EHRs - Which direction should we take?

Health Informatics New Zealand www.hinz.org.nz Electronic Health Records; Which direction should we take? A Viewpoint – Tom Bowden 1st December 2006 Key Contentions New Zealand is well suited to expansion of existing systems to enable GP held EHRs. World trends show that this may be the only way we can achieve shared EHRs in the short-medium term. 1

Health Informatics New Zealand www.hinz.org.nz Our starting point New Zealand is a world leader in primary care IT. Universal use of EMRs Extensive messaging “A matter of critical importance is tying the national IS strategy to the national health strategy and ladies and gentlemen, the key to our national health strategy is our Primary Care strategy “ Mike Rillstone CIO NSW Health 2

Health Informatics New Zealand www.hinz.org.nz “New Zealand’s leadership in the integration of clinical IT systems into medical general practice has been confirmed by the findings of a landmark ten-country study that names New Zealand as the most integrated advanced country after Denmark”. - Denis Protti, Professor of Health Informatics at City University, London University, and Emeritus Professor of Health Informatics at the University of of Victoria, British Columbia on behalf of Canada Health InfoWay, The New Zealand Primary Healthcare Strategy “A strong primary health care system is central to improving the health of New Zealanders and, in particular, tackling inequalities in health. This Strategy provides a clear direction for the future development of primary health care so that it can play this central role within the new health system. There is evidence available about the specific contribution primary health care can make to improved health outcomes which has informed the new direction.” 3

Health Informatics New Zealand www.hinz.org.nz New Zealand Primary Care Policy Implementation of PHOs (Primary Healthcare Organisations) – community based organisations set up and funded to deliver primary care and coordinate activity among multi-disciplinary teams of care-givers. multi- care- Patient enrolment – Patient enrolment is an initiative designed by government to encourage patients to form key relationships with PHOs. “The (Commonwealth Fund) survey points to rich opportunities to learn from variations in policy and primary care systems to improve performance. New Zealand doctors have some of the richest and most functional EMR systems in the world.” On the front lines of care: Primary care Doctors’ office systems, Experiences, and Views in Seven countries. “Health Affairs” – October 2006 Affairs” 4

Health Informatics New Zealand www.hinz.org.nz OK, So what is he on about? 5

Health Informatics New Zealand www.hinz.org.nz 6

Health Informatics New Zealand www.hinz.org.nz 7

Health Informatics New Zealand www.hinz.org.nz PART TWO THE PROBLEMS WITH CURRENT APPROACHES 8

Health Informatics New Zealand www.hinz.org.nz “All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and never reveal.” - The Hippocratic Oath - The New Zealand Health Information Privacy Code 1994 “A health agency that holds health information obtained in connection with one purpose must not use the information for any other purpose unless the health agency believes on reasonable grounds that the purpose for which the information is used is directly related to the purpose in connection with which the information was obtained.” 9

Health Informatics New Zealand www.hinz.org.nz Issues It is impossible to keep all information totally private on a shared database. Making specific information available to hospital staff is difficult if the security barriers necessary for a centralised system are put in place. Uncertainty as to who is accountable for the security and accuracy of shared data. Difficulties in managing patient consent, withdrawal of consent, selective consent etc. The issue of ownership of the data on a shared database, who sets the rules? What happens when those rules change? And Issues Patients’ concern at where their private information will Patients’ be sent; limiting disclosure of key facts to GPs; compromising the GPs’ ability to assist patients. GPs’ Information being used obtained for inappropriate purposes eg by employers or insurers Hackers gaining unauthorised access to patient record systems and thereby reducing overall confidence in the health system. Reliance on a centralised system in which records may be incomplete or even wrong Difficulties in moving patient information between databases.; 10% of New Zealand’s population moves Zealand’ address each year. 10

