Broadband for Health Project for SA with some extra support on implementation of security.
The second, and more interesting, is the planning of a project (to go live in November 2006) to provide a basic Shared Electronic Health Record (SEHR) (accessible by the GP, Patient and other Carers) to assist in the communication and sharing of patient specific health information to better co-ordinate and deliver care.
The SEHR and messaging environment is to be provided by Ozdocsonline. They can be found at Ozdocsonline.com.au.
What a very good idea I hear the loud cries – and I cannot but agree. As always, however, the devil is in the detail.
Before discussing that detail, let us briefly consider what attributes we would expect from a Commonwealth / State Government funded Shared EHR Project. I suggest we would expect at least:
1. The use of an open, rather than proprietary, SEHR and messaging platform.
2. Adherence to the national technological standards directions being defined by NEHTA.
3. Interoperability and synchronisation between the GPs local Electronic Health Record and the SEHR record to the extent that both contain the same information to ensure patient safety.
4. At least a HeSA level of security for information flows between the systems of the various users of the SEHR to ensure clear accountability on the part of all users regarding the information stored in the SEHR.
5. Use of the necessary coding and terminology sets to ensure information was captured in a comparable and computable form.
6. Access to the service would be free to the patient (ideally).
What is proposed is that the Ozdocsonline portal will become the central, and proprietary, access point from which patients and their carers will contribute and retrieve information – largely in the form of free uncoded text. The shared record will consist of some key demographic information and then a series of entries (which are either unstructured encounter documentation or itemised action plans) which, it is hoped, over time will become a useful record.
Now, while I am a long time supporter of the idea that progress will only be made in e-health if the various actors just get on with it - this proposal frankly seems a bridge to little!
Among the issues I also see around the planned operation of this proposal are:
1. The patient is apparently charged a fee every time they leave the practitioner a question, prescription repeat request and so on. (Ozdocsonline collects the funds and remits to the GP monthly).
2. The practitioner will need to record information twice – in their computer system and in the on-line system. This may slow the GP down just a little and lead to quite slow adoption.
3. The use of clear text e-mail to let the various actors in the operation know the other has made a referral, a change or whatever. This has the possibility of leading to a deluge of e-mail and further delay for the GP, as well as providing some information, some may not want disclosed, to others.
4. The proposal does not meet the expectations for a publicly funded SEHR trial given the learnings already made in this area so far (e.g the importance of information coding, the importance of client GP systems etc).
It is clear to me that this plan – as presently evolved – is seriously underdeveloped and quite inconsistent with even the broadest outlines of where e-health in Australia should be heading.
I find it amazing that the funding for Development of the Web Based Community Care Plan Management Tool Ozdocsonline is coming from the iTOL program in the Department of Communications, Information Technology and the Arts, rather than the Commonwealth Department of Health. Maybe that explains why the special health privacy and standards issues have not been addressed as one might have hoped.
The motivation for this project is excellent, and if well executed it could make a difference. However, sadly the currently plan for its conduct is, I believe, badly flawed and needs serious review.
David
Thursday, August 03, 2006
Danish Nirvana – Happiness and e-Health
A few days ago the University of Leicester published the following survey of some 80,000 people from around the world. Participants in the various studies were asked questions related to happiness and satisfaction with life. The Leicester study also looked at health, wealth and access to education. The results were as follows:
The 10 happiest nations in the world are:
1 – Denmark
2 - Switzerland
3 - Austria
4 - Iceland
5 - The Bahamas
6 - Finland
7 - Sweden
8 - Bhutan
9 - Brunei
10 – Canada
They also reported that Burundi, Zimbabwe and the Democratic Republic of the Congo are the unhappiest nations on the planet.
As a matter of pure co-incidence I had been researching e-Health interoperability and had come across a report on the status of e-health in the very same Denmark.
See the following site for details and a copy of the full documentation covering many countries (including Australia – which receives a report suggesting much planning but little actual delivery as of May 2006.) http://www.srdc.metu.edu.tr/webpage/projects/ride/
I now know why the Danes are so happy (other than having our Princess Mary and a new prince) and why Australia (and the US) do not make it into the top 20. Their e-Health works!
A few statistics make the point pretty clearly.
1. 97% of general practitioners now use EDI, and almost all hospitals are now able to send electronic X-ray results and hospital discharge letters. This is unique coverage unknown in any other country.
