Live Blog: Peter Fleming of NEHTA in Front of the Senate Community Affairs Committee.

The session ran from about 3:30 to 4:40pm March 9, 2010.

The speakers were Mr Fleming and Dr Mukesh Hailerwal.

It now seems reality has crept in. NEHTA now admits that there will be a set of ‘initial implementation projects’ of various components of the system (read pilots) for the first 18 months and that when these are run – they will then be brought together and re-tested as a whole before any national roll-out is undertaken.

It really is a pity we have not been provided with this level of honesty well before this.

We also learn that NEHTA is still hopeful they will get to create an Personal Controlled Individual Electronic Health Record for those who want one. Good to see they now say it will be opt-in rather than opt-out.

All in all very interesting. It did seem there were a lot of questions from the Opposition Senators. One really wonders if they are minded to pass this legislation at this point?

David.

Dr Horst Herb Reviews the Revised NSW Health Implementation of Cerner’s Firstnet.

I will let Horst tell the story for himself – which appeared a little while ago today on the GPCG_TALK mailing list.

Horst has given me specific permission to republish this saying:

On Tue, Mar 9, 2010 at 1:26 PM, David More wrote:

“Hi Horst,

Happy to post your account on the blog. That might get some attention. There are a lot of influential readers I understand from the feedback I get.”

Thanks.

Anything that might contribute to positive change is welcome – the status quo is not acceptable

Horst

----- End Message

For those who don’t know Horst is a resident polymath on the General Practice Computing Group e-mail list being a GP in Dorrigo as well as being a very experienced system designer and implementer among other things.

Take it away Horst:

[GPCG_TALK] Cerner software - the saga continues –

From: Horst Herb

To: General Practice Computing Group Talk

I was offered AUD 400 to sit for an hour in a teleconference and see the improvements in Cerner's Firstnet software for rural hospitals, and -silly me- I accepted.

So I sat and watched.

And I left very, very angry.

In essence, they tried to convince somebody who has been using a Microwave oven for the past decade that the best way forward is to buy their (most expensive) two flint stones, because then you can bang them together, light some fire, and eventually cook on it. Actually, the analogy is wrong, because flint stones can be very useful in the right circumstances.

In detail:

at the time of entering a progress note, the doctor cannot

- browse, add or modify allergies

- browse, add or modify past history

- browse past consultations

- browse or request test results

- browse or manage medications

(in fact, the concept of medication is still alien to that software it seems) etc without leaving the data entry screen (and potentially losing all data entered so far if he leaves the screen the wrong way), navigating a complex menu that makes Homer's odyssey look like an easy travel guide for nursing home patients, and then eventually find the way back to the data entry screen.

The number of mouse clicks required to perform even the simplest tasks remains legion, and the screens remain cluttered with (to the clinician) useless administrative details while utterly neglecting the needs of the clinician.

The presentation of data (e.g. vital signs) remains in a form where it is very difficult to find what is actually relevant (even to those who are familiar with the format of the information presented in) .

This software is not just extremely poorly designed (in fact I cannot recall any clinical software I have seen in 20 years in multiple countries that was anywhere near as bad) and time wasting - it is dangerous to patients because it makes information access needlessly difficult and confusing.

It saddened me to witness that they failed to improve anything in a meaningful and significant way after so much time spent after the initial assessment, and it maddens me that they refuse to take advice on board from those who KNOW what the requirements are because they actually do the work AND have experience with other (much better) implementations.

We VMOs at Dorrigo Hospital refuse to work with that software and we fail to see any realistic way forward given the time they wasted between the last presentation and today without producing any MEANINGFUL changes. I learned that the doctor from Bellingen Hospital who was meant to watch left disgusted even earlier than I did, so I suppose the verdict there remains the same too.

Horst.

----- End Message.

I pass this on without comment other than to say it seems this software is just not suited for small hospitals in small towns. There really needs to be an alternative to the one size fits all approach!

David.

NEHTA Promises the Future - We Will See If They Deliver Quite Soon Now!

It seems NEHTA is well and truly into the propaganda channel it has been pushing lately, based on the spin plan most of us have now seen.

