Chapter 2

The bills

2.1 This chapter examines the views and issues raised by various stakeholders during the committee's inquiry into the proposed personally controlled electronic health records (PCEHR) system. It also sets out the committee's views and recommendations.

Introduction

2.2 Australia’s health care system is fragmented and often results in duplication and mistakes. The government’s commitment to introduce a PCEHR system is intended to address these problems and result in better patient care and consumer outcomes.[1]

2.3 The government has stated that development of an eHealth system has been characterised by extensive consultation with clinicians, consumers and the health IT industry, all of whom have had the opportunity to comment on the legal issues that the introduction of such a system would present, and the exposure draft of the legislation.[2]

2.4 In recognition of the scope of the task and the multiple stakeholders involved in constructing a PCEHR system, the government has committed to providing the national infrastructure to support and enable the linking of data sources.[3] The PCEHR is due to commence nationally on 1 July 2012. To assist transition, the government has established 12 implementation sites and has initiated partnerships with organisations to build the required infrastructure and manage the change.[4]

An overview of the PCEHR system

2.5 The PCEHR system will enable any Australian to register for an eHealth record and at the time of registering choose who will be able to access their record and the level of access that those parties may have. Consumers who elect to register will also be able to nominate a representative to help them manage their PCEHR.[5]

2.6 Participation in the PCEHR system will be limited to consumers, healthcare providers and repository operators, all of whom will be required to register. The registration framework set out in the bill will ensure that accountability mechanisms are in place for all users.[6]

2.7 The System Operator will be responsible for the operation of the system including: establishing and maintaining infrastructure, a register of participants, an index service for documents stored within the system, and the national repositories.[7] The bills specify that the role of System Operator will initially be performed by the Department of Health and Ageing.[8]

2.8 The bills also provide for the establishment of independent committees – the Independent Advisory Council (IAC) and the Jurisdictional Advisory Committee (JAC) – to provide advice to the System Operator.[9]

2.9 Oversight of the system will be the responsibility of the Australian Information Commissioner – the Information Commissioner will act as the key regulator having the capacity to conduct audits, commence investigations, impose sanctions and investigate complaints.[10]

2.10 Both the System Operator and the Information Commissioner will, by legislative sanction, be required to provide annual reports to the parliament.[11] The bills also provide that the operation of the PCEHR system must be reviewed two years after commencement of the establishing legislation.[12]

General support for eHealth

2.11 Submitters to the inquiry have been in favour of the benefits that will result from the implementation of the PCEHR system, many recognising that it is time that such a system were implemented.

2.12 The Australian Medical Association (AMA) and the Royal Australian College of General Practitioners (RACGP) saw the benefits to patients in the delivery of such a system:

...most [Australian Medical Association] members are enthusiastic about using a shared electronic health record. They know that with the right system they can improve the patient's healthcare experience. The right sort of shared record system will help doctors deliver better care. They will have important information about their patients to help them to make good clinical decisions.[13]

The [Royal Australian College of General Practitioners] continues to strongly support the PCEHR and the foundations of electronic communications. However the PCEHR must meet the needs of clinicians and patients.

The four areas identified by the College reflect our concerns that they constitute a disincentive for the general practice profession to engage in the PCEHR system. Therefore, we would encourage the inquiry to address these concerns.[14]

2.13 The Aboriginal Health Council of Western Australia (AHCWA) was similarly supportive of the system and also identified that its introduction will see benefits delivered to patients, particularly those in remote and rural Australia:

We also very much see that the proposed legislation has great potential to enhance better patient outcomes in Aboriginal communities. Our sector also sees that this has a role to play in terms of Closing the Gap. It is also very clear from what the government is saying they are trying to do that this particular legislation and the proposal would support people who are in remote and regional centres.[15]

2.14 Support was widespread and was not limited to the medical profession but also consumer groups and privacy advocates.

[The Consumer Health Forum] is strongly supportive of personally controlled electronic health records. Our members see PCEHRs as a fundamental step forward in health care that will, over time, significantly improve health outcomes, reduce medical mistakes, save lives, improve safety and confidentiality of health records, save time and money and give health consumers greater input into their own health care. They are all very significant advantages if we can achieve them.[16]

Dr Fernando: I want to congratulate the Australian government more generally about the focus on e-health. I think it is a timely and an appropriate focus—that is, the focus on e-health and the way that e-health can benefit patients.[17]

2.15 Similarly, the health information technology (IT) industry voiced support for a transition to eHealth.

Our association is strongly supportive of the national e-health program and has contributed extensively to it over many years. The government's National E-Health Strategy and the recommendations from the National Health and Hospital Reform Commission report were warmly welcomed by industry. Our members have participated in countless reference groups, tiger teams, working groups, Standards Australia committees and other industry standards groups to try to ensure that the PCEHR program will be a success.[18]

2.16 In voicing support however, submitters to the inquiry identified particular aspects of the proposed system that they suggest require further amendment before implementation. Principal among the issues raised were concerns that the proposed governance structures within the bills will not provide adequate transparency and accountability; and a concern that as the level of functionality of the PCEHR system on implementation cannot be guaranteed, the rollout of the system may not be as successful as intended. These issues will be examined in this Chapter.

2.17 Throughout the course of the committee's inquiry concerns have also been raised about the effectiveness of the National eHealth Transition Authority (NEHTA), the corporation responsible for the design and roll out of the PCEHR system. As these issues do not go to the substance of the bill they will not be covered in the committee's report. However, the committee considers that the level of criticism warrants attention.

