Data sharing among consenting adults

Regular readers of Pulse+IT will remember an interesting move a couple of months ago by a group of four health IT companies in New Zealand to take their concerns about a new clinical information system developed by Auckland primary health organisation ProCare to the press, the public and the New Zealand Privacy Commissioner.

The complaining companies – secure messaging vendor HealthLink and GP software vendors Medtech, My Practice and Best Practice – made some quite serious claims about the potential for a breach of the data of the more than 800,000 patients enrolled with ProCare's general practices in the Auckland region.

Those vendors were given a bit of a smack on the bum today by commissioner John Edwards, who poured cold water on what he called their “alarmist” claims and warned of the dangers of airing these sorts of concerns – and taking them to the media – as they risked unnecessarily scaring patients and reducing trust in the health system.

ProCare, not surprisingly, wholeheartedly agreed, saying the drama had caused a lot of angst to patients and to clinicians and that it strongly shared the commissioner's concerns about unsubstantiated claims and the undermining of public confidence.

Equally unsurprisingly, the vendors stuck to their guns, saying they still think there is an issue that needs to be resolved. We agree. It's not so much ProCare's handling of patient data that is the problem but its handling of patient consent. In New Zealand, it is customary that all patients sign a form when enrolling with a practice that includes a section in which they are asked to give consent to having some of their data shared with the PHO for population health purposes and publicly funded health programs.

However, while patients are certainly told this when they enrol, some would have done so years or even decades ago, and might not be so agreeable today. While there's probably not much that can be done retrospectively, it might be wise for ProCare to run a small information campaign outlining exactly what is being collected and why, and perhaps look at offering an option to opt out.

Another of the commissioner's criticisms was that the vendors were too quick to go to the press with their concerns. As expected, we vultures in the media beat up this story to within an inch of its life when we got hold of it. In their own defence, the vendors say they had approached ProCare with their concerns and got nowhere, so decided to let the vultures feed instead.

We were all over the National Oracle Solution drama this week as well. This project has been an ongoing saga for several years and finally came to a head this week with the release by the Ministry of Health of a review by consulting firm Deloitte into the near $NZ100 million system, which so far has only gone live in four DHBs.

The NZ Herald is now reporting that the further roll out of this system has been paused by Health Minister David Clark, in part because the Deloitte review could find no obvious metrics to justify the promised benefits of the system, which were touted to include savings of over $500m.

The interest from a health IT perspective in this system is that it's the second big IT project failure in the past couple of years that has been overseen by NZ Health Partnerships, a shared services organisation owned by the DHBs. The other failure was the National Infrastructure Platform (NIP), which was built by IBM to provide a data centre platform for all 20 DHBs, many of which did not end up signing on.

This is not even the fault of NZHP, which was established to clear up the mess left by Health Benefits Limited (HBL), an independent government body originally thought up by former health minister Tony Ryall in 2010 to bring a bit of economic rationalism to the DHBs' investments in IT infrastructure, cleaning and food services, and finance and purchasing. Unfortunately for HBL, it ended up costing more than it ever saved and was summarily dumped by Mr Ryall's successor, Jonathan Coleman, in 2015.

Since then, the NOS drama has bubbled along, with shadow associate minister for health Shane Reti regularly going to town on its failings, blaming most of them on new health minister David Clark. Dr Reti has been particular scathing over the decision to award a contract to review the NOS to Deloitte, which just so happens to own a subsidiary involved in the NOS roll-out and which stands to benefit if it goes ahead.

Deloitte says it kept anyone involved in the NOS project off its review team and brought someone in from Australia to manage it, but that hasn't placated Dr Reti, who insists there is a conflict of interest and has demanded that Dr Clark resign.

Let's just say there's more than a little bit of political point scoring going on here: there is the NOS project, which has cost $100m with not much to show for it, and there is the review, which cost $150k and is actually of some use. If Dr Reti wants Dr Clark to take responsibility for bungling the review, he should perhaps nominate someone from his side to take responsibility for bungling the NOS in the first place.

We here on the West Island usually like to laud NZ's health IT sector for getting on with it when we try and fail so often, so while the Kiwis are streets ahead of Australia in certain respects, it's good too see they can stuff up it as well as we can once in a while.

That brings us to our poll question for the week: do you think patient consent for data health sharing needs tighter regulation?

Sign up to our weekend edition to vote or leave your thoughts below.

Our poll last week asked: Was Greg Hunt the right choice for health minister? Our readers are not big fans of Mr Popularity Contest: 32.5 per cent said yes, 67.5 per cent said no.

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2021 Pulse+IT Communications Pty Ltd
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.
Supported by Social Media Agency | pepperit