2. Electronic patient referrals for hospital treatment and to specialists have not yet been used on a massive scale, nor has the use of laboratory requests so far become particularly widespread. However, in the local-authority area, the number of local authorities that exchange EDI with the hospitals has risen from 12 to 92 during the course of the MedCom IV period (2002-2005).
3. The range of services used by 80+% of GPs include:
• Discharge Letters and Reports
• Outpatient Letters and Reports
• Casualty Letters and Reports
• Image Diagnostic Letters and Reports
• Admission and Radiology Referrals
• Pathology Results (All types)
• GP Prescribing
• Billing (Most Services)
Referrals are now being progressively rolled out.
At present the network (termed MedCom) is EDI based but it is being migrated to an XML based web services environment over 2006.
It seems to me this is proven technology that works and would make a huge difference to clinical care in this country. It would also be easily replicable in a sensible time frame and would be consistent with what is known of NEHTA’s planned directions.
Someone from the Government needs to undertake a detailed study visit (it’s a nice place in Autumn) and then get on with actually doing something here!
David.
The 10 happiest nations in the world are:
1 – Denmark
2 - Switzerland
3 - Austria
4 - Iceland
5 - The Bahamas
6 - Finland
7 - Sweden
8 - Bhutan
9 - Brunei
10 – Canada
They also reported that Burundi, Zimbabwe and the Democratic Republic of the Congo are the unhappiest nations on the planet.
As a matter of pure co-incidence I had been researching e-Health interoperability and had come across a report on the status of e-health in the very same Denmark.
See the following site for details and a copy of the full documentation covering many countries (including Australia – which receives a report suggesting much planning but little actual delivery as of May 2006.) http://www.srdc.metu.edu.tr/webpage/projects/ride/
I now know why the Danes are so happy (other than having our Princess Mary and a new prince) and why Australia (and the US) do not make it into the top 20. Their e-Health works!
A few statistics make the point pretty clearly.
1. 97% of general practitioners now use EDI, and almost all hospitals are now able to send electronic X-ray results and hospital discharge letters. This is unique coverage unknown in any other country.
2. Electronic patient referrals for hospital treatment and to specialists have not yet been used on a massive scale, nor has the use of laboratory requests so far become particularly widespread. However, in the local-authority area, the number of local authorities that exchange EDI with the hospitals has risen from 12 to 92 during the course of the MedCom IV period (2002-2005).
3. The range of services used by 80+% of GPs include:
• Discharge Letters and Reports
• Outpatient Letters and Reports
• Casualty Letters and Reports
• Image Diagnostic Letters and Reports
• Admission and Radiology Referrals
• Pathology Results (All types)
• GP Prescribing
• Billing (Most Services)
Referrals are now being progressively rolled out.
At present the network (termed MedCom) is EDI based but it is being migrated to an XML based web services environment over 2006.
It seems to me this is proven technology that works and would make a huge difference to clinical care in this country. It would also be easily replicable in a sensible time frame and would be consistent with what is known of NEHTA’s planned directions.
Someone from the Government needs to undertake a detailed study visit (it’s a nice place in Autumn) and then get on with actually doing something here!
David.
Sunday, July 30, 2006
E-Prescribing in Australia – Is there a New Plan?
Your humble scribe had another of those “choking on his Wheaties” experiences this week. Suddenly ‘out of a clear blue sky’ it was announced, following the recent Australian Health Ministers Advisory Council (AHMAC) meeting, that there was to be an end to paper prescriptions and we were to move to full electronic prescribing with electronic transmission of the prescription to pharmacists. The pharmacist is to obtain an electronic copy of the patient’s prescription by swiping the patient’s Medicare Card. (One imagines that ultimately Mr Hockey’s Access Smartcard will provide the same – but rather more secure – functionality).
This is hardly a new idea. Way back in 1996, your scribe and a colleague wrote a report for the Commonwealth Government which recommended that planning for such a system commence. We had concluded there was a compelling business case to implement e-prescribing even then. Some notice seems to have been taken of the suggestion as early this century we saw the commencement of the MediConnect trials in Tasmania and Victoria. These trials showed that e-prescribing could be done but that further work was required to make it all work well in order to achieve widespread adoption. There were also some issues around the potential costs of a national implementation being seen as quite high – as an isolated program.