Health Informatics New Zealand www.hinz.org.nz International Evidence - United States Unauthorised access to secure facilities now happening with increasing frequency “An unknown hacker or hackers gained electronic access to UW Medicine's Academic Medical Center domain. They managed to install a back-door log-on "entry way" where they could enter our back- log- system undetected and we believe that they obtained passwords and user IDs. This was not the first time the system had been breached. In 2000, a 2000, computer hacker in Denmark entered our system and obtained protected health information on some of our patients; however the the information was never used. We worked with the FBI on this; however, the hacker was never identified or apprehended. Unfortunately hacking of major systems is becoming increasingly prevalent. In the past six months, major systems were hacked at Stanford, Notre Dame, and the University of Connecticut. Between the main campus and AMC domain, the UW monitors and successfully defends against nearly a half million attacks per week” week” University of Washington Academic Medical Center February 15, 2006 2006 11

Health Informatics New Zealand www.hinz.org.nz Major Legal Issues Edward F. Shay Partner; Post & Schell, P.C.,Philadelphia “For those contemplating implementation of an EHR system, there will be significant legal issues to resolve that increase in importance as the complexity of the system deployment increases. Most are surmountable, but some are not.” not.” . Concern around the viability of HIPAA regulations “The current rules surrounding use of electronic health records are not at all adequate. The only way to sell such records to the American public is to design the whole system with privacy as a priority. “ Dr. Alan F. Westin Professor of Public Law and Government Emeritus at Columbia University. 12

Health Informatics New Zealand www.hinz.org.nz Drive Toward Patient Involvement in Record Keeping “If patient information moves successfully from paper to the computer, as its champions hope, the door to privacy abuses will swing wide open. One suggested solution is to give patients the right to work with the doctors to decide what is included in his or her record. A small step to be sure, but if the law and doctors were to give patients this amount of empowerment and autonomy, the doctor-patient relationship will have come a long way. “ doctor- Spyros Andreopoulos, Director Emeritus of the Office of Communication Andreopoulos, and Public Affairs at Stanford University School of Medicine.. United Kingdom 13

Health Informatics New Zealand www.hinz.org.nz “share data properly or risk losing public confidence”. The Information Commissioner (IC) has issued a warning to the government and other public bodies to share data properly or risk losing public confidence. In his annual report Richard Thomas highlights the renewed focus on projects to share information among public sector bodies and acknowledges the potential benefits of such projects. However he claims that there is a greater threat to intrusion of people’s people’ personal privacy than ever before. Thomas stressed that the government and public bodies could only retain public trust and confidence if information is shared in a secure, lawful and responsible way. He added: “There must be clarity of purpose – not just sharing because technology allows it. And people must be told how their information is being shared and given choices wherever possible.” possible.” Last year’s annual survey conducted by the ICO showed year’ that the public ranked protecting personal information as its third most important social concern. A total of 80% of individuals were concerned about the use, transfer and security of their personal information. Thomas calls for tougher penalties for people convicted of buying and selling personal information illegally, including prison sentences of up to two years. 14

Health Informatics New Zealand www.hinz.org.nz We cannot sensibly build an information society unless its foundations and its systems are secure. “However laudable the aim we need to make sure that increasing access to government-held information for those with a legitimate need to know does not also open the door to those who seek to buy, beguile or barter their way to information that is rightly denied to them by law.” The Guardian Newspaper Wednesday 1 November 2006 15

