Back on the My Health Record nonsense merry-go-round

It's never nice to kick someone on the redundancy line when they are down but the sub-editor at the Daily Telegraph who decided to come up with a headline screaming about your optometrist finding out about all of your abortions because of the My Health Record seriously needs to reevaluate their career choices.

While we had a nice little story about pathology reports finally going up to the MyHR from public hospitals in NSW, over at the Terror it was full-on nonsense mode, in which the fact that access controls are set on universal by default is somehow a 'bungle'. It's not, they've always been like that, consumers can change them whenever they like and no, it doesn't mean 600,000 people will be exposed to your haemorrhoids.

Normally sensible people, including reporter Sue Dunlevy, trotted out a load of old cobblers in this story. Former AMA president Mukesh Haikerwal is quoted as saying that “potentially your employer’s occupational therapist can look at your record.” Yes, and potentially I could captain Sweden in the legendary sport of farnarkling but it's highly bloody unlikely.

The number of errors in the yarn are too many to go into but a couple stand out. The system has not cost $2.2 billion for one thing. The claim that the “health records of every Australian will soon be on open access” is another. Your historical data is not going to be included, and nor is anything you want to keep private now. And opt out does not mean compulsory: if you don't want one, you don't have to have one.

But the main problem is the scaremongering. Raising people's fears of public disclosure of sensitive information about abortions, STDs or mental health issues is an old trick being peddled by the tinfoil hat enthusiasts who infest the weirder fringes of the privacy movement. They've said the same thing about government-run healthcare since Karl Marx was a baby and nothing has changed since.

These self-appointed guardians of the nation's privacy – and chastity, going by their prurient interest in people's reproductive health – have been touting nonsense and misinformation about the PCEHR and now the MyHR to every tech or health journalist in the country for the last couple of years, and they get a nibble now and then.

Sue Dunlevy has taken a big bite on this one but she'd be on much safer grounds doing what she does best and concentrating on the real failings of the system, like the fact that doctors hate it, no one uses it and when we do switch to opt-out, she is going to be chockers full of more ripping yarns like the one she told about records being created for dead people.

Whether you are positive or negative about, indifferent to or completely bewildered by the My Health Record, sticking to facts about it rather than fear is the safest course. But that of course would make the tinfoil hat brigade's future look bleaker than a News Corp sub-editor's job prospects.

Our poll last week asked: Is Xero worth 12 times as much as Orion Health? We thought this would be a toss-up and it was: 50 per cent said yes, 50 per cent no.

Comments   

+1 # Thinus van Rensburg 2017-04-16 11:40
Hi Kate

You conveniently left out Dr Haikerwal's other credential's such as his past role as a Clinical Lead at NEHTA. Where he was responsible for Clinical Safety Governance and Engagement for the build of the PCEHR. I would suggest he was commenting with that hat on rather that being an ex-AMA president. As one of the most knowledgeable people in this field.

The facts are:
1. The default setting allows access to all records in MHR and no notification of when it is accessed by an organisation. You are correct that Sue Dunlevy made an error - people were never clearly told they could have access control. It was very deeply hidden within the system in the first versions of the PCEHR and not higlighted during the sign-up process.
2. Most people who have signed up are unaware of this and a large number of them are elderly people who lack the IT skills to change this - as clearly highlighted in her article (only 147 people safeguarded their records out of 1 million in the trials)
3. The DOH is either deliberately misleading the public or do not know how the desktop EHR's work. All a user need is a name, date of birth and Medicare number and , if their EHR is properly configured, they have full access.
4. Access is site-specific, not user specific. Each site is supposed to be able to internally log who has accessed a patient's file and/or MHR. I would suggest very few GP clinics know how to do it and in larger medical departments such as Emergency Departments it is common practice to continue in the previous person's log-in instead of logging them out first.
5. Medical Director is the most common EHR used by GPs. It's "PCEHR" module is designed in such a way that you will always upload all history - even if you have been told sometime in the past not to. It is a disaster waiting to happen and at some stage a patient's confidential information will end in MHR. With the resulting business closing and career ending fines for breaching the Privacy Legislation.