It is noted in passing that e-prescribing is being widely trialled and implemented elsewhere in the world with much activity in the US,UK, Canada and Europe.
Here is the text of the announcement.
“Electronic Prescribing and Dispensing of Medicines.
Australians are set to receive improved healthcare following agreement today by all Australian Health Ministers to remove the legislative barriers to electronic prescribing and dispensing of medicines.
From 1 March 2007 the amendments will allow for all stages of the prescribing process to be completed electronically and provide an alternative to the present paper prescriptions system. Scripts will be able to be initiated electronically by prescribers, electronically signed, then transmitted securely and uploaded into the dispenser’s system without the need for re-keying. This will ease the burden created by paper-based prescription processes and allow healthcare professionals to spend more time with patients and their needs.
There are an estimated 400,000 adverse drug incidents that occur in Australia each year according to the Australian Council for Safety and Quality in Health Care's Second National Report on Patient Safety. Electronic prescribing and dispensing will help eliminate those incidents that occur due to poorly handwritten paper prescriptions and transcription errors.
The regulatory amendments to provide for electronic prescribing and dispensing will become effective on 1 March 2007. This gives all States and Territories sufficient time to make their own consistent legislative and regulatory amendments.”
This description makes it clear that what is envisaged is a national “store and forward” network where the doctor creates the prescription, sends it to a central repository from where it is retrieved by the pharmacist into their dispensing computer. Presumably the patient will also be given a written prescription (hopefully with a barcode containing all the prescription information in scannable form) as a back up and to handle the situation of the computer repository being unavailable.
The number of questions this AHMAC announcement raises are legion. Among them are the following:
Who is going to own and operate what will prove to be a rather large national network? (Will it be Medicare, another part of Mr Hockey’s empire or will it be outsourced?)
What standard(s) are to be used for secure messaging and prescription transmission and are there currently any GP systems with such capability?
What terminologies will be used, given that the Australian Medicines Terminology is still in an embryonic stage of development – not due for at least 12-18 months?
What levels and capability of electronic decision support will be offered at the prescribing point and at the central repository to reduce prescribing errors? (The reduction in error rates, and possibly the ability to bias towards the use of generic medication, is the key justification for the introduction of e-prescribing).
Where will the Government be sourcing the required guidelines and prescribing databases to ensure the prescribers get the most current evidence-based information?
Is the Government (or some agency) going to undertake certification and proof of functionality testing of GP client systems, to ensure they work as safely as possible and have up-to-date drug reference databases etc?
How are prescriptions, which are transmitted but not collected, to be handled? (e.g. the situation where the patient decides not to pay for the drug, or is given the prescription on the basis of “if you get worse get it filled”).
Who will have access to the commercially valuable prescribing data-base the system will create and under what circumstances?
Where do NEHTA, the medical colleges, the pharmacists, the Pharmacy Guild and consumers fit in all this. Have they been consulted?
Are hospitals expected to produce discharge prescriptions electronically?
What review has been undertaken of all the work done here and overseas to ensure we get the safest and most secure system possible from end to end (i.e. from the doctor developing the prescription all the way to the patient being handed their medication and appropriate clinical and safety advice)?
I suppose I could go on but in the absence of the AHMAC providing publicly available detailed minutes there seems little point. All we have – from the Government and AHMAC – is that which has been provided in the above announcement.
Before wrapping up, I must say I think a properly developed and considered national e-prescribing implementation would be a very good thing and would save a significant number of injuries, indeed lives. It does of course need to be undertaken in the context of that National e-Health Plan we have all yet to see.
However, it seems to this observer that, despite some rumours to the contrary, this hare has a good deal further to run and a good deal more work to be undertaken before something useful makes it to the light of day. Pity about that. It all seems far to “spur of the moment’ to be real.
David.
This is hardly a new idea. Way back in 1996, your scribe and a colleague wrote a report for the Commonwealth Government which recommended that planning for such a system commence. We had concluded there was a compelling business case to implement e-prescribing even then. Some notice seems to have been taken of the suggestion as early this century we saw the commencement of the MediConnect trials in Tasmania and Victoria. These trials showed that e-prescribing could be done but that further work was required to make it all work well in order to achieve widespread adoption. There were also some issues around the potential costs of a national implementation being seen as quite high – as an isolated program.