Governance arrangements

2.18 Part 2 of the Personally Controlled Electronic Health Records Bill 2011 (PCEHR Bill) sets out the governance arrangements for the PCEHR system.[19] Part 2 identifies the System Operator and specifies advisory bodies to the System Operator.[20]

The system operator

2.19 Part 2 of the Bill establishes the System Operator and specifies that the System Operator, who will be responsible for creating and running the system, will be the Secretary of the Department of Health and Ageing.[21] The bill does provide for the System Operator to be changed; it does this through the inclusion of a regulation making power.[22]

2.20 Stakeholders raised concerns in respect of Part 2 of the Bill, their concern being that by specifying that the System Operator be the Secretary of Department of Health and Ageing, transparency and accountability would be compromised. Some stakeholders were of the view that the System Operator needs to be independent of government:

On governance: CHF understands that the DoHA secretary will fill the role of the PCEHR system operator initially, with further discussions to be held with the states and territories around future governance options for longer term governance. We support the interim model but only for a period of two years of operation. The CHF submission calls for a transition away from the governance structures as proposed in the bill in favour of an independent system operator. This is based on the feedback that we have received in consultation with consumers, which called for the establishment of a statutory authority independent of the Department of Health and Ageing, Medicare Australia or the states and territories.[23]

Essentially, we have three fairly deep concerns. The first one relates to governance in the sense that there does not appear to be any accountability. In terms of freedom of information and so forth, I would point to NEHTA. The second point relates to the retrofitting of governance policies and protocols. The third point relates to the fact that e-health is now coming under the auspices of the DoHA secretary as the services operator, which means that there is no independence between the governance of the PCEHR system and the government interests that are involved in it... Governance is not just about advice; governance is about actually being able to influence and cause change and cause changes in direction.[24]

2.21 The Australian Privacy Foundation (APF) went as far as suggesting that implementation of the PCEHR system should be delayed until the governance arrangements set out in the bill are changed. Implementation on the basis that after two years the System Operator role would be transitioned to an independent body was not enough to allay their concerns:

Dr Clarke: We do not believe there should be a commencement of operation with the current governance arrangements. Therefore, we believe you should recommend a completely different set of governance, an orthodox governance arrangement, which does not just have an advisory arrangement with consumers and possibly—although we do not think there are any—privacy arrangements. There is at least some consumer representation in the advisory panel, but advisory is not sufficient. It has got to be a board which includes representation which has responsibilities. So I believe you have to rewrite it...

If you permit the bureaucracy to build it the way it wants it, it will be set in stone. There will be so many things that will be unable to be reversed, because they would be designed to be unable to be reversed. So it is not appropriate to commence that way. The bridging notion to me is caving in and permitting the government agencies to do what they wish.[25]

2.22 The Medical Software Industry Association (MSIA) also 'believes the System Operator (as described) is impossibly conflicted with roles as System Operator, System funder, and NEHTA Board Member.'[26]

2.23 The Department was asked about why the System Operator function was vested in the Commonwealth.

Ms Huxtable: We are really looking at what the governance options were in the immediate term, when you have a system that hopefully will be operating from 1 July. There are probably three main options. The first was to establish governance through a company like NEHTA—a company that is established under the Corporations Act. That is on one side. On the other end of that spectrum is probably to move more down an interjurisdictional statutory-authority-type road. The middle option is to vest the system operation within the Commonwealth at this time.

In terms of the thinking around where we have got to, which is clearly that middle option, there were fairly strong views—and I think this has come through in consultation, including on the healthcare identifiers—that where there is the capacity to hold and provide governance over health information, including private health information, that responsibility should be vested in the protections of government rather than in a company-type structure. So that puts on the option 2 or 3 side of the table. The reality is that to move to a more interjurisdictional statutory authority is probably a fairly time-consuming development process where you are looking at the legislative requirements that cover not only the Commonwealth but also the states and territories. So the legislation certainly does not rule out the possibility of moving more to an interjurisdictional statutory-authority-type governance structure, and it does in fact require a review of the functions et cetera within two years, but the value of this responsibility being vested within the Commonwealth and within the department is that it is subject to all the requirements of Commonwealth law in terms of an FMA agency.[27]

Recommendation 1

2.24 The committee recommends that the review of the operation of the Act that will occur after two years pursuant to Clause 108 specifically consider the issue of the appropriateness of the vesting of the System Operator responsibility in the Secretary of the Department of Health and Ageing as well as possible alternative governance structures.

Advisory committees

2.25 Throughout the course of the committee’s inquiry, stakeholders also commented on the proposed composition of the advisory committees that are to be established to advise the System Operator and although critical of the proposed provisions concerning the System Operator, submitters to the inquiry were supportive of an advisory structure.[28]

2.26 Divisions 2 and 3 of Part 2 of the PCEHR Bill set out the establishment, functions, status, and membership of the jurisdictional advisory committee (JAC) and the independent advisory council (IAC). Clause 19 of Division 2 of Part 2 of the bill identifies that the JAC’s members must consist of a member to represent the commonwealth, and a member to represent each of the states and territories.[29] By contrast, clauses 26 and 27 of the bill identify the membership requirements of the IAC.

26 Membership of the independent advisory council

The independent advisory council consists of the following members:

(a) the Chair of the council;

(b) the Deputy Chair of the council;

(c) at least 7, but not more than 10, other members.

27 Appointment of members

(1) A member of the independent advisory council is to be appointed by the Minister by written instrument.

Note: The member may be reappointed: see section 33AA of the Acts Interpretation Act 1901.

(2) When appointing members the Minister must ensure that:

(a) at least 3 of the members have significant experience in or knowledge of consumers’ receipt of healthcare; and

(b) between them, the members have experience or knowledge of the following matters:

(i) the provision of services as a medical practitioner within the meaning of the National Law;[30]

(ii) the provision of services as a healthcare provider other than a medical practitioner within the meaning of the National Law;

(iii) law and/or privacy;

(iv) health informatics and/or information technology services relating to healthcare;

(v) administration of healthcare;

(vi) healthcare for Aboriginal or Torres Strait Islander people;

(vii) healthcare for people living or working in regional areas.

(3) None of the members referred to in paragraph (2)(a) is to be a healthcare provider.

Membership is part-time

(4) A member of the independent advisory council holds office on a part-time basis.

