The legal and ethical implications of electronic patient health records and e-health on Australian privacy and confidentiality law

This thesis addresses the legal and ethical issues posed by introduction of electronic patient health records. Against the background of an analysis of broader conceptual and theoretical understandings of development of electronic patient health records (EPR) and e-health regimes in Australia and comparable countries over the last few decades, the thesis critically examines the extent to which its implementation is consistent with established legal and ethical principles underpinning traditional health assumptions and practices. To this end the thesis explores the evolution and progress of modern health, technology, law and governance issues in e-health, identifying critical features of emerging EPR and e-health systems such as broad innovative industry technology involvement, and potentially problematic practices such as personal information ‘collection’, ‘sharing’ and ‘networking’ activities. The thesis contends that while adopting technology such as e-health comports with modern day progress, the transformational power of technology on society and individual lives has the potential to impose significant human costs for health consumers and everyday life. Through an analysis of the new electronic regime the thesis reveals how Australian Governments, healthcare providers, consumers and other stakeholders interpret and deal with advances in personal healthcare information changes in the new electronic system. The healthcare privacy model advanced in the thesis, in conjunction with an analysis grounded in theories of deliberative democracy, provides the foundation for the thesis argument that the legal, ethical and democratic challenges posed to privacy and participation interests by implementation of e-health policies can best be alleviated in Australia through further structural reforms beyond those recently proposed by a federal review. The thesis contends that an independent ‘Council’, with broad powers to consult and engage the public is an important part of the solution to the political and economic problems identified by the thesis analysis showing that individual privacy protection in healthcare is threatened and that earlier privacy protection mechanisms may prove inadequate in the emerging global information era

The Potential for Machine Learning Analysis over Encrypted Data in Cloud-based Clinical Decision Support - Background and Review

This paper appeared at the 8th Australasian Workshop on Health Informatics and Knowledge Management (HIKM 2015), Sydney, Australia, January 2015. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 164, Anthony Maeder and Jim Warren, Ed. Reproduction for academic, not-for profit purposes permitted provided this text is includedIn an effort to reduce the risk of sensitive data exposure in untrusted networks such as the public cloud, increasing attention has recently been given to encryption schemes that allow specific computations to occur on encrypted data, without the need for decryption. This relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data in a meaningful way while still in encrypted form. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. This review paper examines the history and current status of homomoprhic encryption and its potential for preserving the privacy of patient data underpinning cloud-based CDS applications

Bringing health and fitness data together for connected health care: Mobile apps as enablers of interoperability

Background: A transformation is underway regarding how we deal with our health. Mobile devices make it possible to have continuous access to personal health information. Wearable devices, such as Fitbit and Apple's smartwatch, can collect data continuously and provide insights into our health and fitness. However, lack of interoperability and the presence of data silos prevent users and health professionals from getting an integrated view of health and fitness data. To provide better health outcomes, a complete picture is needed which combines informal health and fitness data collected by the user together with official health records collected by health professionals. Mobile apps are well positioned to play an important role in the aggregation since they can tap into these official and informal health and data silos. Objective: The objective of this paper is to demonstrate that a mobile app can be used to aggregate health and fitness data and can enable interoperability. It discusses various technical interoperability challenges encountered while integrating data into one place. Methods: For 8 years, we have worked with third-party partners, including wearable device manufacturers, electronic health record providers, and app developers, to connect an Android app to their (wearable) devices, back-end servers, and systems. Results: The result of this research is a health and fitness app called myFitnessCompanion, which enables users to aggregate their data in one place. Over 6000 users use the app worldwide to aggregate their health and fitness data. It demonstrates that mobile apps can be used to enable interoperability. Challenges encountered in the research process included the different wireless protocols and standards used to communicate with wireless devices, the diversity of security and authorization protocols used to be able to exchange data with servers, and lack of standards usage, such as Health Level Seven, for medical information exchange. Conclusions: By limiting the negative effects of health data silos, mobile apps can offer a better holistic view of health and fitness data. Data can then be analyzed to offer better and more personalized advice and care

Converging outcomes in nationally shareable electronic health records (NEHRs): An historical institutionalist explanation of similar NEHR outcomes in Australia, England and the United States of America