This will be all you need to see to realise just how oversold this is all being in the short or even medium term. Pity some more basic and important issues can’t get addressed first. The systems that will use all this information are yet to be modified and I hear NEHTA is being very slow in providing the information needed by the software providers.

See for yourself.



Anyone who thinks this is all going to happen before 2013 is dreaming I reckon and with Medicare Australia’s implementation and planning skills – probably never. We need to walk before we run, and painting this sort of prospective Utopia does not set expectations at a reasonable level I believe.

The Senate Enquiry tomorrow has one role as far as I am concerned. That is to have Medicare Australia / NEHTA actually demonstrate they actually know what they are doing with a project of this scale. Thus far the evidence is pretty scant. Medicare Australia’s implementation record in the sector is pretty spotty and NEHTA has not been seen to deliver any significant project (except possibly SNOMED CT) in the last 5 years that I can detect.

David.

AusHealthIT Man Poll Number 11 – Results - 08 March, 2010

The question was:

Should The Health Identifier Service Legislation Pass in its Present Form?

Absolutely

- 6 (16%)

Probably

- 5 (13%)

Probably Not

- 8 (22%)

No Way

- 17 (47%)

Votes 36.

Comment:

Looks like about 70% say legislation should not pass in the present form. I am surprised at the figure given so many of us think a proper, well designed and executed HI Service would not be a bad thing.

I think the Government approach and the huge implementation risk has spooked the horses!

Thanks again to all who voted.

David.

A Show You Won’t Want to Miss! Our Democracy in Action!

Tomorrow we have a live broadcast from the Senate Community Affairs Committee as it reviews and considers the Health Identifiers Bill 2010.

When: 9/03/2010 3:30 PM - 9:30 PM AEDT

What:

Senate Standing Legislation Committee: Community Affairs Committee (R4299 Healthcare Identifiers Bill 2010)

Where: (HMS 9)

By clicking on the link you are taken to a page where you can select video and audio feeds.

I understand NEHTA’s Peter Fleming kicks off proceedings at 3:30pm.

If the embedded link does not work go here:

http://webcast.aph.gov.au/livebroadcasting/annualview.aspx?eventtype=Committee&eventdate=8/03/2010

Note there is also session on Wednesday Afternoon.

Enjoy!

David.

It Seems Some Facts Are Rather Easily Forgotten. The Medicare Card is not a Trustworthy Token.

I am sure at least some readers will be amazed that it is now almost exactly four years since I posted the first blog.

As I type on 6 March 2010 it seems fitting to repost the first post to see how I have gone:

Health IT Introduction

The intent for this blog is to provide commentary, feedback and information on the e-health activity, processes, industry, politics and governance in Australia.

The aim is to provide clarity and transparency for all involved as to what is going on, who is doing what with whom and what is driving what is happening.

Enjoy

David

Posted by Dr David More MB, PhD, FACHI at Sunday, March 05, 2006 0 comments

I will leave it to others to say what they think but I think I have stuck pretty closely to the goals I set out with.

Certainly the readership has continued to grow as you can track from the little counter on the left of the main text.

Since the blog started there have been over 142,000 visits to the site with in excess of 240,000 page views.

As I was looking at the first few entries this one struck me.

Thursday, March 09, 2006

Card Confusion and Mis-Identity

The main news today is the revelation from the Sydney Daily Telegraph of the scope of the rorting and the degree of fraud and identity fakery going on with the current Australian Medicare card.

To quote the article:

"A STAGGERING 500,000 Medicare cards have been lost or stolen in the past 12 months, with some being used to create fake identities and make fraudulent benefit claims.

In a bid to tackle identity fraud, Human Services Minister Joe Hockey called for a photo of the holder to be included on Medicare cards, which currently only contain a person's name and Medicare number.

Criminals are using the lost or stolen cards to set up fake identities, open bank accounts and claim Medicare benefits and prescription medicine subsidies that they are not entitled to."

What is clear here is that the system simply lacks the robustness required, and to be made fit for purpose (i.e. to prevent fraud and to permit accurate identification of individuals) a large investment will be required.

