Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, October 29, 2006

Personal Health Information Privacy – The Elephant in the Room.

It seems that on both sides of the Pacific there is increasing interest in, and increasing difficulty with, working out an approach, and the supporting technology infrastructure, to meet public expectations for health information privacy and security while at the same time permitting health care providers the access to information they need, quite legitimately, to provide optimal care. This short article aims to provide some talking points and base assumptions / positions that may be relevant in the very difficult policy area.

The key assumptions I would make are:

1. Technology can provide any level of information security and privacy that can be desired.

In 2006 it is perfectly possible, through techniques such as encryption, to secure electronic health information in such a way as to render unauthorised access virtually impossible. The military of most advanced countries, as an example, achieve this despite quite expert efforts to compromise their message integrity.

So what then is the problem? As I see it there are a few problems. First there are issues of cost. Military grade security comes with a military price tag. Second there is the issue of convenience. If a system is clumsy or difficult to use it will either not be used or the users will work out ways to make things easier for themselves by doing such things as using easily remembered passwords (which are easily compromised) or writing harder ones down in places where they are easy to find.

So while the technology is willing and able it is a truism that the weakest link are the users of system who either for convenience, speed and very rarely for malice will compromise the best designed security system.

The only satisfactory approach to address this risk is a combination of user education around the importance of complying with the rules along with regular audit, both passive via audit file review and active through deliberate attempts to subvert individual user discipline to ensure the educational program is actually working.

That users will take advantage of privileged access to information is well known with many stories of staff in the police, tax departments and hospitals accessing information out of curiosity or occasionally for more nefarious motives.

2. If the issue of privacy of personal identifiable health information is not frankly and honestly addressed it is likely most initiatives involving the sharing of health information will either fail or be severely compromised.

It is an article of faith with me, and I suspect with most readers of this blog, that an appropriate deployment of information technology in the health sector can improve the quality and safety of healthcare services. Central to this improvement being achieved is to put in place individual patient records on which clinical decision making can be based and on which decision support systems can operate.

If the target of our care are not entirely comfortable with the caring professions efforts to keep confidential their most sensitive secrets any electronic record initiative will face major, and probably fatal, implementation hurdles.

At present, as best I read the research, the key concern most citizens have is that, unknown to them, their private information will move out of their control and ability to access and correct as well as a fear of disclosure, profit from or use by unknown third parties.

Most seem quite comfortable with their GP recording information about them in his personal clinical system and most are pleased to be cared for in hospitals where they are not asked for the same details ten times a day.

Concern arises once there is the possibility the information moves out of the direct control of the GP or hospital.

For any such use and sharing of information citizens are very keen to understand just what is being shared, why it is being shared and that they will have an effective right of veto before it is shared.

There is already concern, on the part of some, that GP prescribing sets and the like are being shared, without the patient’s knowledge, with pharmaceutical companies for marketing purposes. One wonders just how the patient’s interests are being served with this sort of disclosure

3. It is important to recognise individuals have differing sensitivities associated with their health information.

Your correspondent is well past his physical prime and in the last few years have had a number of stays in hospital. Each of these stays was for investigations and procedures that are quite commonplace and frankly if anyone where to get hold of my full record the worst that they could conclude is that I should have stopped smoking thirty years ago and not twenty years ago. In a health sense I have nothing to hide and so do no care who has my records.

An individual who is their past has a mental illness, a genetically inherited risk, an abortion, an STD, HIV/AIDS, a cosmetic breast operation or whatever may feel entirely different and wish to either be able to exert very fine grained control on what information can be shared or indeed prevent any sharing at all. This is entirely reasonable and it is up to system designers to ensure such control is available. Again this is not a technical issue but rather a system design issue.

4. While one can design technology neutral Privacy Principles their implementation has to respond to a very different set of risks. In no sense does one size fit all in these circumstances.

There seems to be a view among policy makers that all that is needed are a correct set of Privacy Principles and all will be well for all. I believe this is naïve and wrong.

First there seems to me to be a very good case for ensuring that the level of protection provided for identified health information should be more robust and better enforced than say financial, purchasing or employee records. Not to say these should not be robustly protected but given the potential personal impact of disclosure of health information that even more care is warranted than may be justifiable for other information.

Second, as already discussed on the blog, the risks that are faced by electronic and paper records are different and do require different risk analysis and different responses.

Essentially what we need to recognise it that if private information escapes into hands that the owner of that information is not comfortable with the consequences can be personally and professionally devastating.

What is needed is the sort of education and auditing mentioned above and for breaches there needs to be a carefully designed regime of penalties and enforcement that is swift, has real teeth so it can act as a serious deterrent and which considers the impact on the victim of the breach properly.

Additionally real privacy experts need to be involved in system design and implementation. As well it is important that there be proper piloting and evaluation of privacy controls as they are practically implemented to ensure the outcomes citizens expect are actually being delivered in the real world.

Overall if I had one mantra it would be that “care must to be taken to establish and retain citizen trust”. If this is not achieved we ultimately may not be able to successfully implement and operate the systems the Health Sector so badly needs.