It is noted in passing that e-prescribing is being widely trialled and implemented elsewhere in the world with much activity in the US,UK, Canada and Europe.
Here is the text of the announcement.
“Electronic Prescribing and Dispensing of Medicines.
Australians are set to receive improved healthcare following agreement today by all Australian Health Ministers to remove the legislative barriers to electronic prescribing and dispensing of medicines.
From 1 March 2007 the amendments will allow for all stages of the prescribing process to be completed electronically and provide an alternative to the present paper prescriptions system. Scripts will be able to be initiated electronically by prescribers, electronically signed, then transmitted securely and uploaded into the dispenser’s system without the need for re-keying. This will ease the burden created by paper-based prescription processes and allow healthcare professionals to spend more time with patients and their needs.
There are an estimated 400,000 adverse drug incidents that occur in Australia each year according to the Australian Council for Safety and Quality in Health Care's Second National Report on Patient Safety. Electronic prescribing and dispensing will help eliminate those incidents that occur due to poorly handwritten paper prescriptions and transcription errors.
The regulatory amendments to provide for electronic prescribing and dispensing will become effective on 1 March 2007. This gives all States and Territories sufficient time to make their own consistent legislative and regulatory amendments.”
This description makes it clear that what is envisaged is a national “store and forward” network where the doctor creates the prescription, sends it to a central repository from where it is retrieved by the pharmacist into their dispensing computer. Presumably the patient will also be given a written prescription (hopefully with a barcode containing all the prescription information in scannable form) as a back up and to handle the situation of the computer repository being unavailable.
The number of questions this AHMAC announcement raises are legion. Among them are the following:
Who is going to own and operate what will prove to be a rather large national network? (Will it be Medicare, another part of Mr Hockey’s empire or will it be outsourced?)
What standard(s) are to be used for secure messaging and prescription transmission and are there currently any GP systems with such capability?
What terminologies will be used, given that the Australian Medicines Terminology is still in an embryonic stage of development – not due for at least 12-18 months?
What levels and capability of electronic decision support will be offered at the prescribing point and at the central repository to reduce prescribing errors? (The reduction in error rates, and possibly the ability to bias towards the use of generic medication, is the key justification for the introduction of e-prescribing).
Where will the Government be sourcing the required guidelines and prescribing databases to ensure the prescribers get the most current evidence-based information?
Is the Government (or some agency) going to undertake certification and proof of functionality testing of GP client systems, to ensure they work as safely as possible and have up-to-date drug reference databases etc?
How are prescriptions, which are transmitted but not collected, to be handled? (e.g. the situation where the patient decides not to pay for the drug, or is given the prescription on the basis of “if you get worse get it filled”).
Who will have access to the commercially valuable prescribing data-base the system will create and under what circumstances?
Where do NEHTA, the medical colleges, the pharmacists, the Pharmacy Guild and consumers fit in all this. Have they been consulted?
Are hospitals expected to produce discharge prescriptions electronically?
What review has been undertaken of all the work done here and overseas to ensure we get the safest and most secure system possible from end to end (i.e. from the doctor developing the prescription all the way to the patient being handed their medication and appropriate clinical and safety advice)?
I suppose I could go on but in the absence of the AHMAC providing publicly available detailed minutes there seems little point. All we have – from the Government and AHMAC – is that which has been provided in the above announcement.
Before wrapping up, I must say I think a properly developed and considered national e-prescribing implementation would be a very good thing and would save a significant number of injuries, indeed lives. It does of course need to be undertaken in the context of that National e-Health Plan we have all yet to see.
However, it seems to this observer that, despite some rumours to the contrary, this hare has a good deal further to run and a good deal more work to be undertaken before something useful makes it to the light of day. Pity about that. It all seems far to “spur of the moment’ to be real.
David.
Sunday, July 23, 2006
E-Mail Security and Clinical Practice – What’s Sensible?
In The Australian last week an article appeared reporting that a large teaching hospital in Melbourne has been using standard e-mail to send discharge summaries to GPs. Further it was reported that this had been approved by the hospital following a decision by the hospital's privacy committee that the benefits of rapid communication outweighed the risks to patient confidentiality.
The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.
The essential facts are these.
Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.
Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.
Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.
For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.
GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.
The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.
In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.
Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.
David.
The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.