Recently a UK expert suggested that the total cost of identifying each citizen reliably with appropriate biometrics is of the order of $250 per individual. Even if it is just 1/2 this we are talking billions of dollars and with the loss rates of the Medicare card - huge ongoing replacement and renewal costs.

One hopes the business case for taking on this expenditure is sound - and that all the parts of government involved in identification schemes (Health, Human Services, Attorney General and Immigration) are co-ordinating their activity to minimise waste and to preserve privacy.

David

----- End Extract.

Sadly the links no longer work but there is a lot of information on the reliability of the Medicare Card to be found here:

http://www.efa.org.au/Publish/efasubm-dhstf-regist-200704.html

Now while I am sure things have improved the fact that the card is apparently as unreliable as it is must be a cause for concern.

“The Discussion paper states:

"Similarly there needs to be greater information provided about the encryption of signatures so as to minimise the security risks associated with copying of signatures from lost or stolen cards.

This is especially relevant to lost or stolen Medicare cards (some 500,000 each year); especially as such cards figure in something like one-half of all cases of identity fraud. Current Medicare cards, of course, do not carry either a photograph or a signature."

Section 5.

The following I have to say – from the same document fair took my breath away.

4.1(d) Use of Medicare Cards to establish bank accounts etc

"At present, if you lose your Medicare card, it is very easy for someone to take that and use it to claim benefits in your name. They can even use it as proof of identity to establish such things as bank accounts in order to perpetrate identity theft." (DHS Supp Subm)

The Medicare Card is what the AFP call a 'breeder document' since it can be used to produce higher forms of identity documentation. (DHS Supp Subm)

Drivers licences and birth certificates are also breeder documents and that is why the Attorney-General's Department is developing the Document Verification Service, to enable breeder documents to be verified with the document issuer.

Moreover, it appears that the existing Medicare card will not be able to be used as a breeder document, nor as an EOI document, after December 2007, at least not in the banking/financial services industry. As a result of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), the existing 100 Point ID check system (under which Medicare cards are worth 25 points) will cease to exist.

New Rules made pursuant to s229 of AML/CTF Act^[40] were issued by AUSTRAC^[41] on 30 March 2007 and will come into effect from December 2007. The Rules include safe harbour provisions detailing the types of evidence of ID documents which financial institutions may use in order to be covered by the safe harbour protection. Medicare cards are not included in list of acceptable identification documents (see Clause 4.2.11) and also do not meet the definitions of the various types of acceptable ID documents.

Hence, the ability to use a forged or stolen/lost Medicare card to open bank accounts etc will apparently cease from December 2007, whether or not it is replaced by an Access Card. In addition, use as a breeder document is likely to be significantly reduced if other sector organisations continue the practice of referring to financial sector rules in deciding which types of identification documents they will accept.

----- End Extract.

So the Card is OK to act as a key for Health Identifiers but NOT OK to set up and access bank accounts. Priorities seem to be a bit confused here!

I wish I had remembered all this when I was doing my submission to the Senate.

David.

Guest Point of View – Dr Sam Heard of Ocean Informatics.

Can we have an organic and evolutionary EHR?

In Karen Dearne’s article “Compromised confidentiality: national health care identity numbers” in The Weekend Australian on Saturday February 13^th she addresses some of the privacy issues and likelihood of uptake of a government sponsored national health record in Australia. Ms Dearne echoes concerns expressed by many about the inappropriate use of national identifier numbers and questions whether current health record approaches are suitable for the new e-Health environment. Her approach is fundamentally conservative, and with good cause. Achieving the sort of health outcomes hoped for through the use of computers has largely eluded even massively funded national programs such as the UK’s ‘Connecting for Health’ and Canada’s ‘Infoway’. Some have dubbed these programs as the ‘place where the rubber hits the sky’. Perhaps our recent and current governments should be congratulated for not bowing to industry pressure and spending money on major ‘top-down’ programs of this kind. Imagine if the government took this approach to banking or electronic initiatives in law.