David.

Appendix:

What is discussed above I would see as an ideal situation. What is happening in Australia falls far short of the ideal. The two most egregious examples that comes to mind is the apparent continued use of non-individualised and non role based security provided to protect information contained in the South Australian OACIS system. When I last heard – and I am happy to be corrected on this if things have moved on – a clinical user at one hospital, once logged on, could access any record of essentially any type for any South Australian on the system. When last I spoke with people in SA there was not even the capability for a patient to withhold results from the system. (Note an Updated Comment was posted on November 23, 2006 and should be read with the material provided here - David.)

I understand some similar issues also exist with the Healthelink trial in NSW. Here again there is a single level of access – you can find any patient on the system and see all that is held – or not if the patient has ‘opted out’. Patient have no capacity to segregate sensitive from other information and some will inevitably be disadvantaged by such poor initial system design.

The following two articles in the Australian of the 28th October 2006 make useful supporting reading.
.
http://www.theaustralian.news.com.au/story/0,20867,20655984-23289,00.html

Policing privacy

Plans to put the medical records of all Australians online face strong opposition from doctors and privacy advocates. Leigh Dayton reports
________________________________________

October 28, 2006

HERE'S the dream: your elderly mother suffers breathing difficulties. You take her to a GP who recommends a series of tests. The procedures are scheduled online, much like booking a flight to Bali.

When your mother arrives at the hospital for the tests, all her medical records are available to the specialists, again online. Results are added instantly to her "electronic health record" and a "cyber-script" is sent straight to her local pharmacist. The pharmacist checks the prescription against her other medications and has it filled when you drop by to collect it.

Meanwhile, your mother's doctor has reviewed her test results online and arranged a follow-up visit with a respiratory specialist who immediately has details at the click of a mouse. Online booking, online records, online service. Plus, neither you nor you mother has explained her problem numerous times, or waited for paper records to be sent by mail.

Here's the nightmare: you go to your doctor, seeking help for a drug and alcohol problem. There, you book online for specialist treatment at a discrete facility. The receptionist managing bookings at the facility recognises your name and tells a friend, your former – and very angry – spouse. Word reaches your employer's ear. You're fired.

Continued….

http://www.theaustralian.news.com.au/story/0,20867,20655988-23289,00.html

Patient privacy must be governed by a unified national system

Mukesh Haikerwal

October 28, 2006

THE Australian Medical Association has for a long time been calling for an overhaul of Australia's privacy laws and the establishment of a unified national system governing the privacy of information in the health sector.

Continued …

Dr Mukesh Haikerwal is president of the Australian Medical Association

D.

Thursday, October 26, 2006

What is Happening at NSW Health with Healthelink?

In the last couple of days there have been two reports on the ABC related to electronic health records in NSW. To date I am yet to see any other reports covering what was said in a couple of news bulletins.

The two items were, in chronological order, as follows:

http://www.abc.net.au/news/newsitems/200610/s1772953.htm

Privacy group urges patients to opt out of database

The Australian Privacy Foundation (APF) says patients should ask their doctor not to put their records on a new electronic database, because the system is a breach of privacy.

The New South Wales Government says it will roll out the system, which will allow a patient's health records to be accessed from anywhere within the public health system at any time.

The chairwoman of the APF, Anna Johnston, says patients' records will be put on the database unless they opt out.

Ms Johnston says a trial of the system has failed to get the support of doctors.

"There are very real concerns amongst GPs that if they do participate in the system they will be in breach of federal privacy law which says you cannot collect health information about people without their consent," she said.

"The system has been designed in such a way that health service providers could effectively collect health information about every person in the state, not just those who are their patients."

http://www.abc.net.au/news/newsitems/200610/s1773511.htm

Electronic medical record system can save lives: Iemma

New South Wales Premier Morris Iemma says the introduction of a new electronic medical record system will reduce hospital errors and cut costs.

The electronic system places patient details on an internal computer system for quicker access by clinicians.

Private company Cerner Corporation has won a $40 million contract to roll the system out for the state's eight area health services by 2009.

Mr Iemma says it will provide one integrated system.

"This can save lives," he said.

"It frees up the time of the health care professionals to provide health care and not administration."

Currently only 4 per cent of patients are choosing to opt out of the program.
In the future, the system could be centralised and connected to the records of general practitioners.

The Australian Privacy Foundation has raised concerns that expanding the system could breach privacy laws.”

The interesting aspects of all this are as follows.

1. The normally “I’ll announce something good every day” Health Minister in NSW John Hatzistergos was not the announcee of the news.

2. The Premier’s press release refers to Cerner Corporation (a very large US based listed Health IT provider of predominantly hospital systems).

I believe what the Premier’s announcement is about is the final wrapping up of an aborted RFT-IT 190. This tender was released in May 2005 to obtain what used to be referred to as Point of Care Clinical Software (PoCCS) and which has been relabelled as Electronic Medical Record (EMR) software.