Term of membership

(5) A member of the independent advisory council holds office for the period specified in the instrument of his or her appointment. The period must not exceed 5 years.[31]

2.27 These membership provisions attracted comment from many different stakeholders. A common concern was that membership should also include specialists from wider fields of healthcare given the unique knowledge and requirements for information that different healthcare providers will have when interacting with the PCEHR. Submitters who raised this with the committee included the Midwives College of Australia, the Royal Australian and New Zealand College of Psychiatrists (RANZCP), and the Australian Dental Association.

2.28 The RANZCP requested that the provisions be drafted more explicitly:

It is mentioned in the legislation that an advisory committee will be established to supervise the electronic health records system. No mention is made as to whether there will be a representative from the mental health sector on this advisory committee. Because mental health patients are some of the most vulnerable likely to be using the system, any glitches in the system are likely to affect them more severely for various reasons. The RANZCP believes it would be very valuable to have a psychiatrist representative on such an advisory committee nominated by the RANZCP.[32]

2.29 Similarly, the Australian Dental Association (ADA) suggested that paragraph 27(1)(a) be more specific:

While the ADA welcomes the Bill expanding the Independent Advisory Council (IAC)’s membership to a minimum of seven members, it notes that the Bill states three of these members must represent consumers’ interests and must have significant knowledge of consumers’ receipt of healthcare (paragraph 27(2)(a)). The ADA refers to its original Recommendation made to the draft exposure legislation that a minimum three members representing healthcare providers (other than a medical practitioner) be appointed to the IAC. The ADA insists these three healthcare provider member positions be drawn from professional bodies representing health professions.[33]

2.30 The Midwives College also wanted Clause 27 amended:

...to reflect the distinctly different services provided by the professions of nursing and midwifery. Paragraph [27] (2) (b) (ii) should be amended to read ‘the provision of services as a registered nurse within the meaning of the National Law’.[34]

Committee view

2.31 The committee acknowledges the importance of the role that will be played by members of the Independent Advisory Council given that the PCEHR system must deliver holistic health care benefits for consumers. The committee agrees with submitters that representation on the IAC should be reflective of the broad spectrum of healthcare providers, particularly those that support vulnerable or at risk consumers.

Functionality of the PCEHR System

2.32 Throughout the committee’s inquiry into the PCEHR bills, evidence was presented suggesting that many stakeholders are concerned that the functionality available within the PCEHR system when it becomes operational on 1 July 2012 will be inadequate. They were concerned that this will have a negative effect on take-up rates.

2.33 The concerns raised with the committee relate not only to design aspects such as (i) the opt-in nature of the system, but extend to (ii) definitions set out in the act that will underpin its operation; (iii) privacy and access; and (iv) safety.

An opt-in system

2.34 Clause 3 of the bill sets out the Objects clause. It sets out that:

The object of this Act is to enable the establishment and operation of a voluntary national system for the provision of access to health information relating to consumers of healthcare, to:

(a) help overcome the fragmentation of health information; and

(b) improve the availability and quality of health information; and

(c) reduce the occurrence of adverse medical events and the duplication of treatment; and

(d) improve the coordination and quality of healthcare provided to consumers by different healthcare providers.[35]

2.35 As identified in Clause 3, the bill introduces an ‘opt-in’ eHealth system that will enable any Australian who would like a personally controlled electronic health record (PCEHR) to register and create that eHealth record. The committee received evidence from many submitters who suggested that the design choice that the system be ‘opt-in’ will inhibit its effectiveness as it will have a negative effect on uptake. These submitters contend that this will reduce the overall benefits that can be achieved through an eHealth system undermining the medical profession's confidence in its use.

2.36 The Australian Medical Association (AMA) advocated an 'opt-out' model:

The reality of patients having to opt in means that when doctors look for a patient's record they will often find there is not one. Our submission highlights that we do not know what the opt-in rate will be, but we have given some examples in other areas where the opt-in rate is quite low. If doctors were to find that most of their patients had a personally controlled electronic health record, they would be more likely to keep using the system. They will quickly become reluctant users if they look for and cannot find a record for their patient. For better patient care, the AMA advocates an opt-out system that provides treating doctors with access to key clinical information to inform their clinical decisions.[36]

2.37 The AMA was particularly concerned that by designing the PCEHR system as an 'opt-in' system, those health consumers who stand to benefit the most are in fact the least likely to know that it is available and 'opt-in':

The issue we have is the protection of patients' privacy and the setting of controls, and this legislation has numerous levels of control that individuals can set. But the people who are going to most benefit from this legislation are the ones who really want us to share their information—our elderly; Indigenous Australians, I guess; people with complex and chronic disease. They just want us to get the message shared between providers. There is a great trust between providers that they will treat that information with the sensitivity that it deserves. If it were an opt-out process, all of those people would not have to create themselves a record. They would not have to worry about the access controls. All of those people would benefit.

...One of our concerns is that, when someone gets to a new doctor or an emergency department, the first few searches—which are going to be in the next year or so—are going to be fruitless and that there will not be a record, there will not be any summaries and there will not be any assistance. The problem is that extra time searching for something that does not exist is going to make people more reluctant to bother searching in the future. Until we get a critical mass of people who have accurate information, the value of this, the cost savings, the duplication savings and the concerns are going to take longer to realise.[37]

2.38 The Consumers Health Forum of Australia took the same view and like the AMA suggested that the consumers most likely to benefit will be least likely to 'opt-in':

Ideally we think that it should be an opt-out model. We have arrived in the position over quite a long period of consultation, looking at the literature—particularly the international literature—on the models that have worked and have not worked, talking with other stakeholder grounds and obviously talking with a wide range of health consumers around the country. I guess there is that issue of critical mass, which we are concerned about with the system not achieving. That is the first point. We need that for it to get off the ground and to work effectively. We want to see it work effectively.

