NEHTA has released a document entitled “Privacy Blueprint – Unique Healthcare Identifiers (UHI) - Individual Healthcare Identifier (IHI) and Healthcare Provider Identifier (HPI) - Version 1.0 – 18 December 2006 For Comment”
Since it is said to be “for comment” I suppose I should feel free to offer a few comments! My comments are as follows:
1. For reasons that defy understanding the UHI project in general and this document in particular seem to either ignore, or be totally unaware of, the work being done by the Department of Human Services with the Access Card and the individual number being allocated to each of us.
The Access Card is going to give us all a number, and now NEHTA wants to give us another one which is manifestly less robust and less trustworthy and which won’t have legislative protection against misuse.
One also has to wonder about NEHTA’s costings – given the Human Services Department thinks number allocation will cost hundreds of millions of dollars and NEHTA has only $50 million over a few years to undertake a similar task.
Worse, the Access Card has done extensive public consultation on the privacy issues around numbering citizens and NEHTA is either ignorant of or ignoring it. I wonder which it is?
2. Blueprint is a misnomer. The document is in no way a blueprint – it is a consultation paper from which, I imagine, NEHTA plans to ultimately produce an actionable blueprint. As it stands it identifies and attempts to scope a good range of the contentious issues surrounding health information policy and asks for views on how they should be handled.
3. NEHTA has developed this document apparently in the absence of any input from the peak bodies representing health informatics practitioners, the Australian College of Health Informatics, the Health Information Society of Australia, health system vendors and health information managers.
Clinical input in the workshops conducted to develop and refine this document late in the year also appears to have been token at best (1 GP, 1 nurse and 19 others as I count it).
4. The document (on the basis of no evidence I can find within the document) seems to work from the implicit assumption that giving the entire population another unique number is a good and desirable thing. Given the cost and effort involved in doing this, and the known privacy implications of unique identifiers, this issue should have been addressed and reviewed.
To produce a privacy document that does not explore alternatives to giving every citizen yet another number is really staggering arrogance, especially when the business case for the entire project has remained on NEHTA’s secret list.
5. I think it is clear that if NEHTA has no capability to legislatively protect their planned identifier against privacy abuse and scope creep they should either drop the whole project or go back to government and get the protections that are so definitely required.
6. NEHTA proposes to obtain the basic information from the Medicare Australia individual person database. Given the well known lack of quality of, and number of duplicates in, this database due to the fact that its subjects do not, by and large, even know of its existence and thus have not corrected it, errors in record linkage based on the IHI are likely to be dangerously common.
Additionally I am not sure most Australian Citizens have been asked whether they are happy to have their demographic details shared by Medicare with a non-government company – as NEHTA most certainly is. I was under the impression that Medicare Australia – as a data custodian – should not disclose such information without the individual’s explicit consent.
7. The document mentions that consideration is being given as to the need for either one or two factor authentication for the IHI. Again where is the mention of the Access Card as a possible factor and even more worrying where is the discussion of individual verification of identity so the authentication can operate? Given that it is the initial registration phase that is both expensive and time consuming – one really wonders how NEHTA can plan to do anything other than adopt the Access Card identifier.
8. NEHTA has not appreciated that the main problem with identifiers such as the IHI is not technical security but mis-use by authorised users of a system. In this case we will have tens of thousands of providers and their staff able to search the IHI. Given the lack of effective controls seen at the ATO and CentreLink what is the chance this source of demographic information won’t be similarly abused. The answer is zero!
9. NEHTA seems to have a rather patronising view that they are equipped to make balancing judgements about the extent to which ‘my’ privacy should be protected and that this level can be balanced against some concept of ‘public good’. I would suggest that they are not so empowered and that I am the sole arbiter of what is sensitive to me and what needs protection. Were I, for example, be living with HIV / AIDS, I would expect not only an iron-clad guarantee this fact would not be disclosed to any-one without my permission but I would also want the right to substantial compensation for any system breach. NEHTA’s prime role is to facilitate the introduction and use of E-Health technologies and not offering a highly sensitive and responsive privacy approach that the public are totally comfortable with will doom their efforts before they start. This present document does not suggest they “get” this fact.
People are only going to allow electronic health records to be implemented and used if they are totally confident where the information is going and who has access to it.
There is a great deal also wrong with the detail of the document as well as with the proposed timing of the Privacy Impact Assessment (PIA). The PIA work needs to be undertaken and reviewed publicly long before the enabling system is designed. The PIA must also address all known technical, organisational and legal constraints.
This entire privacy proposal is deeply flawed in my view and has a high risk of destroying the possibility of progress with E-Health implementations due to the destruction of consumer confidence in the way their private information will be handled.
David.
Wednesday, January 03, 2007
Monday, January 01, 2007
NEHTA has Failed and Needs to be Fixed – How is this to be Done?
A little history first – sourced from Version 1.0 of the NEHTA Fact Sheet dated March, 2005.
“In April 2004, Health Ministers endorsed-in- principle the establishment of a national entity to drive these critical national health IM&ICT priorities.
Australian Health Ministers' Advisory Council (AHMAC) members felt that achieving progress in some IM&ICT priorities was so urgent that it could not wait for the entity's establishment. AHMAC recommended that a transition team be set up to progress these urgent priorities and simultaneously finalise the establishment of the new national health IM&ICT entity.
On 29 July 2004, Health Ministers reaffirmed the importance of IM&ICT to health sector reform, and endorsed the immediate establishment of the transition arrangements. This transition team is known as the National E-Health Transition Authority (NEHTA).”
From this it is clear that NEHTA was intended to have two roles. First to get on with some high priority activities and second to establish an entity to carry forward in the long term the AHMAC E-Health Agenda – as defined, presumably, by the Boston Consulting Group Report entitled “National Health Information Management and Information & Communications Technology Strategy” of April 2004 developed for the now defunct Australian Health Information Council (AHIC) and the National Health Information Group (NHIG).
This report was “intended to be a key input into a national strategic plan for health-related information management and information and communications technology (IM&ICT) that will be presented to the Health Ministers later this year.” i.e. 2004. If it was ever developed this plan has never been made public.
In July 2005 NEHTA became NEHTA Ltd an independent Public Company Limited by Guarantee. Around the same period it became clear that a review of the HealthConnect program had transformed that program into a “change management strategy”.
It can be safely inferred that NEHTA Ltd is the permanent entity that was to be established by the decision of Health Ministers in April 2004. NEHTA has thus transmogrified from a transition team to a permanent entity with funding that is committed to 2008/09 and 60 plus staff.
After two and a half years how close are we to some real and useful outcomes? The answer to this is not close at all. Nowhere is there any real evidence of a substantive transition either being underway or in any form imminent.
Where are the gaps?
First, the overarching National E-Health Strategy has yet to be developed – despite being urgently needed for two plus years.
Second, all urgency (or even a sense of urgency) has evaporated. It was so urgent in mid 2004 to get underway promptly that some corners were certainly cut. Now, two and a half years later, we find the key NEHTA deliverables are now due in 2008 or 2009. No one will be knocked down in this rush.
