Ehealth plan designed to save money and patients

Hiqa is working on standards for a new ‘health identifier’ system that aims to simplify medical records


One of the many challenges facing new Minister for Health Leo Varadkar will be to oversee the Government’s ehealth strategy, published by his predecessor, James Reilly, at the end of last year.

It will require investment not just in information technology but in new work practices and governance structures in the health service. It will be a slow process but, if handled properly, should pay big dividends for patient safety and for the healthcare system generally.

Ehealth is described as a fully integrated digital supply chain, involving “high levels of automation and information sharing”. In English, that means making consistent, accurate information about every patient available when and where it is needed, eliminating duplication, increasing patient safety and improving, for example, the management of chronic illnesses.

The strategy document claims investment in ehealth infrastructure has the potential to bring significant economic benefits.

Healthcare is changing radically as a result of demographic, organisational and resourcing factors, as well as the proliferation of new technology, it notes.

“These factors mean that future healthcare systems will need to be radically different in order to respond efficiently and equitably to forecasted demand.”

Prof Jane Grimson, acting chief executive of the Health Information and Quality Authority (Hiqa), says forecasts suggest healthcare will consume a large percentage of GDP in most developed countries by 2050.

All developed countries and many developing countries have ehealth strategies, she says. “They’re all investing in ehealth because everybody is convinced it can really offer benefits in terms of improved patient safety, as well as improved efficiencies.

“There’s plenty of evidence to suggest that this is true. However, the really good, strong evidence about benefits of ehealth tend to be mostly at local hospital level or a GP practice level.”

Prof Grimson says implementing ehealth solutions at a national level “has been a challenge everywhere”.

“A lot of countries have invested and wasted a lot of money and had to start all over again.”

Creating electronic health records, integrating information from multiple sources – including monitoring devices and sensors – as well as major changes in governance and work practices and a realignment of health budgets will all be part of the huge challenge.


Privacy concerns

In a health system already struggling with limited resources, the ehealth strategy will take “years” to complete, according to those involved in its development.


Aspects of it will be controversial for privacy reasons: it will include provisions for data “matching” in order, for example, to get centralised sources of information about certain chronic diseases, for national disease registries, and for research purposes.

Safeguards, including respect for the fundamental right to privacy, and proper governance structures, will have to be built in from the start.

The ehealth strategy is underpinned by two major pieces of legislation. Already years in the drafting, the complex Health Information Bill might finally go to Cabinet before the end of this year.

The second, the Health Identifiers Bill, was recently signed into law and provides for the creation of individual health identifiers (IHIs) for every person and for healthcare provider. This health identifier is a fundamental building block of the strategy, to which the Government is committed under the troika bailout programme.

Prof Grimson says Hiqa is currently working on developing standards for the governance and management of the identifiers.

The exact form of the health identifier has not been decided, but she says progress may be made even now on electronic prescribing, electronic referrals and electronic hospital discharges.

Hiqa can see real benefits in the area of medications and medication records, according to Prof Grimson. “Having a single source of records about the medications that people are on not only saves money, because you save duplication so that the patient isn’t prescribed two drugs that counteract each other, but it’s a huge patient safety issue because I think up to 50 per cent of adverse [health] events are drug related.”

The strategy will also focus on helping patients to manage chronic illnesses at home.


Another challenge in implementing the strategy will be to ensure it does not amplify existing inequalities in the health system.

“If we are going to go digital, some people may not have access to digital resources and they may not be able to manage their own digital records,” says Prof Grimson.

With regard to the privacy and security of records in an ehealth environment, she says there will be no clinical information in the individual health identifiers.

“It will be ‘personal information’ that needs to be kept secure, but there will be no clinical information in it.”

Hiqa is currently setting standards for the governance and management of the identifiers and “the major focus in that will be on ensuring the privacy and confidentiality and accuracy of the data”.

Prof Grimson believes such information is likely to be more secure in an electronic environment than in a paper-based environment.

“But that being said, the problem with the electronic [data] is that [you have the potential to access] vast amounts of information so you have to have sophisticated, robust, protection and security measures in place.”

Trust and confidence in the system will be absolutely critical, she says.

“I think we are fortunate in coming late to the ehealth table, because we have the opportunity to learn from other people’s mistakes.

“We will make our own, but at least let’s not make the mistakes that other countries have made, and let’s not go for the ‘big bang’ solution.”


Health identifiers What they are and how they will work

In the coming years, every person and healthcare provider will be assigned a special number – similar to, but not connected to, the PPS number – called an individual health identifier (IHI).

The legislation providing for setting up the IHI and associated registers of such identifiers was recently signed into law and the roll-out is likely to begin early next year.

The identifiers will not confer on people any entitlement to or eligibility for treatment, nor will a healthcare provider be able to refuse someone treatment on the basis that they don’t have an IHI.

Health identifiers and the registers for them may only be accessed by “specified” people, such as health professionals.

But the minister of the day may allow the information to be used by “authorised” people for secondary purposes.

The full extent of such purposes is likely to be set out separately in the Health Information Bill, and will include research and data matching for the purposes of statistical and other information.

Anyone inappropriately accessing the register or processing an individual’s IHI will be liable to a fine of up to €100,000 on indictment.

The sale of such information will be prohibited.

Daragh O’Brien, a consultant in data governance and protection issues with Castlebridge Associates, says appropriate controls will be needed to ensure the identifiers are not misused or abused and are used only for the appropriate purposes.

He says lessons must be learned from abuses of the Garda’s Pulse system and inappropriate access to social welfare and Revenue data. Revenue had to bolster a “culture of confidentiality” with legislative sanction for inappropriate access to personal data.

The health service, he points out, has a wider array of potential users of data, and environments that are more challenging and pose greater risks. Health information has a special designation as “sensitive” information under data protection law.

“Data governance is more than just policy and procedures. There will need to be an evolution of culture around sharing of information that may be linked to individuals. Clear decision rights and accountabilities are needed, along with rigorous enforcement,” says O’Brien.

Lessons also need to be learned from the handling of the controversial programme in the UK, which involved the collection and sharing of the medical records of all NHS patients.

“Appropriate governance will be needed to decide how and when data can be shared, and to ensure that the sharing is done in a manner that complies with the Data Protection Acts, and also meets the proportionality requirements of article 8 of the Charter of Fundamental Rights,” according to O’Brien.