Privacy debate over EHRs

Until privacy issues are tackled, patients and health care providers will not take up and push for electronic health records (EHRs), said Amanda Cornwall, project manager at the NSW Health Care Complaints Commission.

"If you don't get the privacy stuff right, you won't even get past first base," Cornwall said. "Even the doctors will walk away from it."

Cornwall was speaking yesterday at an E-Security in Health conference in Sydney, hosted by security software provider Clearswift, where health groups and organisations debated the issues surrounding electronic health records.

While PKI technology enables secure information, there are still issues surrounding the human element and policies enforcing the use of such technology to iron out, according to Cornwall.

“It's not about the technological capabilities of PKI. It's about the human behaviour enforcing that,” Cornwall said.

Shaun Gath, a partner with law firm Blake Dawson Waldron, and a stakeholder in PKI, claims PKI technology is secure. “The only problem is with the living and breathing entities at either end of it. That's where the security risks come in.”

Gath gave an overview of the murky legal issues surrounding the ownership of EHRs and the technology challenges EHRs present.

These technology challenges include how long EHRs should be retained, secured and stored for an indeterminate period of time. While the national privacy principles state that records should be destroyed when no longer needed, there is no set deadline. Gath said concerns regarding doctors' liability would be one line of reasoning for retaining EHRs for a long time.

Currently in Australia there are two Federal Government online health record initiatives in progress: MediConnect and HealthConnect. MediConnect, scheduled to be piloted this year, will create a national database of electronic medication records for use by doctors, hospitals and pharmacies.

MediConenct will also support electronic decision processing. The HealthConnect project is intended to generally summarise patient records online. NSW Health also has an electronic records system in the pipeline. “Should we conclude that the Federal Privacy Act arrangements are adequate for EHRs? Clearly in NSW the view was that they weren't, which led to new legislation," Gath said.

Gath also raised the questions of whether it was “impossible to reconcile effective health outcomes and privacy in a way that suited both the health sector and consumers.”

“The fact that it's taken years and years and years and the government is still struggling with it is no surprise,” he said.