As stated in the tender document:

“Potentially four Areas could be seeking EMR implementations through the period contract arrangements resulting from this RFT. These are South Eastern Sydney Illawarra, Hunter New England, Greater Southern and Justice Health”

Some 17 months later we now hear that Cerner is to take up the baton NSW wide as far as clinical systems are concerned for all Area Health Services. This is obviously a good thing as having as much of the current NSW market as Cerner already had – consistency across the whole State system will provide useful efficiencies in staff training and the costs of staff – relocation as well as in the consistency of operational data available.

The delays and costs in getting to this point are, of course, just ridiculous. Six months should have been more than enough time to test the market and confirm (or not) Cerner as the sole EMR provider for NSW Health for the next few years. No wonder the Health Minister left it to his Premier!

This software is specifically for internal Hospital use and has nothing really directly to do with the Healthelink project which I understand is still battling with the issues raised by the Privacy Foundation and which threatens to become a considerable white elephant.

Cerner’s approach to security and privacy, along with its internal hospital operational role, should provide much less in the way of privacy concerns. Systems such as Cerner's provide very considerable operational support for in-hospital care delivery and clearly are something one would not want to take advantage of when in hospital.

I would be curious to hear comments from any readers who have better information – noting the useful confirmation of the iSoft comments made here from a previous insider that has been posted recently.

David.

Saturday, October 21, 2006

How Did iSoft Get into So Much Trouble?

The main news from iSoft’s Annual General Meeting last Tuesday is that the company is in discussions with possible suitors to be purchased and hopefully re-financed and stabilised. Unless a suitable suitor can be reasonably quickly located there is a real risk that many iSoft customers could find themselves “on their own” from an IT perspective. This would be a major distraction from the provision of patient care in those organisations and possibly even cost more than just money and inconvenience.

Anyone with any familiarity with the Health IT industry will be aware that this is not the first time there has been the need for merger and acquisition activity to bale out Health IT providers and regular readers will remember I pointed out the need for commercial due diligence as part of the vendor selection process a week or so ago.

Isoft’s history, from its web-site, is interesting.

2005
Acquisition of Novasoft Sanidad S.A.
2004
World-wide strategic alliance with Microsoft
2003
Merger with Torex plc
2002
Acquisition of Revive Group Limited
Acquisition of Paramedical Pty Limited
Acquisition of healthcare business of Northgate Information Solutions plc
Microsoft global launch partner, and the only European software partner for the Windows XP Tablet PC launch
2001
Dedicated offshore development business established in Chennai, India
Acquisition of ACT Medisys Limited
Acquisition of Eclipsys Limited and Eclipsys Pty Limited
2000
Full listing on London Stock Exchange
1999
Only Microsoft SQL Server 7.0 launch partner in UK health
Acquisition of CSC’s Australian healthcare systems business
1998
MBO by senior executives to create iSOFT
1994
Founded a healthcare information systems business within KPMG

What I see in this history is a company founded by some Health IT consultants that took advantage of the dot.com boom to conduct an Initial Public Offering and used the resulting funds to grow by acquisition of a range of smaller Health IT companies.

The Management Buy Out was worth just £12m, but within six years the Manchester-based IT group had won a £300m contract and pushed itself to the brink of the FTSE-100 with a market cap of £950m. It’s now only £100m.

Of note, early on, is the purchase of the CSC Australian Healthcare Systems business. This purchase was of the support contracts for NSW developed hospital systems, among other things. These systems were at least a decade old at that stage and would hardly have been an ideal base to build a modern Health IT business.

The acquisition of at least five different companies to provide a hospital solution would have posed a very substantial integration task to have iSoft offer a coherent hospital system solution and, as far as can be told, that task has not, nor will never, be achieved. What iSoft has attempted, instead, is to continue to sell products from their acquisition phase with the promise that customers who purchase now would be able to transit to a newly developed seamless product based on modern and highly advanced technology.

To stay afloat and support the development of the new product – termed Lorenzo – iSoft has used the maintenance fees from the older products in both the purchased and newly installed legacy product base (products such a iPIM etc). The problem with this is that they find themselves support multiple patient management, laboratory and other clinical systems – all of which consume available skills and resources.

Lorenzo has been in planning and development since 2002/3 and is now not expected to be ready for implementation until 2008, if ever.

What has gone wrong with the Lorenzo development? Among the factors I would consider to be important are the following:

1. The technical architecture, when Lorenzo was planned, was quite “bleeding edge” (Microsoft .Net and SQL Server etc). Successful Health IT developers typically stay well to the back of the bleeding edge and are very technically conservative to assist with stability and reliability.

2. The complexity of developing a full function, fully integrated modern Hospital Information System was probably underestimated. The successful systems in this space have typically taken very large sums of money to develop and have required input from a large number of clinical experts working with software developers. The use of remote development in India may not have been as effective as it could have been.

3. The need to provide an upgrade path from products that were still being sold to the planned Lorenzo may have made development more difficult.

In addition to the technical and development complexity facing the company there is also a sense that there was at least some overselling of what had actually been achieved. My personal experience with an iSoft Lorenzo demonstration (late in 2005) certainly persuaded me the product was no where near ready for implementation, and would not be when my client needed it. It took some very pointed questioning to have this fact made clear.