Third, there has been deep industry alienation and increasing concern as it is realised that much of what is offered by NEHTA is presently not practically implementable or clearly enough defined, and probably won’t be for another year or two at best.
Fourth, the guidance that was to be forthcoming for the jurisdictions on the standards to be adopted in Hospital computing has simply not happened.
Fifth, there has been no perceptible impact on GP computing from NEHTA initiatives to date. Indeed many GP initiatives that have been funded from the moribund HealthConnect program have been utterly non-NEHTA standards compliant (e.g. the SA Ozdocsonline Project and the NT P2P project).
Sixth, while the use of secure messaging within the health sector has been making some headway due, in large part, to efforts from providers such as Promedicus, Healthlink, Argus and Medical Objects, NEHTA has yet to offer any useful contribution to the space and has taken 10 months to move its draft documents to final status. While much has been made of the use of web services, after 18 months no web services specifications have been published and NEHTA has disavowed all interest in the structure of the messages to be sent. In the words of one messaging service provider I have spoken with, this is “about as helpful as a barnacle on a battleship”.
Seventh, NEHTA has continued with an approach of developing and announcing positions and policies while providing only minimal, if any, sound justification for the conclusions drawn and only very infrequently providing references to the international sources on which much of their work is so obviously based. This is especially so in the interoperability and the international Health IT Standards arenas.
Eighth, there has emerged considerable confusion about just what Standards NEHTA is working on and what is within the purview of Standards Australia. This has led to the alienation of a number of people who previously have been working well with the IT-14 Committee structure. To many in the industry, NEHTA seems to have abandoned the standards process altogether.
Last, NEHTA has had an excessive emphasis on technical and managerial matters to the exclusion of a real focus on its core reason for existence – the health sector and its needs for IT enablement and infrastructure. In my view, NEHTA simply does not ‘get’ the health sector and its priorities.
It seems pointless to go on. NEHTA as presently constituted and managed is a clear failure lacking the health sector and political skills to deliver the needed outcomes.
It is vital that substantial change is made to get the National E-Health Agenda back on track and that the “baby is not thrown out with the bathwater” i.e. the useful work that has been commenced – in areas such as Clinical Terminology – is not impeded.
Among the most important changes that are needed are, in my view, (ideally by June 2007):
1. Return of NEHTA to the public sector with full transparency and accountability. This would include release of all documents that relate to NEHTA decision making to ensure there is appropriate public input and comment on planned directions.
2. Installation of a new and broadly representative Board – which provides both expert and industry savvy oversight of NEHTA’s operations. The jurisdictional representatives should be demoted to being advisory only. This Board would report to AHIC and Health Ministers. A vital early act would be the development and publication of a clear definition of NEHTA’s role, powers, accountability and concrete performance measures.
3. Full public disclosure of the membership, skill and interests of all those who are involved in NEHTA advisory committees etc.
4. Development of a NEHTA Policy Review Process that ensures all work reflects a practical understanding and recognition of the needs and priorities of the Australian Health Services delivery sector as well as technical imperatives.
5. Development of a National E-Health Strategy, Business Case and Implementation Plan which clearly identifies the optimal approach to the deployment of Health IT in Australia to improve safety, quality and efficiency, defines the activities and investment required, and makes clear the responsibility and accountability of all the relevant actors (Health Ministers, Jurisdictions, Commonwealth Government, NEHTA, Standards Australia, Private Sector Actors etc).
6. A renewed push to rekindle support for the core messaging and security standards and give the sector an immediate path forward. NEHTA should be encouraged to continue looking at the medium to long term future, but if it cannot contribute to moving forward rapidly in pragmatic and practical directions from the present state, it should stand aside.
Unless such ‘root and branch’ review is undertaken and implemented it is likely the 2000-2009 decade will be seen as a wasted decade that set the Australian Health Sector back many years.
Happy New Year to all!
David.
ps Blog Updated 02/01/2007 8.00 am to clarify point 6.
D.
“In April 2004, Health Ministers endorsed-in- principle the establishment of a national entity to drive these critical national health IM&ICT priorities.
Australian Health Ministers' Advisory Council (AHMAC) members felt that achieving progress in some IM&ICT priorities was so urgent that it could not wait for the entity's establishment. AHMAC recommended that a transition team be set up to progress these urgent priorities and simultaneously finalise the establishment of the new national health IM&ICT entity.
On 29 July 2004, Health Ministers reaffirmed the importance of IM&ICT to health sector reform, and endorsed the immediate establishment of the transition arrangements. This transition team is known as the National E-Health Transition Authority (NEHTA).”
From this it is clear that NEHTA was intended to have two roles. First to get on with some high priority activities and second to establish an entity to carry forward in the long term the AHMAC E-Health Agenda – as defined, presumably, by the Boston Consulting Group Report entitled “National Health Information Management and Information & Communications Technology Strategy” of April 2004 developed for the now defunct Australian Health Information Council (AHIC) and the National Health Information Group (NHIG).
This report was “intended to be a key input into a national strategic plan for health-related information management and information and communications technology (IM&ICT) that will be presented to the Health Ministers later this year.” i.e. 2004. If it was ever developed this plan has never been made public.
In July 2005 NEHTA became NEHTA Ltd an independent Public Company Limited by Guarantee. Around the same period it became clear that a review of the HealthConnect program had transformed that program into a “change management strategy”.
It can be safely inferred that NEHTA Ltd is the permanent entity that was to be established by the decision of Health Ministers in April 2004. NEHTA has thus transmogrified from a transition team to a permanent entity with funding that is committed to 2008/09 and 60 plus staff.
After two and a half years how close are we to some real and useful outcomes? The answer to this is not close at all. Nowhere is there any real evidence of a substantive transition either being underway or in any form imminent.
Where are the gaps?
First, the overarching National E-Health Strategy has yet to be developed – despite being urgently needed for two plus years.
Second, all urgency (or even a sense of urgency) has evaporated. It was so urgent in mid 2004 to get underway promptly that some corners were certainly cut. Now, two and a half years later, we find the key NEHTA deliverables are now due in 2008 or 2009. No one will be knocked down in this rush.
Third, there has been deep industry alienation and increasing concern as it is realised that much of what is offered by NEHTA is presently not practically implementable or clearly enough defined, and probably won’t be for another year or two at best.
Fourth, the guidance that was to be forthcoming for the jurisdictions on the standards to be adopted in Hospital computing has simply not happened.
Fifth, there has been no perceptible impact on GP computing from NEHTA initiatives to date. Indeed many GP initiatives that have been funded from the moribund HealthConnect program have been utterly non-NEHTA standards compliant (e.g. the SA Ozdocsonline Project and the NT P2P project).
Sixth, while the use of secure messaging within the health sector has been making some headway due, in large part, to efforts from providers such as Promedicus, Healthlink, Argus and Medical Objects, NEHTA has yet to offer any useful contribution to the space and has taken 10 months to move its draft documents to final status. While much has been made of the use of web services, after 18 months no web services specifications have been published and NEHTA has disavowed all interest in the structure of the messages to be sent. In the words of one messaging service provider I have spoken with, this is “about as helpful as a barnacle on a battleship”.