The second point is that the [groups] that we are talking about who are effectively the groups that will benefit the most from a personally controlled electronic health record are the groups that are least likely to be opting in in the current model. It concerns us that they will not be getting access to a system that would benefit them. The third thing, I think, is informed consent. It is absolutely critical in this whole system, as is consumer control. What you are registering for and what you are opting into has to be made absolutely clear. You have to know what the benefits and the limits of that system are. It needs to be really clear. I think with an opt in system we still have questions about exactly how that informed consent will occur. Consumer control, which we think in many instances would be provided better if they had particular points at which they could opt out of some of the system functionality, would be a better approach.[38]

2.39 Although the PCEHR system has not yet commenced, 12 lead pilot sites have been established. When appearing before the committee, representatives of these Medicare Locals also outlined their preference that the PCEHR system be 'opt-out' by design, while recognising the reasons for the current approach:

Opt out would be easier. Opt in is the model that we are all following. I think opt in is quite good from the point of view that, for people who do have a serious concern about sharing their information and do not want that to happen, they do not need to opt in to the system.[39]

2.40 The Medicare Locals explained the engagement strategies that they will need to implement under the current 'opt-in' design to encourage take up and achieve the required critical mass:

Ms Anderson: ...we have a very specific targeting methodology, which is mainly based around our general practices. We are ready, but we are just waiting for the go-ahead to start sending out letters from our practices. We are helping the practices that are participating to put out letters to all their patients, to invite them to consent to and register for a shared record, should they want one.

It is an assisted process where we assist with that. Once that record is prepared and is ready, a placeholder is put on the system and the next time they visit their general practice that GP can upload a shared health summary, in conjunction with the patient, in that consultation. That is the main methodology that we are using to recruit patients. We do have these specific use cases around after hours, aged care, Aboriginal medical services et cetera. Some of those follow a slightly different pattern—for example, with after hours... there is a slightly different model there.

Mr McLeod: Because the after-hours model that we run basically uses GPs from the surrounding area and they all give up their time to form a collaborative that runs the after-hours service, the patients who go there are not regular patients of the after-hours clinic. They are patients who have gone there because they have a particular after-hours need at that time.

In those kinds of areas a mail-out or something like that will not work. So we are looking at basically using things like tablets or kiosks where people can actually go up and fill in their details and register or just use a pen and paper. That is our least favourite option because it is the most complicated in terms of getting it through the system, processed and registered et cetera. To be honest, we do not know which of those will be the most effective. There are various levels of how difficult it is on our side to administer each of those and the costs associated with them. Part of what we are doing is trying to put out various methods of doing it so that we can feed back to the national body and to others, to say, 'These are the four or five things we have tried. These two worked really well; these ones did not work so well. We thought using a pen and paper was a great idea at the start, but it turned out that pen and paper does not go so well.' We do not yet know the answers to those questions, but that is part of what we are trying to find out.

Ms Anderson: One of the things we will know in the next few weeks and months is the response from patients so, as letters go out to literally tens of thousands of patients, we will be very interested to see how quickly and how many people reply and actually want to participate in the system.

...we have websites and all sorts of brochures, posters and other materials to back up all of that—all of the consent documentation et cetera and all the approved versions that have gone through NEHTA and DoHA to ensure that we are using information that is agreed across all of the different providers who are involved. I have not personally seen all of the Q&As that are up there, but my understanding is that we are trying to cover off all the different issues so that people genuinely have informed consent about what they are doing. We expect, though, that GPs will end up having to answer a lot of those questions. Patients will receive the letter, some will fill it out and send it back. Others will probably take it with them when they see their GP and ask quite a few questions about it. We are trying to make sure that the GPs and the other practice staff are very well informed to be able to pass that information along to the people.[40]

2.41 The Australian Privacy Foundation however suggested that the implementation of an 'opt-out' system on 1 July 2012 would not be possible as the system would simply be unable to cope with the volume:

Essentially, the first thing is that the PCEHR system as it is presently designed—and I know that there are all sorts of holes—basically cannot cope with an opt out system. In order for an opt out system you would need to register not just all the patients but all the health practitioners and health providers. I imagine there would be a whole range of other health professionals that we would register as well. As present, we have something like one per cent of health practitioners registered for an individual health identifier. If we were looking at a release date of sometime in the middle of this year, I do not believe that we would be able to recruit the other 99 per cent and do the system redesign that is required to populate the databases that would support an opt out system.[41]

2.42 When these matters were raised with the Department, it explained that the decision to design an 'opt-in' system was fundamental to the system being patient controlled:

So it is an opt in. If it were an opt out, then you would be preparing for a whole-of-population implementation from day one. That is not the system that is envisaged for a number of reasons that have probably been discussed at length. Once you are talking about a personally controlled record, it is hard to blend that idea with an opt-out system. It does not quite gel to say on the one hand that people should have choice and control and on the other that everyone is going to have one unless you specifically say you do not want one. The reality is that this is a way to effect a staged implementation where you can get the benefits without all of the risks that come with a wholesale cross-population implementation from day one.[42]

Committee view

2.43 The committee notes that the majority of stakeholders, including both consumer groups and those representing the medical profession call for an 'opt-out' PCEHR system. The committee further notes that the Medicare Locals it heard from are also supportive of an opt-out PCEHR system.

2.44 The committee is of the view that the government should consider the views of these key stakeholders in considering roll-out of the PCEHR system. It notes that there are potentially significant costs involved in encouraging take-up by consumers. It also recognises that those consumers who would most benefit from a PCEHR may be difficult to sign up to the new system.

2.45 The committee agrees that a cautious approach is necessary in the initial stages. At a later date, the government should review the effectiveness of the opt-in model. The committee does not believe that consumer control is inherently incompatible with an opt-out model, though it recognises the importance of ensuring meaningful and informed consent.

Recommendation 2

2.46 The committee recommends that the review of the operation of the Act that will occur after two years pursuant to Clause 108 consider the opt-in design of the system including consideration of the feasibility and appropriateness of a transition to an op-out system.