Dismissing the journalist comments as "tinfol hat brigade" is disengenious. The gist of her reporting is accurate as is the follow-up commentaries in publicalions such as Australian Doctor

As one of the first users of MHR I will continue to cautiously take part in the process. Having a meltdown about a factual criticism of the system does not help anyone - and I think you did Dr Haikerwal a huge discredit and owe him an apology.

Thinus van Rensburg
+1 # Ian Mcknight 2017-04-18 00:12
Hi Kate,
Loved this article, long overdue in my opinion. As someone who has tried to make GPs comfortable with this initiative over the last 4 years or so, it has been really hard to watch the "anti-MyHr' commentary go largely unanswered. Especially galling as the published content is often; exaggerations, half-truths and sometimes blatantly incorrect information. Sadly we live in a time of reduced attention spans, so half reading a byline, or glancing at a headline and regurgitating it to someone else is commonplace. I have lost count of the clinicians I have spoken to who are under some sort of misconception or wrongly informed when it comes to the MyHR. Whether you agree with it or not, a reform of this size and import warrants more diligent treatment by those running commentary.
As for the "tinfoil hat brigade", well as you indicate it wasn't that long ago when we were hearing those same arguments being used against internet connectivity for practices. Amazingly when this did become commonplace the armies of hackers and cyber-terrorist s acquiring patient data and auctioning Mrs Miggins' Pap Smear information to the highest bidder didn't transpire ! What did transpire was pathology results and discharge summary information being conveyed to GPs far quicker than was the case previously. Patient's getting their medicare payments same day didn't hurt either.
What we see these days is a completely lop-sided assessment of risk and benefit. We focus on the hypothetical nightmare or deliberate abuse scenario, and refuse to weigh it against the actual overwhelming, everyday amount of good that would eventuate. We drive cars we could die in,we bank on-line and could get burnt, we statistcally overwhelmingly don't suffer these negatives,and our lives benefit as a result.
Thinus's response indicated a pretty strong grasp on how things work, but I would make a couple of points.
Re Point 4 and Practices not knowing how to internally log who has accessed a file or MyHR. This is generally taken care of by the software without any configuration needed. Best Practice now has a running MyHR audit Log, and Medical Director has at least MDTrace which details record access. And as to emergency departments using the same login, true enough for sure. Equally I'm sure the paper documentation that hit the desk in ER could sit there for several shifts and be read by anyone in the vicinity. Actually that's one thing that the MyHR and the ehealth world in general delivers to us in spades,it greatly reduces paper handling and therefore access by non-clinical staff to clinical information. And if an electronic record is improperly accessed there is every chance there will be a "footprint" or log available. Try proving if someone opened a paper file or looked at a letter.
5. Your point about MD is spot-on. Of course it is an MD issue that can be fixed, and not a MYHr issue. If you are worried, attach a "Not for MyHr" tag in the comments section of the diagnosis as an alert. But MD should modify this by only showing history items that are marked for "Summary" with a default tick next to it in the SHS creation screen. I will log this as an improvement suggestion with MD, although hopefully it's already been mentioned.
Re the disaster waiting to happen, business closing, career ending etc, well we are still waiting. Please let me know when you are aware of someone who has behaved in good faith loses their career when they have uploaded a history condition that the patient didn't want shared.

Ian McKnight
# Thinus van Rensburg 2017-04-18 07:05
Hi Ian
Thanks for the response. Sadly I have been on the receiving side of such litigation - granted because of a printed letter in which I mentioned, what I considered, a minor matter in the social history only to be sued for breach of confidentiality a few years later. It was a frivolous claim yet took two years and a lot of money to get sorted out. And in 2017 would also have had to be reported to the Privacy Commissioner in order to avoid massive fines.

Private and public enterprise love the convenience of electronic systems without understanding the risks - only last week I had to have yet another discussion with the Office Manager of a local Specialist who could not understand why I was unwilling to send clinical records to a Gmail address. Even after I send her a copy of Google's privacy regulations that showed that Google's software reads the content of every single e-mail that is sent - to their server in Singapore.
Without Naysayer's like me people will go for the quick, easy & convenient option - which is not the same as safe & secure.