The essential facts are these.
Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.
Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.
Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.
For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.
GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.
The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.
In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.
Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.
David.
Major Success for the CCHIT
This week the Certification Commission for Health IT (CCHIT) announced it had approved 18 providers of ambulatory EHR systems as being fit for purpose, and suited to play their role to develop a functionally rich and interoperable EHR environment in the United States.
Since the CCHIT was only established in late 2004 this is indeed an impressive achievement – made even more so by the fact that it was founded with seed funding from three leading industry associations in healthcare information management and technology – the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology (Alliance).
Only after establishing a track record did the US Federal Department of Health and Human Services (via ONCHIT) grant $7.5M (over three years) to assist in and accelerate the work.
In less than two years certification standards for ambulatory EHRs have been developed and systems have been evaluated against quite robust test scripts. Additionally work is now well advanced in the development of certification requirements for Hospital Information Systems and work has also begun to consider Health Network Infrastructure Certification.
Given that each vendor was charged only $28,000 for the evaluation, it seems clear that the total cost, to get to this present point, of 18 certified commercially available EHRs, has been well under $US5.0M.
This successful outcome shows two things. Firstly it is possible to certify, in less than two years, the quality of ambulatory EHR systems (what we would call office practice systems or GP systems) to what, on my reading, seem to be quite advanced specifications. It is simply not too hard to do despite the claims of many to the contrary.
Secondly it can be done for a sum that is quite modest. Even if the Australian industry could not afford the certification fees – the process could be funded by Government and the same outcomes reached.
One has to ask why this is not happening in parallel with the longer term initiatives being sponsored and funded by NEHTA. There is a clear need, it is doable and affordable and it would make a significant difference.
Let’s just get on with it.
David.
Since the CCHIT was only established in late 2004 this is indeed an impressive achievement – made even more so by the fact that it was founded with seed funding from three leading industry associations in healthcare information management and technology – the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology (Alliance).
Only after establishing a track record did the US Federal Department of Health and Human Services (via ONCHIT) grant $7.5M (over three years) to assist in and accelerate the work.
In less than two years certification standards for ambulatory EHRs have been developed and systems have been evaluated against quite robust test scripts. Additionally work is now well advanced in the development of certification requirements for Hospital Information Systems and work has also begun to consider Health Network Infrastructure Certification.
Given that each vendor was charged only $28,000 for the evaluation, it seems clear that the total cost, to get to this present point, of 18 certified commercially available EHRs, has been well under $US5.0M.
This successful outcome shows two things. Firstly it is possible to certify, in less than two years, the quality of ambulatory EHR systems (what we would call office practice systems or GP systems) to what, on my reading, seem to be quite advanced specifications. It is simply not too hard to do despite the claims of many to the contrary.
Secondly it can be done for a sum that is quite modest. Even if the Australian industry could not afford the certification fees – the process could be funded by Government and the same outcomes reached.
One has to ask why this is not happening in parallel with the longer term initiatives being sponsored and funded by NEHTA. There is a clear need, it is doable and affordable and it would make a significant difference.
Let’s just get on with it.
David.
Thursday, July 13, 2006
NEHTA's Approach to Privacy V 1.0
On July 4, 2006 NEHTA released a document entitled NEHTA's Approach to Privacy V 1.0. This report can be found at the following URL:
http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,141/Itemid,139/
In general the document provides a useful, if rather high level, introduction to the privacy issues faced by all those who plan to implement e-health in the real world. We are also told that NEHTA plans to develop Privacy Blueprints (whatever actually they are) for the Provider and Individual Identifier initiatives as well as a later one for the Shared EHR.
In response to the paper I feel the need to make one key criticism and offer a few observations on the traps and pitfalls that lie in wait.
The criticism is that talk of privacy neutrality is naïve. It is critically necessary to distinguish between conceptual privacy neutrality and practical (or privacy as it is actually implemented) neutrality. Preserving the privacy of a patient’s written record is a very different thing from preserving the privacy of a patient’s record when stored, typically with hundreds of others, in a computer system. The threats from leakage and exposure are different as are the methods of auditing access and use. These differences must be clearly recognised and effectively addressed. An example is the ease with which 10,000 records can be stolen on a USB key compared with the same ‘truck-requiring’ effort with paper records.