The axiom “Information is power” probably drives much of the scramble for ownership of the new shared electronic health record. Governments around the world want to be recognised for realising the benefits. The promise of this technology includes less healthcare accidents, less repeated steps in care, less investigations, more appropriate treatment, more accountability and so on. There is clearly a perceived commercial opportunity too as telcos, insurance companies, pharmacies and companies like IBM, Microsoft, and Google also want in. But let’s consider some of the barriers, because these are considerable.

Electronic health records are collections of information which are designed primarily to provide an historical account of care received, to defend a health professional’s actions and to assist a group (sometimes a team) of health professionals to work effectively together. It has been proven that it is safe for the vast majority of people to view their own health records and is also likely to lead to more accurate records. All forms of records, such as legal and banking, benefit from scrutiny in much the same way. Beyond this, the impact of personal access to health records is largely unchartered; there is a lot to learn.

Having our personal information stored somewhere on the internet should make us concerned: it is immediately more available and information can be copied very quickly if unauthorised access is gained. The current rate of electronic fraud in banking may be acceptable (or manageable) for that industry as, on the whole, there is a clear incentive to replace what is stolen and the resources are available. Health care is not as straightforward; information is complex, highly personal and can be used against that person’s interests both commercially and politically. Confidentiality is far harder to assess in cyberspace; information can be used without consent and without any recourse. For instance, if you remove your date of birth (e.g. 1965) from Facebook it will not prevent you from getting advertisements like “Are you 45? “ What can you say or do?

It is attractive ideologically and politically to ensure people are in control of their own health records but it is not clear exactly what this means. The most sensible idea that arises from this is for people to give access to care teams rather than individuals. Logically it might be a hospital at times, with access control then being managed within that institution for the information that has been shared. Electronic health records are living things that need to be maintained to be useful and to provide an accurate view of the person’s health and health care. Information will become out of date or be proved wrong. Aggregated records may not be consistent. For example, a diagnosis made by a pathologist (e.g. ductal carcinoma in situ) will be different from statements made to patients (e.g. pre-cancerous changes in the breast). A person having a ‘fear of having cancer’ must be differentiated from one ‘having cancer’. Some web-based health records downloaded from clinics in the USA have had entries that expressed the concern of clinicians reinterpreted as meaning the person actually had that condition. This is a cause for concern. Who is going to maintain these records to ensure they are coherent and to help patients achieve maximum benefit? It is certain that those with this duty will need considerable clinical knowledge and skill to do this efficiently and effectively.

For the benefits of electronic health records to be maximised there must be a focus on the ability to share information between authorised health care providers, the patients (clients or consumers) and, where appropriate, their carers or guardians. Ideally this information should be able to be processed by receiving software used in different settings. But it is more complex than that. These days patients are able to measure their own blood pressure or blood sugar using quality devices and good techniques. These measurements are amongst the most useful to assist management and demonstrate that it will be increasingly important that people are able to contribute to their own records.

The negotiations that led to electronic downloading of music and the success of the iPod were arduous and protracted. Likewise, a framework for effective electronic health records will take time and commitment. The electronic health record that will provide real benefit will be a sophisticated technology that supports clinicians and allows others to contribute. But it will not be a free-for-all and if it does not support the health care providers adequately another solution will have to appear. But where to start? Do we need evolution or revolution?

If government and software companies cannot get this off the ground then it is necessary to look elsewhere. Consumers can support this development and it will have to meet their needs, but instigation requires leadership of a different kind. In this case clinical leadership is probably ideal. The reason health records exist, after all, is to help clinicians deliver health care. If clinicians are to lead the e-Health evolution in Australia then general practice is the ideal champion. GPs are paid for by patients and subsidised by the federal government. They can act independently of other stakeholders and the solution can be national.