Seventh, NEHTA has continued with an approach of developing and announcing positions and policies while providing only minimal, if any, sound justification for the conclusions drawn and only very infrequently providing references to the international sources on which much of their work is so obviously based. This is especially so in the interoperability and the international Health IT Standards arenas.
Eighth, there has emerged considerable confusion about just what Standards NEHTA is working on and what is within the purview of Standards Australia. This has led to the alienation of a number of people who previously have been working well with the IT-14 Committee structure. To many in the industry, NEHTA seems to have abandoned the standards process altogether.
Last, NEHTA has had an excessive emphasis on technical and managerial matters to the exclusion of a real focus on its core reason for existence – the health sector and its needs for IT enablement and infrastructure. In my view, NEHTA simply does not ‘get’ the health sector and its priorities.
It seems pointless to go on. NEHTA as presently constituted and managed is a clear failure lacking the health sector and political skills to deliver the needed outcomes.
It is vital that substantial change is made to get the National E-Health Agenda back on track and that the “baby is not thrown out with the bathwater” i.e. the useful work that has been commenced – in areas such as Clinical Terminology – is not impeded.
Among the most important changes that are needed are, in my view, (ideally by June 2007):
1. Return of NEHTA to the public sector with full transparency and accountability. This would include release of all documents that relate to NEHTA decision making to ensure there is appropriate public input and comment on planned directions.
2. Installation of a new and broadly representative Board – which provides both expert and industry savvy oversight of NEHTA’s operations. The jurisdictional representatives should be demoted to being advisory only. This Board would report to AHIC and Health Ministers. A vital early act would be the development and publication of a clear definition of NEHTA’s role, powers, accountability and concrete performance measures.
3. Full public disclosure of the membership, skill and interests of all those who are involved in NEHTA advisory committees etc.
4. Development of a NEHTA Policy Review Process that ensures all work reflects a practical understanding and recognition of the needs and priorities of the Australian Health Services delivery sector as well as technical imperatives.
5. Development of a National E-Health Strategy, Business Case and Implementation Plan which clearly identifies the optimal approach to the deployment of Health IT in Australia to improve safety, quality and efficiency, defines the activities and investment required, and makes clear the responsibility and accountability of all the relevant actors (Health Ministers, Jurisdictions, Commonwealth Government, NEHTA, Standards Australia, Private Sector Actors etc).
6. A renewed push to rekindle support for the core messaging and security standards and give the sector an immediate path forward. NEHTA should be encouraged to continue looking at the medium to long term future, but if it cannot contribute to moving forward rapidly in pragmatic and practical directions from the present state, it should stand aside.
Unless such ‘root and branch’ review is undertaken and implemented it is likely the 2000-2009 decade will be seen as a wasted decade that set the Australian Health Sector back many years.
Happy New Year to all!
David.
ps Blog Updated 02/01/2007 8.00 am to clarify point 6.
D.
Sunday, December 24, 2006
Happy Christmas and A Successful New Year to All.
Just a short entry to wish all the readers of this blog compliments of the season and all the very best for 2007. I hope we can see some real progress next year!
I plan a week off to consider some of the more complex issues and also to review some papers for Medinfo 2007.
Early next year I plan articles covering
• Personal Health Records
• The Opportunity Costs of not Implementing E-Health
• Shared Electronic Health Records – How can They Be Made to Work?
• NEHTA's Pre Christmas Document Releases – Do they Add Anything Useful?
• The IHI And the Access Card – What Total Policy Overlap and Stupidity.
See you in 2007!
David.
I plan a week off to consider some of the more complex issues and also to review some papers for Medinfo 2007.
Early next year I plan articles covering
• Personal Health Records
• The Opportunity Costs of not Implementing E-Health
• Shared Electronic Health Records – How can They Be Made to Work?
• NEHTA's Pre Christmas Document Releases – Do they Add Anything Useful?
• The IHI And the Access Card – What Total Policy Overlap and Stupidity.
See you in 2007!
David.
Thursday, December 21, 2006
NEHTA’s Contraction of Scope and Role – What does it Mean?
All of a sudden there has been an outbreak of discussion in the GP_TALK e-mail discussion list regarding the role, scope and purpose of the National E-Health Transition Authority (NEHTA).
The discussion was prompted by a correspondent asking - is NEHTA meant to be an Authority that ‘manages a transition’ (e.g. to much wider deployment of E-Health) or is it a ‘transition authority’ which is to be replaced by another authority when its job is done (in 2009 or so).
The official view – from the main Government entry point is not hard to find.
http://www.australia.gov.au/405
“National E-Health Transition Authority
The National E-Health Transition Authority (NEHTA) has been established to accelerate the adoption of e-health by supporting the process of reform in the Australian health sector. To enable this to occur NEHTA will develop the specifications, standards and infrastructure necessary for an interconnected health sector. The development of the foundations for widespread adoption of e-health is NEHTA's core mission. www.nehta.gov.au “
However NEHTA seems to have moved away from this – now saying on its home page (dated September 2006):
“Welcome to NEHTA Limited, a not-for-profit company established by the Australian, State and Territory governments to develop better ways of electronically collecting and securely exchanging health information.
Electronic health information (or e-health) systems that can securely and efficiently exchange data can significantly improve how important clinical and administrative information is communicated between healthcare professionals. As a result, e-health systems have the potential to unlock substantially greater quality, safety and efficiency benefits.”
And that their “website outlines the work that is being done by NEHTA to deliver a secure, interoperable e-health environment.”
The key difference is a much narrower role focussed on facilitation and enabling rather than direct intervention and support. It seems that NEHTA no longer sees itself as having a direct role in accelerating the adoption and use of Health IT, and also that NEHTA perceives it has no direct infrastructure or implementation role. Clearly, NEHTA sees these roles as being for someone else! (This view is supported in the recent “Privacy Blueprint” where there is much discussion of what sort of entity will deliver identity services – making it clear it won’t be NEHTA).
This view also fits with the NEHTA work-plan which focuses on developing services for provider and individual identification and for clinical terminology which will be used by other systems. NEHTA also says it is developing specifications for Shared Interoperable Electronic Health Records although it seems this work has progressed little in the last year as nothing significant has been published recently in this area that I can find.
This is most likely because similar initiatives overseas (UK and Canada) have hit quite difficult times and the levels of complexity in developing such shared records are becoming much better understood (I plan an article on this topic in due course).
The change in emphasis is of very considerable concern.
The reason for the concern is that with the establishment of NEHTA a lot of planned activity by both State Governments and the private health IT sector was put on hold, awaiting NEHTA guidance, support and direction.
It now seems this is not going to come promptly or the strategic way expected and with the HealthConnect program in mothballs (if not formally dead) NEHTA has now become a “dead hand” on innovation and progress in e-health in Australia.
In the last few days I have been approached by and chatted to both academics and industry players involved in secure messaging, software development, standards development, e-Health consulting and supply chain reform. All are concerned at the loss of momentum, lack of communication and strategic uncertainty.
What needs to be done to ensure there is a crystal clear understanding by all stakeholders of what NEHTA is actually now planning? NEHTA must urgently and clearly articulate just what it will deliver and by when and more importantly what it will not or cannot do and leave innovation and progress to others.