NEHTA rightly recognises any perceived failures to protect ‘private information’ will have severe consequences for e-health adoption and use.
The crunch will come for NEHTA in ensuring that the Common Principles for the Collection and Handling of Health Information are implemented as robustly and effectively as the public expects.
The number of recent incidents where tens of thousands or patient records have been exposed by a number of healthcare organisations in the US (including the US Department of Veteran’s Affairs), and the public concerns regarding identity theft that have emerged, shows the basis of public concern has moved beyond having their secrets kept to anxiety regarding personal financial loss.
I also offer the following observations based on consultations I have had over the years with consumer and patient advocate bodies.
1. Persecution and discrimination involving the improper use of a range of private health information is not an infrequent experience among those with stigmatizing diseases (AIDS, Hep C, Mental Illness etc), particularly in the fields of employment and in the individuals access to various services. Thus the need for high levels of confidence and certainty against unauthorized disclosure is easily understood, as is the quite reasonable use of multiple identities to avoid exposure – computer systems must allow for this – or risk rejection by users.
2. The right to not know some things (e.g. possible genetic “doom”) is valued and must be respected.
3. People vary widely in the value they place on being able to keep some information secret (e.g. that they have had an abortion or an STD) and systems have to be sensitive to this variation to succeed.
4. Careful consultation with those on the outer (e.g. the mentally ill, the poor and the homeless) is vital to ensure a privacy underclass with little or no access to services is created.
5. Trust is not a commodity that is as widely available as it used to be – especially of government – and communication of what is happening in the area of Health Information Privacy is vital. Also there needs to be a high level of conservatism and a measured pace of change for success in implementation.
6. Most in the community support secondary use of information for research as long as they are aware the use is happening. This needs to be fostered by openness by the information holders about what research is being done and what the benefits may be.
The privacy issue is a serious ‘hot potato’. Every effort needs to be made to get it right in order for e-health to succeed. We can only hope NEHTA will adopt a sensitive, careful and consultative approach when it comes to implementation.
David.
http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,141/Itemid,139/
In general the document provides a useful, if rather high level, introduction to the privacy issues faced by all those who plan to implement e-health in the real world. We are also told that NEHTA plans to develop Privacy Blueprints (whatever actually they are) for the Provider and Individual Identifier initiatives as well as a later one for the Shared EHR.
In response to the paper I feel the need to make one key criticism and offer a few observations on the traps and pitfalls that lie in wait.
The criticism is that talk of privacy neutrality is naïve. It is critically necessary to distinguish between conceptual privacy neutrality and practical (or privacy as it is actually implemented) neutrality. Preserving the privacy of a patient’s written record is a very different thing from preserving the privacy of a patient’s record when stored, typically with hundreds of others, in a computer system. The threats from leakage and exposure are different as are the methods of auditing access and use. These differences must be clearly recognised and effectively addressed. An example is the ease with which 10,000 records can be stolen on a USB key compared with the same ‘truck-requiring’ effort with paper records.
NEHTA rightly recognises any perceived failures to protect ‘private information’ will have severe consequences for e-health adoption and use.
The crunch will come for NEHTA in ensuring that the Common Principles for the Collection and Handling of Health Information are implemented as robustly and effectively as the public expects.
The number of recent incidents where tens of thousands or patient records have been exposed by a number of healthcare organisations in the US (including the US Department of Veteran’s Affairs), and the public concerns regarding identity theft that have emerged, shows the basis of public concern has moved beyond having their secrets kept to anxiety regarding personal financial loss.
I also offer the following observations based on consultations I have had over the years with consumer and patient advocate bodies.
1. Persecution and discrimination involving the improper use of a range of private health information is not an infrequent experience among those with stigmatizing diseases (AIDS, Hep C, Mental Illness etc), particularly in the fields of employment and in the individuals access to various services. Thus the need for high levels of confidence and certainty against unauthorized disclosure is easily understood, as is the quite reasonable use of multiple identities to avoid exposure – computer systems must allow for this – or risk rejection by users.
2. The right to not know some things (e.g. possible genetic “doom”) is valued and must be respected.
3. People vary widely in the value they place on being able to keep some information secret (e.g. that they have had an abortion or an STD) and systems have to be sensitive to this variation to succeed.
4. Careful consultation with those on the outer (e.g. the mentally ill, the poor and the homeless) is vital to ensure a privacy underclass with little or no access to services is created.
