We have been talking eHealth records for years.  Almost worldwide, the topic is treated by many in the health informatics arena as a self‑evident necessity, by some health service providers as an investment and re‑training imposition with little direct return to their practices and by health consumers with suspicion. 

There appear to be countless reasons for this impasse, in Australia as elsewhere. 

With the forthcoming hospital revolution foreshadowed by the incoming Federal Government, is this an opportunity to break the impasse?  Oxygenating the health information bloodstream that will be essential to this revolution would appear to be essential. 

The Health Informatics Society of Australia (HISA) seems to think so.  Recently they published “A Vision for an Australian Healthcare System Transformed by Health Informatics” as their contribution to this debate.  The full report and Executive Summaryare both available on HISA's website.

Two of the most interesting aspects of this debate are:

  1. Whether Government inspired and provided eHealth records (or at least, standardised summaries) are the way to go, as being espoused by NeHTA for example, or whether the focus ought to be on standards and inter‑operability requirements then letting the private sector provide
  2. How to earn genuine trust from health consumers

For this discussion forum, I will focus on the second of these, taking the HISA Vision as a starting point.   

Focus Area 5 in the HISA vision - "Managing Privacy Security and Confidentiality" - is the most important component for earning trust from the health consumer.  The emphasis on security in this Focus Area goes without saying – health consumers would not expect anything less.  The loss of 25 million records about individuals in the UK announced recently will reverberate around the world in its impact has proven (yet again) that neither governments nor the private sector hold a mortgage on being the most ‘trustworthy’ when it comes to security.  It has resulted in a strong attack on the Chancellor of the Exchequer that is also spreading to the previous Chancellor, now PM, Gordon Brown and leading to questions as to whether that government can ever be trusted with personal information, for security reasons alone (e.g. see “Brown apologises for records loss”, BBC News, 21 November 2007).

Thus in my view, the more interesting element of Focus Area 5, because of the nuance required, are the Transparency & Individual Control elements.  The paper does quite a good job of this as well.   

Nevertheless, it does suffer from one of the most common failings in privacy thinking, namely addressing enforcement and what happens at points of failure – what we term the Safety Net component.  If these elements are not addressed, we are simply engaging in an exercise of inappropriate risk shifting – asking the health consumer to bear too much of the enforcement burden and too much of the risk of failure.  If eHealth records really are the boon to medicine and health system efficiency that they appear to be, we can easily afford the world’s best compliance, accountability, enforcement and safety net arrangements. 

The remaining question is “who pays”.  Private medical practices, with some justification, have said “not us”. 

Is this a classic “economic externality” that needs to be addressed either by legislation or external funding, e.g. from government or the other major beneficiaries?