We now have the Bills that have been introduced in the Australian Parliament.
The relevant Bills can be accessed here:
With the obvious disclaimer that I am no lawyer I find this all pretty alarming.
I will look forward to the comments of some serious lawyers but in the mean time a few points that strike me.
For a start there are a few gaps I would have thought might have been addressed.
A search shows that Pseudonomysation and anonymous care are not even mentioned.
There is a total loss of any choice about having an ID (See page 6-7).
“(4) In exercising a power under subsection (1), the service operator is not required to consider whether a healthcare provider or healthcare recipient agrees to having a healthcare identifier assigned to the healthcare provider or healthcare recipient.
(5) The regulations may prescribe requirements for assigning a healthcare identifier to a healthcare provider or to a healthcare recipient, including providing for review of decisions made under this section.
There is a document explaining how the HI service is to work and it also does not really provide any useful information – anonymous is found twice in the whole 40 pages.
This is the link to the explanatory document.
Another explanatory document is the NEHTA Concept of Operations found here:
http://www.nehta.gov.au/component/docman/doc_download/872-concept-of-operations
Sadly there seems to be no linkage made in the Bills between the above documentation and how the system will actually work based on the legislation. This is a magnificent example of the 'trust us, we are from the government'. Sorry I just don't.
There also seems to me to be an issue around all the exclusions to the way the actual legislation works found in Section 38, but it could be that I don’t get the legalese!
Last as far as I can tell virtually all the public submissions would appear to have not had much impact on what we see being put to Parliament.
Here is the only place all the detail is found. The legislation does not guarantee anything of this will ever become real as it clearly will all depend on the regulations which we are all yet to see.
For this Bill to pass without those regulations being made public would be an outrage in my view.
Sadly I can’t check about the regulations at the moment as www.aph.gov.au is being attacked by hackers and barely can show you a front page. Nevertheless the point stands – until we all see the regulations this should pass in my view.
I also have to say that virtually none of the issues identified by the Australian College of Health Informatics (ACHI) seem to have been addressed.
Executive Summary
The Australasian College of Health Informatics (ACHI) is pleased to provide comment on the "exposure draft Healthcare Identifiers Bill 2010" with its supporting documents. The College combines the region’s peak health informatics expertise and experience and welcomes this opportunity to help inform the Health Identifier (HI) national e‐Health endeavour from an extensive background of significant knowledge and experience in health information systems and identification implementations.
1. ACHI is concerned the draft HI Bill may be enacted yet COAG has not yet made any decision about a national Electronic Health Records implementation. The draft seems to establish the framework for an e‐Health system that may never exist or be funded. It seems to ACHI the information available regarding any possible framework is also very scant and inadequate.
2. There are several major omissions from the draft Bill that are referred to in the documentation supporting the draft Bill, especially the "Building the foundations for an e‐health future … update on legislative proposals for health care identifiers:
• The legislation does not specifically cover consumer ability to access information even though we understand it to be a requirement of the Health Identifier service provider.
• The Bill appears to lack details of governance arrangements in place to manage the misuse of provider details in the provider directory, eg stalking.
• There is no information about the NASH process or controls in the draft Bill or in papers supporting the Bill.
• The Bill appears to lack clarity around the operation and governance of the HI Service.
• Future development through regulation would be improved by linkages to Standards Australia and the International Standards Organisation.
In addition, we are concerned that a substantial pilot of the HI system for evaluation has not occurred.
Future development through regulation would be improved by linkage to Standards Australia and the International Standards Organisation. We also believe the HI will be affected by the lack of systems to put in place provider details, such as those to enrol some categories of Allied Health Care workers, which may take several years.
3. The punitive measures for the disclosure of patient information risk penalising clinicians in the patient care context, over which most have no control.
4. Any permitted information disclosures should comply with ISO Standard "ISO/TS 25237 Health Informatics: Pseudonomysation" (ISO TS 25237 2008).
5. A process defining the nature of accepted secondary uses of patient data needs to be made consistent with the international standards in this area and be the subject of appropriate public consultation.
6. The draft legislation links personal information to HIS. International and Australian standards on the identification of Subjects of Care and Health Care Client Identification offer a more controlled approach to linkage and implementation that does not appear to have been considered in the Exposure Draft.
7. ACHI suggests that it may be prudent to refer to international and national standards in the draft Bill rather than facilitate personal data linkages based on an outmoded technological stance.
8. The draft legislation leaves many important matters to regulation that has yet to be planned and does not leverage or comply with existing standards.
In summary, the College believes that the "exposure draft Healthcare Identifiers Bill 2010" is a timely national e‐Health endeavour. The establishment and broad implementation of a Health Identifier requires a comprehensive and mature legislative underpinning, which can be achieved by broad consultation.
With this response, the College seeks to support and contribute to this process. In particular, the College believes the identified agreed local and international standards should be leveraged and the issues surrounding implementation that we have identified should be further explored.
The Australasian College of Health Informatics comprises Fellows and Members that have led and contributed to local and international initiatives in the e‐Health area for many years. The College would be happy to leverage their expertise and experience to help ensure the national e-Health legislative framework interoperates with international standards, planned and implemented architectures as well as systems that are effective and sustainable. To this effect, ACHI would be pleased to continue and extend its input into future iterations of the legislation.
The full and quite detailed document is available at the ACHI web site:
Enough said. We need the regulations pronto!
David.
0 comments:
Post a Comment