Safety

2.47 Throughout the inquiry concerns were raised by the MSIA in relation to the safety of the proposed PCEHR system. In the PCEHR context, 'safety' relates not to the accuracy of the records but rather the ability to access records and the audit controls around who and how access has occurred.[43] In an answer to a Question on Notice the MSIA stated that the assessment of safety hazards should be:

...a continuous process...documented at the three critical stages:

1. Design and specification of the e-Health system...

2. Implementation...[and]

3. Roll-out, installation (and maintenance)...[44]

2.48 The MSIA was of the view that the PCEHR system is characterised by risks and that implementation should be delayed.[45]

We have had concerns about the underpinnings of the PCEHR—the health identifier services—safety for some time. We initially believed that over time those issues could be addressed. However, it has become apparent only in recent months, when finally the full specification has been released to industry, that in fact those safety concerns cannot be addressed without a significant change in the specification.[46]

2.49 The concerns raised by the MSIA related to the health identifier system:

Fundamental to the PCEHR is the ability to control access, which is based on the organisational identifier and the provider identifier, and also to audit access, which again is based on those two identifiers, to actually identify who has accessed the system from where. Without those numbers being verifiable and validated, there is no actual control over who is auditing or accessing the system. Any number could be put into the system, and there is no way of determining whether that number is correct or has been allocated to the right practitioner or organisation.[47]

2.50 The MSIA's concerns extended to the use of patient identifiers:

A patient's identifier can in fact change under a number of defined circumstances. When that change happens, there is no mechanism for Medicare notifying practices or practitioners of that change in identifier. Consequently, it becomes impossible to validate that identifier electronically against the service. Both the new identifier and the old identifier will fail validation. It means that any PCEHR record that is based on that IHI as a key to the patient record will no longer be useable and hence any information within the PCEHR will effectively disappear. That has significant consequences for patient management.[48]

2.51 The MSIA explained that if a consumer's 'personally controlled electronic record can suddenly disappear because their individual health identifier has changed then that will have potentially significant impact on patient safety.'[49]

2.52 Given the nature of these concerns, the committee raised these matters with both the Department of Health and Ageing and the National E-Health Transition Authority. Both the Department of Health and Ageing and NEHTA have since advised that there are a number of processes in place that seek to manage risk and address the concerns in relation to safety that have been raised by the MSIA.

2.53 The Department of Health and Ageing explained that safety is their key consideration in the design and implementation of the PCEHR system:

The question of clinical safety of all of the systems is absolutely critical to everything we are trying to do around getting success and credibility around the PCEHR. The clinical safety angles and the clinical safety assessments for all of the specifications and standards for the system are systemically in all of the development processes. The clinical safety people are involved all the way from the concept of operations and the creation of specifications, through to the publication and the compliance, conformance and accreditation process, so that is all there. The reports and the risks that are found in any of those processes we expect to be published within the specifications. To date we have processes to identify and understand the risks that come with these things, and if there are particular clinical risks that we are aware of then we will certainly take steps to remedy them. That stems right across the system from the system specifications, the national infrastructure, the specifications for particular documents and behaviours that might be built into software that some of our software vendors create, all the way through to the HI Service, which is operated by Medicare, and the ongoing operational aspects for the national infrastructure.[50]

2.54 NEHTA provided further information to the committee detailing that the concerns of the MSIA in relation to duplicates and changes in individual health identifiers are in fact unfounded:

The MSIA submission incorrectly raises issues about the safety of the Healthcare Identifiers Service which are based on misconceptions of the system design in relation to the assignment, management and retrieval of Individual Healthcare Identifiers (IHIs).

The submission asserts that a person’s IHI can change or new IHIs are issued under certain circumstances, in particular when their date of birth or gender record changes rendering the IHIs unusable as it would not be able to be matched with the person’s demographics and therefore irretrievable and unable to be validated. The submission appears to confuse the management of demographic changes within the HI system with the management of duplicates.

A correction to the patient’s date of birth or gender changes does not result in the assignment of a new IHI. IHIs are assigned when a person enrols in Medicare or DVA and others seeking healthcare in Australia such as individuals living or residing in Australia but not eligible to claim Medicare benefits or register with DVA. Where a person’s Medicare details are changed (for example their date of birth or gender reassignment) they will continue to utilise the same IHI. Even when an individual is transferred to a new Medicare card their IHI would remain the same.

The legislation does provide for a person to be assigned another IHI when applying for a pseudonymous IHI. The pseudonym solution introduced the ability for individuals (persons who receive healthcare) to apply for an Individual Healthcare Identifier (IHI) under a pseudonym. Pseudonym IHIs are for individuals who feel they need to conceal their identity due to concerns for their personal safety or information when seeking healthcare. The solution ensures pseudonym IHIs are completely separate from individuals’ existing records in the HI Service or Medicare systems. In the case of pseudonym IHIs, the healthcare sector would not be aware that a record was a pseudonym. This was designed to protect individual’s privacy, as per the requirements of the legislation.[51]

2.55 The Department and NEHTA also explained the role of the Conformance, Compliance and Accreditation Governance Group which was established to ensure stakeholder engagement and work through clinical risks that are identified in the development and roll out of the PCEHR system.[52]

The CCA Governance Group was established to engage with all stakeholder including MSIA, AIIA, ACIVA, Medicare, Standards Australia, all jurisdictions, the National Association of Testing Authorities (NATA) as well as NEHTA and the Department.[53]

Committee comment

2.56 The committee takes the view that issues of safety are critical to the success of the PCEHR system's implementation. The committee notes the concerns that were raised by the MSIA. The committee also notes the advice of the Department and NEHTA explaining the processes that have been implemented to ensure that issues of safety are addressed in the design and deployment of the PCEHR system.

2.57 The committee considers that the information it received throughout the inquiry suggests there is a level of confusion among stakeholders. The committee appreciates the information that it has received to clarify these issues throughout its inquiry, and recommends that the Commonwealth and NEHTA ensure that this information is fully available to stakeholders.

