NEHTA is Really Being Stupid with its Identifier Project – What a Pity!

The following appeared a few days ago.

Trial commitment brings e-health records closer

Friday, 27 February 2009

TRIALS of unique patient and provider identifier numbers will begin by the end of the year, according to National E-Health Transition Authority clinical lead Dr Mukesh Haikerwal.

The 16-digit number is the first step towards a personal electronic health record.

Speaking at an e-health conference in Sydney last week, Dr Haikerwal said a national rollout wasn’t possible until changes were made to privacy legislation.

“We have to be cautious about the legislation,” he said, adding that the trial was a chance to get the “methodology right”.

More here (with clinical registration):

http://www.medicalobserver.com.au/News/0,1734,4028,27200902.aspx

This is a really scary few paragraphs in my view. What is being said is that NEHTA does not know what the Parliament will authorise in terms of legislation for the patient and provider identifiers but that we are going ahead with pilots.

The clear inference here is that they are not worried if they compromise the privacy of the population affected by the pilots, potentially illegally. They are just going to steam ahead absent legislation.

A few facts here:

NEHTA released a ‘for comment’ Privacy Blueprint for the IHI (Individual Health Identifiers) in late 2006 – with a plan to consult and finalise the approach by the end of 2007.

See here:

http://www.nehta.gov.au/component/docman/doc_download/148-privacy-blueprint-unique-healthcare-identifiers-v10

Sadly that is the last privacy document in the area I can find other than this short report on consultation that is found here

http://www.nehta.gov.au/component/docman/doc_download/258-privacy-blueprint-on-unique-healthcare-identifiers-report-on-feedback

This was published in May, 2007 and there seems to have been silence since. Certainly the promised Privacy Impact Assessment has never seen the light of day.

What is worse is that the approach NEHTA planed did not get much support in the consultation. Consent, and a range of other areas were not at all agreed as I read this summary. An example from Page 8 is pretty clear.

“3.3 Consent

As noted in the Privacy Blueprint, consent in the health context has proved to be one of the more difficult policy and legal issues faced by Australian ehealth initiatives. NEHTA must ensure that the UHI Service complies with all relevant privacy requirements and that the privacy approach adopted is supportive of identified business requirements.

The majority of submissions commented on the consent mechanisms applying to the UHI Service. Several stakeholders expressed a preference for NEHTA’s preferred position of “lawful authority and notice” consent model, however argued that such legislation should provide for the voluntary rather than compulsory use of the IHI.”

This leaves one to wonder what the rest of the stakeholders thought – their views are simply not canvassed. (Clever nuanceing of the report maybe – as the Defence Minister is getting from his bureaucrats at present!)

“Concerns about opt-out, implied consent mechanisms or a compulsory IHI were raised in relation to the need to establish trust and public confidence in the UHI Service.

NEHTA’s view remains that legislative support for the UHI Service will provide the greatest level of legal certainty around meeting consent requirements, and therefore promote trust and confidence.”

It is clear there was disagreement about the key issue of consent and NEHTA just wants to force use via legislation. This is just awful and sounds rather like the way terrorist legislation was handled to me!

NEHTA have had plenty of time to decide their approach, get Board agreement and then ask DoHA for the appropriate enabling legislation to be enacted, and if they have delayed too long they should just wait until they have legislation passed.

As far as anyone knows the pilots will not even be ready until towards the end of the year (2009) and so there is probable still time to get the act together and do things properly.

But no. They want to just steam ahead for some internal reason – apparently related to this being “the year of delivery”!

If NEHTA goes ahead in this mode they are more likely to deliver a ‘stuff up’ in my view.

A lot has happened since mid 2007 when the last public words seem to have been published!

Most importantly we have had a report from the Australian Law Reform Commission mid last year the Government is working to respond to. See here:

http://www.pmc.gov.au/privacy/alrc.cfm

and guess what. The site says:

“Consultations on the health information recommendations will be organised early in 2009”!

What this means is that there will be no clear health information privacy from Government until mid to late 2009 for sure I reckon.

Those who are interested might like to see these submissions on the area:

http://www.privacy.org.au/Papers/ALRCRpt-PartH-0902.pdf

http://www.bakercyberlawcentre.org/ipp/publications/CLPC_sub_health_research.pdf

Despite knowing all this is on foot – both NEHTA and Ms Halton – Secretary of DoHA seem determined to rush ahead.

See here:

http://www.aph.gov.au/hansard/senate/commttee/S11643.pdf

Senator BOYCE—What are you actually telling me about this program: that it is planned to be done; it is in the process of being done?

Ms Morris—It is in the process of being done. Basically the COAG funding enables this work to continue and be delivered.

Senator BOYCE—When it is in the process of being done, are we at the stage of people developing the programs that will allow it to happen? What is happening?

Ms Halton—Can I expand a bit on this. Essentially, what you need, as Ms Morris has just been describing, are bits of architecture, but they are also particular things. So you need, for example, a unique health identifier. You know that we have received funding for that in the past and that work is being undertaken by Medicare Australia on contract to NETA. We are working towards a delivery timetable of that towards the end of the year.

Senator BOYCE—So by the end of the year we should have the unique identifier?

Ms Halton—Yes, we should.

Ms Morris—Yes.

Ms Halton—You also need a health provider identifier to identify an individual physician, nurse, physiotherapist, so clinician X, Y, Z.

Senator BOYCE—So we have that for people who are probably under Medicare or—

Ms Halton—No, we do not necessarily. In fact, what we do at the moment—

Senator BOYCE—It is just practices?

Ms Halton—Yes, and we have individuals in places, so it is a question of who your practitioner is at a

particular place—“ (p139)

and here:

“Senator BOYCE—Yes, I think I understand at least those parameters of the potential for e-health. What I am trying to get at is: how far are we down the road?

Ms Halton—This is to be delivered by the end of the year. The point is that these identifiers are to be delivered by the end of the year.

Senator BOYCE—Both of clinicians and of patients?

Ms Halton—Yes, that is correct.”(p140)

Note that here it is not even a pilot – it is the whole thing for the country – hardly possible I suspect!

To be clear, what I am saying that is stupid and outrageous to be implementing even pilots (let alone the larger ambition) without the legislative position sorted and the appropriate communications with the public on issues such as consent etc.

To just proceed is the way to make sure you get zero public acceptance of the broader e-Health agenda. Worse the legislation might not turn out to be passed the way you had planned and then you have piloted a system which potentially is not fit for purpose!

Heading for a big mess here is my view unless the approach of one step at a time is adopted!

Everywhere else in the world where such privacy hostile approaches have been adopted disaster has followed. Surely they can see there is a right way and a wrong way to go about this stuff and they are on the wrong path right now!

We need the IHI but not done this way!

David.

0 comments:

Post a Comment