The problem we all now face is that, with the inertia and confusion that has now been engendered by NEHTA’s changes in emphasis, it may take some time for effective leadership to re-emerge. One can only hope the revamped AHIC can provide the needed strategic leadership and rapidly regain some much needed momentum.
David.
The discussion was prompted by a correspondent asking - is NEHTA meant to be an Authority that ‘manages a transition’ (e.g. to much wider deployment of E-Health) or is it a ‘transition authority’ which is to be replaced by another authority when its job is done (in 2009 or so).
The official view – from the main Government entry point is not hard to find.
http://www.australia.gov.au/405
“National E-Health Transition Authority
The National E-Health Transition Authority (NEHTA) has been established to accelerate the adoption of e-health by supporting the process of reform in the Australian health sector. To enable this to occur NEHTA will develop the specifications, standards and infrastructure necessary for an interconnected health sector. The development of the foundations for widespread adoption of e-health is NEHTA's core mission. www.nehta.gov.au “
However NEHTA seems to have moved away from this – now saying on its home page (dated September 2006):
“Welcome to NEHTA Limited, a not-for-profit company established by the Australian, State and Territory governments to develop better ways of electronically collecting and securely exchanging health information.
Electronic health information (or e-health) systems that can securely and efficiently exchange data can significantly improve how important clinical and administrative information is communicated between healthcare professionals. As a result, e-health systems have the potential to unlock substantially greater quality, safety and efficiency benefits.”
And that their “website outlines the work that is being done by NEHTA to deliver a secure, interoperable e-health environment.”
The key difference is a much narrower role focussed on facilitation and enabling rather than direct intervention and support. It seems that NEHTA no longer sees itself as having a direct role in accelerating the adoption and use of Health IT, and also that NEHTA perceives it has no direct infrastructure or implementation role. Clearly, NEHTA sees these roles as being for someone else! (This view is supported in the recent “Privacy Blueprint” where there is much discussion of what sort of entity will deliver identity services – making it clear it won’t be NEHTA).
This view also fits with the NEHTA work-plan which focuses on developing services for provider and individual identification and for clinical terminology which will be used by other systems. NEHTA also says it is developing specifications for Shared Interoperable Electronic Health Records although it seems this work has progressed little in the last year as nothing significant has been published recently in this area that I can find.
This is most likely because similar initiatives overseas (UK and Canada) have hit quite difficult times and the levels of complexity in developing such shared records are becoming much better understood (I plan an article on this topic in due course).
The change in emphasis is of very considerable concern.
The reason for the concern is that with the establishment of NEHTA a lot of planned activity by both State Governments and the private health IT sector was put on hold, awaiting NEHTA guidance, support and direction.
It now seems this is not going to come promptly or the strategic way expected and with the HealthConnect program in mothballs (if not formally dead) NEHTA has now become a “dead hand” on innovation and progress in e-health in Australia.
In the last few days I have been approached by and chatted to both academics and industry players involved in secure messaging, software development, standards development, e-Health consulting and supply chain reform. All are concerned at the loss of momentum, lack of communication and strategic uncertainty.
What needs to be done to ensure there is a crystal clear understanding by all stakeholders of what NEHTA is actually now planning? NEHTA must urgently and clearly articulate just what it will deliver and by when and more importantly what it will not or cannot do and leave innovation and progress to others.
The problem we all now face is that, with the inertia and confusion that has now been engendered by NEHTA’s changes in emphasis, it may take some time for effective leadership to re-emerge. One can only hope the revamped AHIC can provide the needed strategic leadership and rapidly regain some much needed momentum.
David.
Tuesday, December 19, 2006
Australian Health Information Council Resuscitated – What Should Be on the Agenda?
I am told that the Australian Health Information Council – the new and resuscitated version is to have its first meeting in February 2007.
I am also told the new chair is Professor James A Angus, BSc (Syd.) PhD (Syd.) FAA, Dean, Faculty of Medicine, Dentistry and Health Sciences, University of Melbourne. It seems Professor Angus is a very distinguished Australian pharmacologist with an interest in all sorts of receptor classes. His biography does not mention any clinical experience or health information technology background.
I am not sure whether congratulations or commiserations are appropriate for Professor Angus – time will tell I guess! (At present I have not seen an official announcement so this may be wrong in whole or in part.)
What would I want to see addressed at the first few meetings? The following, in priority order, are what I would (gratuitously) suggest.
1. The first meeting needs to work out how many seats should be around the table and who should occupy them. There is an embedded clique, I believe, of government committee attendees in this domain, many of whom have led the E-Health agenda for the last 15 years. As progress has been less than stellar it is not inappropriate to suggest that perhaps a transfusion with some new blood would be advisable. While some old blood should be maintained for corporate memory etc – at least half of the committee should have never been involved in the old AHIC or any of the committees that report to it. Perhaps it would be sensible if the Chair initially enrolled a foundation core of three or four independent experts to consider the issue of subsequent enrolments.
There should also be minimal, if any, crossover of membership between the NEHTA board and AHIC.
2. The reporting lines and governance of AHIC should be such that it is genuinely independent and is able to provide quality strategic advice to Ministers unfiltered by any external influences.
3. The new committee needs to make sure it has the resources and the independence to get things done – this means a real and tangible budget and a competent, dedicated, expert secretariat. There must no part-time bureaucrats who battle through. Ideally there should be a staff of three or four real experts to advise and assist. If it is not clear this will happen prospective committee members should just walk away in my view.
4. The new committee should closely review the terms of reference. These were watered down in November 2005 from the original 2003 version to read:
“Set up by Health Ministers in July 2003, AHIC works closely with the National Health Information Group to increase the effectiveness of IT investment in the health sector.
The revised operating arrangements for AHIC are based on an independent review of the Council commissioned by the Australian Government. These arrangements will enable AHIC to focus on providing strategic advice to Health Ministers about the more effective and efficient use of information management and information communications technology (IM&ICT) in the health sector.”
I would suggest the following terms of reference for the revamped AHIC.
A. To promptly review the progress and current status of E-Health in Australia (E-Health being broadly defined as the use of ICT in the health sector – and especially in Health Service Delivery) and benchmark and evaluate it against progress in the rest of the OECD.
This review should be of strategic and major operational systems only – not every isolated trial system in the first instance.
B. To develop a National E-Health Strategic Plan, Business Case and Implementation Plan, for presentation to and funding by Ministers within 12 months of the February 2007 meeting.
This plan needs to reflect the Health Service business drivers. These include efficiency and effectiveness of the health system, patient safety, quality of care, public health monitoring and reporting, clinician job satisfaction and retention and so on.
Issues of use and adoption of Health IT and aspects of security and privacy will also be critical to address.
Any plan must also be practically focussed and based on proven technology. It must embrace the use of standards which can be demonstrably implemented and which meet health system requirements. Benefits which flow from implementations should be focused on those who actually use the systems, not those who would like a free ride from the ‘uncompensated’ efforts of the ‘users’. This probably means introducing meaningful financial incentives for some stakeholders.