Connecting general practitioners with each other may be the ideal starting point. GPs have an electronic longitudinal record for many patients already and one that is organised to support preventative care and management of chronic disease. As people move around the country they like to take their records with them, taking them from their previous to their new GP. This is still done largely by printing on paper, photocopying or faxing. The real point is that there is an established need and process for doing this. Thus, the sharing of electronic health records could begin in a way that follows these current norms. Such sharing could then be extended to specialists and hospitals as appropriate ways and means are found. It won’t take long. At present this is not possible (although the Department of Health and Aging has agreed to fund such an initiative in the past) because the power of software companies has prohibited the collaboration required to make it possible. Shared records also require an agreed format for the health record. The openEHR specifications (www.openehr.org) were designed specifically for this purpose and can be seen as the MP3 for health information. However, these specifications do not, as yet, have industry backing despite government uptake and interest in countries such as Sweden, Slovakia and Brazil.

What to share? The answer is – it depends. It depends on the need of the recipient and the wishes of the person being referred. If someone is referred to a physiotherapist by a GP it may be quite a limited subset. If an elderly person is transferred from a hospital to an aged care facility there will be key information to share and it is likely to include the last time the person used their bowels. Impacted faeces are no fun for the person or their carers. If a person moves from one general practice to another it will be the entire record. If a person is admitted to hospital it may be all their recent records and a comprehensive summary. If it is a record at a sexual health centre the norm will be for this information to remain on site although some people will understand why certain information may be required elsewhere.

Where to store it? A general practice shared record would allow people to keep their record in a repository where they can access it and where they can provide access to others. This would not require unique identifiers as subscription to a service (like email) provides a means of generating a unique identifier for that service. Some may choose to keep all or part of their EHR on their person with a backup somewhere safe.

A general practice based shared electronic health record would simplify things a great deal and start with key players who are doing this already – the people and their general practitioners. Such an approach would require public funding initially although the billion dollars Ms Dearne mentions seems a little excessive.

Sam Heard

Comment: I think there are some interesting and provocative ideas here. Comments are most welcome.

David.

My Submission to the Senate on the HI Service – Final Version as Given to Senate and Some Comments.

The following is what I submitted late on the 4^th of March – and it has now been published on the Senate Web Site.

----- Begin Submission

Submission to the Senate Standing Committee on Community Affairs.

Topic: Enquiry into the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010

Submission Author:

Dr David G More BSc, MB, BS, PhD, FFARACS, FCICM, FACHI.

Author’s Background. The author of this submission is an experienced specialist clinician who has been working in the field of e-Health for over 20 years. I have undertaken major consulting and advisory work for many private and public sector organisations including both DoHA and NEHTA.

General Points on the Bills.

First without seeing the associated regulations it is impossible for the Senate committee to know what we are actually going to wind up with as a final implemented system. As the Late US President Ronald Regan put it "Trust but Verify" The Senate should insist in seeing at least the proposed draft regulations.

Second the Bills are being treated in isolation from the larger e-Health agenda for which there is at present no effective leadership, organisation or governance as recommended in the 2008 National E- Health Strategy which was developed for the Australian Health Ministers Council (AHMC) by Deloittes and subsequently agreed. To be undertaking legislation and implementation with this gap not addressed is, as Sir Humphrey would say ‘exceptionally courageous’ or maybe his worst grade – that of ‘politically suicidal’.

Third to not be undertaking small and large scale pilot implementations before a nationwide rollout is, in my view just foolhardy and just nonsensical. No responsible organisation just switches on a national system of this scale without a lot of operational testing etc. The whole project poses massive risk from an organisation that has been found wanting in other much less complex implementations. (e.g. Medicare Easyclaims). Internationally and at a State level in Australia there have been very many difficulties with many such projects and very few obvious successes.

Fourth it would seem to be quite strange to be passing legislation for the HI Service without being clear what comes next. A COAG proposal is being developed by Department of Health Ageing for a fuller E-Health approach at the time of this submission but is still secret. The time for legislation is when that fuller agenda is public and has been debated by stakeholders.

Fifth there is no evidence there will be wide-spread use of the HI Service until there are some arrangements put in place to ensure they have their reasonable time and costs rebated in some form. I am informed NEHTA has approached their Board on this matter – but in absence of this approval the entire Health Identifier Service risks being an expensive white elephant

Sixth it now seems there are some issues surrounding the behaviour of Medicare Australia staff in regard to the handling of personal information.

The following report appeared on March 2, 2010 and raises significant issues in my view.

