​Australia’s digital health strategy gets the nod without data interoperability controls

11

My Health Record, the Australian government’s e-health record system, has been officially given the green light from the Council of Australian Governments Health Council to automatically sign citizens up to the service, allowing them to opt-out if they choose.

By 2018, all Australians will have a My Health Record and by 2022, all healthcare providers will be able to contribute to and use health information in My Health Record on behalf of their patients. They will also be able to communicate with other healthcare providers on the clinical status of joint patients via the digital platform.

According to the strategy, Safe, seamless, and secure: Evolving health and care to meet the needs of modern Australia, the interoperability of clinical data is essential to high-quality, sustainable healthcare, with My Health Record allowing the collection of citizen’s data to share in real-time between providers. However, there is currently no overarching standard in place to govern the sharing of data, with a public consultation on draft interoperability standards to determine an agreed vision and roadmap for implementation of interoperability slated to occur “by the end of 2018”.

“Base-level requirements for using digital technology when providing care in Australia will be agreed, with improvements in data quality and interoperability delivered through adoption of clinical terminologies, unique identifiers, and data standards,” the strategy explains.

“By 2022, the first regions in Australia will showcase comprehensive interoperability across health service provision.”

In the strategy [PDF], the Australian Digital Health Agency (ADHA) said Australians want a health system that puts people first and offers more choice, control, and transparency. Most importantly, Australians want their health information to be confidential and secure, protected from cyber criminals and from any unauthorised access.

Healthcare providers have a similar desire, ADHA said, wanting secure digital services that provide instant access to a patient’s information — especially in an emergency.

“Digital information is the bedrock of high quality healthcare … digital health can help save and improve lives,” the report’s foreword reads.

In July, it was reported that Medicare card information had become available on the dark web. Minister for Human Services Alan Tudge said at the time the only information available was a Medicare card number, and that it was not sufficient to access any personal health record.

Speaking with ZDNet, Trent Yarwood, a member of the leadership team at Australian advisory firm Future Wise, said it is not necessarily this individual breach that’s the issue.

“It’s the fact that it’s putting another piece of information about people out there that can then be combined with all these other sources and potentially used to either commit identity fraud or to get more specific personal information about people,” Yarwood said. He also noted the revelation from last year that parts of the Medicare Benefits Schedule and Pharmaceutical Benefits Scheme were not encrypted properly.

“For people like Alan Tudge to say there is no data security issue is obviously incorrect and I think reflects a very poor understanding of what the power of these sorts of linked datasets is.”

During the 2015-16 financial year, the Office of the Australian Information Commissioner (OAIC) received 16 mandatory data breach notifications, which recorded 94 separate breaches that affected a total of 103 healthcare recipients, 98 of whom had a My Health Record at the time of breach.

The OAIC received three data breach notifications from the system operator, with the first of the notifications relating to MyGov accounts held by healthcare recipients being incorrectly linked to the My Health Records of other healthcare recipients. The second and third notifications related to unauthorised My Health Record access by a third party.

“This is part of what the problem with MyHealthRecord is … it’s a camel by committee that everybody hates because the privacy people think it’s not private enough and the doctors think is crap because patients can selectively leave things out. That’s potentially clinically dangerous,” Yarwood told ZDNet last month.

Yarwood took to Twitter on Monday morning following the release of the strategy to tell people to opt-out of My Health Record.

“I’m a doctor and a geek — I’ve opted out of a myHealthRecord. So should you,” he said.

The ADHA strategy, compiled with support from all eight Australian state and territory governments, said governments are embarking on major projects to implement state-wide electronic medical records and to achieve integration across the range of clinical information systems in hospitals and health services managed by a state or territory government.

While each state and territory is working within its own investment cycle, with its own software and integration partners, and is at a different point in achieving their respective goals, ADHA said there is a common pursuit to make health and, for some jurisdictions, human services information available in a more “timely and usable way”.

Similarly, private hospitals, aged care service providers, and community health services are investing in information systems and technology to improve quality and service delivery.

The state and territory governments and the private hospitals and other health service providers will then need to abide by the guidelines mapped out by the interoperability standards in late 2018.

“Australia was recently ranked number one in the world for its open data policies that create an environment for interoperability, and use of our data assets as a national resource,” the report explains.

“In Australia, meaningful progress has been made in establishing foundations for interoperability, including clinical terminologies and standards; however, adoption has been limited and a lack of interoperability remains a significant issue.”

ADHA also concedes that the lack of interoperability between systems means healthcare providers often cannot exchange information effectively, which contributes to disjointed care, adverse events, inefficiencies, and poor quality data.

Originally switched on in 2012, My Health Record system was given a further AU$485 million in funding during the 2015-16 Budget. At the same time, it was rebranded from the “personally controlled e-health record system” (PCEHR).

Former Minister for Health Sussan Ley said in 2015 that a properly functioning national e-health system could save taxpayers up to AU$2.5 billion per year within a decade’s time, with another AU$1.6 billion per year savings for the states.

A 2013 review of the system by former Minister for Health Peter Dutton had suggested the system be made available to opt-out in order to improve signup numbers, and in September 2015 the government responded by introducing legislation that will see e-health accounts automatically assigned to patients.

The Australian Digital Health Agency was established in 2016 to lead the development of the National Digital Health Strategy and its implementation. At the time, Ley said the agency would be charged with setting the national agenda for technical and data standards, promoting clear principles for interoperability, and open-source development within the health system.

The agency also became the system operator for My Health Record.

“I want the central role of the agency to foster digital health innovation and importantly, when we see new innovative technologies emerge with a strong benefit to clinicians and patients, the agency will be able to invest to deliver national outcomes,” Ley said previously.

“Today we are embracing mobile technology, apps, and trackers. Tomorrow it could be artificial intelligence, individual precision medicines, tailored and personalised technologies, as well as implantables.”

Over 5 million Australians have a My Health Record.