Background

Electronic health information systems

61.3 A large number of electronic health information systems are being developed at local, regional, state and territory, and national levels across Australia. Many of these systems are being developed within the federal HealthConnect framework. HealthConnect is

an overarching national change management strategy to improve safety and quality in health care by establishing and maintaining a range of standardised electronic health information products and services for health care providers and consumers.[1]

61.4 In its submission to the Office of the Privacy Commissioner (OPC) review of the private sector provisions of the Privacy Act 1988 (Cth) (the OPC Review), the Department of Health and Ageing (DOHA) stated that HealthConnect was designed to overcome gaps in information flow at the point of clinical care and that:

While there is wide acceptance of the benefits that HealthConnect can deliver, particularly in the areas of patient safety and quality of care, there is also recognition that there are privacy and security risks that need to be managed to ensure such benefits are realised. Personal health information is sensitive information, and both consumers and providers will need to have trust in how their information is handled within and external to HealthConnect ahead of participating in this system. In this context, privacy and security issues are consistently identified as a key building block for HealthConnect among all stakeholders.[2]

61.5 The following are examples of electronic health information initiatives being developed at the state level. In March 2006, the New South Wales Government announced Healthelink, an electronic health records system which is currently being piloted in different parts of the state. Healthelink brings together a summary of an individual’s health information from different doctors, hospitals and other health service providers into one secure computer record.[3] HealthConnect Northern Territory has also commenced implementation of a shared electronic health record service.[4] HealthConnect South Australia is working on three major initiatives, including the development of an electronic planning and referral system for health consumers with chronic disease.[5]

61.6 The HealthConnect website notes that there are a number of national initiatives under development that could be implemented within the next 12 to 18 months, including:

  • e-prescriptions—prescriptions for medication being sent electronically from health care providers to pharmacies;

  • e-referrals—referrals or requests being sent electronically from one health care provider to another (for example, from a doctor to a radiologist); and

  • hospital discharge summaries—summaries of the treatment provided and the proposed future care plan being sent electronically from hospitals to doctors, specialists or aged care facilities.[6]

61.7 The National E-Health Transition Authority (NEHTA) was established in 2005 to set national standards, specifications and infrastructure requirements for electronically collecting and securely exchanging health information. NEHTA is funded jointly by the Australian, state and territory governments. The NEHTA Board is composed of the chief executive officers of the Australian, state and territory health departments. The aim is to ensure a common national approach, setting the necessary foundations for future electronic health systems across Australia.[7]

National shared electronic health records

61.8 In February 2006, the Council of Australian Governments (COAG) agreed to accelerate work on a national electronic health records system

to build the capacity for health providers, with their patient’s consent, to communicate quickly and securely with other health providers across the hospital, community and primary medical settings.[8]

61.9 NEHTA is responsible for developing a design for a national approach to Shared Electronic Health Records (SEHRs)—records that will contain selected health information about a health consumer, which can be shared among multiple authorised health service providers. An important precursor to SEHRs is the development of a Unique Healthcare Identifiers (UHIs) scheme for individuals and healthcare providers to ensure that information is attributed to the right patient and the right provider.

Healthcare requires the constant collection, exchange and transmission of health information. This is usually in the context of information about a single patient being exchanged between multiple healthcare providers. It is critical for patient safety and privacy that this information exchange occurs reliably and securely.

The Council of Australian Governments has committed Australia to a single, national approach to identifying individuals and healthcare providers for the purposes of health communications. This approach, being developed by NEHTA, is known as the Unique Healthcare Identification (UHI) Service.

The UHI Service will involve the allocation, issuing and maintenance of unique identifiers for individuals (known as the Individual Healthcare Identifier or IHI) and healthcare providers (the Healthcare Provider Identifier or HPI).[9]

61.10 In December 2006, NEHTA released a Privacy Blueprint—Unique Healthcare Identifiers,[10] which discusses how NEHTA proposes to manage the privacy issues arising from the UHI Service. The Privacy Blueprint states that the Individual Healthcare Identifier (IHI) will be used only to identify individuals for health care and that individuals will not be required to produce an IHI to receive health care.[11] NEHTA also expresses the view that legislation supporting the creation of the UHI Service would create greater legal certainty, particularly around the creation and distribution of unique identifiers. Other issues that might be covered in such legislation include governance arrangements and sanctions for misuse of the identifiers.[12]

61.11 A report on feedback to the Privacy Blueprint—Unique Healthcare Identifiers, noted that:

Any unique personal identifier, especially where widely held in the community, raises a significant privacy risk of inappropriate datalinking and data-matching. The OPC noted that it will be important to ensure this risk is mitigated and that such a highly reliable identifier is not usurped for purposes beyond the health system and the clinical care of individuals.

The UHI Service potentially holds a very large database on most, if not all, Australians and foreign residents who obtain healthcare. The OPC considered a unique aspect of the proposal is that access to UHI data will be available to a large number of health sector users, raising the risk of misuse or abuse of the data and access privileges, particularly to locate the home address of an individual for purposes unrelated to healthcare. Accordingly, the OPC welcomed NEHTA’s detailed measures contained in the Privacy Blueprint directed at protecting individual privacy.[13]

61.12 The OPC Review recommended that the Australian Government consider developing specific enabling legislation to underpin any national electronic health records system. The Review also recommended that any such legislation should include safeguards to ensure that participation in the system is voluntary, and limitations on the use of the records in the system.[14]

[1] Australian Government Department of Health and Ageing, HealthConnect: FAQs <www.healthconnect
.gov.au> at 14 May 2008.

[2] Australian Government Department of Health and Ageing, Submission to the Office of the Privacy Commissioner Review of the Private Sector Provisions of the Privacy Act 1988, December 2004.

[3] J Hatzistergos (New South Wales Minister for Health), ‘Trial of Electronic Health Records’ (Press Release, 23 March 2006).

[4] C Burns (Northern Territory Minister for Health), ‘Connecting Health Services Territory-Wide’ (Press Release, 1 November 2006).

[5] HealthConnect South Australia, HealthConnect South Australia: Health Information When You Need It <www.healthconnectsa.org.au/> at 14 May 2008.

[6] Australian Government Department of Health and Ageing, HealthConnect: FAQs <www.healthconnect
.gov.au> at 14 May 2008.

[7] National E-Health Transition Authority, About NEHTA <www.nehta.gov.au> at 1 August 2007.

[8] Council of Australian Governments, Council of Australian Governments’ Communique, 10 February 2006. The Commonwealth agreed to contribute $65 million to the project and the states and territories agreed to contribute $65 million in the period to 30 June 2009.

[9] National E-Health Transition Authority, ‘Privacy Blueprint—Unique Healthcare Identifiers Release Notes’ (Press Release, 13 December 2006). Identifiers are discussed in detail in Ch 30.

[10] National E-Health Transition Authority, Privacy Blueprint—Unique Healthcare Identifiers, Version 1.0 (2006).

[11] National E-Health Transition Authority, ‘Privacy Blueprint—Unique Healthcare Identifiers Release Notes’ (Press Release, 13 December 2006).

[12] National E-Health Transition Authority, Privacy Blueprint—Unique Healthcare Identifiers, Version 1.0 (2006), 24.

[13] National E-Health Transition Authority, Privacy Blueprint on Unique Healthcare Identifiers: Report on Feedback, Version 1.0 (2007), 5.

[14] Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005), rec 71.