E-health: Saving lives, protecting privacy

  • Article
hospital

Picture this. According to the “Quality in Australia Health Care” study, 25 patients die each day in our hospitals from “preventable adverse events”. That may explain public concerns about hospital patient care across our hospital system that has led to several inquiries in recent times.

However, there are solutions to “preventable adverse events”: put simply, these can be avoided. Often it may be human error, communication breakdown, or the provision of incorrect medicine, which could lead to a less than desirable health outcome or even harm. Take, for example, an inquest this year into the death of a sixteen-year-old girl who died due to a series of compounded errors. In his summary, the Deputy State Coroner, Carl Milovanovich, made an unusually frank statement: “Poor communication, poor record‑keeping and poor management.”

Technology has a role to play here to prevent serious harm. In fact, the technology is there now to store all your health records electronically to ensure our health care professionals have seamless access to important information when the need arises, and help improve communication lines.

The issue of individual electronic health records has long been on the agenda; however, along with such records, we need clinicians, doctors and nurses conversant in the technology while also being able to protect patient privacy. On 11 August 2008, the Australian Law Reform Commission (ALRC) recommended 295 changes to privacy laws and practices. Among the recommendations were the drafting of new Privacy (Health Information) Regulations, and recommendations to deal with electronic health records.

ALRC President, Professor David Weisbrot, conceded: “These days, information privacy touches almost every aspect of our daily lives, including our medical records and health status.” In keeping with these recommendations, consideration should also be given to a privacy-sensitive approach to the development of electronic health information management systems and to adopt a federated data model. Rather than centralising data storage, a federated model seeks to centralise the point of access. Data storage is compartmentalised and access is granted only on a “need to know” basis.

This approach ensures that systems are designed with built-in checks and balances to lower the risk (both in terms of the likelihood and magnitude) of data security breaches. These systems are needed to prevent breaches like the one that occurred in September 2007, where federal authorities arrested a scheduling clerk at the Cleveland Clinic in Weston, Florida. The clerk had allegedly passed on personal identification information of more than 1,100 patients to her cousin who in turn submitted US$2.8 million in false claims to Medicare.

As software gets more powerful, privacy issues pose “an interesting software challenge”, as stated recently by Microsoft founder, Bill Gates. Achieving the benefits of e-health in Australia will require cultural change and adaptation to a more connected, collaborative and proactive mode of healthcare delivery.

From general practitioners to pharmacists to hospital doctors to specialists – they all have unique requirements and operate in organisations with varying work cultures. As such, they will have different vulnerabilities from a security and privacy perspective as well as differing abilities and needs to adapt culturally.

We must continue to enact change, including the adoption of technology to minimise “preventable adverse events” in our hospitals while maintaining strong privacy safeguards to protect patient privacy.

To learn more about Microsoft and health, visit www.microsoft.com.au/health

Sassoon Grigorian, Manager, Government Affairs

*Microsoft Australia provided a submission to the NEHTA’s (National E-Health Transition Authority) Privacy blueprint for the Individual Electronic Health Record (IEHR).