The document summarizes key points from a presentation by Ernie Newman, Chair of the National IT Health Board Consumer Panel, on bringing electronic health records to consumers in New Zealand. [1] It outlines the strategic challenges facing health care, and the National Health IT Plan's goal of interoperable health IT systems and a shared electronic health record for all New Zealanders by 2014. [2] It discusses the massive benefits of personal health records for both care and self-management, but also the unique sensitivity of personal health data and the essential elements needed for privacy protections to ensure public trust, including governance, training, access safeguards and legal sanctions. [3]

1. Bringing the
Electronic Health Record to Life -
a Consumer Perspective
Ernie Newman,
Chair, National IT Health Board Consumer Panel
Presentation to HINZ Seminar 21 June 2012
PREPARED BY

2. Agenda
• Health – the strategic challenges
• The National Health IT Plan
• A personal “Shared Care Record” for everyone by 2014
• The massive benefits of Shared Care Records
• The unique sensitivity of personal health information
• Essential elements of a privacy regime that will ensure the trust of the
public
• Other Consumer Issues

3. Health – the strategic challenges
• Massive advances in medical technology
• Aging population – health workforce included
• ….leading to unprecedented expectations of health services and budgets
• BUT enormous potential for ICT-based solutions:
EXAMPLES: On line personal health data, consultations by
video/telephone/email, remote monitoring, better self-management through
information, safe support of older people in their own homes for longer,
reduced hospital admissions, devolution of care from secondary to primary to
community…………….

4. The National Health IT Plan
• Aiming for interoperability among multiple IT systems across 20
autonomous DHBs, thousands of GP and specialist practices, and
related sources, so that Shared Care Records can draw on the data they
contain.
• Very ambitious undertaking, across a disparate sector where the
government has to coerce rather than control.
• Diversity of software vendors an added complication.
• BUT it is working thus far.

5. The National Health IT Plan

6. A personal “Shared Care Record” for everyone by 2014
• A set of core health information
• Accessible by every clinician we deal with, irrespective of the setting
• Accessible to ourselves
• Including some/all of: Clinical notes, test results, radiography, list of
medications, allergies, referrals/discharges, etc etc……
• Expectation the scope of the data will grow over time

7. The Massive Benefits of Personal Health Records On Line
• Better care arising from better-informed professionals
• More self-care arising from better informed patients – wellness as well as
health
• Opens door for more effective ways to deliver health services
• Typical consumer reaction:
• “You mean you’re not already doing this?”

8. The unique sensitivity of personal health information
• Health information is inherently confidential to the consumer themselves,
the health professional(s) who need to know, and whoever else the
consumer chooses to disclose it to.
• Different information may be more or less sensitive depending on
circumstances, but that is each consumer’s choice.
• Government, or whoever stores and controls the data, does not “own” it,
nor are they free to use it randomly.

9. Privacy is a non-
negotiable show-stopper
but it can and must be
managed

10. Some essential elements of a privacy regime that will
ensure the trust of the public:
• GOVERNANCE: Every database that contains consumers’ personal health data,
whether at national, regional, or practice level, should be governed under a formal
process that is transparent, rigorous, subject to independent external scrutiny, and
includes identifiable consumer representation.
• TRAINING: Before any person is given log-in access to any database containing
consumers’ personal health data, they will first be trained in the sensitivity around
the data and the penalties for misuse, and will sign an approved confidentiality
undertaking.
• ACCESS SAFEGUARDS: There must be appropriate degrees of role-based access,
supported by organisational cultures that respect the sensitivity of people’s data and
the trust implied in its storage. People will see who has accessed their records.
• LEGAL SANCTIONS: Meaningful legal sanctions must be thereto deter and
punish any deliberate misuse of data in a way that would offend a reasonable person.

11. Current State:
GOVERNANCE: Every database that contains consumers’ personal health
data, whether at national, regional, or practice level, should be governed by
a formal process that is transparent, rigorous, subject to independent
external scrutiny, and includes identifiable consumer representation.
• Currently there is no single body or agency responsible for information
governance across the health sector
• To fill this gap a comprehensive Information Governance Framework has
been developed by the National Health IT Board
• Initially compliance will be voluntary, parts incorporated into HISO
standards.

12. Current State:
TRAINING: Before any person is given log-in access to any database
containing consumers’ personal health data, they will first be trained in the
sensitivity around the data and the penalties for misuse, and will sign an
approved confidentiality undertaking.
This is work in progress. This will need to cover every employer or organisation
where there are people with access – DHBs, medical practices, Integrated
Family Health Centres, specialists, testing laboratories, pharmacies, etc.

13. Current State:
ACCESS SAFEGUARDS: There must be role-based access, supported by
organisational cultures that respect the sensitivity of people’s data and the
trust that is implied in allowing the organisation to store it. People will see
who has accessed their records.
Work in progress. There is a long way to go before role-based access is
implemented across the whole health system.
However, there is general recognition of the importance of role-based access
across the sector.
There is also wide understanding of the need for consumers to see who has
accessed their record – this will deter inappropriate access and reassure
consumers.

14. Current State:
LEGAL SANCTIONS: Legal sanctions will be in place to deter and punish
any deliberate or careless misuse of personal health data in a way that would
offend a reasonable person.
This is currently the weak link:
• Consumer Panel compiled a list of hypotheses
• ACC, and Bronwyn Pullar issue, focussed us further
• Reviewed the position with an inter-ministry legal group; concluded there is
a major gap in protection of data that escapes from a database
• Working to have this addressed in review of Privacy Act S56
• Optimistic of resolution, but if that solution does not work another must be
found urgently

15. Other “Consumer” Issues
• Patient Portals
• Accessibility
• Access by/on behalf of young (and old)
• Off the record consultations

16. Thank you
Ernie Newman:
Chair, NHITB Consumer Panel
022 376 4363
ernie@ernienewman.com
www.ernienewman.com