Now is the winter of patient consent
There is a certain type of news reporting common in Australia that we like to call pavlova journalism, in which basic ingredients are beaten up so hard they turn into a meringue, crisp on the outside but slightly unctuous in the middle and certain to make you feel sick if you eat too much of it.
That's pretty much the feeling MedicalDirector staff would have had if they made the mistake of reading some News Corp publications on Monday. Nestled in a swirl of eggy slop was the bold claim that 45 per cent of Australian GPs were now required to share all of their patients' data due to a software upgrade.
It was all nonsense of course but that didn't stop Twitter from going ballistic when an online privacy activist got hold of the story and retweeted it to her followers, claiming that MedicalDirector was now the “biggest honeypot” on the intertubes. A link was also made to a tweet last month from MedicalDirector user Thinus van Rensburg, who had noticed something strange when he went to upgrade to the latest version.
This version includes a new tool the company is calling MD Heart (for Health Education and Research Tool), which now makes it possible for any practice using MD to opt-in to its General Practice Research Network (GPRN) project, which has been in operation for over 15 years and collects de-identified patient data for research and benchmarking.
Somehow, the pavlova publication got the idea that it was compulsory, which is simply not true. The article in question has now been changed from GPs being “required” to share data to being “asked”, which really isn't the same thing, but the damage had already been done.
You can read all about it in our story here, which turned out to be the most popular of the week, and remember to take a look at the comments.
One of those comments, and some on Twitter as well, raised the question of how the issue of patient consent is handled in projects like GPRN, where the large patient population makes it tricky. MD emphasises that it has developed algorithms that ensure that patients cannot be identified from the data that is extracted and that individual patients can be excluded, but we wonder how many GPs will just not bother considering the hoops they have to go through to obtain proper consent.
While 10 or 15 years ago having a sign up in the waiting room informing patients that research on their data was being undertaken was probably considered enough, that probably doesn't cut the mustard these days. And the term “de-identified data” doesn't quite have the cache it used to have, what with seemingly everything getting re-identified. Examples include the UK's care.data project or the more recent case of the Australian Department of Health making de-identified billing data available for research, which the University of Melbourne showed could easily identify the doctor, and their patients.
These questions also come at a time when the Office of the Australian Information Commissioner (OAIC) has begun releasing statistics about notifications it has received under the new mandatory data breach notification policy. In its first quarterly report released a fortnight ago, the information commissioner said there had been 15 notifications from healthcare organisations, making up a quarter of the total.
This statistic has also been beaten up thoroughly by some, but the question we immediately asked was, what exactly do these breaches involve? Is it a matter of information being sent to the wrong provider or patient, data being added to the wrong person's record, or is it something that involves actual wrongdoing? We don't know and can't know because while the OAIC says there have been privacy breaches, they can't tell us what they are because that would be a breach of privacy. Milo Minderbinder would be impressed.
The heightened scrutiny on patient consent, data safety and data privacy also comes just as the government gears up to announce the long-awaited move of the My Health Record to opt out. We spoke this week to the Australian Digital Health Agency's main man on this issue, the head of core services and operations Ronan O'Connor, and he told us the agency was ready to go when Health Minister Greg Hunt flicks the switch.
We'll bring you that interview next week but in the meantime, it got us to pondering whether the oft-cited average of two per cent of people opting out of a system like this will be reached or perhaps even exceeded. The trials in 2016 achieved a 1.9 per cent opt-out rate, which is very good, but fewer than half of the population in the trials remember receiving a letter about it, which is pretty bad.
A lot will depend on the agency's communications plan to see what the eventual rate is, not that it really matters – those who opt out can sign up whenever they like, and those that opt in can later cancel their records. Nonetheless, we thought we'd see what your bet is on how many people will opt out. Our poll this week asks: Will it be more than two per cent, or less?
Last week we asked: Is your practice likely to change its clinical software in the next three years? 39 per cent said yes, which was more than we expected, but 61 per cent said no.