Development problems continue to dog NASH
This story first appeared in the April 2014 issue of Pulse+IT Magazine.
It is a characteristic perhaps of the rushed nature of the roll-out of the PCEHR that IBM’s deadline for the delivery of the National Authentication Service for Health (NASH) was a mere week before the actual system went live to consumers.
As it turned out, IBM failed to deliver, the reasons for which have never been publicly explained and which remain under the cloak of confidentiality agreements. That wasn’t necessary a reason for halting the launch of the PCEHR, as clinicians couldn’t use the system on July 1 anyway, but it did point to a rocky road ahead for NASH.
Highlighted by NEHTA in a 2011 blueprint as one of the foundations of a national eHealth system, secure, trusted authentication is essential to ensure only those qualified to access medical information can do so.
DHS/Medicare was not asked to design a solution despite managing a Public Key Infrastructure (PKI)-enabled authentication system for online claiming for some years, the reasoning being that Medicare’s location certificates are often used by more than one clinician. At the time of the PCEHR build, they were also not supported by a smart card management system (SCMS).
While Medicare’s PKI location certificates were being used for secure messaging, according to NEHTA’s blueprint there was no national identity credential available that could be properly used to support NEHTA-compliant secure messaging standards.
In 2011, NEHTA issued a tender for an external organisation to build NASH, subsequently awarding the $23.6 million contract to design, build and operate it to IBM. Little else was heard until NEHTA CEO Peter Fleming was forced to confirm on June 18, 2012, that NASH would not be ready for the launch of the PCEHR on July 1. In October that year, NEHTA confirmed it had ”terminated” the contract with IBM.
In the meantime, arrangements were put in place to provide an interim NASH through Medicare. NASH certificates began to be issued in late August to healthcare providers and organisations who had registered for the system. These certificates enabled authorised clinicians to access the PCEHR through conformant clinical software, which ironically had not yet been rolled out.
To read the full story, click here for the April 2014 issue of Pulse+IT Magazine.
Posted in Australian eHealth