The following press release also could be suggested to be a trifle exaggerated!

“7 July 2006
iSOFT successfully delivers to 29 hospitals in one weekend

In just one weekend, iSOFT has installed patient management and clinical systems at 29 hospitals and health sites across Australia and New Zealand for four different health organisations.

The roll-out of iSOFT’s i.PM patient management solution to Greater Western Area Health Service (GWAHS) in NSW continued with 17 new sites going live. Calvary Healthcare Group at Hurstsville NSW becomes the ninth site within Little Company of Mary Health Care to go live with i.PM, completing phase two of its national roll-out.

In New Zealand, i.PM was installed and went live at three hospitals and one health centre as part of the contract with the West Coast District Health Board.

Waikato District Health Board in New Zealand was supplied with new advanced clinical functionality to its HealthViews electronic health record system for 250 users across seven sites to produce detailed clinical documents. Also, 500 users within the Mental Health ‘SMART’ programme can now access the documents in line with its goal to improve reporting of mental health cases across the district.

”This represents a significant commitment of our skill and resource capability over this period of time,” said Nigel Lutton, iSOFT’s Managing Director, Australia and New Zealand. “Given all of the systems went live on time and with high levels of success, it is a testimony to the skill and experience of not only our iSOFT staff, but also the customers that we have worked in partnership with to achieve these milestones.

“This not only demonstrates our significant industry commitment, but also shows the commitment of our customers to achieving healthcare improvement through the smarter use of information technology.”

iSOFT Project Manager Linda Gracie says West Coast DHB was a “dream” site: “I have never worked with customers that were so willing to take responsibility for the project and work hard to achieve their goals. This project was a true collaboration and a joy to work on.”

Wayne Champion, West Coast’s Chief Financial Manager, agrees. ”The dedication and professionalism of iSOFT’s people is impressive,” he said. “The company constantly hits some very demanding project milestones.”

The latest roll-outs at GWAHS bring the total number of hospitals there using i.PM to 35, with another 18 due shortly. The area health service is confident it will see the benefits of its IT investments in continuing decreases in the time patients spend waiting for elective surgery or emergency department treatment.

“Ready access to patient details and theatre appointments, for instance, is vital in minimising waiting times,” said GWAHS Chief Executive Dr Claire Blizard.

Meanwhile, West Coast DHB has also committed to using iSOFT’s clinical systems, with the first implementations due in August.”

I, for one, know of no patient management software, for something worthy of the name hospital, that can be installed on a weekend!

All in all the sad thing in all this is the bad name the likely failure of iSoft will give the Health IT industry and the additional work that many already stretched clinicians will have to undertake to make good replacements and so on.

One can only hope the new owners make the needed transitions as painless as possible.

The lessons from the post a week or so ago on how to avoid a "software lemon" seem even more important with the apparent failure of iSoft. It can happen to you!

David.

Friday, October 20, 2006

New Matilda Article on Health IT

The following is an article I wrote in response to the New Matilda (www.newmatilda.com) document "A Health Policy for Australia. It basically asks for more consideration to be given to the place of Health IT.

================================================

http://www.newmatilda.com/policytoolkit/policydetail.asp?
PolicyID=528&CategoryID=7

'A Health Policy for Australia': response #2 By: David More
20 October 2006

New Matilda is to be congratulated in taking the bold step of developing a health improvement strategy for the health sector based on rational and appropriate policy perspectives and values - values which I for one am extremely comfortable with. If ever there was a sector of our Commonwealth that requires a fundamental re-think health is it.

With that said, and whilst I am aware of the risk of being described as a hammer who sees the solution to all problems as a nail, I would like to suggest that the role of information and knowledge and the technology required for their effective management have been substantially underestimated in New Matilda’s present policy formulation.

Over a decade and a half ago the then NSW minister for Health, Peter Collins, described working in the health system as being similar to “operating in the dark” and despite all his efforts, as the Board Chair of the Australian Institute for Health and Welfare, little has really changed for those operationally engaged in the sector although there have been steady improvements in the gathering of statistical health information. Delivery of clinical health services is an very information intense activity with all service providers needing both patient related (current patient problem, current treatments, previous illnesses, family history etc) and technical clinical information (disease descriptions and symptoms, drug information, the evidence base for treatments and so on).

A core issue that has been emerging over the last few decades, at an accelerating rate, is the amount and complexity of the clinical information required for good (and safe) clinical and management decision making. The knowledge management task involved in delivery of quality, safe, up-to-date, evidence based patient care is rapidly exceeding the capabilities of practitioners and is having a negative impact on clinical outcomes. This recognition is part of the rationale for the push in the US, UK, Europe and Canada to provide clinicians with advanced computer systems (electronic health records (EHR) with decision support) and to ensure treatment errors are picked up at the point of care delivery before the patient comes to any harm rather than later. It is now clear such systems can save countless lives each year but to date we see no thrust to sponsor adoption of such systems in Australia. (Indeed the Australian Health Information Council – the peak body in the area – has been recently disbanded as far as anyone can tell.)

