The Department of Health and Ageing (DOHA) today outed its draft operational blueprint for the development, implementation and ongoing operation of personally controlled e-health records (PCEHR).
Minister for Health and Ageing, Nicola Roxon, today told ABC Radio 612 Brisbane that the blueprint represents a "concept of operations" for the electronic health record system set to be made available to the general public in July next year.
"Any person who chooses to, from 1 July next year, will be able to be part of an electronic health system, and what that means is that important information about you can be accessed by you at any computer, and probably any iPhone and Blackberry, into the future, which will have your current medications, any particular allergies, information that you might want stored there about emergency contacts and others," said the minister.
According to the draft blueprint, the "system of systems" will give end-users access to a consolidated view of their medical history via a customer-facing online portal. End-users will also be able to access the system via a government-operated call centre.
How you register
Those who'd like to participate in the scheme will be able to sign up from July 2012, according to the plan. They can do so online, face-to-face with Medicare Australia and some healthcare organisations or by post.
They'll be asked for a full name, as well as an individual healthcare identifier, Medicare number or department of veterans affairs number, in addition to their sex and address. These details will be verified with a trusted source. The users will be provided with an activation code to access their record.
From the portal, a user can:
- Access general information about the PCEHR system;
- Register, deactivate and re-activate a PCEHR;
- Nominate new representatives for the PCEHR;
- View, download and print clinical documents;
- Manage access controls and view who has accessed their health data and how; and
- Access help services.
If users decide not to be a part of the records scheme any more, they can de-activate their record. Any information collected up to that point will continue to be stored, but the record will not be accessible to any providers or individuals. Users can reactivate their record later, but there will be a gap. All information that was in providers' local records will still be there.
Death will also cause a record to be deactivated. Records will only be used for legal or other approved use. A decision needed to be made on how long the records would be kept via a consultative process and a legislative review.
The PCEHR system will also establish a provider portal to complement existing health record systems and give healthcare providers access to a patient's details.
Providers will need to have an identifier and provide their details to a directory. Then they have to set up an option for connecting to the PCEHR system, which could be via a clinical system, a third-party service provider or the provider portal. Unfortunately, systems aren't up and running yet to access the records system, so providers at this point need to access it via the portal.
Healthcare providers will log onto the system using their provided National Authentication Service for Health (NASH) token identifier, and will have access to:
- PCEHR search functionality;
- Viewing clinical documents; and
- Online help.
DoHA specified in the blueprint that the vendor portal will be read-only at launch, with write capabilities restricted to authorised clinical software to preserve data integrity. The portals also need to be accessible via all major browsers including, but not limited to, Internet Explorer, Firefox and Safari, as well as on mobile operating systems including, but not limited to, Android and iOS.
Those who drop out of the scheme won't be able to access any of the information anymore.
The records are not a replacement for local health records, according to the plan, or for normal clinical communications.
The scheme will also allow for consumer portals to have access to the system, so that they can provide "value-added" features such as self-managed care and access to health literacy information.
Access control settings
Users will be asked whether they want participating healthcare providers to see if they have a PCEHR and whether they want to allow any healthcare provider engaged in their care to access their record, or only some.
If the latter is chosen, then the user sets up a PIN or passphrase which new organisations can use to be added to an "include" list. Users can also allow organisations to access the records in the case of a forgotten passphrase, with the reason for accessing records to be recorded. Users can also opt to be notified whenever organisations have been added to the "include" list.
Users can ask for clinical documents not to be loaded to the PCEHR; however, the onus is on the individual to tell their healthcare provider this. They can also choose access levels for documents: any organisation, limited organisations or no organisations.
The limited organisations will be a subset of the "include" list, with only organisations having a special provider access key (PACX) created by the individual able to access the document. If the PACX is forgotten, the individual has to ring a call centre to reset it.
The plan said that the government recognises that this feature may reduce the usefulness of the system, but was concerned that without the feature users wouldn't sign up due to privacy concerns.
In an emergency, necessary organisations are added to the include list.
Any user who is authorised to access an individual's records, including individuals, representatives and healthcare providers, will be able to request a summary of the audit trail.
Documents which are currently supported:
- Shared health summaries;
- Event summaries;
- Discharge summaries; and
- Consumer entered info.
Also to be considered are:
- Specialist letters;
- Prescribing and dispensing info;
- Pathology result reports;
- Diagnostic imaging reports;
- Medicare Australia records; and
- Advance care directives.
"The scope and extent of information that can be supported by the PRCEHR system is dependent on the healthcare sector readiness to participate in the PCEHR system," the plan said.
Docs within PCEHR can never be deleted; instead, a new version is created. Documents will need their own identifiers and enough information on the document to authenticate it.
Corrections to documents will need to be made by the organisation that created the document by creating a new version.
There will be multiple views to be able to see the documents easily:
- Index view: this will show the date of the record, type of record, clinical setting where it was recorded, the author name and role as well as a link to original;
- Change history view: This helps organisations or users to locate documents that have had a new version uploaded; and
- Consolidated view: this creates a health snapshot from range of clinical docs.
Only approved organisations on the limited list will be able to see withheld documents on consolidated document lists.
Security and concerns
One of the greatest challenges will be to convince end-users that the system is secure. The concept of operations pointed out that under the system individuals will only have a record if they opt for one, and they can set access controls to dictate whether healthcare providers can see the information.
Minister Roxon also stressed today that PCEHR data will not be stored in one, whole-of-government data warehouse to reduce the security risk around the PCEHR system.
"What we're building is the connections in the system, so that with your permission, information that your GP currently separately holds will be able to be linked up with information that the pathologist will hold about you, or the specialist, or the hospital, and again, all with your permission, and that is the beauty of what's being built," she said.
Information will be stored across several separate information repositories under the banner of the National Repositories Service, linked by a central system which aggregates metadata or "markers" which point to where the data is and a summary of what it contains.
The DOHA requires the PCEHR System Operator to run customer and provider access portals, core services and the National Repositories Service within dual datacentre environments for security and redundancy of information.
The program will also make use of authentication processes for transfer of identification, making sure that people seeking access to information are who they claim to be and those sending information are also properly identified. Out-of-band channels, such as SMS, will be used for important transactions. Encryption will also be used.
Those accessing information will not only have to give their organisation identifier but will need to authenticate themselves using their name and role for audit purposes. Those accessing details via the provider portal will have to use their identifier and a NASH token (smartcard or USB token) to ascertain identity before logging in.
Users will be informed of how often their record has been accessed and when, as well as whether there have been access attempts using invalid passwords.
Another major concern is take-up, with DOHA saying in its blueprint that it may need to provide incentives to encourage end-users to get onto the PCEHR system.
"Stakeholders have also identified that additional funding and/or incentives are likely to be required to drive adoption," the blueprint said,.
DOHA also stated that the number of involved stakeholders would complicate matters.
"The establishment of a national PCEHR System is a complex undertaking, given the number of systems to be integrated and the magnitude of stakeholders who will require support to adopt the system," it said in the blueprint.
Funding is also an issue, with any money to be provided after 2012 needing to be decided in the 2012/2013 budget.
The blueprint is open for comment until 31 May 2011.