The FAQ on the Health Identifier Service Lets a Few Cats Out of the Bag.

With the legislation now passed we now have to consider what we have actually been provided with.
The official FAQ is found here:
While much of the FAQ is as expected there are a few things that caught my eye.
First:

Q6. Is this a health record?

Healthcare identifiers are not a health record. The information held by the HI Service Operator will be limited to demographic information such as name and date of birth needed to uniquely identify individuals and providers. Healthcare identifiers will provide a much more reliable way of referencing patient information, particularly in healthcare providers’ electronic information management systems.
Healthcare identifiers are an important building block to support a national Personally Controlled Electronic Health Record (PCEHR) system.
The national PCEHR system will be separate from the HI Service. The PCEHR will use identifiers to facilitate the identification of a consumer and healthcare provider. This will provide consumers and their healthcare providers with greater certainty that the individual’s information is being correctly attributed to their electronic record.
Consistent with the National E-Health Strategy, endorsed by all Health Ministers, participation in a PCEHR will be voluntary and an individual’s healthcare identifier will only be used for their PCEHR with their permission. The inclusion of healthcare identifiers on a health record system or patient’s file will not change how and when healthcare providers share information about individuals.
Privacy impact assessments will be conducted at appropriate points in the development of an PCEHR system along with regular consultation with the Federal Privacy Commissioner.
Comment:
I have always struggled with this distinction. The HI Service is clearly to hold a personal demographic record so how is that different – except in content – from the planned PCEHR? Given the demographic record is to hold name, sex, DOB, birth order etc it is hard to know why one cannot, if one chooses, opt out of this record as one is able to with the planned PCEHR and the Tax File Number System (by not using it).
This answer shows the extent of the planned record:

Q19. What information will the HI Service Operator hold in relation to IHIs?

The IHI will be associated with a limited amount of identifying information such as, name, date of birth, and sex. In some circumstances, further data may be required to ensure unique assignment or to assist with the use of IHIs such as: address, birth plurality and birth order, and aliases.
The reference in this answer to a “national Personally Controlled Electronic Health Record (PCEHR) system” really does beg the question of just how separate they are – while recognising that the identifier has other uses as well.

Q7. When will healthcare identifiers be available?

It is planned to have healthcare identifiers available from mid 2010. The numbers cannot be allocated and used until the appropriate regulatory support is in place – this includes primary legislation and supporting regulations.
Comment:
We all know it will be later than that – and that meaningful use is years away – while not in any way suggesting that should be the case. (that this is really silly is argued by the MSIA, who, I think, are of the view if we are to have the HI Service – let’s get on with it!)

Q14. Who will be responsible for data quality and reporting?

The HI Service Operator will be required to carry out regular maintenance activities including audits, data quality checks, reporting to Health Ministers and reviews of internal policies and procedures.
Comment:
I am no getting a good feeling here the public will be let in on just what error rates etc there are in the HI Service information. Of course this should be publicly reported in the Medicare Annual Report or equivalent.

Q21. How will the IHI improve healthcare communication?

The IHI will improve safety, security and efficiency by making sure patient information is linked to the correct record.
There are four key areas where the use of IHIs to support the electronic exchange of information will deliver immediate benefits for patients:
Discharge summaries;
Pathology Tests;
Prescriptions; and
Referrals.
For example: E-prescription implementations in Sweden, Boston and Denmark reduce provider costs and save time to improve productivity per prescription by over 50%; E-referrals in Denmark reduced the average time spent on referrals by 97% by providing more effective access to patient information for both clinicians and test ordering and results management systems reduce time spent by physicians chasing up test results by over 70% in implementation in America and France.
Comment:
Did I hear America being mentioned? They don’t have identifiers and it seems to me the identifiers are only a very small part of these rather complex applications – a bit of licence has been taken here I reckon.

Q27. How will an individual’s information be protected?