C. To advocate with all appropriate stakeholders the importance of planned, consultative action in the E-Health space.
D. To work with the Jurisdictions, the IT Industry and the Private Health Sector to obtain predefined optimal national E-Health outcomes.
E. To ensure NEHTA’s plans and directions are brought into alignment with the National E-Health Agenda and that NEHTA’s resources are focussed where the majority of CLINICAL and PATIENT benefits are to be found.
After this has been achieved I would be more than happy to let AHIC develop the rest of its agenda itself – but the members may want a long, well earned rest!
David.
I am also told the new chair is Professor James A Angus, BSc (Syd.) PhD (Syd.) FAA, Dean, Faculty of Medicine, Dentistry and Health Sciences, University of Melbourne. It seems Professor Angus is a very distinguished Australian pharmacologist with an interest in all sorts of receptor classes. His biography does not mention any clinical experience or health information technology background.
I am not sure whether congratulations or commiserations are appropriate for Professor Angus – time will tell I guess! (At present I have not seen an official announcement so this may be wrong in whole or in part.)
What would I want to see addressed at the first few meetings? The following, in priority order, are what I would (gratuitously) suggest.
1. The first meeting needs to work out how many seats should be around the table and who should occupy them. There is an embedded clique, I believe, of government committee attendees in this domain, many of whom have led the E-Health agenda for the last 15 years. As progress has been less than stellar it is not inappropriate to suggest that perhaps a transfusion with some new blood would be advisable. While some old blood should be maintained for corporate memory etc – at least half of the committee should have never been involved in the old AHIC or any of the committees that report to it. Perhaps it would be sensible if the Chair initially enrolled a foundation core of three or four independent experts to consider the issue of subsequent enrolments.
There should also be minimal, if any, crossover of membership between the NEHTA board and AHIC.
2. The reporting lines and governance of AHIC should be such that it is genuinely independent and is able to provide quality strategic advice to Ministers unfiltered by any external influences.
3. The new committee needs to make sure it has the resources and the independence to get things done – this means a real and tangible budget and a competent, dedicated, expert secretariat. There must no part-time bureaucrats who battle through. Ideally there should be a staff of three or four real experts to advise and assist. If it is not clear this will happen prospective committee members should just walk away in my view.
4. The new committee should closely review the terms of reference. These were watered down in November 2005 from the original 2003 version to read:
“Set up by Health Ministers in July 2003, AHIC works closely with the National Health Information Group to increase the effectiveness of IT investment in the health sector.
The revised operating arrangements for AHIC are based on an independent review of the Council commissioned by the Australian Government. These arrangements will enable AHIC to focus on providing strategic advice to Health Ministers about the more effective and efficient use of information management and information communications technology (IM&ICT) in the health sector.”
I would suggest the following terms of reference for the revamped AHIC.
A. To promptly review the progress and current status of E-Health in Australia (E-Health being broadly defined as the use of ICT in the health sector – and especially in Health Service Delivery) and benchmark and evaluate it against progress in the rest of the OECD.
This review should be of strategic and major operational systems only – not every isolated trial system in the first instance.
B. To develop a National E-Health Strategic Plan, Business Case and Implementation Plan, for presentation to and funding by Ministers within 12 months of the February 2007 meeting.
This plan needs to reflect the Health Service business drivers. These include efficiency and effectiveness of the health system, patient safety, quality of care, public health monitoring and reporting, clinician job satisfaction and retention and so on.
Issues of use and adoption of Health IT and aspects of security and privacy will also be critical to address.
Any plan must also be practically focussed and based on proven technology. It must embrace the use of standards which can be demonstrably implemented and which meet health system requirements. Benefits which flow from implementations should be focused on those who actually use the systems, not those who would like a free ride from the ‘uncompensated’ efforts of the ‘users’. This probably means introducing meaningful financial incentives for some stakeholders.
C. To advocate with all appropriate stakeholders the importance of planned, consultative action in the E-Health space.
D. To work with the Jurisdictions, the IT Industry and the Private Health Sector to obtain predefined optimal national E-Health outcomes.
E. To ensure NEHTA’s plans and directions are brought into alignment with the National E-Health Agenda and that NEHTA’s resources are focussed where the majority of CLINICAL and PATIENT benefits are to be found.
After this has been achieved I would be more than happy to let AHIC develop the rest of its agenda itself – but the members may want a long, well earned rest!
David.
Sunday, December 17, 2006
Are The Wheels Coming off in the UK NHS Health IT Program?
It has been clear for some time now that the English National Health Service (NHS) National Program for Information Technology (NPfIT) has been meeting a range of difficulties.
The initial vision was that, with the expenditure of approximately 4% of the NHS budget on IT, it would be possible to create a national E-Health environment that would provide a major improvement to the quality and safety of care both in the ambulatory and hospital environments over a period of about a decade and that this investment would support the dramatic re-shaping and modernisation of the NHS.
In concept a central data “spine” was to be developed which had a range of common services and which used common Informatics Standards (HL7 V3.0, SNOMED CT etc) and standardised products from a range of hospital and ambulatory care vendors to create and maintain a spine based shared Electronic Health Record for all UK citizens. The project was huge, involving expenditure of $A30 Billion over the decade.
The whole thing is one of the most ambitious public IT projects ever undertaken anywhere in world.
Two recent events have prompted the present commentary. Before this there have also been major controversy regarding patient consent issues, the financial difficulties of a major technology provider (iSoft) and contractual difficulties and changes in providers as well as some key delays. This is said to have contributed to major morale problems and uncertainty.
The two recent events have been:
1. Lord Warner the health minister responsible for the £12.4bn NHS IT project is to retire at the end of the year. Lord Warner was a strong proponent of the NPfIT and his departure is undoubtedly a major blow to confidence.
2. The British Computer Society’s (BCS) Health Informatics Forum has produced a careful and generally critical strategic summary of the current state of play.
This report is available on line at:
http://www.bcs.org/server.php?show=ConWebDoc.8970
“Key recommendations of the report include:
• The provision of a business context for the English National Programme for Information Technology (NPfIT) at national and local level.
• A focus on local implementations at Trust and provider unit level, for example hospitals, diagnostic and treatment centres, community and mental health Trusts, practices. Providing specialty and service-based systems within provider units will encourage clinical involvement and give quicker benefits.
• There needs to be a major emphasis on standards to enable systems to interoperate effectively, rather than focusing on a few monolithic systems.
• The strategy should be evolutionary, building on what presently works and encouraging convergence to standards over time, rather than revolutionary.
• To adopt a truly patient-centred approach at the local health community level
• There are major issues about the sharing of electronic patient data which need to be resolved. These must not be hijacked by technical issues, and informed patient consent should be paramount.
• Transform NHS Connecting for Health (CfH) into an open partnership with NHS management, users, the informatics community, suppliers, patients and their carers, based on trust and respect.
• The clinical professions, NHS management and informaticians should collaborate to provide clear and comprehensive guidance for all sectors on good record keeping and data management – clinical and other, and embed this in undergraduate and post graduate training. The NHS should facilitate the take-up of this guidance.”
