Recently in my role as CEO of the Health Information Management Association of Australia (HIMAA), I have attended some national events that have been discussing and workshopping how to progress solutions to challenges in the fragmented, multi-layered, multi-sectored health and care sectors. These have included as a member of the Council for Connected Care, where the recent council meeting was focussed on Aboriginal and Torres Strait Islander, rural and remote communities, and the recent Towards One Healthcare System Summit with contributions by state and federal governments and agencies, hospitals, PHNs (Primary Health Networks), primary, specialist and allied care provider groups, consumer health advocates, private health insurers, and technology vendors.
These forums have reinforced the need for continued advancement in healthcare interoperability for the health and care needs of every Australian to be efficiently, effectively and appropriately met, by the right care provider in the right context for the patient, with the right information.
HIMAA supports the government’s National Healthcare Interoperability Plan to “support safe, secure, efficient, quality care through a connected healthcare system that conveniently and seamlessly shares high-quality data with the right people at the right time”.
What assurances?
In addition to the national My Health Record and the national Health Information Exchange (HIE), there are a multitude of Health Information Exchanges being activated in regions and states and territories in Australia, as more localized information sharing initiatives are implemented.
As patient health information increasingly moves from one care provider to another, from one sector to another, from being under one set of legislative controls to another, from one organisation’s policy and compliance framework to another, it has made me wonder, who holds the responsibility of custodianship of that data on behalf of the patient across the data sharing continuum, including at the points of transition, and what assurances do we have of what that custodianship entails?
For 75 years in most public and private hospitals in Australia, there have been Health Information Managers (previously known as Medical Record Administrators or Medical Record Librarians) who have, and continue to, be the custodians and gatekeeper of patient information in hospitals. They have the dual responsibility of managing the custodianship of patient health information on behalf of the patient, and on behalf of their employer. This includes ensuring controls are in place for appropriate internal access, accuracy, management, storage, and external release and sharing of patient information. They regularly assure compliance with relevant privacy and other legislation governing patient information and jurisdictional information governance requirements for data custodianship. They are university-educated professionals responsible for managing and governing patient information, providing assurance to patients that their data is handled appropriately within the hospital setting.
More than privacy
However, their remit is contained to the hospital or hospital group they are employed by with a limited number of Health Information Managers working in care settings outside the hospital. There are thousands of APHRA registered and non-registered health and care providers who operate as sole traders and small businesses as well as in larger organisations outside the hospital setting. Different care providers are governed by different legislation, codes of conduct, and quality standards. While all providers and settings are covered by one of many private legislations, custodianship of patient information is more than privacy.
Custodianship of patient information refers to the legal and ethical responsibility of an individual or organisation to protect, manage and control access to personal health data on behalf of the patient. It involves secure storage, maintenance and authorised sharing of patient information, ensuring data integrity, confidentiality, and availability. It means holding patient information in trust, ensuring it is only used for the benefit of the patient and authorised purposes associated with providing care and improving care outcomes, with the patient’s informed consent. It means having a patient-centric focus to custodianship that informs and enables technical capability, and access to and use of a patient’s information.
In our disparate health and care ecosystem, I believe a national code of conduct for custodianship of patient information would go a long way to building trust by patients that their data is being well looked after, regardless of where it moves through the ecosystem, which IT systems it passes through, and which personnel view it.
If you are interested in pursuing this with me, I would be interested in hearing from you at ceo@himaa.org.au
Yes. It is essential that a lot of thought is given to this issue.
YES As a university qualified Health Information Manager and holding a Master of Health Management, with years of experience managing health information systems, I support the call for a “national code of conduct for custodianship of patient information”.
YES: Vital
YES Great idea. Some of these custodians are bullies to their less educated employees
YES Particularly as Agentic AI Systems may need to use the patient’s information, clinical data for clinical decision support.
YES A Government sponsored portal could outlines to an individual’s where their data is held/available /transferred…but only in a summary format at the portal. – 🙂
Yes: Building social licence in relation to digital health records requires clear ethical guidelines that are linked to legal and professional accountabilities.
YES Data custodianship for on-prem solutions has generally been quite defined, however, no with cloud based solutions it would be handy to understand what (if any) responsibilities of data custodianship now lie with the vendor hosting the solution.
YES An ethical framework addressing this topic is critical in ensuring a principled and consistent approach nationally.