The HI Service will protect individual privacy through both legislation and technical means, such as agreed security and access controls.
Information security has been a primary consideration in the design and development of the HI service.
Healthcare providers who are identified with an individual HPI-I, or an authorised employee, can access the HI Service to obtain the IHI of a patient being treated.
The system design does not allow “browsing” of records – a request by an authorised healthcare provider for a patient’s identifier will only reveal an IHI when there is an exact match with patient information provided by the healthcare provider.
Each time a record held by Medicare Australia is accessed, the details of who and when will be recorded in an audit log.
Electronic communications involving healthcare identifiers will be made secure through the use of standardised Public Key Infrastructure (PKI) and secure messaging services.
Legislation will clearly set out the permitted uses of healthcare identifiers. Penalties for the intentional misuse of healthcare identifiers, such as inappropriate disclosure of information by Medicare Australia, or users of the Service, will be set out in legislation. In addition, current privacy laws will continue to apply.
The Federal Privacy Commissioner will monitor the operation of the HI service by Medicare Australia and handle complaints against the Commonwealth public sector and private sector organisations.
And here:

Q40. Will an audit log be maintained?

Yes – all access to the HI Service will be logged, creating a record of when healthcare providers access an individual’s IHI on the HI Service. An individual will be able to view the audit log and see what organisation’s have requested and obtained their IHI.
Comment:
So no actual individual provider audit trail. Anyone who can access the computers that are in a provider’s practice can use the HI service to obtain IHI’s and confirm if an individual’s demographic record is true or not. Think how that might be misused without any robust individual audit trail.
The bottom line is that NEHTA does not have its building blocks (NASH) in place to start the service in a trusted way.
And here is what I think is the ill considered and deeply flawed biggie contained here:

Q34. How will introduction of healthcare identifiers affect current IT systems?

The HPI-I is designed to work in conjunction with other national e-health initiatives, such as standard clinical terminologies and the development of secure messaging systems, to provide an accurate and secure foundation for sending and receiving messages and information from other providers electronically.
In order to participate in the HI Service, a healthcare provider business will require IT systems that incorporate minimum standards and security features necessary to access the HI Service. The Service can be accessed via a number of channels including HPOS, B2B web interface and phone services. Many providers already use HPOS and it is anticipated that changes required to IT systems will therefore be minimal for these providers.

Q35. What is the benefit for providers?

A national healthcare identifiers system is an important foundation for accurate communication and management of patient information via electronic means. The benefits of the HI Service will arise in the short term from the use of healthcare identifiers to improve existing methods of communication between healthcare providers as well as future e-health applications for which healthcare identifiers are a foundation element.
The costs of adverse events and medical errors are significant. It has been estimated that 10% of hospital admissions are due to adverse drug events and that up to 18% of medical errors are due to the inadequate availability of patient information.
One benefit of the HI Service will be the availability of a Provider Directory Service. The provider directory will allow for GPs to locate other providers (such as specialists) in a timely manner, and facilitate communication with other providers when referring patients or making decisions about the patient’s care needs.
The identifiers are designed as a foundation element for future e-health initiatives in Australia such as the proposed PCEHR announced in the Budget on 11 May 2010. Providers who update systems to accommodate healthcare identifiers are therefore taking steps to prepare for future e-health developments.

Q36. What will be the cost to business?

There will be some setup costs for healthcare providers such as the impact on staff time in terms of considering information supplied to the healthcare provider about how healthcare identifiers should be implemented and because consumers are likely to seek advice from their healthcare provider on the new healthcare identifiers and how they can and cannot be used.

Healthcare providers will be provided with supporting materials and appropriate sources to refer consumers to for more information. A public awareness program on the HI Service will provide information to consumers via a range of methods.
Comment:
What I read here is provider costs and not much in the way of provider benefit. No answer to the question why would they incur costs that are not being reimbursed by Government to assist the implementation of a Government Program. This approach has never worked before and I doubt it will now.
Let’s be clear this is just the start of the extra work the Government is going to expect providers to undertake in the cause of e-Health – and thus far the indications that efforts on things such as the PCEHR are to be reimbursed are also non-existent – indeed there is talk of penalties for not helping at provider expense!
The bottom line to me is that now all this is happening some serious rethinking of the implementation approach and meeting of costs is needed and fast!
David.

0 comments:

Post a Comment