Medicare snoops caught by secret database

• Karen Dearne
• From: The Australian
• March 02, 2010 12:00AM

MORE than one in six Medicare Australia employees is suspected of having spied on confidential client records in the past financial year.

In a statutory personal information digest submitted to the federal Privacy Commissioner, Medicare reports 948 staff members out of a total of 5887 employees were being tracked on an unauthorised access database as at June 30 last year.

This was up from the 750 employees under surveillance at the end of June 2008.

That same year, Medicare set up a "high-profile individual" database with records belonging to 250 people -- apparently as a honeypot for snoops. The purpose was said to be "to assist with identifying unauthorised access to information" held in agency systems by tracking staffers who sought to look at the medical history of famous Australians.

Apart from Medicare card numbers, names and addresses, healthcare provider details and benefit summaries, sensitive data includes medical and financial information.

Unlike other agencies such as Centrelink, Medicare does not disclose privacy breach statistics in its annual reports.

The full article is found here:

http://www.theaustralian.com.au/news/nation/medicare-snoops-caught-by-secret-database/story-e6frg6nf-1225835818328

Clearly such staff cannot be trusted to manage the even more sensitive information that is planned to be held in the Electronic Record System being proposed by Medicare Australia and NEHTA.

Seventh, while the HI System does not provide for the look up of patient name and address information it can, by returning an identifier when queried with a name, date of birth and address, confirm the validity of a name and address pair which may assist in unwanted tracking down of individuals who would rather avoid this happening (e.g. domestic violence victims)

I have written more about this topic here:

http://aushealthit.blogspot.com/2010/03/there-might-be-major-hole-in-design-of.html

Second last the lack of any ability on the part of citizen to being opt-out of being numbered by the HI Service should they choose is problematic. The rest of the world has largely agreed that ‘opt-in’ approaches work best in e-Health despite some recognised difficulties and the case has never been made that I have seen as to why Australia should not adopt best practice.

Last, while there is no doubt there would be major benefit from a smooth running efficient National Identifier System the costs of ongoing delivery and maintenance (recording births, deaths, address changes and so on for some 22 million souls) are not addressed and may be very considerable. Other options exist for addressing Health Identification but these have never been explored and there has never been a business case developed .

All the above points ignore the various risks to privacy and identity protection which I am sure others will provide detailed submissions upon.

In summary it is my professional opinion that the community is entitled to be presented with legislation that takes a far more holistic view of the way e-Health systems and services are to be delivered to Australians and addresses clearly and systematically all the possible risks that are associated with the implementation of large complex systems as well as providing an optimal framework for governance, leadership, privacy protection and engagement with the caring professions and consumers who are going to be required to use these systems.

The present proposed legislation is deeply inadequate and there are major implementation risks with the project overall which I do not believe have been treated frankly by the enthusiasts for this Bill in its present form. I find it concerning that there are a number or organisations who are not specialists in e-Health who are lobbying for passage of the bill, without any apparent in depth understanding of the risks this project runs, unless the plans for its delivery are dramatically improved.

Finally I have to point out that we have had at least a lost decade of (essentially no) progress in e-Health. We are presently at a cusp and if the right path is not chosen and implemented it will be another decade before e-Health realises its promise in Australia. Right now I do not believe we are on the right path and that the risks of expensive failure are very high indeed.

Dr David G More.

----- End Submission.

Thinking about all this after having read the submissions there are one or two points that hit me.

First there are a lot of proponents of passing the legislation and then fixing up any issues that arise later. To them all I can say is that they are remarkably naive. This is the one chance to make sure limits are set and the system will actually work as claimed.

Second there seems to be an assumption that the way in which the identifier is extracted from the Medicare Australia CDMS will make it error free and totally fit for purpose. Believe that and you are into seeing the ‘winged pigs’. Without some substantial live testing we just have no idea.

Third I can see the legislation passed because the risks and implications are just not understood. It will be sad if that is the case and we all wind up trying to recover from an untested mess.

Fourth it is clear the implementation and project risks are well recognised by all but the loudest of proponents. It is vital the Senate take some considered steps to mitigate and mange these.

David.