The adoption of nationally shareable electronic health records (NEHRs) in Australia, England and the United States became major policy and political issues between c1998 and 2015. They continue to be so. As a policy issue, the benefits of ehealth, and subsequently NEHRs as mechanisms for institutional change, were rhetorically popular. Politically however, the development, implementation and regulation of NEHRs proved to be difficult and fraught with criticism from nearly all ehealth stakeholders. The NEHR programs each country pursued at the national level were exceptionally expensive and complex infrastructure undertakings. They involved institutional change management that produced tension amongst stakeholders, required the state to decide on trade-offs that produced winners and losers, and resulted in unintended consequences. Initially, each country approached these policy and political issues differently. Examining why they then had substantially similar outcomes is the substantive puzzle that lies at the centre of this research. This thesis adopts an historical institutionalist approach to explain why state efforts to pursue the development, implementation and regulation of NEHRs at the national level in Australia, England and the United States resulted in substantially similar outcomes despite adopting initially different approaches. The thesis first compares why each case study country pursued ehealth, embarked on organisational change in order to achieve its ehealth and NEHR goals, and adopted NEHRs, noting similarities and major differences. The thesis then compares the state's role in the development of NEHRs at the national level in each country, again noting similarities and differences. A comparative evaluation of the cases is then undertaken in order to explain why each state continued to pursue NEHRs, despite the significant barriers to institutional change they faced. Here, the theoretical concepts of path dependency, critical junctures and incremental change are used to enhance the explanation. The thesis will then explain why the outcomes, as assessed through the lens of public policy evaluation, were substantially similar in each country. Finally, the thesis details the findings of the research through the lens of historical institutionalism and states the significance and implications of the research. The research found that while each case study country approached the policy and political issues of ehealth and NEHRs differently, the outcomes were substantially the same because their goals, and the barriers they faced in trying to achieve them, were very similar. Australia started with a decentralised national health information network (NHIN) then changed to a centralised NEHR. England started with, and continued to pursue, a centralised NEHR. The United States eschewed government development and implementation of an NEHR and took the path of incentivising and regulating electronic health records (EHRs) in an effort to make them nationally shareable. Similar goals across the three countries included moving from a paper to an EHR system; giving patients more control over their health information; making EHRs interoperable; increasing EHR usability and the meaningful use of patient health information; and improving the efficiency and effectiveness of care. Similar barriers included: cost, privacy, trust, stakeholder preferences, and the state attempting to drive change too quickly producing stakeholder resistance and negative outcomes. The thesis findings also provide support for theoretical explanations of institutional stasis and change within the context of path dependency, critical junctures and incremental institutional change

Assessing the level of readiness in Tshwane and Dr Kenneth Kaunda Districts for implementing a national patient based information system

Research Report submitted to the Faculty of Health Sciences, University of the Witwatersrand, Johannesburg, in partial fulfilment of the requirements for the Degree of Master of Public Health. March 2017.PURPOSE: The National Health Insurance programme has been identified as a priority to achieve Universal Health Coverage in South Africa. The development and implementation of a health information system (HIS) that is underpinned by a master population index (ability to uniquely identify a person), and operates on the electronic health records (EHR) model is critical for the implementation of the NHI. This study assesses the level of readiness in Tshwane and Dr Kenneth Kaunda districts for implementing a national patient based health information system. METHODS: This study design was a descriptive cross-sectional design. The study used a structured questionnaire to measure the level of readiness in two NHI districts, namely, Tshwane and Dr Kenneth Kaunda, for implementing a patient based National Health Information System in South Africa. RESULTS: The assessment has revealed that PHC facilities are at varying levels of readiness for implementing a national patient based information system. Tshwane scored better than Dr Kenneth Kaunda district on all four readiness criteria, with non-significant differences between them for core readiness, engagement readiness, and societal readiness and significantly higher levels in Tshwane for technological readiness. The readiness results varied across all four domains, ranging from 13% and 16% for core readiness to 59% and 68% for engagement readiness for Dr Kenneth Kaunda and Tshwane districts respectively. CONCLUSION: PHC facilities in Tshwane and Dr Kenneth Kaunda districts were capacitated with respect to ICT infrastructure. There were weaknesses with respect to business processes and IT support. The business process for the filing system needs to be defined, optimised and implemented in PHC facilities. The turnaround time for IT support was unacceptably high in both districts and needs to be improved prior to implementation of a patient based information system.LG201