Evidence from overseas very strongly suggests that implementation of advanced Health Information Technology (HIT) can achieve improved quality of care, greater patient safety and less risk of patients “falling through the (inter-sectoral and internal) cracks” in the health system. The evidence that, on most occasions, less than half of appropriate patients receive the best care for their condition based on the best available evidence is alarming in the extreme and needs to be remedied. Technology can help with this!

Additionally the costs of care and the overall efficiency of the health sector can be improved with the possibility of very significant savings being diverted to delivery of improved services (A recent study conducted in Ireland suggested the impact of better information flows and co-ordination of care could reduce the overall cost of the their health system by more than fifteen percent and there is no reason to believe the same is not true in Australia.)

Health IT can also play a significant role in empowering patients to better control their health information through the use of electronic Personal Health Records (PHR). The PHR can be used by the patient (possibly with their clinician carer) to record their clinical information in a secure fashion which the patient can then make available to other clinicians as they choose to ensure accurate communication of information between those involved in their care.

The use of EHR and PHR technology can also, overtime, improve the quality of managerial information available in the health sector and, with appropriate privacy and confidentiality controls, assist in optimising the decision making in resource allocation etc. Additionally such information can assist in the prompt detection of changes in disease patterns which may indicate unanticipated drug side effects or even bio-terrorism.

Lastly, Health IT in more mundane areas such as the supply chain, financial and human resource management computerisation offers well understood advantages which have yet to be anywhere near fully exploited in the health sector, especially in the private hospital, office practice and aged care sectors.

In summary, there exists a very compelling business case both in terms of financial and clinical outcomes for a much larger investment in Health IT (as is acknowledged by the investments being made in the US, UK Canada and Europe) to assist in delivery of the goals of the New Matilda health policy. Australia has neither undertaken to discover if the same is true for Australia (as it surely is) nor recognised the strategies developed in the late 1990’s have, with few exceptions, been comprehensive failures and wastes of money.

To not have fundamental importance of Health IT as a key enabler of improved Health Sector efficiency, equity, quality and safety explicitly stated is, I believe, a significant weakness in the present document.

David.

Tuesday, October 17, 2006

And Now for Some Really Good News!

In January 2005 the European Commission established a project to conduct a Study on Economic Impact of e-Health. The following summarises the approach adopted:

Study on Economic Impact of e-Health

Presently, despite the availability of e-Health systems and services, they are not yet widely used in real-life medical or health situations. A major reason why European and national policy goals have so far not been achieved with respect to e-health is that very little reliable evidence is available on the positive (economic and other) impacts of these innovations. The objectives of this project are:

• to develop a generic assessment and evaluation framework and method, including measurement tools for quantitative indicators, for e-health products and services, focusing on optimising economic resource allocation;
• identification of good practice examples of e-health applications across Member States which have relevance in the domain of this study (hospitals, regional networks)
• integrating the experience and lessons learned from these examples into the method;
• applying the method and measurement tools developed to 10 application sites reflecting the regional and health system diversity of the Union in the fields of hospitals and regional networks;
• making the assessment method and tools generally available online.”

The results are strongly positive and make fascinating reading.

In summary a press article states:

“With Europe's population ageing rapidly and the demand for healthcare growing, healthcare services need to become more efficient. However, little hard evidence is available on the contribution of eHealth solutions. Now one EU project, eHealth Impact, has demonstrated that eHealth can provide enormous benefits – if the technology is properly implemented.

Electronically enhanced healthcare promises to reduce costs, improve quality and efficiency and treat more patients with the same resources. However, to date, no reliable data has been available to support this claim.

Now that data exists. The eHealth Impact project, which finished in May 2006, conclusively demonstrated that there is over a 2:1 ratio between economic benefits and costs. In other words, the benefits gained from implementing eHealth systems are more than two times greater than the additional cost of implementing them. "An eHealth system might cost more, but the benefits far outweigh the costs," says Alexander Dobrev of the project team.

"But that ratio needs to be treated with caution," he warns. "This is the cumulative average from ten of the best eHealth implementations we could find in Europe."

The full set of reports can be accessed under the download section at the following site:

http://www.ehealth-impact.org/index.htm

The documentation provides very useful analysis and some recommendations for policy makers.

Policy recommendations

The eHI findings point to a few important recommendations to policy makers at all levels: local, national, and EU. In strategic terms, the overarching conclusion from the ten detailedsite analyses is that effective eHealth in support to meeting citizens’ healthcare demands can have substantial economic impacts and benefits, and is therefore worth encouraging. Key success factors to achieve such outcomes where identified above.

However, to pursue and accelerate the realisation of these benefits, health system policies as well as healthcare providers and third party payers must implement polices which foster such results. Policy makers, healthcare providers and other actors must ensure the right mix of eHealth applications in order to achieve the goal of increasing benefits at stable costs. The following specific recommendations towards this goal are made:

1. Support investment in eHealth because of the significant and sustained positive economic impact possible:

- Provide incentives, such as tax breaks, regulatory and other advantages
- Invest directly, with co-funding, or even full funding, by governments or third party payers for national and other eHealth applications benefiting society, but not sufficiently benefiting an individual private investor
- Integrate eHealth strategies into overall healthcare strategies
- Promote proven eHealth applications and effectively disseminate lessons learnt.