Definitions

2.58 Functionality of the PCEHR system relies on the use of definitions; the definitions critical to its operation are set out in Part 1 of the PCEHR Bill. Many stakeholders identified the importance of defining certain terms given that access to the records contained in the system, and therefore its useability, will be impacted if all the relevant healthcare providers are unable to contribute to the maintenance of a record. In particular, stakeholders identified the following terms as requiring amendment to give effect to the policy intent of the bill and ensure healthcare outcomes are improved by providing the right access, to the right information, at the right time, to the right people.

Healthcare provider

2.59 Clause 5 of the PCEHR Bill sets out the definition of healthcare provider as being:

healthcare provider means:

(a) an individual healthcare provider; or

(b) a healthcare provider organisation.[54]

2.60 Those healthcare providers that register under clause 42 of the bill will be able to collect, use and disclose health information to a consumer's PCEHR provided.[55] To qualify for registration to be a participant in the PCEHR system, the healthcare provider organisation has to have a healthcare identifier under the Healthcare Identifiers Act 2010. In general terms, this restricts access to certain medical professionals (see also discussion below).[56] Stakeholders suggest that definitions around who was healthcare provider should be clarified.

2.61 The Australian Privacy Foundation noted:

The Bills still do not define the term "health provider". The APF wonder precisely who will and will not be able to use the PCEHR system; this includes summaries of patient care information via the Internet for those unable to directly connect to individual patient electronic health records.[57]

2.62 The New South Wales Centre for the Advancement of Adolescent Health also suggested that the range of health professionals able to access and contribute to the PCEHR should be expanded so that the

PCEHR can encompass a holistic record of care. For example at headspace centres young people see allied health professionals such as Social Workers and Psychologists. These health professionals should also be able to access and contribute to the PCEHR.[58]

2.63 Services for Australian Rural and Remote Allied Health (SARRAH) was concerned that health workers who are not part of a nationally registered profession would be shut out of the system to the detriment of the content of the health care record:

Ms Lowe: The whole thing of who is in and who can access is very messy. The AMA alluded to registered professions and then talked about diabetes. When you look at a diabetic patient and the care that they require, a very key area of their involvement is dieticians. Dieticians are not a registered profession and are not likely to ever be a registered profession. So including just registered professions is going to leave a significant component of the allied health workforce not able to access records. Speech pathologists and social workers are two other key groups. They can get access if they are a member of their professional association, as per the current system with accessing MBS funding, but that generally applies to allied health professionals working within the private sector and not so much to those who are working within the public sector.[59]

Nominated healthcare provider

2.64 Some submitters have also called for a broadening of the definition of 'nominated healthcare provider'. In the PCEHR system, the nominated healthcare provider will assist the consumer to maintain their health record. The 'nominated healthcare provider' is the person who prepares the 'shared health summary', that forms the overview of a person's PCEHR. The definition of 'nominated healthcare provider' is currently set out in the Bill as being:

nominated healthcare provider: a healthcare provider is the nominated healthcare provider of a consumer if:

(a) an agreement is in force between the healthcare provider and the consumer that the healthcare provider is the consumer’s nominated healthcare provider for the purposes of this Act; and

(b) a healthcare identifier has been assigned to the healthcare provider under paragraph 9(1)(a) of the Healthcare Identifiers Act 2010; and

(c) the healthcare provider is an individual registered by a registration authority as one of the following:

(i) a medical practitioner within the meaning of the National Law;

(ii) a registered nurse within the meaning of the National Law;

(iii) an Aboriginal health practitioner, a Torres Strait Islander health practitioner or an Aboriginal and Torres Strait Islander health practitioner within the meaning of the National Law who is included in a class prescribed by the regulations for the purposes of this subparagraph;

(iv) an individual, or an individual included in a class, prescribed by the regulations for the purposes of this subparagraph.[60]

2.65 There can only be one nominated healthcare provider at any one time, and only one shared health summary. Although it is clear that the definition enables additional individuals to be specified as nominated healthcare providers by regulation (paragraph (iv)), the Australian College of Midwives and the Pharmacy Guild of Australia would prefer that they be specified within the provisions of the bill:

The definition indicates that a Pharmacist cannot prepare a shared health summary record for a patient; although Pharmacists and other allied health professionals may be subsequently added by regulation. The Guild believes as a frontline contact for patients that a Pharmacist is well placed to provide such services to the community. The Community Pharmacy network in Australia is extensive with over 5000 locations and Pharmacists have proven through previous e-health pilots and programs that they have the skills to perform such activities to the benefit of the patient and Government.[61]

2.66 The Australia College of Midwives contends that their exclusion from the bill does not accord with the policy directions of the Australian government:

Maternity care is currently the most fragmented healthcare to be experienced given the multitude of differing healthcare providers across primary, secondary and tertiary care. This fragmentation increases the inherent risk and emphasises the importance of including all maternity care providers as authorised nominated healthcare practitioners under the Act to initiate a shared health summary and participate in the scheme broadly.

Midwives have enduring therapeutic relationships with women as their primary carers for the course of the woman’s reproductive life cycle and as such are key maternity care providers and must be included as authorised practitioners in the definitions of the nominated healthcare provider.

This intent is reflected clearly in the National Maternity Services Plan, a five year plan endorsed by Australian Health Ministers in November 2010, where mothers and babies are to be given priority for implementation (Actions 4.1.3 and 4.1.4 apply) and where women are provided with increased access to midwives (Actions 1.2.2, 1.2.3, 1.2.4 and 1.2.5 apply).

Further, the Australian government introduced rebates under the Medical Benefits Scheme (MBS) and Pharmaceutical Benefits Scheme (PBS) for women receiving maternity care from eligible midwives.