Lastly - MD has been aware of the flaw - I have been telling them repeatedly from the first day the rolled out their module - which ironically is still titled PCEHR in their software

Regards
Thinus
+1 # Ian Mcknight 2017-04-18 10:52
Hi Thinus,
Unfortunate that you got caught up in that litigation. Technology gives us the opportunity to make an error very quickly and easily, but I'm still of the mindset that the "good" offered easily outweighs the bad. As far as risk goes, in today's technology, I urge people to be aware rather than averse. One thing that would help would be for all GPs to ensure that they and their staff are skilled in using and understanding their clinical applications, to my mind this is not always given appropriate emphasis, I'm making this as a general observation, not referencing you.

I've had the same issues around email, telling specialists that sending unencrypted email with clinical information contained is contrary to the Accreditation Standards practices try and live by. Specialists should respect that.

MD 3.17 has been out for a while now, and you will be pleased to know it is now labelled as My Health Record.

Regards,
Ian McKnight
# Thinus van Rensburg 2017-04-18 12:25
Thanks for the heads-up re 3.17. Interestingly they have not yet formally advised us that it is out. the last time I checked it was still in the early stages of a phased roll-out.
# Thinus van Rensburg 2017-04-18 12:29
Just checked MD's site - latest download is still 3.16c (dated Sept 2016).
Guess I'll have to wait until they decide to put it on teh website or send a disk.
T
+1 # WA Primary Health Alliance 2017-04-18 14:29
Thank you for this viewpoint Kate, although I don't believe all GPs hate it. We have a number of strong uploaders in WA and most are quite comfortable with it once they've seen the newer release. The difficulty is though that there still isn't a lot of information as you've pointed out many times, and it can be difficult to encourage some to be the chickens that lay the eggs.Over time that will hopefully become easier as more and more is uploaded.
# Andrew Magennis 2017-04-21 10:08
Thinus,
It is good to see that you continue to contribute to these discussions.
In your first post, your point no 5 is not correct. As you point out, MedicalDirector Clinical (MDC) will load all Past History items into a Shared Health Summary, however, what you do not point out is that all items checked as 'confidential' in MDC's PHx section, are highlighted in red and are automatically de-selected (ie they will not be sent up to the MHR), whereas all entries not marked as confidential are automatically selected to be sent up to the MHR. If the doctor tries to select one of the confidential entries, our program will present a message pointing out that the selected entry is confidential and provides an option to add it anyway, and keep it listed as confidential in MDC, or to add it and re classify it as not confidential in the MDC PHx list, or not add it to the upload.

The name PCEHR was changed to MyHealth Record in version 3.17. This version is being released State by State. If you are yet to receive notification, simply call support or email them and they will send you a link to download this version. Any user can do this.

Your previous concerns re confidentiality were noted and appreciated and have been addressed as described above. Feedback to date from our users shows that they find the solution intuitive and easy to understand.

Best wishes,
Dr Andrew Magennis
Chief Medical Officer
MedicalDirector
# Thinus van Rensburg 2017-04-21 13:18
Hi Andrew
Yes off course an item can be marked as confidential in the summary and are highlighted as red and unticked in MHR.
You are however confusing two very distinct clinical pathways here.
There are clearly issues that a patient would like marked as confidential and not appear in any communications - whether it is an upload to MHR or a referral letter. These we always mark as confidential in MD.

There are however many possible scenarios where patients would, for whatever reason, decline to have a history item uploaded to MHR yet be happy to have it appear in a referral letter. One example is an elderly patient of mine who is very comfortable with an old suicide attempt being included in referral letters yet would not allow me to upload it to MHR. It makes no sense in the clinic workflow to mark such items as confidential just to keep them out of the MHR as MHR is NOT our record system - it is a duplicate system that does not replace our information on our desktops. We cannot seriously be expected to start producing flawed referral letters by using the "confidential" function for this purpose.
The option of marking an item as confidential in MD is therefore not at all suitable for this purpose and I maintain that it places a high medicolegal risk on users who, 40min into a 10min consult, end up shooting a quick updated summary to the MHR. It is designed to facilitate errors rather than to prevent them. Your users may not be so happy once the first lawyer gets involved because a seemingly innocuous piece of information was uploaded to MHR.

You are correct that 3.17 is not yet formally available in the ACT - 4 months after it's release was announced in a newsletter. I did manage to get a copy today and will be spending another weekend on installing it. Hopefully it will also fix the automatic update error that support has been unable to get fixed for over six months

I remain a loyal MD user and will continue to deliver constructive support after seventeen years of using the product

Thinus

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.