2. Ensure the investment is appropriate:

- Monitor the mix of existing applications and adjust efforts in order to achieve the virtual eHealth economy result. Otherwise, there is a risk of overall costs rising at a rate similar to the rate of increase of benefits, which might not be affordable or desirable in the medium to long term
- Analyse and treat eHealth alongside other investments in healthcare systems and provision, both as complementary and substitutive
- Base eHealth investment decisions on clear business cases that focus on the benefits to be gained and the needs that will be addressed
- Reflect eHI findings in eHealth strategies and investment decisions, especially realism in time periods allocated for achieving net benefits, setting realistic goals to be realised in progressive stages, and committing the resources needed for essential enablers
- Invest in training and education to create stable multi-disciplinary teams with several multi-disciplinary individuals, and extend this to structured training to expand the personnel available.

3. Ensure meaningful investment is allowed to work by providing the appropriate frameworkand environment:

- Invest in relevant RTD and innovation research, education and curriculum development, Continuing Professional Development, and a better understanding of the organisational change processes
- Support the professional development and retention of eHealth ICT expertise in health systems and provider organisations
- Disseminate case studies and develop application models of successful eHealth dynamics for healthcare providers and cooperative health systems at the local and regional level
- Ensure solutions are thought through, yet pragmatic, so implementation can start within a reasonable time period of no longer than 5 years, depending on the application
- Encourage, and actively organise working partnerships between suppliers of the ICT component, HPO and third party payers’ managers, and most importantly users: healthcare professionals and non-professionals, citizens and administrative staff.
- Use the eHealth Impact methodology to monitor performance of investments and identify corrective actions
- Continue to analyse more applications and services in diverse settings to validate and improve the method developed, and to compile more evidence about economic performance from other healthcare settings across the Union, and include financing implications, possibly with users and suppliers working in partnership.”

It is truly refreshing to see work of this type being undertaken. There are a number of ideas found here that NEHTA should carefully review in its Benefits Realisation Studies.

Download and reading of the published material is highly recommended to those with an interest in the Benefits area.

David.

Sunday, October 15, 2006

How To Safely Select Hospital Clinical Software – Lessons from the Past.

The process of selection of software to assist in the management of a Hospital is not something to be undertaken lightly or without expert help if there is not strong internal expertise available. The following series of suggestions are gleaned from rather more experience of difficulties and complexities than I would be all that keen to admit. They are passed on in the hope that some of the mistakes I have seen, or worse still may have been involved in, are not repeated by my readers. If they do repeat them they will not be able to claim they weren’t warned!.

Firstly it is vital to recognise software is an enabler of improved and streamlined clinical processes. It is not an end in itself and this needs to be clearly realised right up front. The implication of this is that there is a large amount of pre-work even before a selection process is begun. In an ideal world the selection of software would be preceded by the development of a strategic plan for hospital operations and then a plan of the priorities for the deployment of information technology to support the hospital’s desired way forward.

This plan needs to be quite future orientated and to recognise that organisations change and evolve over time. There is not much point automating five year old business practices or business practices that are about the be re-engineered. If there is organisational clarity on the hospital’s current situation and future direction then is the time for the development of the Health IT Strategy, Implementation Plan, Business Case and Benefits Realisation Plan to suit that direction.

A few important things to remember here include the critical need to ensure quality genuine clinical (medical, nursing and ancillary) involvement in the planning process and the early identification of the sponsors and champions who will be needed to contribute to the work of implementation and to assist in the change management involved. If the plan is not genuinely owned by those who will be impacted it will fail. Education of and communication with the hospital staff in general as to why and what is crucial at this point.

Also, before selection processes can begin, it is important to be clear just what is being sought. True greenfields sites are rare so consideration of how the new and old will interact and be phased in and out will be important. It seems typical these days for Hospitals and Health Systems to decide to acquire a total system in two, three or more lumps. These most usually are a Financial Suite (+/- Billing) and a Clinical / Patient Management Suite. (Frequently Human Resources etc are a third chunk). It makes very good sense to only be undertaking one of these projects as a time to avoid overwork of support staff etc.

For the purposes of this short discussion I will now focus on the selection of a Hospital Clinical Information System of the sort that has within scope Patient Management, Order Entry / Results Management, Nursing, Clinical Services (Labs, Radiology, Pharmacy etc) as well as the necessary scheduling and reporting tools to make the system useful.

At this point two decisions are typically required. First will the system be home-grown or purchased and second will the purchase be of best of breed components and system integration services or a fully integrated clinical suite covering all the applications that are needed. These days it seems the most common approach is the purchase of integrated systems, and this is now largely the norm, so I will focus on this approach.

The approach I suggest, once the decision has been made to go with an integrated clinical suite, is as follows.

