Surprisingly for a Sunday we have the Australian putting up a couple of new articles on the PCEHR.
The first extends the coverage of the MSIA submission to the Senate.
Fears over 'parasitic' e-health software
- by: Karen Dearne
- From: The Australian
- February 05, 2012
CONCERNS about the safety of "parasitic" software used to populate GPs' desktop systems with patients' identity numbers at lead sites for the $500 million personally controlled record system will be aired during a Senate inquiry hearing tomorrow.
Most of the sites are using "a National E-Health Transition Authority-sponsored initiative to inject Individual Healthcare Identifiers (IHIs) into GP desktop software", the Medical Software Industry Association says.
"This has been done largely without the consent or cooperation of the software vendors (who provide the 'host' systems)," its submission to the inquiry says.
"This is an inherently unsafe process. MSIA made NEHTA and the federal Health department aware of its concerns over this process at the Conformance, Compliance and Accreditation (CCA) governance group more than 10 months ago.
"However, the roll-out has continued unchecked, and NEHTA has been unable to provide any information about subsequent evaluation of potential errors that may have been introduced into live patient records."
The MSIA's president, Jon Hughes, immediate past president Geoffrey Sayer and treasurer Vincent McCauley will be giving evidence to the Community Affairs committee's broad-ranging inquiry into the PCEHR Bill and related matters.
Later on Monday, representives from two lead sites using the Synch application - developed by Brisbane-based Health Industry Exchange Ltd to NEHTA specifications, will appear before the hearing, together with Mark Gibson, HIE's e-health manager.
Abbe Anderson, chief executive of the Metro North Brisbane Medicare Local, and Adam McLeod, director of e-health strategy, Inner Melbourne East Medicare Local, say their sites have worked with Medicare, NEHTA and participating GPs "in the initial deployment of IHIs to ready general practices for the use of e-health systems and processes".
"Our activity has been to adopt and adapt available aspects of national infrastructure and e-health specifications at the local level to provide health information exchange and record-sharing between GPs, clinicians and hospitals," they said in a joint submission also from the third lead site, Hunter Urban Medicare Local, presented late on Friday.
"During the past 12 months, more than 300 practices have been supported to undertake initial healthcare identifier matching with more than 1 million IHIs processed.
"Practices have been able to undertake initial data quality work to determine their level of e-health readiness for use of IHIs.
"Vendors have been provided early insights as to the issues that practice systems will need to handle in the operation of IHIs."
The three lead sites say it's essential to integrate the PCEHR system "into GPs' existing desktop clinical software and workflows; a system that involves GPs logging onto a website or having to rekey information will fail".
HIE chief executive Brett Silvester has previously told The Australian that its Synch application was "the first of its kind software to comply with both the Medicare operations and NEHTA compliance processes for IHI deployment".
"The HIE Synch application we produced enables data matching with the Medicare HI service data store to retrieve and store patients' identifier data into the GP practice desktop system," Mr Silvester said last July.
"By synchronising practice records with the HI service, the application will help improve the correct identification of patients, data quality and accuracy when communicating and sharing information among healthcare providers.
"Having passed both (conformance and compliance) tests, it is now able to be connected to the HI service and is being installed in over 300 general practices in the 'wave one' PCEHR sites."
But the MSIA points to a peer-reviewed paper by Dr McCauley and Dr Patricia Williams of the School of Computer and Security Science at Edith Cowan University, Perth, which warns unauthorised "bolt-ons", or "parasitic software", risk introducing a variety of vulnerabilities and threats.
These include "a significant threat" of buffer overflows "where the parasitic software has not followed established standards of development, or has not been developed consistent with the style and construction of the applications and database" it interacts with.
Buffer overflows occur where a program writes outside the boundary checker, effectively violating memory protection, and are a well-known vulnerability subject to malicious attack.
Other risks include a lack of secure authentication with operating systems and databases, the manipulation of session IDs, a lack of change management control, and direct threats to the security present in operating systems and databases.
There is a huge amount more here:
Second we have a blog pointing out the DoHA and NEHTA have got themselves in the relative bad books by failing to ask questions on notice from a Senate Estimates hearing months ago.
