Roxon outlines how e-health will work

Roxon outlines how e-health will work

Summary: Federal Health Minister Nicola Roxon yesterday provided further details on how the Federal Government's electronic health record project will work in practice, although details of exactly how budget funds will be spent on the project remain scarce.

SHARE:

Federal Health Minister Nicola Roxon yesterday provided further details on how the Federal Government's electronic health record project will work in practice, although details of exactly what budget funds will be spent on remain scarce.

Roxon told journalists at a press conference in Sydney yesterday that the project would see Australians access their electronic health record online through a system run by Medicare. "The easiest way to think of it is how you access your bank details online," she said.

"You can access your information, because it is your information, but whether you give somebody else permission to access it, is why there is such a difficult design task ahead of us to be confident that patient records will be secure, and only accessed by those people who are appropriately given permission to do so."

It will be "at least two years" before patients will be able to use the system to access their information, the minister said.

Last week, Federal Parliament approved the passage of legislation to enable the creation of electronic health identifiers that will allow Australians to have personally controlled e-health records. The government has provided $466.7 million in this year's Federal Budget for e-health records.

Roxon said that the key thing for Australians to understand was that their records would be controlled by individuals and not the government.

"So that means that we as a government are not going to put conditions which say you can't get your Medicare benefit unless you use your patient-controlled electronic health record," she said. "A patient will decide whether or not they want their specialist to see the records of their doctor, or whether they want a new doctor to see the records of the previous doctor."

Nevertheless, the system will be structured so that every health care provider and every Australian will have a number.

Roxon was not able to provide many details about how the $466.7 million in budget funds will be spent, other than to note that Australia's peak e-health body, the National E-Health Transition Authority, has produced a business case for the funding, and there is an "enormous amount of standards work to be done" as well as a "huge amount" of design work.

"It's going to be followed with great interest in the technology community, and we do have some further details that will be released in the coming months," she said.

Topics: Health, Government, Government AU

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • As the author of the paper that was circulated to every Senator and caused the original Australia Card Mk1 legislation to be over-turned after it was approved in the House, let me suggest that the one safeguard I never hear mentioned is 'full loop feedback' as to access history.

    No matter how tight you make access, the only person who can check the "reasonableness" of access to your records is YOU. The feedback required is that the system should email you every quarter (if any access was made in that quarter) and the email should set out which health providers or government employees or agencies accessed any of your data, and which data was accessed. And that display should be in "easily readable format", in other words, it could list the health providers ID, but must provide the normal 'full name' of the health professional with comments such as "viewed title page and items 1, 6 and 12 without printing on 12/6/10". Only when health professionals know that the patients are receiving feedback on what is viewed will potential viewers be considerate in what they read.

    Moreover, each individual health worker, through to medical secretaries and nurse assistants need to have their own personal log-in ID. The safeguards fail as soon as a medical centre starts using a single log-in/password. If there was a privacy breach, the police might turn up and be told "We've had 20+ support staff work in this medical centre over the past three months, on various shifts and we all use Dr Logan's log-in because it was easier that way... so we can't tell you who looked through Delta Goodram's medical records." Let's remember that the LA hospital which had to fire a lot of staff for improperly looking at a Hollywood star's medical records were not doctors, but were hospital support staff. And unless you have accountability to the personal level, you don't have any safeguards.

    Eventually, it will be unworkable to have the data "only accessed by those people who are appropriately given permission to do so". People turn up unconscious in ambulances at hospitals and pre-consent for records access is impossible. We faced this same issue on a Federal Government committee I served on for roll-out of "informed consent" (provision of patient information regarding side-effects etc) for drugs about to be given to a patient.

    So some health professionals will need to simply pass a screen which says "You are certifying that as a health professional you NEED to access the records for a medical emergency and that (a) the patient is not in a condition to grant such access, or (b) time is so critical as to require that the pre-approval step be bypassed." And to cover any mis-use, you need that feedback to the patient as to who has accessed their health record.

    Additionally, there needs to be a provision of semi-sealed sections in a patient's records. The title page may simply note that there is a 'gynocological incident' of 25 years earlier with the word 'Sealed' next to that short description. Anyone seeking to open that element (sub-folder) of your health folder would be 'challenged' with the question of whether such information was critical to the health care now being provided. This allows for some earlier abortion, miscarriage, or birth (let's consider case where child was adopted out) to be handled sensitively. An gyno may have reason to access such data, as may a psychiatrist (with permission) but most normal day-to-day healthcare providers should have no interest in delving into portions of your health history that you wish to have treated with a higher level of confidentiality. This 'semi-sealed' functionality would encourage the data to be kept within the system (rather than being removed or not entered), allowing for better health outcomes, whilst avoiding a 'one clearance sees all' approach to your most personal details.

