National E-Health Transition Authority is an Australian and state government’s funded lead organisation formed to support and oversee Australian national vision for e-Health. It provides necessary infrastructure and solutions to form a secure, safe and efficient health system to be used by providers and patients.
Australian patient’s medical information is distributed among various health care providers including hospitals, specialists, imaging clinics, aged care centres etc. This information is critical when providers doing assessments for some conditions and also for medication purposes. The main concern is patients do not have any access to their information as it is maintained by providers independently and exchanging patient information is sometimes complex in nature.
To overcome difficulties with the patient information and to make it more agile and sustainable, Australian government introduced PCEHR electronic system to store and maintain patient information from multiple providers at one place with safe and secure access.
PCEHR is an electronic system that stores patient record including their medical history from time to time collected from various types of providers and other organisations such as Medicare.
Every PCEHR record associated with each patient contains the following
1) Personal details
Records patient personal and emergency details
2) Clinical documents
Records patient clinical documents such as imaging, pathology reports etc.
3) Medicare records
Records patient Medicare claims and other relevant information.
4) Medicine records (eMedication)
Records patient dosage and dispensing history
5) Child development
Records patient child development related information.
6) Restricted settings
Records restricted settings used by patient to control access to their records by external providers and nomination details.
7) Access history
Records the access history containing details about who and when accessed.
Healthcare Identifiers (HI)
Healthcare identifiers (HI) Service developed by the federal, state and territory governments that uniquely identifies healthcare providers and consumers. These identifiers are important building blocks of E-Health in Australia and used to enable PCEHR system and are used on medical documents, patient wrist bands, tokens etc.
The HI service is mainly used by
· Public and private sector hospitals
· General practice
· clinical specialist
· community health
· healthcare administrators
· allied health
· aged care settings
Healthcare identifiers are categorised into the following
Individual Healthcare Identifiers (IHI) – For individuals receiving health care
Healthcare Provider Identifier – Individual (HPI-I) – For healthcare providers and personnel involved in patient care
Healthcare Provider Identifier – Organisation (HPI-O) – For organisations that deliver healthcare (hospitals or medical practices)
Each identifier is a unique number adhered to ISO7812: AS 3523.1&2-2008 standards and is of 16 digits in length. It doesn’t contain any identification information such as age, location etc. and never be re-used.
The first 1-6 digits contains issuer identification number (for example Medicare) and 7-15 digits contains a unique reference number that identifies an individual. The last digit 16 is reserved as check digit which can calculated from issuer identification and individual reference number.
The main functions of a HI service are
· Allocating IHIs, HPI-Is, and HPO-Is,
· To allow authorised users to search, retrieve and validate IHIs, HPI-Is, and HPO-Is
· To allow authorised users to maintain and publish certain data (allowed only with HPI-Is and HPO-Is)
· To provide digital certificates for access
· Retiring identifiers
E-Health software systems engaged in health care uses HI service to issue, assign and maintain national healthcare identifiers for consumers and providers. These systems access HI service directly or indirectly (depends on the other systems which have direct access to HI). All the systems should undergo conformance testing (CCA) performed by NATA recognised laboratories to prove it supports clinical safety, security and privacy.
NASH delivers a secure and authenticated service to exchange e-health information for all Australian healthcare organisations and other e-health personnel. It provides the necessary infrastructure, framework, and technology and support services for both health care organisations and vendors for issuing secure credentials that can used for digitally signing various types of e-health transactions such as electronic prescriptions, hospital admissions and discharges, and reports which can be exchanged with others in a secure and safe way.
With NASH PKI certificates, providers authenticate themselves with the PCEHR system and digitally sign health information to ensure they are not tampered. Each PKI certificate stores provider HI identifiers and other registration information.
NASH credentials are supplied to authenticate themselves in different ways by different consumers either by using smart cards or usb’s or pc installed software.
NASH credentials for individual providers such as doctors and other healthcare professionals are typically in the form of smart cards or tokens. They store individual HPI-I number by embedding in the device.
Individual providers uses the above devices
1) To access patient e-health record from PCEHR
2) To access information from NASH directory
For healthcare organisations such as public and private hospitals are provided with credentials on a CD labelled as NASH. Each CD contains software PKI certificates that are stored with organisation HPI-O number
Organisations uses NASH PKI certificates
a) To access patient health record from PCEHR.
b) To digitally sign the electronic communications when exchanging with other healthcare provider organisation.
c) To access NASH directory.
Support organisations provide services to health care providers to access, send and receive information securely. They are registered as CSP or GSO. Each CD contains PKI certificate with organisation registered number.
Support organisations uses NASH PKI certificates
a) To digitally sign the electronic communications when exchanging health information between various healthcare providers.
b) To access NASH directory
Putting All Together
Patient registers in PCEHR system by providing personal, Medicare and bank details through MyGov account. PCEHR creates a patient record and links with Medicare system. It also creates a unique HI identifier IHI for the patient to access PCEHR system. Providers registers with HI service to obtain unique HPI-I or HPI-O identifiers to access PCEHR system and NEHTA provides with NASH PKI certificates with their HI identifiers embedded in them in the form smart cards or usb’s or CD. Providers must use a PCEHR compliant software to configure their PKI certificates. Patient engages with a provider and provides his IHI identifier. Doctors uses PCEHR compliant software to access patient record identified by IHI identifier from PCEHR system by authenticating themselves with NASH PKI certificates. PCEHR system verifies NASH PKI certificates received from providers and grants access to patient record and logs details about provider access in patient record. Provider refers to other providers (specialist or imaging) electronically by digitally signing and exchanging patient information. Other providers uploads clinical documents to PCEHR system.
IMPACT ON HEALTH SERVICES
Australian health care providers are using different vendor and customised software’s to provide various services to patients. NEHTA provides necessary infrastructure to maintain patient e-health records in a centralised storage and provides access to providers to access and update these records on patient engagement.
The impact of NEHTA infrastructure on health services varies from one end to other. Patients and providers are not legally bound to participate in government e-Health system as the participation is voluntary but have numerous benefits to both as the system promotes single view of truth at any point of time.
Without PCEHR, patients cannot view their up to date information recorded against an engagement with each provider. If they change provider, they can’t access their past information conveniently at any time and subjected to provider’s policies.
Patients can register with PCEHR by creating a MyGov account with their Medicare details, address and bank details. Once registered, patients can view their medical records, clinical documents, Medicare details, and access control information. They can control access to their eHealth records for the selected providers however they cannot update medical related information but only settings and personal information.
Patient can access up to date information about their medical history. It improves patient awareness and provides valuable insights during assessment.
There will be significant impact on the existing health services as it improves the service by providing a centralised record management and accessing up-to-date information about patients from time to time.
Providers have to register with NEHTA to get HPI-I or HPI-O identifiers which can be used to access and update patient information using NASH certificates and digitally sign information when exchanging with other providers related to patient. It’s not only improve the service to the patient but also reduces time taken to deliver the service as providers can exchange information with other providers electronically without doing any involvement of paper work. Its work well in multidisciplinary settings involving doctors, radiologists, and clinicians. Majority of the software vendors already implemented PCEHR capabilities in their systems used by the providers.
Abbreviations and Acronym’s
||Patient Controlled Electronic Health Record
||National E-Health Transition Authority
||National Authentication Service for Health
||Public Key Infrastructure
||Contracted Service Provider
||General Supporting Organisation