Not only do the policy directions of the Australian government emphasise the importance of the inclusion of midwives in the PCEHR as health practitioners authorised to initiate a shared health summary but the safety and quality of maternity care for women receiving care from midwives makes it imperative to redress this gross omission.[62]

2.67 Similarly the Pharmaceutical Society of Australia recommended that:

The categories of healthcare providers eligible to be a consumer's nominated healthcare provider be expanded to include all nationally registrable health professions.[63]

Committee view

2.68 The committee believes there is some confusion around the application of definitions in the bill. There are two issues: what health sector workers can provide information to, and use, the system; and who can be the 'nominated healthcare provider', who is permitted to prepare the shared health summary.

2.69 The committee understands the concern of some submitters that all important healthcare information pertaining to a person ought to be able to be accessed in the PCEHR. The issue then is whether there is a mechanism to ensure that all such information – such as that prepared by dieticians or mental health professionals – is available as part of the electronic health record.

2.70 There are two ways in which this information would be provided in the PCEHR. First, many professionals who may not themselves be part of a registered profession will be employees or contractors of a healthcare provider organisation, such as a general practice that administers a headspace scheme, or a hospital employing a dietician. These people will have appropriate access under Clause 99 of the bill. Second, members of professions not registered under National Registration Boards or Australian Health Practitioners Regulation Authority (AHPRA) do still have an option to be recognised as healthcare providers under the PCEHR legislation. That option is through section 9A of the Healthcare Identifiers Act 2010. Under the Healthcare Identifiers Act, Medicare is authorised to assign a healthcare identifier to an individual healthcare provider who is a member of a professional association, provided that association meets certain conditions.[64]

2.71 The committee believes these options give sufficient scope for quality healthcare information to be included in the PCEHR. The committee notes that there is a statutory review of the legislation after two years, which will provide an opportunity to determine whether these provisions require further refinement.

2.72 The second issue is who can be a 'nominated healthcare provider'. Given that there can only be one such person, the committee believes the categories currently established under the legislation are appropriate, and that the regulation-making power should allow them to be revised over time if a clear case can be made that the current ones are deficient.

Privacy and access

2.73 The proposed privacy controls that will govern the PCEHR system are set out in Part 4 of the PCEHR Bill. Part 4 of the bill complements existing privacy laws (such as the Privacy Act 1988), sets out the purposes for which information contained in the PCEHR system can and cannot be used, collected and disclosed, and enables the imposition of civil penalties and other sanctions where there is a breach of these provisions.[65]

2.74 Although the privacy protections set out in Part 4 of the PCEHR Bill are comprehensive, stakeholders have raised concern that they will be penalised for inadvertent access (ie. that it will include circumstances where a health practitioner/healthcare provider is updating or maintaining a record). They consider that uncertainty remains in relation to the definition of unauthorised access and concern, particularly that there is some ambiguity around the emergency situation.

It is actually unclear in the emergency or the 'break glass' situation whether that would give you access to 'no access' documents or whether it would just give you access to all other documents. There are reasons here. There is a shift, fundamentally, in the philosophy of the model of whether this is a medically driven implementation or a consumer driven implementation. One can understand that practitioners are very keen to ensure they have access to absolutely everything that they could possibly imagine they could have access to. I think we can also understand that, as consumers, we are responsible for managing our own health moving forward and we ought to have the right to decide what we do or do not disclose.[66]

2.75 Consumer advocates remain concerned that the ability of a consumer to specify ‘no access’ to a particular record is not available:

On access controls: throughout our consultations on the PCEHR, there has been unanimous support for the reinstatement of the no-access consumer control. A number of consumers have described the issue as deal breaker in terms of their participation in the PCEHR system. The access controls have been significantly weakened since the release of the final concept-of-operations document in October 2011, with consumers no longer having the ability to mark a clinical document as 'no access'. Consumer representatives to the NEHTA have expressed concern to us that this decision to remove access control went against the advice of the NEHTA consumer reference forum.

...No access is a feature crucial to the success and consumer centeredness of the PCEHR.[67]

2.76 The Consumer Health Forum believed that the privacy protections afforded by the status quo are not sufficient:

It is important to note that this inquiry is occurring at a time when paper based personal health records are the basis of our health care systems. Current paper based health records, if created at all, are often not adequately or fully maintained. They lack confidentiality, they lack portability, they provide limited access or control to health consumers and they contribute to countless medical mishaps and poorer health outcomes.

The establishment of a fully functioning and effective PCEHR system is a no-brainer for anyone concerned about quality of health care. Our only concerns relate to how the PCEHR is implemented...

The privacy issues are really critical and important but should not be a reason not to have this kind of system in place, because there are a lot more concerns around the paper based system we have at the moment in terms of privacy breaches. When you have information sitting on fax machines and in paper records on people's desks, then there is not a secure information exchange that we could potentially have with this system if we get it right.[68]

Committee view

2.77 The committee acknowledges that concerns remain in respect of privacy and access. The committee notes however the inherent weaknesses in terms of privacy protections that characterise the existing, largely paper-based, health care records system. In light of this, the committee takes the view that the bills address privacy concerns in a manner which seeks to balance the rights of consumers with the access needs of registered healthcare providers to enable the delivery of better health outcomes.

Timeline

2.78 The PCEHR system is intended to commence on 1 July 2012. Witnesses were divided as to how effective this implementation date would be. Some were optimistic and regarded the starting date as appropriate:

Ms Anderson: We are working closely with NEHTA at the moment to work out the plan for transition. My understanding of how things are at the moment is that there will be components of the national system that we will be able to start implementing, certainly in our local areas, where we already have systems in place and where we already have momentum, people on the ground and practices that are already trained. We will be able to start implementing those parts of the system that are ready. We will be able to do that from the end of our project, which is 30 June. I really could not comment on the rest of the country and how ready other places will be. But in our case, with a number of things falling into place, like legislation being passed et cetera, we are ready to implement those things.

Mr McLeod: Just to be clear, in terms of readiness, are we talking about our local system as opposed to all of the components of the national system going live prior to that date?