Health Informatics New Zealand www.hinz.org.nz Call for public boycott of medical database accessible by up to 250,000 NHS staff Millions of personal medical records are to be uploaded regardless of patients' wishes regardless to a central national database from where information can be made available to police made and security services, the Guardian has learned. Details of mental illnesses, abortions, pregnancy, HIV status, drug-taking, or drug- alcoholism may also be included, and there are no laws to prevent DNA profiles being prevent added. The uploading is planned under Whitehall's bedeviled £12bn scheme to computerise the health service. After two years of confusion and delays, the system will start coming into effect in coming stages early next year. Though the government says the database will revolutionise management of the NHS, civil liberties critics are calling it "data rape" and are urging Britons to boycott it. The British Medical Association also has reservations. "We believe that the believe government should get the explicit permission of patients before transferring their information on to the central database," a spokeswoman said yesterday. yesterday. And a Guardian inquiry has found a lack of safeguards against access to the records access once they are on the Spine, the computer designed to collect details automatically details from doctors and hospitals. The NHS initiative is the world's biggest civilian IT project. In the scheme, each In person's cradle-to-grave medical records no longer remain in the confidential custody cradle- to- custody of their GP practice. Instead, up to 50m medical summaries will be loaded on the Spine. The public will not be able to object to information being loaded on to the database: loaded "Patients will have data uploaded ... Patients do not have the right to say the right information cannot be held." Once the data is uploaded, the onus is on patients to speak out if they do not want their records seen by other people. If they do object, an on-screen "flag" will be added on- to their records. But any objection can be overridden "in the public interest". public Harry Cayton, a key ministerial adviser, warned last month of "considerable pressure Cayton, to obtain access to [the] data from ... police and immigration services", but he is services", confident that these demands can be resisted by his department. The health department has issued 250,000 pin-coded smart cards to NHS staff. pin- These will grant varied access from more than 30,000 terminals - greater access for medical staff, and less for receptionists. Health managers, council social workers, council private medical firms, ambulance staff, and commercial researchers will also be able researchers to see varying levels of information. Once uploading has taken place, a government PR blitz will follow. This will be said to follow. bring about "implied consent" to allow others view the data. Those objecting will be Those told that their medical care could suffer. 16

Health Informatics New Zealand www.hinz.org.nz The government claims that computerised "sealed envelopes" will allow patients selectively to protect sensitive parts of their uploaded history from being widely accessed. But no such software is yet in existence. It is being promised for an unspecified date. Some doctors say "sealed envelopes" may be too complex to be workable. The design also allows NHS staff to "break the seal" under some under circumstances. Police will be able to seek data, including on grounds of national grounds security. The department's guidelines say: "The definition of serious crime is not entirely clear crime ... Serious harm to the security of the state or to public order, and crimes that involve order, substantial financial gain or loss will ... generally fall within this category." The health within department says confidentiality can already be breached in such cases. At present, police have to persuade a GP, who knows the patient, to divulge limited facts, or insist on a court order. Current criminal penalties are so weak they have failed to stop tabloid journalists and private detectives raiding such data on an industrial scale, according to a recent according special report by Richard Thomas, the information commissioner. Sir John Bourn's National Audit Office also wrote a recent report warning of significant concerns among NHS staff "that the confidentiality of patient information of may be at risk". But officials persuaded the NAO to delete the warnings in the published version. Survey shows waning medical support for NPfIT 21 November 2006 A picture of declining support among doctors for the National Programme for IT emerges from the latest Medix survey of medical opinion on IT modernisation, sponsored by E-Health Insider. One of the key findings of the survey is that half of all GPs surveyed said they do not plan to upload patient details onto the spine unless individual patients give their explicit consent 17

Health Informatics New Zealand www.hinz.org.nz Medix Survey Cntd Confidentiality again emerged as a key concern of the survey, with four out of five doctors saying they thought the confidentiality of their patients' records would be at risk. More than 60% said they feared the system would be vulnerable to hackers and unauthorised access by public officials from outside the NHS and social care. Conclusion There is mounting international pressure to find alternatives to shared Electronic Health Records. In my view this problem will ultimately be averted by moves to patient controlled electronic records, however there are significant complexities in achieving this. These difficulties are even greater than those currently being experienced by healthcare jurisdictions attempting to set in place regional or national EHR databases. The main difference being that there are no strategic blockages that will prevent consumers from holding electronic health records. 18

Health Informatics New Zealand www.hinz.org.nz New Zealand, in a leadership role in both development of electronic primary care systems and in developing Primary-care led health models is in an ideal position to lead in this vitally important area of healthcare. 19

EHRs - Which direction should we take?

by Health Informatics New Zealand on Apr 03, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

EHRs - Which direction should we take? — Document Transcript