The Australian PCEHR System: Ensuring Privacy and Security through an Improved Access Control Mechanism

An Electronic Health Record (EHR) is designed to store diverse data accurately from a range of health care providers and to capture the status of a patient by a range of health care providers across time. Realising the numerous benefits of the system, EHR adoption is growing globally and many countries invest heavily in electronic health systems. In Australia, the Government invested $467 million to build key components of the Personally Controlled Electronic Health Record (PCEHR) system in July 2012. However, in the last three years, the uptake from individuals and health care providers has not been satisfactory. Unauthorised access of the PCEHR was one of the major barriers. We propose an improved access control model for the PCEHR system to resolve the unauthorised access issue. We discuss the unauthorised access issue with real examples and present a potential solution to overcome the issue to make the PCEHR system a success in Australia

Building patient trust in electronic health records

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been as straight forward, holistic or as uniform as in the European countries’ studied. This has meant that issues around personal privacy and security have not been addressed in an effective and functional manner. Surprisingly, the researchers found that the patient is absent in the PCEHR privacy and security discussion; and their perceptions of, and requirements for privacy and secure management of their medical information is absent. The concept of personal privacy and security has yet to be fully explored from the patient’s perspective, despite it being a Personally Controlled Health Record

Building patient trust in electronic health records

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been as straight forward, holistic or as uniform as in the European countries’ studied. This has meant that issues around personal privacy and security have not been addressed in an effective and functional manner. Surprisingly, the researchers found that the patient is absent in the PCEHR privacy and security discussion; and their perceptions of, and requirements for privacy and secure management of their medical information is absent. The concept of personal privacy and security has yet to be fully explored from the patient’s perspective, despite it being a Personally Controlled Health Record

Implementation of E-health Record Systems in Australia

Abstract Consideration of e-health record systems in Australia started in 2000. Based on the effort to develop stand-alone and state-wide systems, the national Personally Controlled Electronic Health Record system was released on July 1, 2012. However this system has been widely criticised, although stakeholders are in favour of a national system. To overcome the challenges to the system and achieve its benefits, recommendations are provided for improving system effectiveness and usability, and adopting applicable government policies

Mobile Device Management for Personally Controlled Electronic Health Records: Effective Selection of Evaluation Criteria

Enterprises are faced with the task of managing a plethora of mobile computing devices in the workplace that are employed for both business purposes and private use. This integration can contribute to the demands of security protection and add significant threats to the enterprise. The introduction of the Personally Controlled Electronic Health Record (PCEHR) system is a significant step in e-health for Australia and will likely result in sensitive information being accessed from mobile computing devices. Mobile Device Management (MDM) offers a potential solution to manage these devices, however there is a variety of vendors with a range of solutions. This paper presents preliminary research into a generic methodology that could be used to assist the enterprise in the MDM selection process particularly when mobile devices will eventually integrate with the Australia’s PCEHR

Mobile Device Management for Personally Controlled Electronic Health Records: Effective Selection of Evaluation Criteria

Enterprises are faced with the task of managing a plethora of mobile computing devices in the workplace that are employed for both business purposes and private use. This integration can contribute to the demands of security protection and add significant threats to the enterprise. The introduction of the Personally Controlled Electronic Health Record (PCEHR) system is a significant step in e-health for Australia and will likely result in sensitive information being accessed from mobile computing devices. Mobile Device Management (MDM) offers a potential solution to manage these devices, however there is a variety of vendors with a range of solutions. This paper presents preliminary research into a generic methodology that could be used to assist the enterprise in the MDM selection process particularly when mobile devices will eventually integrate with the Australia’s PCEHR

Sound Foundations: Leveraging International Standards for Australia\u27s National Ehealth System

Background: Australia is currently in the process of deploying a national personally controlled electronic health record (PCEHR). This is being built using a combination of international standards and profiles as well as Australian Standards and with specifications developed by the National eHealth Transition Authority (NeHTA). Objective: There exists a poor appreciation of how the complex construction of the overall system is supported and protected by multiple international standards. These fundamental underpinnings have been sourced from international standards groups such as Health Level Seven (HL7) and Integrating the Health Enterprise (IHE) as well as developed locally. In addition, other services underlie this infrastructure such as secure messaging, the national Health Identification Service and the National Authentication Service for Health (NASH). Methods: An analysis of the national e-health system demonstrates how this model of standards and service integration results in a complex service oriented architecture. Results: The expected benefits from the integrated yet highly dependent nature of the national ehealth system are improved patient outcomes and significant cost savings. These are grounded and balanced by the current and future challenges that include incorporating the PCEHR into clincial workflows and ensuring relevant, timely, detailed clinical data as well as consistent security policy issues and unquantified security threats. Conclusions: Ultimately, Australia has designed an ambitious yet diverse and integrated architecture. What remains to be seen is if the challenges that the medical software industry and clinical community face in leveraging the political process in order to encourage provider and public participation in ehealth, can be achieved despite the sound underpinnings of international standards

Why Australia\u27s e-health system will be a vulnerable national asset

Connecting Australian health services and the e-health initiative is a major talking point currently. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However the largest problem may not be these issues in sharing information but the fact that the point of origin and storage of such records is still relatively insecure. Australia aims to have a Personally Controlled Electronic Health Record in 2012 and this is underpinned by a national network for e-health. It is this very foundation that becomes the critical infrastructure, with general practice the cornerstone for its success. Yet, research into the security of medical information has shown that many general practices are unable to create an environment with effective information security. This paper puts together the connections of e-health and the complex environment in which it is positioned. A discussion of how this critical infrastructure is assembled is presented, and the key vulnerabilities are identified. Further, it addresses how security may be approached to cater for this diverse and complex environment. From a national security and critical infrastructure perspective, as medical records are part of society’s critical infrastructure, the most effective system attacks are those on the points of highest vulnerability. In our current health system infrastructure those points are the data collection and records retention areas of individual medical providers. Progress towards changing this situation is key to its success

Western Australian Radiology Departments’ Views on Australian Personally Controlled Electronic Health Record

Introduction: Since the last decade, many countries have started developing a national electronic health record (EHR). The national EHR in Australia is called Personally Controlled Electronic Health Record (PCEHR). It has been available for use since 1 July 2012. A federal government’s review of its implementation was conducted in late 2013 because it failed to meet the set targets. The purpose of this study was to investigate Western Australian radiology departments’ views on the PCEHR complementary to the government’s review report. Methods: Chief medical imaging technologists (n=18) and picture archiving and communication system (PACS) administrators (n=18) from public and private hospitals in Western Australian were invited to participate in this study in May 2014. The response rate for participation was 22.2 percent (8/36). Semi-structured interviews were conducted with the participants to obtain their perceptions of PCEHR. The interviews were analysed inductively and thematically. Results: There were eight people (n=8) who agreed to participate. They believed the PCEHR would enhance efficiency and effectiveness of healthcare services if barriers to its implementation were addressed. The major barriers identified were concern of individual privacy, increase of staff workload, inadequate system functionalities and training, lack of involvement of stakeholders and money. The use of Medicare to provide both positive and negative incentives to the stakeholders was suggested as a viable solution to address the current barriers. Conclusion: This study investigated four Western Australian radiology departments’ perceptions of PCEHR. Although their perceptions were similar to the ideas in the government’s review report in general, new insights were also provided by the participants. These findings could potentially complement the government’s review