A new e-health lobbying organisation has voiced its frustration at the National e-Health Transition Authority and Department of Health and Ageing for not communicating with consumers well enough.
The Consumer Centred eHealth Coalition (CCeHC) is a group of non-government organisations which maintain an interest in privacy, security and confidentiality issues in the rollout of the Federal Government’s new Australian eHealth system. Its members include the Australian Privacy Foundation, the Council of Social Service of NSW, the UNSW Cyberspace Law and Policy Centre, the Public Interest Advocacy Centre, Civil Liberties Australia and the Queensland Council of Civil Liberties.
Late last week, the CCeHC wrote on its site that despite NEHTA and DOHA holding three workshops to gauge consumer views on the issue, there had not been enough transparency and scrutiny on its $467 million e-Health investment – which will provide the Australian health system with a Personally Controlled Electronic Health Record.
“We are growing frustrated with the NEHTA/DoHA-led consultations process and skeptical about any useful outcomes incorporating consumer feedback,” the group wrote. “We ask for evidence the feedback has influenced a single aspect of the e-health experiment”. NEHTA and DOHA have been invited to respond to the comments.
The group said “silence” from both organisations had encouraged voluntary feedback which – they claimed – had been dropped without replying. In fact, the CCeHC wrote the findings of the NEHTA-funded Individual Health Identifier IHI pre-implementation risk assessment report reflected the criticisms consumer and privacy groups had previously provided over the years.
“We are nervous when it comes to trusting in a process that seeks consumer group feedback yet runs another in parallel,” CCeHC wrote. “… bureaucrats have driven the process, preferring to commission reports, such as the risk assessment report, that have cost taxpayers thousands of dollars rather than listen to the advocates or citizens.”
The group flagged the findings of a report produced by NEHTA and Victorian e-health project HealthSMART into the introduction of individual health identifiers (IHIs) into the Victorian health system. The Federal Government’s own e-health platform is slated to use such identifiers.
The Victoria IHI Integration Clinical Risk Assessment Report (available online as a PDF) stated the use of the IHI in conjunction with a Unit Record number (UR) was likely to cause two clinical hazards: that is to say the misidentification of the patient and the inability to identify the patient by IHI in clinical care settings. The report claimed that when IHI was used in conjunction with the UR, these risks were of moderate severity; but stated that if IHI had been used in isolation, the clinical hazards would have been of high risk.
Backing these findings, the CCeHC said the IHI could only work as a complimentary identifier. “The IHI has proved to be unreliable in test environments and tends to jeopardise the quality of patient care outcomes,” the group wrote. “Even health authorities recognize that an IHI is too hazardous to use without some other type of patient identifier.”
Also, the group added that as the successful tenderer for the National Authentication Service for Health (NASH) – established to ensure personal data security and privacy – had been chosen recently, the NASH system has not been designed yet and would thus delay scrutiny. “Are Australians still unable to see who or why others may access their private information despite public government assurances to the contrary?” they asked.
Privacy was also a major concern of the CCeHC. The group said it was alarming “in an age of rapidly growing rates of identity fraud” that all of the personal details of every Australian was stored by Medicare in a centralised database. ”The market-speak DoHA and NEHTA use to describe the database simply refers to it as ‘distributed’,” they said. “A distributed database is a centralised database!”
The CCeHC said IHI, the NASH and the related risk assessment analysis provided an interesting context within which to understand the PCEHR project, but that the Government and Health Minister, Nicola Roxon, had failed to reveal the so-called Concept of Operations document which offered a description of the new system from the viewpoint of an individual who used the system. Instead – CCeHC claimed – the document was distributed by blogger Dr David More.
The Australian Privacy Foundation has also complained about the impossibility of communicating with NEHTA and the DoHA. In a release issued last week, the APF said the HI bills contradicted the APF’s Policy elaborated in 2009 to support the assessment of proposals for eHealth intitiatives, adding the bills were “seriously deficient” in relation to patients’ information on the HI and highlighting the unenforceability of penalties on individuals and organisations that commit security breaches.
“In any case, the APF draws to attention the impossibility of evaluating the utility of the HI system for patient privacy and health when only a fraction of the proposal is on the table, and even the relevant agencies appear to know little about how it would work in a ‘real life’ context,” the APF wrote.
The CCeHC concluded the PCEHR consultations should be linked with the IHI Pre-Implementation Risk Assessment document and previous advocate submissions regarding the IHI. They also claimed the UK’s Summary Care Record should be taken into account as it analysed a system similar to the Australian PCEHR.
“The IHI is useless to consumers presently and claims that the PCEHR will not be centralised are simply market-speak for not responding to advocates initial concerns regarding the IHI,” they said. “No-one has ever suggested the PCEHR will be centralised.”