Step 1. Conduct a market scan of possible providers who have some credibility in Australia or are major players internationally. If compliance issues are a key concern a public Expression of Interest (EOI) requesting the information below be provided is reasonable and can be quickly and simply done. These approaches will identify your possible long list of providers and next we ask each of them for the following:

1. A list of at least five satisfied customers who have operational and fully integrated what you are planning to install. The key words here are “have operational and fully integrated” and “what you are planning to install”. This will exclude those who are still inventing their system (such as iSoft) or those who have a mish-mash of legacy systems which are partially integrated and which will never be fully and seamlessly integrated (It makes no sense to buy a non-integrated suite. If you do that you might as well buy a best-of breed solution.).

2. Phone contact details and calls to confirm details of implementation status, responsiveness to problems and satisfaction and a half day demonstration to a sensible number of key staff of the overall look and feel of the system will quickly obtain a reasonably short list of realistic prospects.

3. Development Plans and Timetables and what their history on on-time development and successful deployment is.

4. Financial Situation including the level of R&D spend as a fraction of revenue as well as profitability and balance sheet over the last 3-5 years. Software development companies have the possibility of being very profitable and it is a bad sign if they don’t have a reasonable ongoing profit margin.

It is also a good idea to make it clear in the EOI or request for information that any vendor “smoke and mirrors” in the answers will lead to instant disqualification from the ongoing process.

Consideration of the responses from those on the long list should allow the development of a short list of four or five reasonable possibilities. This sets the stage for the next step.

Step 2. The next step is to develop a Request for Tender which is given to each of the short list which covers business, technical operational and functional requirements. This should be designed to form the basis of an implementation contract and be designed for structured evaluation. The scale of the work involved in doing this quickly and successfully – with the right amount of user consultation on their expectations – may mean some consulting and expert legal help could be useful at this stage. (It is important the process not drag out as the momentum for change can be lost.).

On the basis of the tender responses the two top providers should be selected to undertake scripted evaluation of their product. (Lower ranked vendors can be brought back into the process if one of the top two falls out for some reason.) The scripts should be developed by the users of the various aspects of the system and intended to exercise the key functionality that is to be provided – as well as the intangibles such as the quality of the user interface, the skills of the demonstrating staff etc.

The provider should be asked to configure a system to look like a hospital similar to the purchasing organisation and to be loaded with a small test data set which can be exercised in real time to confirm the reality, functionality and integration of the candidate system.

The aim is to see the system actually do what is needed by users in a reasonable way. It must, however, be realised that the major advanced systems (Cerner, Epic, IBA etc) are very flexible and are designed to be built / configured individually for each organisation to maximise the quality of the functional fit to the organisation’s needs. These systems are not package software (like Microsoft Word) and fixed in what they can do – complex though that may be. This means the script demonstration process needs to be interactive and flexible and they point out the number of different ways the seemingly same thing can be done.

The system which has a significant number of satisfied user clients – of the software that is being purchased – and which best passes a scripted evaluation (which is not disclosed until the day of testing) has to be a very safe candidate for purchase (assuming all the technical issues (availability, response time etc) and the contractual issues can be worked through).

If Steps 1 and 2 are negotiated successfully – and the feeling among script evaluators and the technical staff is that the best system is appropriate, is real, works and is a good fit it is pretty safe to proceed. If not, great care is warranted.

David.

Friday, October 13, 2006

What Qualities do we Need in a New Australian Health Information Council?

A few weeks ago your humble scribe was told that the Australian Health Information Council (AHIC) was not dead but that it was, as we were told in Monty Python, “just resting”! More recently I have heard that there have been soundings taken regarding the membership of the new improved AHIC and who might be a suitable chair. It thus seems just possible there will be some good news soon and that AHIC will have only suffered a “near death experience”.

For those who came in late AHIC is the peak advisory body for Health Ministers in the domain of Health Information and E-Health and so has a critical role in developing a sensible national E-Health Agenda. If any serious progress is going to be made on a National E-Health Agenda and Plan AHIC will be an important player.

It is interesting the note that in the US, there is also a peak E-Health body whose acronym in AHIC. In the US AHIC stands for the American Health Information Community. This body was established about a year ago and has already commenced work and established very productive working parties in a large number of key areas (Privacy and Security, Quality, Biosurveillance, Consumer Empowerment, Chronic Care and Electronic Health Records).

Refreshingly the US version conducts monthly public meetings that are available both in transcript and web-cast with a lot of industry, consumer and technical input. The Community is also chaired by the Secretary of Health and Human Services (HHS) Mike Leavitt who is a member of the Bush Cabinet and who is responsible for the disbursement of one quarter of the Federal Budget.

With this in mind it would seem to be reasonable to hope the new improved AHIC might have the following attributes:

1. Be chaired by a Cabinet Level person (The Federal Minister for Health would be the obvious choice) so its importance is clear.

2. Operate in public with public testimony provided by relevant domain experts on a monthly basis so progress can be properly tracked.

3. Be made up of members with relevant senior specific E-Health or Health Service Delivery expertise on the Committee as well as having appropriate “super-expert” sub-committee’s to develop policy and plans in areas of need.

