MSIA voices concern over PCEHR legislation
The Medical Software Industry Association (MSIA) has strongly criticised aspects of the legislation underpinning the creation of the Personally Controlled Electronic Health Record (PCEHR).
It has also attacked the National E-Health Transition Authority's (NEHTA) handling of the recent disruption to the roll out of work at Wave 1 and 2 PCEHR sites due to a specifications issue.
“While a pause may be necessary, and a review of issues probably essential, no one in industry has been informed of what the issues are, when we may know the size of the problem or which of the many complex programs are incompatible with the build of the national infrastructure,” the MSIA said in its submission to the Senate committee inquiry into the PCEHR legislation.
“It does not make for trusting relationships, or inspire confidence in a way that allows industry to make decisions to invest in, and engage with processes in which NEHTA is involved.”
The MSIA said it made 18 recommendations to improve the draft bill and was pleased to see that some had been adopted, including compulsory breach notification provisions.
However, it still has some concerns of a lack of an advisory role for the informatics community, the software industry and Standards Australia to provide and review technical advice to the system operator.
It has called for much greater transparency about what is being built, saying “it is almost impossible for the legislation to accurately cover the issues of privacy, safety and data governance generally”.
It has particular concerns with the power vested in the system operator as operator, funder and a board member of NEHTA, saying it would make the operator “impossibly conflicted”.
Another concern is that the onus not to upload data which could infringe copyright or moral rights was still placed on the healthcare provider.
“Healthcare workers are not best qualified to judge these matters and the likely default instruction given to them by their organisations will be to not share data which could otherwise be usefully shared and used.”
A particular concern is the low uptake of healthcare identifiers under the national Healthcare Identifiers Service. “A few programs are in place that access the unique patient identifiers (IHIs) but most IHI access has been through a NEHTA sponsored Wave 1 initiative to inject IHIs into GP desktop software,” it said. “This has been done largely without the consent or cooperation of the software vendors.”
The MSIA said this was “an inherently unsafe process” as outlined in a 2011 study by the MSIA's Vince McCauley and Edith Cowan University researcher Trish Williams.
“MSIA made NEHTA and [the Department of Health and Ageing, DoHA] aware of its concerns with this process at the Conformance Compliance and Accreditation Governance Group (CCAGG) over 10 months ago. However, the roll-out has continued unchecked and NEHTA has been unable to provide any information about subsequent evaluation of potential errors that may have been introduced into live patient records.”
It also said less than one per cent of providers had opted in to the Medicare Provider Directory, which it says is currently the only way that verification of providers can be validated.
“Whilst a change request is said to be in process to fix this problem, Medicare and NEHTA have not been able to provide either the details of the change or a time frame in which it might be deployed.
“As at the time of writing, no one is able to access HPI-Is or HPI-Os via the HI service because the sector is still determining whether conformance test cases can be developed in a manner that satisfies patient safety concerns because of the design flaws.
“These major unresolved issues with the Health Identifier service, with potential serious impact on patient safety and provider welfare, along with the immature state of the PCEHR specifications, was a major input to the decision made by MSIA to call for a six-month delay in PCEHR implementation in a letter to DoHA in November 2011.
“The department’s response was that such a delay was unwarranted.”
It has made a number of recommendations, including:
- Add a more detailed description of the roles of all participants to aid understanding and uptake.
- Commit to a date to publish “Rules” to allow adequate time for those who may be of risk of breach to be fully aware and compliant.
- Increase advisory group to include representation from research, secondary data and aged care experts.
- Make a provision that includes the taking of technical advice from the informatics community, Standards Australia and the software industry associations to ensure future changes and developments are appropriate, safe and timely.
- Review the conflicts for the proposed system operator in the various roles held, as partial funder, system operator and as NEHTA board member.
- Action as an immediate priority, change requests to the HI Service that are deemed to have a potential clinical safety impact.
- Review urgently all the issues in the MSIA White paper on the Healthcare Identifier Service and ensure changes are made to ensure the service can be used safely.
The MSIA also repeated its call for a deferral of elements in the PCEHR which it says are not sufficiently mature or not sufficiently reviewed to ensure patient safety, such as the Australian Medicines Terminology (AMT) and SNOMED health terminology.
Posted in Australian eHealth