Getting Shared Healthcare Right- a Consumer Perspective

1. Getting Shared Healthcare Right-a Consumer Perspective Ernie Newman, Chair, National IT Health Board Consumer Panel

2. Agenda • Health – the strategic challenges • The National Health IT Plan • A personal “Shared Care Record” for everyone by 2014 • The unique sensitivity of personal health information • Essential elements of a privacy regime that will ensure the trust of the public • Action

3. Health – the strategic challenges • Massive advances in medical technology • Aging population – health workforce included • ….leading to unprecedented expectations of health services and budgets • BUT enormous potential for ICT-based solutions: • EXAMPLES: On line personal health data, consultations by video/telephone/email, remote monitoring, better self-management through information, safe support of older people in their own homes for longer, reduced hospital admissions, devolution of care from secondary to primary to community…………….

4. The National Health IT Plan • Aiming for interoperability among multiple IT systems across 20 autonomous DHBs, thousands of GP and specialist practices, and related sources, so that Shared Care Records can draw on the data they contain. • Very ambitious undertaking, across a disparate sector where the government has to coerce rather than control. • Diversity of software vendors an added complication. • BUT it is working thus far.

5. A personal “Shared Care Record” for everyone by 2014 • A set of core health information • Accessible by every clinician we deal with, irrespective of the setting • Accessible to ourselves • Including some/all of: Clinical notes, test results, radiography, list of medications, allergies, referrals/discharges, etc etc…… • Expectation the scope of the data will grow over time BENEFITS: • Better care arising from better-informed professionals • More self-care arising from better informed patients – wellness as well as health • Opens door for more effective ways to deliver health services

6. The unique sensitivity of personal health information • Health information is inherently confidential to the consumer themselves, the health professional(s) who need to know, and whoever else the consumer chooses to disclose it to. • Different information may be more or less sensitive depending on circumstances, but that is each consumer’s choice. • Government, or whoever stores and controls the data, does not “own” it, nor are they free to use it randomly. • Privacy is a non-negotiable show-stopper but it can be managed • NHITB Consumer Panel is very focused on privacy – not our only issue, but a major one

7. Some essential elements of a privacy regime that will ensure the trust of the public: • GOVERNANCE: Every database that contains consumers’ personal health data, whether at national, regional, or practice level, should be governed under a formal process that is transparent, rigorous, subject to independent external scrutiny, and includes identifiable consumer representation. • TRAINING: Before any person is given log-in access to any database containing consumers’ personal health data, they will first be trained in the sensitivity around the data and the penalties for misuse, and will sign an approved confidentiality undertaking. • ACCESS SAFEGUARDS: There must be appropriate degrees of role-based access, supported by organisational cultures that respect the sensitivity of people’s data and the trust implied in its storage. • LEGAL SANCTIONS: Legal sanctions must be thereto deter and punish any deliberate misuse of data in a way that would offend a reasonable person.

8. Current State: GOVERNANCE: Every database that contains consumers’ personal health data, whether at national, regional, or practice level, should be governed by a formal process that is transparent, rigorous, subject to independent external scrutiny, and includes identifiable consumer representation. • Currently there is no single body or agency responsible for information governance across the health sector • To fill this gap a comprehensive Information Governance Framework has been developed by the National Health IT Board • Initially compliance will be voluntary, parts incorporated into HISO standards.

9. Current State: • TRAINING: Before any person is given log-in access to any database containing consumers’ personal health data, they will first be trained in the sensitivity around the data and the penalties for misuse, and will sign an approved confidentiality undertaking. • This is work in progress. This will need to cover every employer or organisation where there are people with access – DHBs, medical practices, Integrated Family Health Centres, specialists, testing laboratories, pharmacies, etc.

10. Current State: • ACCESS SAFEGUARDS: There must be role-based access, supported by organisational cultures that respect the sensitivity of people’s data and the trust that is implied in allowing the organisation to store it. • Work in progress. There is a long way to go before role-based access is implemented across the whole health system. • However, there is general recognition of the importance of role-based access across the sector. • There is also wide understanding of the need for consumers to see who has accessed their record – this will deter inappropriate access and reassure consumers.

11. Current State: • LEGAL SANCTIONS: Legal sanctions will be in place to deter and punish any deliberate or careless misuse of personal health data in a way that would offend a reasonable person. • This is currently the weak link: • Consumer Panel compiled a list of hypotheses • ACC, and Bronwyn Pullar issue, focussed us further • Reviewed the position with an inter-ministry legal group; concluded there is a major gap in protection of data that escapes from a database • Working to have this addressed in review of Privacy Act S56 • Optimistic of resolution, but if that solution does not work another must be found urgently

12. Thank you Ernie Newman: Chair, NHITB Consumer Panel 022 376 4363 ernie@ernienewman.com www.ernienewman.com