Interestingly the summary of the report also says “The NHS CfH programme can still make a massive contribution to safer and more appropriate patient care and remains in full agreement with the Wanless report that 4 per cent of NHS turnover should be spent on business-led informatics, according to the BCS Health Informatics Forum (BCSHIF) Strategic Panel.”
On these eight bullet points, above, I would offer the following commentary:
1. The length of time between the original strategy development in 1998 and the present has allowed alignment of the IT and business needs to drift. This is a major risk and the BCS report very correctly says it needs to be addressed.
2. The BCS recognises the need to get quality basics in place quickly – and this is very sound. People need to see success to believe further success is possible.
3. The BCS is keen on standards based interoperability. I have some reservations this is achievable in the short to medium term – but if a sensible messaging strategy is adopted there is very little downside. The detail of the report makes it clear the BCS understands the practical difficulties of implementation of some of the standards and that time may be required to get things right.
4. The suggested movement from a centrally controlled implementation model to a more collaborative approach is clearly very sensible – although how this can be done at a practical level will need to be thought through.
5. The move to a patient-centred approach at a local level is sound if what is intended is more patient control of their information. The detailed text makes it clear this general direction is supported.
6. The BCS Forum clearly understands the complex issues around information sharing, consent and the like and wisely suggests progress be dramatically slowed until practical and acceptable solutions are found and properly evaluated.
The report also is keen that initiatives around PACS, Choose and Book and GP Record Transfer (GP2GP) continue saying they seems to be working as are some of the central spine services (Patient ID etc).
Overall I think this is a very, very sound twenty pages that has many answers for the UK and also is a valuable document for Australian readers as well. I commend it to you.
The real risk is that central NHS bureaucrats will loose their nerve and funding for the program will dry up, rather than an appropriate review and continued support for a forward direction and continued investment. (There is a real likelihood this is what happened in Australia with HealthConnect)
Should this happen the “I told you so” pundits and the risk averse will have a “once in a generation” win and IT enabled healthcare delivery globally will be a major looser. I really hope those involved in the UK can work through all this.
David.
The initial vision was that, with the expenditure of approximately 4% of the NHS budget on IT, it would be possible to create a national E-Health environment that would provide a major improvement to the quality and safety of care both in the ambulatory and hospital environments over a period of about a decade and that this investment would support the dramatic re-shaping and modernisation of the NHS.
In concept a central data “spine” was to be developed which had a range of common services and which used common Informatics Standards (HL7 V3.0, SNOMED CT etc) and standardised products from a range of hospital and ambulatory care vendors to create and maintain a spine based shared Electronic Health Record for all UK citizens. The project was huge, involving expenditure of $A30 Billion over the decade.
The whole thing is one of the most ambitious public IT projects ever undertaken anywhere in world.
Two recent events have prompted the present commentary. Before this there have also been major controversy regarding patient consent issues, the financial difficulties of a major technology provider (iSoft) and contractual difficulties and changes in providers as well as some key delays. This is said to have contributed to major morale problems and uncertainty.
The two recent events have been:
1. Lord Warner the health minister responsible for the £12.4bn NHS IT project is to retire at the end of the year. Lord Warner was a strong proponent of the NPfIT and his departure is undoubtedly a major blow to confidence.
2. The British Computer Society’s (BCS) Health Informatics Forum has produced a careful and generally critical strategic summary of the current state of play.
This report is available on line at:
http://www.bcs.org/server.php?show=ConWebDoc.8970
“Key recommendations of the report include:
• The provision of a business context for the English National Programme for Information Technology (NPfIT) at national and local level.
• A focus on local implementations at Trust and provider unit level, for example hospitals, diagnostic and treatment centres, community and mental health Trusts, practices. Providing specialty and service-based systems within provider units will encourage clinical involvement and give quicker benefits.
• There needs to be a major emphasis on standards to enable systems to interoperate effectively, rather than focusing on a few monolithic systems.
• The strategy should be evolutionary, building on what presently works and encouraging convergence to standards over time, rather than revolutionary.
• To adopt a truly patient-centred approach at the local health community level
• There are major issues about the sharing of electronic patient data which need to be resolved. These must not be hijacked by technical issues, and informed patient consent should be paramount.
• Transform NHS Connecting for Health (CfH) into an open partnership with NHS management, users, the informatics community, suppliers, patients and their carers, based on trust and respect.
• The clinical professions, NHS management and informaticians should collaborate to provide clear and comprehensive guidance for all sectors on good record keeping and data management – clinical and other, and embed this in undergraduate and post graduate training. The NHS should facilitate the take-up of this guidance.”
Interestingly the summary of the report also says “The NHS CfH programme can still make a massive contribution to safer and more appropriate patient care and remains in full agreement with the Wanless report that 4 per cent of NHS turnover should be spent on business-led informatics, according to the BCS Health Informatics Forum (BCSHIF) Strategic Panel.”
On these eight bullet points, above, I would offer the following commentary:
1. The length of time between the original strategy development in 1998 and the present has allowed alignment of the IT and business needs to drift. This is a major risk and the BCS report very correctly says it needs to be addressed.
2. The BCS recognises the need to get quality basics in place quickly – and this is very sound. People need to see success to believe further success is possible.
3. The BCS is keen on standards based interoperability. I have some reservations this is achievable in the short to medium term – but if a sensible messaging strategy is adopted there is very little downside. The detail of the report makes it clear the BCS understands the practical difficulties of implementation of some of the standards and that time may be required to get things right.
4. The suggested movement from a centrally controlled implementation model to a more collaborative approach is clearly very sensible – although how this can be done at a practical level will need to be thought through.
5. The move to a patient-centred approach at a local level is sound if what is intended is more patient control of their information. The detailed text makes it clear this general direction is supported.
6. The BCS Forum clearly understands the complex issues around information sharing, consent and the like and wisely suggests progress be dramatically slowed until practical and acceptable solutions are found and properly evaluated.
The report also is keen that initiatives around PACS, Choose and Book and GP Record Transfer (GP2GP) continue saying they seems to be working as are some of the central spine services (Patient ID etc).
Overall I think this is a very, very sound twenty pages that has many answers for the UK and also is a valuable document for Australian readers as well. I commend it to you.
The real risk is that central NHS bureaucrats will loose their nerve and funding for the program will dry up, rather than an appropriate review and continued support for a forward direction and continued investment. (There is a real likelihood this is what happened in Australia with HealthConnect)
Should this happen the “I told you so” pundits and the risk averse will have a “once in a generation” win and IT enabled healthcare delivery globally will be a major looser. I really hope those involved in the UK can work through all this.
David.
Wednesday, December 13, 2006
Is SNOMED CT a Practical Usable Clinical Terminology Today?
In a recent posting at the E-Health Insider web-site it is reported that the Royal College of Physicians is urging a “universal and rapid SNOMED deployment” to be undertaken by the UK Connecting for Health IT Program.
The article can be found here:
http://www.ehiprimarycare.com/news/item.cfm?ID=2338
More interesting than the article is an anonymous response to the suggestion found at the bottom of the article. This is worth quoting in full as it goes to make some points and provide some useful resources for those interested in the area of practical, clinically useful SNOMED CT implementation.