Advancing Ehealth Education for the Clinical Health Professions

This is the final report of a project that aimed to encourage and support program coordinators and directors of Australian undergraduate and postgraduate coursework programs in all allied health, nursing and medical professions to address the need for Ehealth education for entry-level clinical health professionals

UK National Data Guardian for Health and Care’s Review of Data Security: Trust, better security and opt-outs

Sharing health and social care data is essential to the delivery of high quality health care as well as disease surveillance, public health, and for conducting research. However, these societal benefits may be constrained by privacy and data protection principles. Hence, societies are striving to find a balance between the two competing public interests. Whilst the spread of IT advancements in recent decades has increased the demand for an increased privacy and data protection in many ways health is a special case. UK are adopting guidelines, codes of conduct and regulatory instruments aimed to implement privacy principles into practical settings and enhance public trust. Accordingly, in 2015, the UK National Data Guardian (NDG) requested to conduct a further review of data protection, referred to as Caldicott 3.  The scope of this review is to strengthen data security standards and confidentiality. It also proposes a consent system based on an "opt-out" model rather than on "opt-in.Across Europe as well as internationally the privacy-health data sharing balance is not fixed.  In Europe enactment of the new EU Data Protection Regulation in 2016 constitute a major breakthrough, which is likely to have a profound effect on European countries and beyond.  In Australia and across North America different ways are being sought to balance out these twin requirements of a modern society - to preserve privacy alongside affording high quality health care for an ageing population.  Whilst in the UK privacy legal framework remains complex and fragmented into different layers of legislation, which may negatively impact on both the rights to privacy and health the UK is at the forefront in the uptake of international and EU privacy and data protection principles. And, if the privacy regime were reorganised in a more comprehensive manner, it could be used as a sound implementation model for other countries

Comparative study of healthcare messaging standards for interoperability in ehealth systems

Advances in the information and communication technology have created the field of "health informatics," which amalgamates healthcare, information technology and business. The use of information systems in healthcare organisations dates back to 1960s, however the use of technology for healthcare records, referred to as Electronic Medical Records (EMR), management has surged since 1990’s (Net-Health, 2017) due to advancements the internet and web technologies. Electronic Medical Records (EMR) and sometimes referred to as Personal Health Record (PHR) contains the patient’s medical history, allergy information, immunisation status, medication, radiology images and other medically related billing information that is relevant. There are a number of benefits for healthcare industry when sharing these data recorded in EMR and PHR systems between medical institutions (AbuKhousa et al., 2012). These benefits include convenience for patients and clinicians, cost-effective healthcare solutions, high quality of care, resolving the resource shortage and collecting a large volume of data for research and educational needs. My Health Record (MyHR) is a major project funded by the Australian government, which aims to have all data relating to health of the Australian population stored in digital format, allowing clinicians to have access to patient data at the point of care. Prior to 2015, MyHR was known as Personally Controlled Electronic Health Record (PCEHR). Though the Australian government took consistent initiatives there is a significant delay (Pearce and Haikerwal, 2010) in implementing eHealth projects and related services. While this delay is caused by many factors, interoperability is identified as the main problem (Benson and Grieve, 2016c) which is resisting this project delivery. To discover the current interoperability challenges in the Australian healthcare industry, this comparative study is conducted on Health Level 7 (HL7) messaging models such as HL7 V2, V3 and FHIR (Fast Healthcare Interoperability Resources). In this study, interoperability, security and privacy are main elements compared. In addition, a case study conducted in the NSW Hospitals to understand the popularity in usage of health messaging standards was utilised to understand the extent of use of messaging standards in healthcare sector. Predominantly, the project used the comparative study method on different HL7 (Health Level Seven) messages and derived the right messaging standard which is suitable to cover the interoperability, security and privacy requirements of electronic health record. The issues related to practical implementations, change over and training requirements for healthcare professionals are also discussed