Senator SIEWERT: Yes.

Mr McLeod: Okay.

Senator SIEWERT: You obviously feel that you are on top of your IT requirements for setup. Is that correct?

Mr McLeod: We have repositories set up in each of our jurisdictions. We have basically been testing the software to a point where we feel it is ready to go. There are some specification changes that we know NEHTA is looking at. Barring significant changes that come out of those we think we have something that is ready to go.[69]

2.79 Consumers Health Forum of Australia were not concerned that the date was too soon:

Ms Bennett: This is an evolving system, so what we will have is the opportunity to sign up, opt in, register or whatever you would like to call it on 1 July and there will be the capacity to have a summary record populated. Then your choice to sign up will enable that to happen. We are not so concerned about 1 July being the date at which this system has to be ideally operational and provide all of the bells and whistles and all the things that everybody wants. There is the balance between achieving critical mass and the system working but there is also accepting that there are some limitations to what the system will be able to deliver on 1 July. I guess that is where we want consumers to know that, firstly, this system is coming into existence on 1 July and that they can sign up to it and, secondly, what its limitations are, what its features are and how it will benefit them so that they can make that choice to sign on. I think it is then a process of getting all the elements right. Certainly the ones we have outlined in our introductory statements are those that we think are really critical to getting the critical mass and uptake which is essential to ensuring that the system does not fall over too soon and that we have a system that will evolve into something that is really functional and be the glue of the health system if it works really well down the track.

Mr Murby: Being able to make an informed activation of a record is far more important than achieving a date. If we are not confident that consumers in Australia are able to make an informed activation of their record, then the date is immaterial.[70]

2.80 Others involved in the provision of health care expressed doubts about the possibility of the system being up and running, or about health care providers being able to interact with it:

Senator SIEWERT: Do you think that, if all goes according to plan, the start date is going to be significantly problematic?

Dr Hambleton: Yes, I certainly do. I think that we have a real problem with the level of expectation that is, I guess, set and out there and the actual ability for doctors to deliver on that day. It is very close now to 1 July this year. Even if the legislation is passed and the framework is available, there are many, many, many practices that will simply not be able to communicate with that piece of software. I guess many practices would also be very concerned about the risks to the practice, particularly in relation to recording who has access to the record and when, because our software does not do that. If patients come in on 1 July and say, 'I'd really like to have a personally controlled electronic record; I'd like you to upload a summary,' I really do not think we are going to be able to do it. In fact, I do not think very many practices at all will be able to do it. It will be a very slow start.

Again, the AMA is looking at the target, and it may be some years down the track. We really do believe this is worth supporting, but I think we need to reset expectations both in the profession and in the public so that we understand that there is not going to be a comprehensive personally controlled electronic health record available or indeed accessible by most software on that day.

...If we did one thing on 1 July and said, 'All right, we're going to start slowly; we're going to share allergies and medication lists,' we would both save lives and save time ultimately, once we get a sufficient number of records up and available. Most people are pretty happy to share their medication lists. If the pharmacist knew it was accurate, we knew it was accurate, the guy in the emergency department knew it was accurate and even some of the allied health professionals who see the patients knew it was accurate and up to date, it would be a huge benefit, and I think that is part of the reason why the AMA is so keen on making sure that, at the end of the day, we get something that is useful.[71]

2.81 SARRAH also had some reservations given that they are aware some health professionals are not yet using electronic records:

Ms Lowe: That whole issue of being ready on 1 July for integrated records is a major issue in terms of the infrastructure for allied health professionals because they are not part of any integrated records system currently and a lot of them are paper based, so the infrastructure does not exist for them to even have any communication.[72]

2.82 The judgement of the MSIA was harsher:

In our submission to this review we focused on key issues that we are convinced must be addressed if the national PCEHR program is to be a long-term success. I would like to summarise those issues for you now as simply and as briefly as possible. First, the PCEHR program is characterised by risks to patient safety even before development has been completed. The MSIA has previously requested access to NEHTA safety assessments, which NEHTA has consistently refused. The MSIA has also recommended several months ago that the PCEHR program should be paused or significantly reduced in scope until safety and other implementation issues have been addressed. NEHTA has in fact now paused PCEHR development across the lead site programs to address safety issues.

Second, with less than six months before the PCEHR program is scheduled to go live, the Department of Health and Ageing has not provided a sustainable, commercial model that will support the national e-health program in the long term. The program risks falling into disuse from the very first day of live operation. This has actually been a theme that we have heard in the previous sessions this morning.

Our third issue is NEHTA's project management. The PCEHR program has been characterised by ineffective project management, unrealistic deadlines, inadequate review processes for specifications and a lack of progress to Australian Standards. These have had a significant impact on the introduction of risk, particularly patient safety, and will result in significant continuing high costs to the sector.

Finally, our fourth key issue is that industry has lost confidence in NEHTA's ability to deliver this program. There is evidence of a lack of probity, ineffective governance and an inability to deliver targeted programs. One senior NEHTA manager has said in a public forum that NEHTA could stand for 'never ever having to achieve'.[73]

2.83 The committee asked the Department to comment on progress given the concerns that were raised in relation to the 1 July 2012 start date:

Senator McKENZIE: How confident are we that 1 July is going to be the kick-off?

Ms Huxtable: The intention is that people will be able to register for a PCHR from 1 July. The national infrastructure is the part of the roll-out that is required for that and that is on track.[74]

Committee view

2.84 The committee is supportive of the aims of an eHealth system and recognises that effective implementation will improve patient outcomes, particularly for consumers in rural and remote parts of Australia. The committee acknowledges the magnitude of implementing the PCEHR system. It asks the government to consider carefully the evidence received during this inquiry, particularly in relation to NeHTA's capacity to deliver on the timeframes that have been set.

Recommendation 3

2.85 The committee recommends that the bills be passed.

Senator Claire Moore

Chair

Navigation: Previous Page | Contents | Next Page