In response to this blog post there has been a good deal of discussion.
The comment that triggered the concern is this one:
Anonymous said...
On the note of inappropriate access to personal health records, I have accessed my PCEHR and run the audit log. I was shocked to see that my record had been accessed by the role of "external provider" (no further details given about who this is). The type of access included reading and updating of documents, reading of my emergency contact details and even updating of my access controls. Most of these accesses occurred in July/August 2012. I am guessing that this was a time when the system was not very stable and was being fiddled with by the system operator. But is is very disconcerting to see that some sort of "external provider" has been messing with my record. If it is the system operator it should clearly show that - not pretend to be a provider. Has anyone else tried this? And is there an explanation? I don't feel comfortable ringing the help desk - I don't want anyone else messing around in my record. Also, I did not get any emails or notifications that an external provider had accessed my record, even thought I set this up in the record. Not happy.
This is the direct link:
As discussed a day or so ago it does seem there are a few issues with the way the audit trail is working. See here:
Here is a short extract of the Audit Trail from today.
10/01/2013 03:25:21 AM Add Document DHS Medicare External Provider Create DocumentID 1.2.36.1.2001.1007.11.8003640002000019.1000000001026773
10/01/2013 03:25:21 AM Add Document DHS Medicare External Provider Create DocumentID 1.2.36.1.2001.1007.11.8003640002000019.1000000001026772
10/01/2013 03:25:20 AM Add Document DHS Medicare External Provider Create DocumentID 1.2.36.1.2001.1007.11.8003640002000019.1000000001026772
10/01/2013 03:25:18 AM Add Document DHS Medicare External Provider Create DocumentID 1.2.36.1.2001.1007.11.8003640002000019.1000000001026771
These records label each record as having come from DHS Medicare and when clicked on I get a prescription record dated 16 December, 2012. Oddly one data element is repeated incorrectly according to my prescription and what I received in the form of 3 rather than 4 boxes of medications.
It will be very interesting to hear what is displayed when more providers other than the user and Medicare are contributing to the final record.
On the issues raised in the comments above(now 23 of them) it seems to me the best approach might be to e-mail the Chief Health Officer mentioned below with the concerns. That will at least force a (slow) response.
Clinical safety audit program for the Personally Controlled Electronic Health Record (PCEHR)
The Commission has established an independent Clinical Governance Advisory Group (CGAG) and a clinical safety audit program for the Personally Controlled Electronic Health Record (PCEHR).
This national clinical governance function complements and strengthens the work being performed by the National E-Health Transition Authority in assuring the safety and quality of the standards and specifications supporting the PCEHR and will provide external assurance on PCEHR clinical safety issues.
The CGAG meets quarterly to consider the clinical safety audits of the PCEHR and other clinical safety issues relating to the PCEHR and provide advice to the Department of Health and Ageing. The CGAG comprises experts from across Australia, and is chaired by the Chief Medical Officer Professor Chris Baggoley.
See full page here:
An e-mail to here marked attention CMO would be a good start:
Yet again all this reflects on the really poor way e-Health Governance has been set up in Australia with a lack of leadership and transparency and with maximum complexity in finding out ‘who to call’ - as one of the other commenters pointed out!
I wonder who is actually on the CGAC and what their expertise is?
For this blogger there is no doubt that the NEHRS is, as they say, the gift that just keeps on giving.
David.