Recently in my role as CEO of the Health Information Management Association of Australia (HIMAA), I have attended some national events that have been discussing and workshopping how to progress solutions to challenges in the fragmented, multi-layered, multi-sectored health and care sectors. These have included as a member of the Council for Connected Care, where the recent council meeting was focussed on Aboriginal and Torres Strait Islander, rural and remote communities, and the recent Towards One Healthcare System Summit with contributions by state and federal governments and agencies, hospitals, PHNs (Primary Health Networks), primary, specialist and allied care provider groups, consumer health advocates, private health insurers, and technology vendors.
These forums have reinforced the need for continued advancement in healthcare interoperability for the health and care needs of every Australian to be efficiently, effectively and appropriately met, by the right care provider in the right context for the patient, with the right information.
HIMAA supports the government’s National Healthcare Interoperability Plan to “support safe, secure, efficient, quality care through a connected healthcare system that conveniently and seamlessly shares high-quality data with the right people at the right time”.
What assurances?
In addition to the national My Health Record and the national Health Information Exchange (HIE), there are a multitude of Health Information Exchanges being activated in regions and states and territories in Australia, as more localized information sharing initiatives are implemented.
As patient health information increasingly moves from one care provider to another, from one sector to another, from being under one set of legislative controls to another, from one organisation’s policy and compliance framework to another, it has made me wonder, who holds the responsibility of custodianship of that data on behalf of the patient across the data sharing continuum, including at the points of transition, and what assurances do we have of what that custodianship entails?
For 75 years in most public and private hospitals in Australia, there have been Health Information Managers (previously known as Medical Record Administrators or Medical Record Librarians) who have, and continue to, be the custodians and gatekeeper of patient information in hospitals. They have the dual responsibility of managing the custodianship of patient health information on behalf of the patient, and on behalf of their employer. This includes ensuring controls are in place for appropriate internal access, accuracy, management, storage, and external release and sharing of patient information. They regularly assure compliance with relevant privacy and other legislation governing patient information and jurisdictional information governance requirements for data custodianship. They are university-educated professionals responsible for managing and governing patient information, providing assurance to patients that their data is handled appropriately within the hospital setting.
More than privacy
However, their remit is contained to the hospital or hospital group they are employed by with a limited number of Health Information Managers working in care settings outside the hospital. There are thousands of APHRA registered and non-registered health and care providers who operate as sole traders and small businesses as well as in larger organisations outside the hospital setting. Different care providers are governed by different legislation, codes of conduct, and quality standards. While all providers and settings are covered by one of many private legislations, custodianship of patient information is more than privacy.
Custodianship of patient information refers to the legal and ethical responsibility of an individual or organisation to protect, manage and control access to personal health data on behalf of the patient. It involves secure storage, maintenance and authorised sharing of patient information, ensuring data integrity, confidentiality, and availability. It means holding patient information in trust, ensuring it is only used for the benefit of the patient and authorised purposes associated with providing care and improving care outcomes, with the patient’s informed consent. It means having a patient-centric focus to custodianship that informs and enables technical capability, and access to and use of a patient’s information.
In our disparate health and care ecosystem, I believe a national code of conduct for custodianship of patient information would go a long way to building trust by patients that their data is being well looked after, regardless of where it moves through the ecosystem, which IT systems it passes through, and which personnel view it.
If you are interested in pursuing this with me, I would be interested in hearing from you at ceo@himaa.org.au