“12 Dec 06 12:29
SNOMED: caveat emptor
Readers of this article (and the RCGP) are advised to check the detail before rushing into demands for immediate SNOMED implementation.
Major suppliers, would be implementers and academics are on public record stating SNOMED has manifest and significant quality control and implementation issues.
http://hl7-watch.blogspot.com/
http://www.shopcreator.com/mall/infopageviewer.cfm/Abiescouk/SCT06download
On a purely pragmatic level, clinical code sets supporting QOF/QMAS on the DoH website (URL changes almost daily :-( ) for SNOMED have not been updated since 2005 release (unlike those for the Read Codes which are up to date). This latter alone is unlikely to encourage jobbing GPs to queue up as guinea pigs for the 'imminent' releases of SNOMED enabled systems from EMIS, In Practice and others.
It just isn't as simple as whip the system suppliers I'm afraid.”
A review of the material found on these pages certainly raises some interesting and very complex questions and I would suggest anyone with an interest in the area review these two sites and the links / downloads provided carefully.
The messages I came away from all this material with were as follows:
1. If David Markwell’s presentation from March 2006 is to be believed the work of encapsulating the complexity for SNOMED CT behind a useable clinically friendly interface has yet to be completed. Without well engineered seamless interfaces to the use of SNOMED CT adoption and use of the terminology will be very slow indeed
2. The Kaiser Permanente implementation of SNOMED CT within its EPIC software implements a narrow subset of the full contents of SNOMED to make clinical coding and billing easier.
3. Professor Alan Rector (a global terminology guru if there is one) from Manchester University has recently said in a presentation that “Unless we can formalise the mutual constraints ... HL7 v3 + SNOMED = Chaos'. 'The documentation is beyond human capacity ... to write or to understand'.”
4. Other groups appear to be really struggling to deploy usable clinician friendly systems.
5. There are some significant academic linguists and ontologists who have very significant concerns about the underlying data model on which SNOMED CT is based.
6. The emergence of supporting terminologies in areas where localisation to a specific country is needed (e.g. in the local formulary) has been slower that might have been expected.
7. There is at least some concern regarding the overall data quality of the material already contained in SNOMED CT.
8. There also seem to some harmonisation issues between HL7 V3.0, CEN/ISO Standards and OpenEHR with Archetypes which indirectly impinge to some extent of terminology use.
What does all this mean practically?
I think that it is at least possible that large scale deployment of clinician friendly SNOMED CT may be more delayed than is anticipated at present – i.e. out to beyond 2010 and there is even the possibility that it may all prove ‘too hard’ and some simpler better designed approach – based on the lessons learnt from SNOMED CT – may need to be engineered.
Whatever happens it seems clear all those interested in the area should spend some time getting familiar with the current state of play so they can formulate, for themselves, informed estimates of just when systems which fulfil the promise of SNOMED CT are likely to be available.
I for one will not be holding my breath. Just as HL7 V3.0 and openEHR have taken over a decade to be developed and are not yet quite ready for ‘prime time’ as far as I know I suspect history will repeat with SNOMED CT.
I hope I am wrong!
David.
The article can be found here:
http://www.ehiprimarycare.com/news/item.cfm?ID=2338
More interesting than the article is an anonymous response to the suggestion found at the bottom of the article. This is worth quoting in full as it goes to make some points and provide some useful resources for those interested in the area of practical, clinically useful SNOMED CT implementation.
“12 Dec 06 12:29
SNOMED: caveat emptor
Readers of this article (and the RCGP) are advised to check the detail before rushing into demands for immediate SNOMED implementation.
Major suppliers, would be implementers and academics are on public record stating SNOMED has manifest and significant quality control and implementation issues.
http://hl7-watch.blogspot.com/
http://www.shopcreator.com/mall/infopageviewer.cfm/Abiescouk/SCT06download
On a purely pragmatic level, clinical code sets supporting QOF/QMAS on the DoH website (URL changes almost daily :-( ) for SNOMED have not been updated since 2005 release (unlike those for the Read Codes which are up to date). This latter alone is unlikely to encourage jobbing GPs to queue up as guinea pigs for the 'imminent' releases of SNOMED enabled systems from EMIS, In Practice and others.
It just isn't as simple as whip the system suppliers I'm afraid.”
A review of the material found on these pages certainly raises some interesting and very complex questions and I would suggest anyone with an interest in the area review these two sites and the links / downloads provided carefully.
The messages I came away from all this material with were as follows:
1. If David Markwell’s presentation from March 2006 is to be believed the work of encapsulating the complexity for SNOMED CT behind a useable clinically friendly interface has yet to be completed. Without well engineered seamless interfaces to the use of SNOMED CT adoption and use of the terminology will be very slow indeed
2. The Kaiser Permanente implementation of SNOMED CT within its EPIC software implements a narrow subset of the full contents of SNOMED to make clinical coding and billing easier.
3. Professor Alan Rector (a global terminology guru if there is one) from Manchester University has recently said in a presentation that “Unless we can formalise the mutual constraints ... HL7 v3 + SNOMED = Chaos'. 'The documentation is beyond human capacity ... to write or to understand'.”
4. Other groups appear to be really struggling to deploy usable clinician friendly systems.
5. There are some significant academic linguists and ontologists who have very significant concerns about the underlying data model on which SNOMED CT is based.
6. The emergence of supporting terminologies in areas where localisation to a specific country is needed (e.g. in the local formulary) has been slower that might have been expected.
7. There is at least some concern regarding the overall data quality of the material already contained in SNOMED CT.
8. There also seem to some harmonisation issues between HL7 V3.0, CEN/ISO Standards and OpenEHR with Archetypes which indirectly impinge to some extent of terminology use.
What does all this mean practically?
I think that it is at least possible that large scale deployment of clinician friendly SNOMED CT may be more delayed than is anticipated at present – i.e. out to beyond 2010 and there is even the possibility that it may all prove ‘too hard’ and some simpler better designed approach – based on the lessons learnt from SNOMED CT – may need to be engineered.
Whatever happens it seems clear all those interested in the area should spend some time getting familiar with the current state of play so they can formulate, for themselves, informed estimates of just when systems which fulfil the promise of SNOMED CT are likely to be available.
I for one will not be holding my breath. Just as HL7 V3.0 and openEHR have taken over a decade to be developed and are not yet quite ready for ‘prime time’ as far as I know I suspect history will repeat with SNOMED CT.
I hope I am wrong!
David.
Monday, December 11, 2006
The Access Card Debate Begins in Earnest.
ABC Radio National today broadcast a very useful review of the proposal for an Access Smartcard which is currently under development by the Commonwealth Government with the pointman being the Minister for Human Services, Joe Hockey.