4. Have a clear charter and set of objectives around the need to better use Information Technology to provide patients with safer and higher quality care.

5. Be commissioned to develop a National E-Health Business Case and Implementation Plan within nine months.

6. Have a substantial secretariat to ensure the routine detailed work can be achieved quickly and with high quality.

7. Have a good mix of old and new blood to ensure the failed strategies of the past (and we have had nearly a decade of those) are not repeated.

8. Have NEHTA directly accountable, in public, to the new AHIC for all its recommendations and decisions.

I wonder what we will actually see when the new AHIC is announced – if it ever is?

David.

Wednesday, October 11, 2006

The Risks of Paper Records!

The following short article appeared in the Canberra Times a few days ago.

“http://canberra.yourguide.com.au/detail.asp?class=news&subclass=general&story_id=514600&category=General&m=10&y=2006

Dumped files a 'break of faith'
Danielle Cronin
Thursday, 5 October 2006

The dumping of sensitive medical records and personal health information at a Canberra recycling centre was a serious breach of patients' right to privacy, a consumer group said yesterday.

The discovery is detailed in the new annual report from the ACT Community and Health Services Complaints Commissioner who recorded a 13 per cent spike in complaints about the health sector in 2005-06.

Health Care Consumers' Association of the ACT president Russell McGowan said the incident involving health records was a "break of faith" with patients and should not be tolerated.

"Appropriate penalties should be in place for those who do breach that privacy of those consumers," he said.

A spokeswoman for Health Minister Katy Gallagher said the commissioner's recommendations were fully accepted and implemented by the Health Department.

Yesterday, acting Commissioner Roxane Shaw would not disclose where the files had come from or exactly where the documents were found because this could compromise the privacy of those people who were affected.

In her report, Ms Shaw said 28 folders - including two containing sensitive health records and personal health information - were found at a recycling centre.

She launched an investigation but could not determine who last had hold of the folders and how the documents ended up at the recycling centre.

The commissioner's office received 580 inquiries that resulted in 276 complaints in the past financial year - up 13 per cent on 2004-05.

But the number of cases closed was down 13 per cent from 302 in 2004-05 to 262 in 2005-06.

Each complaint could cover up to three issues and there were slightly more grievances about the private health sector than the public system.”

I thought it would be worth having a look at the original report – here is what I found.

Case study 12 – Disclosure of personal health information


Twenty-eight folders were found at a recycling centre and passed to the commissioner.

The folders contained a variety of papers, which included sensitive health records and personal health information. An investigation into the circumstances surrounding the discovery of the folders was undertaken and found that, whilst it was not possible to determine who last had possession of the folders or how the folders came to be at the recycling centre, there were two folders that contained personal health information that had been in the control of a health service provider.

The Acting Commissioner considered that information in light of the Health Records(Privacy and Access) Act 1997 and concluded that, in its arrangements for safeguarding those files, the health service provider appeared to have contravened the Health Records Act and to have acted in disregard of the generally accepted standard of service delivery expected of a health service provider. The files had been lost to the health service provider as the record keeper, and were accessed in a public place by an unauthorised person. The health service provider did not have adequate file tracking systems in place.

The Acting Commissioner concluded also that the health service provider had acknowledged the deficiency in its file management system and had taken steps to implement an appropriate file tracking system to prevent a recurrence. The Acting Commissioner returned to the health service provider the two folders that contained personal health information.

The Acting Commissioner recommended that the health service provider advise the subject(s) of the personal health information found at the recycling centre of the disclosure.

The folders that did not contain personal health information were entered on a register and then disposed of by the Acting Commissioner.”

The reason for raising this report is that it highlights just how insecure, and open to possible leakage and abuse, paper records are. This incident is just the latest I have heard of. Over the years there have been an endless series of stories about records from practices that have closed being found in dumpsters or on a council tip, records that have been faxed to the wrong telephone number, records that have vanished through misfiling and so on.

Those that see the electronic record as a risk have to address the following.

First it is well known that in most major paper based hospitals at least 10% of patient encounters are not undertaken with the complete paper record to hand. The reasons for this are legion and include the record being lost, being locked in someone’s office for completion while the patient has presented to the emergency room and so on. The consequence of the lack of the record on patient treatment, safety and the ability to respond correctly in an emergency is obvious.

Second the paper record can only be in one place at a time. It is either here or there whereas the electronic record can be accessed and updated from as many sites as needed. This means the radiologist can report on the films with full rather than ½ a line of information and so do a much better job.

Third there is really no such thing as a back-up of a paper record. If it is lost, destroyed or stolen it is gone. At least a pretty current copy of the electronic version will always be available on the backup tape.

Fourth the paper record has no intrinsic privacy control mechanism of any sort. Once it is in your hand you can read or copy with no one ever knowing. Not so properly implemented electronic records that provide an audit trail of who read what and when etc.

We need to be clear that paper records have a very great potential for harm, error and simply being un-available. All this cannot improve patient care and should not be tolerated in the 21st Century.

David.