"The Australian Privacy Foundation asks how the system, which cannot uniquely identify individuals and simply permits document
transmission and viewing, will be used for patient care benefit at
all," the APF says in its submission to the Senate inquiry into the
PCEHR legislation and related matters.
"We question marketing efforts to convince patients and providers otherwise." The
APF says that neither the main bill nor the associated regulations
detail what e-health services will actually be achieved by the launch
date.
"Everyone is a health consumer, so getting a national e-health
system wrong would be very costly," it says. "It is better to get this
right than meet an arbitrary deadline."
In the submission, APF
health chair Juanita Fernando warns the "unseemly rush" to devise new
technical specifications for the local e-health record system through a
"Tiger Team" process risks "medico legal liabilities and dangerous
outcomes for patients", and will harm the local software industry.
The
National E-Health Transition Authority set up the teams in a bid to
finalise new technical specifications for the PCEHR project by the end
of November, rather than adhere to the traditional but slower national
and international standards-setting process.
Dr Fernando said that although the Tiger Teams had not met as of early November, "ostensibly they managed to harmonise several very complex specifications by month's end". "This
unseemly rush undermines community trust," she said. "We wonder what
other aspects of the project will have to be compromised to meet the
July 1 deadline."
Dr Fernando says patient care will be "based
on this 'mish-mash' of standards and computer operating systems that
evidence shows have not ever been able to exchange data effectively". "Indeed, we understand this issue remains vexed in the lead sites trialling the PCEHR," she said.
"The
mash-up will diminish data confidentiality, integrity and availability,
so that records stored in the system will provide an unreliable basis
for medical care." And the departure from accepted international
standards will result in an "island Australia", with industry, patients
and health professionals facing a "series of cascading costs and
barriers as a direct result of the bridges planned between current
systems and those required for the PCEHR system".
"Australian
business will be unable to function competitively where one standard
applies locally and another applies overseas," Dr Fernando says. "Patients
will not be able to link to their supposed e-health record from other
countries, and multinational research will be hampered.
"Suppliers
of hardware and software will face an inefficient and incompatible
system that impacts their return on investment, while the domestic
software industry may face business failures in developing
Australian-only e-health applications.
" The APF asks whether
taxpayers will bear the industry and health practice costs of a failed
PCEHR system standards implementation. The organisation is also
concerned about risks to patient safety, pointing to a recent NEHTA
security paper that says: "Due to lack of confidence in the capacity of
the Individual Healthcare Identifier (IHI) to uniquely identify
patients, they will also be allocated parallel, service provider
identifiers to ensure that clinicians work on the right patient with the
right information at the right place, at the right time."
"Accordingly,"
Dr Fernando says, "the government has authorised a system for
mandatorily and uniquely numbering all citizens from birth to grave for
one purpose, whereas the architects of the PCEHR propose to use the IHI
for a contradictory purpose.
"This will magnify existing
confusion in clinical settings where at least two identifiers will apply
to every patient and may actually increase the rate of medical errors." But the APF says the proposed legislation "will ensure governments and their employees cannot be held to account"
for any adverse health events, errors or the theft or misuse of data"
resulting from use of the PCEHR system and the central HI indexing
service.
Dr Fernando describes the situation as "continuing the
living laboratory experiment" being conducted on patients and medical
providers in the pre-PCEHR implementation now underway. "It is
fundamentally important, in keeping with patients' basic rights, that
the absolution of jurisdictions and their agents are removed from the
bills," she says.
"Misuse of the data must be subject to consequences, especially given many unwilling patient participants at the lead sites." The
lack of a proper governance framework to guide project planning which
has led to belated attempts to "reverse engineer" the issues, will
"adversely affect health professional and patient use" of the PCEHR
system.
"Governance concerns are at the core of initial
planning processes rather than a concept that can be retrofitted once a
system has been designed," Dr Fernando says. "The bills allow
the Health minister to make the rules and require the Information
Commissioner and the PCEHR system operator to report annually.
"But there are no system benchmarks or ways that governance success or failure may be judged." At
the lead sites, for example, patients' IHI numbers, which link to
health and other personal information, have been downloaded by health
professionals in batches for local use and then circulated to
colleagues.
"This includes saving the records to practice
information systems, where in turn many will be saved on colleagues' own
computer systems, mobile phones and tablets," she says. "Patients,
let alone health authorities and medical professionals, are unable to
measure or control all locations where their information is actually
stored at present."
The APF is "alarmed" to learn that under the bills, government agencies "will steward all information stored in one's PCEHR, one's IHI and all data from the Centrelink and Medicare mega-merger".
"We
are concerned that the bills do not embody informed consent
arrangements and that citizens are not being advised by federal
authorities about the breadth and depth of data Australian governments
hold, use, disseminate and data-mine about individuals without consent,"
Dr Fernando says.
She notes the recent Federal Court finding that Medicare had illegally merged
patient medical and prescriptions data, amid a range of concerns over
the way its Professional Services Review (PSR) team handled
investigations of alleged provider wrongdoing. "Yet the
(Gillard) government is working to diminish protections embedded in the
PSR laws so Federal Court challenges to database mergers of indexed
health information may not continue," Dr Fernando says.
Meanwhile, the "heavily publicised" audit proposals for tracking access to PCEHR records "take no account of human factors or of the fact that current audit systems, on which the bills rely, are dysfunctional".
A
recent Audit Office investigation found the Health department failed to
act on cases of breaches of patient information stored in pharmacies
"because it had received no direct complaint by an individual patient".
"Individuals
can only discover such breaches under the proposed bills if the
government agency employee with whom they make their enquiries judges it
appropriate to pass on the information," Dr Fernando says.
"As
public custodians of the data, government employees are inextricably
conflicted in the context of breach enquiries and government plans to
advance the PCEHR system."
The Senate Community Affairs committee is conducting a broad-ranging inquiry into the PCEHR legislation and related matters. It will hold public hearings next month and is due to report its findings by February 29.
Email to a Friend