Health allows for access to patient records in emergencies

Healthcare providers will have access to all clinical documents and records in an emergency situation under a revised concept of operations released by the Department of Health and Ageing today.

The "no access" provision was proposed in the draft document in May as one of three document security levels that allowed users to fine-tune access to their personally controlled electronic health record, due to be available from July 1 next year.

It came in addition to the "general access" and "limited access" levels, the latter of which restricted access to some documents for nominated healthcare providers.

Users would be able to apply each of the security levels to individual documents attached to their record. However, an individual's health summary would remain under "general access" at all times and would be available to an approved healthcare provider in an emergency or "break glass" situation.

The removal of the "no access" security level from the revised concept of operations released today meant healthcare providers did not require consent from individuals to access any required clinical data in an emergency situation.

This would include those providers whose access to the record and documents had been "revoked" by the individual.

In a change log accompanying the revised concept document, the department attributed the changes to concerns raised by some healthcare providers "over the potential inability of healthcare professionals to view hidden information in an emergency event".

"Many submissions stated the opinion that provisions must be made to make all PCEHR information available to healthcare personnel when it is in the patient's best interest," the department said.

The initial provisions had been labelled "unduly complex" by the Australasian College of Health Informatics during the consultation period but were supported by the partially government-funded Consumers Health Forum of Australia.

The Australian Information Commissioner, Timothy Pilgrim, said in a submission that the "limited" and "no access" security levels were "central" to consumer confidence in the e-health records and called for their inclusion from the first day of operation.

In lieu of the provision's removal, the department had instead provided individuals with the ability to "effectively remove" clinical documents from their PCEHR, banning access to the document for any provider, regardless of whether it was an emergency situation.

The document's contents appeared to be retained by the repository storing the record, as an individual would be able to reinstate the document to the record at any time.

The department hoped to strengthen security for the e-health record by providing individuals with a bevy of options to prevent or grant access to their health record. These included the ability to choose whether the record would have "basic" privileges - automating access to the individual's record without their explicit consent - or "advanced", providing greater access over which providers would be able to access the record.

Under the latter set of rights, individuals would then be able to choose which documents would have general or limited access.

Providers would also be able to gain access to a summary by gaining consent from the user to access the record or use a communal provider access content code - most likely a PIN number - to access documents.

The department maintained that striking a balance between individual privacy and access in emergency situations remained precarious.

"The inclusion of [the limited access] feature means that improving health literacy will become more essential and individuals need to be educated about the consequences of limiting access," the department said. "As a result, the individual is required to assert they have reviewed the educational material around access controls before using the more advanced controls."

The PCEHR initiative will remain opt-in, despite some healthcare bodies repeatedly calling during the consultation process for the Federal Government to mandate the records for all Australians.

Australian Medical Association president Dr Steve Hambleton commended the removal of the "no access" security level but said the government's continued insistence on an opt-in scheme would hamper its success.

"The main people who are going to benenfit from this are people with chronic and complex diseases, people in aged care facilities, Indigenous Australians and the chances of them opting in are pretty low," he told iTnews.

The first three sites implementing aspects of the e-health record in Melbourne, Brisbane and Newcastle had signed up 270 general practices matching 725,000 patient records to their individual health identifiers since gaining contracts in August last year.