5. Trust is not a commodity that is as widely available as it used to be – especially of government – and communication of what is happening in the area of Health Information Privacy is vital. Also there needs to be a high level of conservatism and a measured pace of change for success in implementation.
6. Most in the community support secondary use of information for research as long as they are aware the use is happening. This needs to be fostered by openness by the information holders about what research is being done and what the benefits may be.
The privacy issue is a serious ‘hot potato’. Every effort needs to be made to get it right in order for e-health to succeed. We can only hope NEHTA will adopt a sensitive, careful and consultative approach when it comes to implementation.
David.
Sunday, July 09, 2006
How to Really Fail at a Health IT Strategy.
To those of us in the Health IT community who genuinely care about health sector reform and the ongoing sustainability of our health services, it seems that we will need to get mobilised in order to try to change the directions that NEHTA is taking.
Before expanding on why I think this is so let me first say that I would really like NEHTA to succeed, but their approach however is, I believe, setting them up for failure before they start. A big call? I don’t think so, not after having been involved in and observed large scale Health IT implementations from all over the world for over 20 years.
How do you make a program like the one NEHTA plans fail? The things you do are as follows:
1. You don’t have a well considered, fully stakeholder consulted and clearly articulated program plan.
2. You don’t have a publicly persuasive and credible and robust business case supporting your plan.
3. You avoid detailed consultation with stakeholders, such as the software industry, on the impact of your activities so they are unsure of just what is happening and why?
4. You imagine grass roots clinicians (doctors, nurses and ancillary providers) will just accept what you offer when you choose to offer it.
5. You don’t have a well developed and open communication strategy that anticipates the information needs of your stakeholders.
6. You take advice from sources who are so unsure of their ground they seek anonymity.
7. You ignore, or redo, the work which was previously well done.
8. You have your implementation organisation operate with a culture of secrecy and non-disclosure.
9. You provide no clear outcome based indications of what will be achieved and by when.
10. You ensure the survival of the implementation organisation (NEHTA) by pursuing a non-transparent, complex, failure prone long term vision (if one actually exists), at the expense of the clear needs of the health system, which is to have decisive and doable projects undertaken promptly and focussed on assisting health care delivery.
The lessons of history are that clinical systems initiatives have never worked if the workers at the coal face - the doctors and nurses - are not convinced and keen to adopt.
I leave it as an exercise for the reader to work out how much NEHTA is doing right. My guess is that if even three of the above are not addressed, let alone ten, NEHTA will fail.
How many points do you think NEHTA has right on its present course?
David.
Before expanding on why I think this is so let me first say that I would really like NEHTA to succeed, but their approach however is, I believe, setting them up for failure before they start. A big call? I don’t think so, not after having been involved in and observed large scale Health IT implementations from all over the world for over 20 years.
How do you make a program like the one NEHTA plans fail? The things you do are as follows:
1. You don’t have a well considered, fully stakeholder consulted and clearly articulated program plan.
2. You don’t have a publicly persuasive and credible and robust business case supporting your plan.
3. You avoid detailed consultation with stakeholders, such as the software industry, on the impact of your activities so they are unsure of just what is happening and why?
4. You imagine grass roots clinicians (doctors, nurses and ancillary providers) will just accept what you offer when you choose to offer it.
5. You don’t have a well developed and open communication strategy that anticipates the information needs of your stakeholders.
6. You take advice from sources who are so unsure of their ground they seek anonymity.
7. You ignore, or redo, the work which was previously well done.
8. You have your implementation organisation operate with a culture of secrecy and non-disclosure.
9. You provide no clear outcome based indications of what will be achieved and by when.
10. You ensure the survival of the implementation organisation (NEHTA) by pursuing a non-transparent, complex, failure prone long term vision (if one actually exists), at the expense of the clear needs of the health system, which is to have decisive and doable projects undertaken promptly and focussed on assisting health care delivery.
The lessons of history are that clinical systems initiatives have never worked if the workers at the coal face - the doctors and nurses - are not convinced and keen to adopt.
I leave it as an exercise for the reader to work out how much NEHTA is doing right. My guess is that if even three of the above are not addressed, let alone ten, NEHTA will fail.
How many points do you think NEHTA has right on its present course?
David.
Subscribe to:
Posts (Atom)