    Let's remember that with the state-based Police records, you have no idea of who's looked at your records. The way private collection/service agents etc have traditionally worked has traditionally been to pay an insider within the police force who will look up current details of anyone of interest for the private company. Few have ever been caught for use for other than valid policing needs, simply because there is no feedback loop.
    harrison_graeme
  • Oh, and how could I forget to comment on the "Medicare" reference in the first para of the story. Medicare has (for decades) been in "full cahoots" with benefits agencies (Centrelink etc), taxing authorities (ATO etc) and numerous other federal agencies, doing complete data matching. Yes, the agencies have secret "protocols" that should be followed to stop further data leakage... but the data is promulgated extensively.

    SO, where the article says 'the project would see Australians access their electronic health record online through a system run by Medicare. "The easiest way to think of it is how you access your bank details online," she said.' Well, that's certainly an ill-informed way to "think of it". The banks certainly provide data to the ATO, and upon legal demand, to other agencies, but they are not generally part of a large data-matching network.

    I posted last year (here, I think) that the only way to have e-Health records work is to have the government only ONE of the stake-holders in any such "agency" to hold one's health records. I proposed that other health professional representative bodies (AMA, Guild etc) also hold a single share each, and nominate a single director each. The non-profit would not return any funds to such bodies... but such a board controlling 'the system' would produce far better safeguards than letting "the Minister's bureaucrats" decide what they'd do with your data. Do you remember being consulted when Medicare decided to do widespread data-matching with other federal agencies? No. That must have been because it was in the interests of the government to do so, but not you.

    You can't let the controlling body be a for-profit commercial entity with a monopoly. But you can set up a 'trust' or non-profit, which makes it far harder for improper government intervention on an inter-agency agreement. The AMA would go back to its members, The Guild would advise pharmacists that the body holding all of our medical records was being asked to provide widespread access to XYZ agency... and the resultant uproar would focus the public's attention on whether the government or that agency had a valid reason to access such data, or whether they needed a judge's approval for each individual request.

    Bureaucracies work to their own ends. They may profess all sorts of responsibilities, but never in the end show any care for any party other than their paymaster of the day. So 'Big Brother' is happening all around us anyway. Soon you'll be filmed in lots of open spaces you visit, your numberplate tracked as you drive around etc. The question is whether you also want to allow any government bureaucrat to also sticky beak into the folders of confidential information currently sitting in various medical practices around where you live. At present it is too hard for the government, so they simply have access to the medicare procedures billed against your medicare number, and the PBS drugs issued to you... from which one could infer all sorts of medical conditions. But do you also want to give them access to the doctors written summary confirming any of these conditions. Insurance companies will only need "friends" in a department (like collection agencies have "friends" in police departments) to look up and confirm certain medical condition was pre-existing at the time you took out life insurance etc etc. As a result of the data-matching, such access may not even need to go to your e-Health record. The summary status kept on your Centrelink file may suffice.

    And let's remember that government promises mean nothing. When I appeared a month ago before the Senate Transport Committee Enquiry into Airservices Australia, I reminded the senators that the "absolute" guarantee issued by the Federal government to get the EIS through for the construction of Sydney's Third Runway was that it would NEVER be used for take-offs over the heavily-populated areas to the North, but that ALL take-offs would be over Botany Bay. I pointed out that, despite annual reminders being sent to Airservices Australia, they have for 14 years operated that runway "preferentially" (ie most of the time) in the proscribed/illegal manner. On Hansard (Airservices Senate Enquiry 28may10) is my testimony that "Either governments have to be seen as keeping to their commitments to the people, or everything they say is a lie and is subject to overturning the next day or the next week or any other time."

    The RSL was right - the cost of freedom is eternal vigilance. I am very much 'FOR' e-Health records, but I will not approve the submission of any of my own health records to any system controlled solely by the government. Nicola, do the right thing and ensure that the entity holding/controlling the e-Health records is an entirely-separate entity, with a truly independent board, who cannot be 'lent upon' in terms of complying with any future Ministerial request or inter-agency agreement as to data sharing or any other 'compromises' not in the interest of the patient.
    Graeme Harrison (prof at-symbol post.harvard.edu)
    harrison_graeme
  • I like your idea of a feedback loop. That does sound sensible.

    Suzanne Tindal, News Editor
    stindal