GP security vital to e-health success: NEHTA

Former iSOFT Australia managing director Denis Tebbutt has urged general practitioners to better collaborate with the Government's lead e-health body to ensure success of the personally controlled electronic health record (PCEHR).

Linked gallery: Photos: On the floor at CeBIT 2012

The $628.3 million initiative, scheduled to go live on July 1, allows Australians to opt into a shared electronic health record, providing information to authorised GPs and doctors on one's personal history and medication.

The records would be stored on a federated cloud of repositories operated nationally, in states and territories and at large hospitals.

Tebbutt, a vendor engagement consultant with the National E-Health Transition Authority leading implementation and operation of the PCEHR, told attendees at the CeBIT conference in Sydney this week that endpoint security at the GPs' desktops was vital to ensuring customer information remained secure.

"I think it's going to be as secure as it's possible to make it from day one," he said.

"It has to flow down because security isn't just in one place, security is right the way through the system and there will be some significant knock on effects to ensure that even though we have a significant penetration of systems being used at the moment on GP desktops, we need to ensure that those facilities are indeed secure from a data integrity standpoint."

As opposed to Britain's failed e-health project, which used iSOFT software and relied on prescribed applications for use on GP desktops, Tebbutt said NEHTA's chosen standards approach required greater attention to security by the general practitioner.

"If you're not dictating what the applications are that are going to be used and you're setting standards, you've got to encourage the industry that builds those products and supplies those products to see the value in conforming to those standards and testing," Tebbutt said.

"We've got to get everybody on the same page here. It's no good sitting on the sidelines and saying, 'I'll sit and wait and see how this goes'."

Engagement had been successful to date, according to Tebbutt, with a vendor-led GP desktop panel convincing some 90 percent of GPs to ensure they have applications compliant with the electronic health record.

The Department of Health and Ageing expects 500,000 Australians to take up the record by the end of the 2013 financial year, reaching up to 2.6 million in four years' time.

But security protocols for the initiative have been blasted by those in the security industry, who warn that public access to the records would leave them open to infiltration despite personal control.

The standards approach has itself attracted controversy after work at pilot sites for the program was halted to fix a discrepancy in the standards documents sent to hospitals and GPs.

NEHTA has aimed to develop stopgap standards after work on them fell behind schedule, meaning some of the standards required for the system likely won't be formalised until well after the e-health records have rolled out.

Those involved have also voiced fears that the federal and state governments will not fund the program to see it fully completed.

The Royal Australian College of General Practitioners warned this week that the $161.6 million in additional funding given under the 2012-2013 budget to spur on e-health for the next four years is not enough.

"The international experience is clear that for general practice, the implementation is often costly and takes time, training and infrastructure investment," RACGP president Claire Jackson said.

"'Go live' is now very close and adequate support for implementation across the thousands of Australian practices, despite heavy lobbying, has not been forthcoming."

Jackson pointed to clinical support, data safety and the ongoing drafts of terms and conditions vital to participation in the program as key remaining unknowns in the project, with just 38 days to go.

Tebbutt acknowledges there will be teething issues with the e-health record system but said the next five years would ensure they are ironed out.

"We don't want to build an infrastructure for 20 million from day one, to find it takes five years for everybody to actually get on board and get value out of," he said.

"We do actually want to be build an infrastructure that people have an opportunity to learn about, an infrastructure that we want to be able to test - that's what you would do if you were building infrastructure for other big projects."