Outstanding questions on e-health program
Techno Blog | 05 February 2012
BY KAREN DEARNE
AS a public hearing of the Senate Personally Controlled E-Health Records Bills inquiry gets underway on Monday, it’s worth noting that the federal Health department is yet to answer pertinent questions put at the estimates session last October.
Many questions relating to the PCEHR and the National E-Health Transition Authority - NEHTA’s performance in delivering the program is also on the inquiry agenda - are still unanswered, almost two months after they were due.
The Community Affairs committee has signalled its tetchiness, last week putting this notice on its webpage: Responses to questions taken on notice at the Supplementary Budget Estimates hearings were due on Friday 9 December 2011 - standing order 74(5) takes effect 30 days after this date.
They are invoking this order: “If a question taken on notice during a hearing of a legislative and general purpose standing committee considering estimates remains unanswered 30 days after the day set for answering the question, and a minister does not, within that period, provide to the senator who asked the question an explanation satisfactory to that senator of why an answer has not yet been provided:
a) at the conclusion of question time on any day after that period, the senator may ask the relevant minister for such an explanation; and b) the senator may, at the conclusion of the explanation, move without notice - That the Senate take note of the explanation.
Or c) in the event that the minister does not provide an explanation, the senator may, without notice, move a motion with regard to the minister’s failure to provide either an answer or an explanation.”
What makes this matter more than usually sensitive is the fact that the Community Affairs committee is currently holding its inquiry into the PCEHR Bills introduced into parliament late last year by former health minister Nicola Roxon.
She was in a hurry to have the legislation passed, as it is needed to permit the go-live of the PCEHR program on July 1.
The Senate Selection of Bills committee obliged, by immediately referring the bills for inquiry, along with a sweeping remit to investigate the design, functionality and capability of the PCEHR at its launch, NEHTA’s use of consultants and contractors and management of tenders, and safety of software products developed by NEHTA for the program.
Ms Roxon, the Health department and NEHTA have consistently reassured the public that the PCEHR program is running smoothly and on track for the due date.
However a rash of concerns identified in submissions to the inquiry paint a different picture.
So it’s instructive to look at the questions Health is struggling to answer, more than three months after they were asked.
All the examples are provided here:
I have provided a program for tomorrow’s hearings (starting at 8:00 am here):
I have to say it seems pretty stupid to not be responsive to the Senate’s questions when they are holding an enquiry. This enquiry can have a major impact on the e-Health program for good or ill and you would think DoHA and NEHTA would be keen to put their best foot forward.
For mine I think it can be argued that this whole process is about six months too late for useful corrective action to be realistically possible but had it happened then the fiasco that has now evolved might not have been so obvious and demanding of remedy!
And just when you thought it was safe to go back in the water we have this:
http://jamia.bmj.com/content/19/1/2.abstract
And just when you thought it was safe to go back in the water we have this:
http://jamia.bmj.com/content/19/1/2.abstract
J Am Med Inform Assoc 2012;19:2-5 doi:10.1136/amiajnl-2011-000674
- Perspective
The dangerous decade
+ Author Affiliations
- Correspondence to Professor Enrico Coiera, Centre for Health Informatics, University of New South Wales, Sydney, NSW 2052, Australia; e.coiera@unsw.edu.au
- Accepted 1 November 2011
- Published Online First 24 November 2011
Abstract
Over the next 10 years, more information and communication technology (ICT) will be deployed in the health system than in its entire previous history. Systems will be larger in scope, more complex, and move from regional to national and supranational scale. Yet we are at roughly the same place the aviation industry was in the 1950s with respect to system safety. Even if ICT harm rates do not increase, increased ICT use will increase the absolute number of ICT related harms. Factors that could diminish ICT harm include adoption of common standards, technology maturity, better system development, testing, implementation and end user training. Factors that will increase harm rates include complexity and heterogeneity of systems and their interfaces, rapid implementation and poor training of users. Mitigating these harms will not be easy, as organizational inertia is likely to generate a hysteresis-like lag, where the paths to increase and decrease harm are not identical.
-----
I hope our learned Senators can understand what they are being told!
One way or another I suspect tomorrow may just be a watershed in Australian e-Health. If it is not it will be a major opportunity lost.
David.