Editor's Note: Dr David More writes regularly on e-health matters and keeps a range of relevant press releases on his website. The followingpress release relates to NEHTA, the bureaucracy charged with the introduction of uniform standards for e-health across Australia.
Recently, the organisation had a "sea change" and new people are at the helm.
The culture, it seems, is still trying to catch up.
The following is a press release written by Darren Pauli from Computerworld, follwed by commentary by David More.
NEHTA green lights e-health revolution
Darren Pauli 21/05/2008 16:47:28
The National E-Health Transaction Authority (NEHTA) will this year action its spate of electronic health projects, set to revolutionise the operations of Australian hospitals and clinics.
The authority is tasked with creating standards for healthcare across areas including electronic document management, pathology and patient identification and privacy. It is an independent government body which interacts with nine separate agencies, and state and federal government.
Speaking at the e-government CeBIT conference in Sydney today, NETA general manager Gill Carter said the agency has entered a phase of "serious implementation".
"Our work in personal e-health records is a five to 10 year transition from paper to electronic [media],"Carter said.
"The biggest benefit of e-health and [affiliate] projects is that people will have access and control over their own health information.
"We need to establish common standards, uphold privacy and work out what consumer access to health information should look like."
Common communication standards are top of the list for NETA, according to Carter, because they allow successful local projects to be deployed nationally.
Read more here:
David More comments:
Looks from all this that the old NEHTA is alive and well!
What we have here is a classic case of blaming the customer (i.e. the health system) for being complex and slowing NEHTA down! – Diddums!
The speaker then goes on to say “We've done the strategy, the documentation, the standards and procedures” Well good!
And he then goes on to say "The focus of the next 12 months will be consultation and implementation."
The first step in consultation is to inform stakeholders where things are up to and what is planned. How about now sharing all this with the health sector and other interested stakeholders? It seems to me to be planning to move to any actual implementation without very considerable external review is fool-hardy in the extreme.
Review of recent presentations from NEHTA we discover a few more details about, as an example, the National Authentication Service for Health (NASH).
Gil Carter Presentation 15th May, 2008 Brisbane (Slide 7)
National Authentication Service for Health
- Smartcards for healthcare professionals
- Digital certificates for devices
- Enable trusted authentication, digital signing, encryption
- Learns from previous experiences of PKI in health
- Specify and build during 2008
- Initial operations in 2009
So it seems we are to have Smartcards for every health provider (There are a few hundred thousand of those at last count) and digital certificates for all sorts of devices!
More the whole thing is going to be specified and built in seven months and be ready to operate in 2009!
Well I suppose it might happen – but I doubt it. The effort of reliably identifying every health provider, issuing a smartcard etc is going to be both expensive and time consuming. (The UK NHS took a few years as I recall to do something similar in the NHS). Worse still where is the business case justifying it is the right way to go and the pilot that shows it is practical and workable?
Reliable Provider Identification is both very important and non-trivial. The sooner the detailed plans are available for public scrutiny and comment the better in my view. “Bull at a gate”, unconsultative approaches make very little sense.
At the same session we discover Clayton Utz have undertaken a Privacy Impact Assessment (PIA) of the Individual Health Identifier. This work was begun in August 2007. Again – so where is this report? Especially since the outcome of the review “Identified privacy issues and risks, and made recommendations for mitigating them”. The industry, the sector and the public all have a right to know what is going on.
What is worse is that a “Further PIA planned for final design of UHI Services (mid 2008)” and that no one other than NEHTA (and maybe the jurisdictions) know what the initial PIA said and whether the remediation plans were reasonable. The impact of what is going on here are way broader than that!
Someone really needs to get control of this steam train and make it accountable to its customers – the whole health sector and the public.