The show, Background Briefing, is summarised by the ABC as follows:
“Getting smart: the Access Card
The government is bringing in a new national card, called the Access Card. Everyone who uses Medicare, Centrelink, or any government service, will have one. And they're not just normal cards. They have mini-computers inside them that can store data about your name, address and anything else. The government says they're like mp3 players, and big business loves them, but opponents say they're a new version of the Australia Card - an ID card in disguise. And they say that privacy is in peril. Reporter: Sharona Coutts”
The fifty minutes of audio, suitable for playing on both a PC or portable .mp3 player can be found here:
http://mpegmedia.abc.net.au/rn/podcast/current/audioonly/bbg_20061210.mp3
Among the interesting points made in the show were the following:
1. Enabling legislation for the Access Card has not been passed and is due to be introduced in the first half of 2007. Mr Hockey recognises that this will be the time when the project will be under most challenge. It would be a ‘courageous decision’ to spend too much before that approval is obtained. At present the Opposition is saying they don’t have enough detail to be sure which way they will vote. It seems unlikely the Greens or Democrats will support the proposal so the numbers in the Senate are likely to be tight. In the House of Representatives it is hard to know how things will play out with some Liberals being philosophically opposed to ID cards or anything like them.
2. The Government has developed a Privacy Impact Assessment for the Access Card proposal (with the assistance of Clayton Utz, a major national law firm), but it is not being released for reasons which have to be very hard to understand.
3. The Government asked a Privacy Task Force to review the proposal and when the Task Force said the individuals signature and ID number should not be human readable (i.e. written in clear text) on the card these recommendations were rejected. The concern with this information being readable is that this will make it easy for anyone to obtain (or demand) an individual’s key number and maximise the risk of “function creep” of the card. Over time it is feared everyone from the video shop up will want to record the card number and use the signature to verify identity.
4. The Government (and Mr Hockey) are not prepared to disclose even his estimates how long and complex the access card enrolment process for each citizen. This leads to concern about just how accurate the start up costing estimates and the actual proposed start date are.
5. Mr Hockey claims the Secure Customer Registration System (SCRS) will hold less information than an individual’s driver’s license but fails to disclose the range of linkages to other huge databases (e.g. CentreLink and Medicare) that will be required for the system to work.
6. It does seem that it will be technically very difficult to have citizens use their Access Card and their PC to securely store information on their card without creating highly exploitable security weaknesses as Mr Hockey has been suggesting.
7. A system as centralised as the one proposed here, but having so many users, is inevitably going to be abused by Departmental insiders for profit, curiosity or worse. (Witness the breaches at the ATO, CentreLink and the Child Support Agency). There seems to be an emerging sense of concern in the community regarding the risks such systems pose to some vulnerable parts of the population (e.g. separated wives who are being sought by their abusive husbands etc.)
As I have pointed out before, those of us who are interested in the deployment and use of Health IT have a vested interest in this project and similar identity management efforts. If the public and political contention around the Access Card becomes significant there will be negative impacts on all efforts to improve access to, and the flow of information, in other domains – including health.
It seems unlikely, for example, that NEHTA’s plans for an Individual Health Identifier (IHI), delivered as a web service it is assumed, would not be caught up in any Access Card contention and debate. It is interesting that NEHTA plans have thus far not attracted much, if any attention from the various privacy and security lobbies.
Equally, concern may emerge regarding the efforts of the various State Health Departments to deploy State-Wide universal identifiers (I wonder how many State Health Departments would want to record the Access Card Number once it becomes available? Unless they were legislatively barred I suggest the number would be close to 100%).
It seems to me that if both the privacy and function creep issues around the proposed Access Card are not handled both more robustly and more sensitively that presently appears to be the plan E-Health may wind up a major collateral casualty of a potentially failed Access Card implementation.
I commend the show as a very good listen.
David.
The show, Background Briefing, is summarised by the ABC as follows:
“Getting smart: the Access Card
The government is bringing in a new national card, called the Access Card. Everyone who uses Medicare, Centrelink, or any government service, will have one. And they're not just normal cards. They have mini-computers inside them that can store data about your name, address and anything else. The government says they're like mp3 players, and big business loves them, but opponents say they're a new version of the Australia Card - an ID card in disguise. And they say that privacy is in peril. Reporter: Sharona Coutts”
The fifty minutes of audio, suitable for playing on both a PC or portable .mp3 player can be found here:
http://mpegmedia.abc.net.au/rn/podcast/current/audioonly/bbg_20061210.mp3
Among the interesting points made in the show were the following:
1. Enabling legislation for the Access Card has not been passed and is due to be introduced in the first half of 2007. Mr Hockey recognises that this will be the time when the project will be under most challenge. It would be a ‘courageous decision’ to spend too much before that approval is obtained. At present the Opposition is saying they don’t have enough detail to be sure which way they will vote. It seems unlikely the Greens or Democrats will support the proposal so the numbers in the Senate are likely to be tight. In the House of Representatives it is hard to know how things will play out with some Liberals being philosophically opposed to ID cards or anything like them.
2. The Government has developed a Privacy Impact Assessment for the Access Card proposal (with the assistance of Clayton Utz, a major national law firm), but it is not being released for reasons which have to be very hard to understand.
3. The Government asked a Privacy Task Force to review the proposal and when the Task Force said the individuals signature and ID number should not be human readable (i.e. written in clear text) on the card these recommendations were rejected. The concern with this information being readable is that this will make it easy for anyone to obtain (or demand) an individual’s key number and maximise the risk of “function creep” of the card. Over time it is feared everyone from the video shop up will want to record the card number and use the signature to verify identity.
4. The Government (and Mr Hockey) are not prepared to disclose even his estimates how long and complex the access card enrolment process for each citizen. This leads to concern about just how accurate the start up costing estimates and the actual proposed start date are.
5. Mr Hockey claims the Secure Customer Registration System (SCRS) will hold less information than an individual’s driver’s license but fails to disclose the range of linkages to other huge databases (e.g. CentreLink and Medicare) that will be required for the system to work.
6. It does seem that it will be technically very difficult to have citizens use their Access Card and their PC to securely store information on their card without creating highly exploitable security weaknesses as Mr Hockey has been suggesting.
7. A system as centralised as the one proposed here, but having so many users, is inevitably going to be abused by Departmental insiders for profit, curiosity or worse. (Witness the breaches at the ATO, CentreLink and the Child Support Agency). There seems to be an emerging sense of concern in the community regarding the risks such systems pose to some vulnerable parts of the population (e.g. separated wives who are being sought by their abusive husbands etc.)
As I have pointed out before, those of us who are interested in the deployment and use of Health IT have a vested interest in this project and similar identity management efforts. If the public and political contention around the Access Card becomes significant there will be negative impacts on all efforts to improve access to, and the flow of information, in other domains – including health.
It seems unlikely, for example, that NEHTA’s plans for an Individual Health Identifier (IHI), delivered as a web service it is assumed, would not be caught up in any Access Card contention and debate. It is interesting that NEHTA plans have thus far not attracted much, if any attention from the various privacy and security lobbies.
Equally, concern may emerge regarding the efforts of the various State Health Departments to deploy State-Wide universal identifiers (I wonder how many State Health Departments would want to record the Access Card Number once it becomes available? Unless they were legislatively barred I suggest the number would be close to 100%).
It seems to me that if both the privacy and function creep issues around the proposed Access Card are not handled both more robustly and more sensitively that presently appears to be the plan E-Health may wind up a major collateral casualty of a potentially failed Access Card implementation.
I commend the show as a very good listen.
David.
Subscribe to:
Posts (Atom)