People concerned about the privacy implications of a move to transferable electronic health and medical records should not be dissuaded by doubt as the benefits outweigh potential drawbacks, according to health industry executives.
Dr Tim Smyth, deputy director-general of NSW Health, said it is very interesting times in NSW as the state is “beavering on” with the rollout of electronic medical records and is undertaking a business case for the provision of an electronic prescribing service.
Smyth is adamant privacy concerns around electronic medical records are overstated and can lead to unnecessary concerns.
“I’ve never seen privacy as an obstacle and it’s often used as an excuse by some players not to do anything,” Smyth said.
“Healthelink in NSW was all opt-in and about 90,000 people are using it. Only a small percentage have left the service.”
Speaking at an AIIA CIO eHealth forum in Sydney, Smyth says privacy is about the information a person wants other people to know about him or herself and it is often confused with the security of information.
“Being able to transfer information is critical [and] e-health has the potential to reduce errors,” he said.
In the case of Healthelink, only authorised health care providers are able to view records and health care providers given access to Healthelink must sign an agreement to “respect the privacy of records and to maintain confidentiality of the information”.
Privacy group Civil Liberties Australia (CLA), in a letter to the federal health department, said in 2009 it supports the use of new technology to improve patient health and safety, provided a patient’s ownership and control of the information is safeguarded.
The CLA believes only a patient should be able approve the use of his or her data, except in a medical emergency, and any alleged breach of ownership, control or privacy of a patient’s data is subject to both civil and criminal legal processes.
St Vincent’s & Mater Health Sydney CIO, David Roffe, said in his experience, people in chronic care generally want to share their health information.
“E-health systems for medication management does reduce errors [and] NEHTA-compliant secure messaging is the way forward,” Roffe said.
Roffe said the prospect of public software vendors entering the realm of electronic medical records is not necessarily a conflict with government-funded or private medical care initiatives.
“There is a good opportunity for providers like Google and Microsoft to allow people to manage their own health records and not just ‘leave it to the system’,” he said, adding people are unlikely to adopt an e-health system without some form of mandate.
Deloitte e-health consultant, Adam Powick, said 80 per cent of Australians don’t understand we have a problem with e-health.
“People place a great deal of trust in the health system and for good reason,” he said. “You can’t advertise e-health as being a ‘good’ thing. It will be need to be targeted at problem areas and the generational change.”
Regarding information security, Smyth said passwords remain a problem and can “drive people crazy”.
“In NSW if you are a doctor and you move from Blacktown hospital to one in the city you have to change your password because they run on different systems. I am working to get that unified,” he said.
Privacy Commissioner calls for multi-faceted e-health framework
Australian Privacy Commissioner Karen Curtis says the office has maintained a long-standing interest in the development of e-health initiatives as they relate to the collection and handling of personal information.
“Ensuring that privacy is adequately addressed is fundamental to achieving community trust in e-health information systems and gaining consumer acceptance and take-up of the new systems,” Curtis said. “Having said that, my office welcomes the government’s assurances that a personal electronic health record scheme will be developed on an ‘opt-in’ basis.”
The commissioner recommends governments adopt a multifaceted approach to privacy which is “essential in building a robust privacy framework for a national e-health information system”.
“A comprehensive framework for privacy protection should be built into an e-health initiative based on design, technology, legislation and oversight,” Curtis said.