Digital Health: Are the professions keeping up?
In 2014, an article in The Guardian cited Dr Pete Diamandis, Chairman and CEO of XPRIZE as saying:
‘I can imagine a day in the future where the patient walks into the hospital and the patient needs, say, cardiac surgery and the conversation goes something like this: “no, no, no, I do not want that human touching me. I want the robot that’s done it 1,000 times perfectly.’
Is this fantasy or a reality? Is the medical profession in Australia ready for the expected rapid change in the practise of medicine due to digital health over the next 5-10 years? Is the legal profession in Australia ready to deal with the medico-legal issues that will arise? This article comments on a few of the medico-legal issues that are currently on the horizon.
A new regulator?
The Australian Digital Health Agency (ADHA), previously called the National E-Health Transition Authority (NEHTA), is responsible for what was known as the Personally Controlled Electronic Health Record and is now referred to as ‘My Health Record’. Its role however is wider than just maintaining the electronic medical record system as it has been tasked with improving health outcomes for Australians through the delivery of digital health services and systems.
ADHA has just closed the National Digital Health Strategy Consultation which canvassed the opinions of patients, medical practitioners, IT professionals and other medical technology professionals. The purpose of the Consultation was to assist in developing the National Digital Health Strategy which will be published during late 2017 and effectively will be the work plan of ADHA for the next 4 years. While there may be some scepticism towards the role and potential effectiveness of ADHA in light of the experience with NEHTA, the importance of the National Digital Health Strategy cannot be underestimated. There is potential scope for ADHA to expand to regulate digital health generally and become more involved in new modes of clinical care through medical apps, wearable devices, telehealth and other not yet known digital technologies.
The evolution of ADHA and the new opt out provisions relating to ‘My Health Record’ have been said to be “a profound conceptual shift in the Australian Government’s approach to clinical data” from simply being used to provide health care to becoming “property for use by government and commercial entities for a variety of purposes well beyond serving patients’ therapeutic needs.” There are implications for the ownership of medical records, the ability for medical practitioners to control and access medical information for the referral of patients, interaction between specialists, and for patient control over their own medical information.
A new professional standard
The Health Informatics Society of Australia (HISA) has released a draft professional standard for e-health systems and applications. It is available for comment until 20 April 2017 at www.hisa.org.au\blog\e-safety-professional-practice-standard\.
The objects of the draft professional practice standard are to ensure that:
- ‘Potential hazards associated with clinical information systems are prospectively identified throughout the system life cycle and that potential risks are mitigated;
- Hazardous situations that do eventuate are quickly identified and associated harm is minimised;
- The health and e-health supply industries systemically improve Australian e-safety.’
The standard is proposed to be applied by, and to articulate specific requirements for duties of care, for either:
- Organisations that are involved in e-health including organisations using information technology products and services for clinical purposes; clinical software developers, suppliers and implementers; or organisations advising on the use or acquisition of e-health.
- Health informaticians involved with e-health.
The evolution of digital technology and particularly digital health has significant implications relating to the access and use of an individual’s personal health information.
There are currently mandatory data breach notification requirements under the My Health Records Act 2012 (Cth) and later this year the Privacy Amendment (Notifiable Data Breaches) Bill 2016 will come into force. This Bill will amend the Privacy Act 1988 (Cth) to introduce further mandatory data breach notifications. The Bill is the first major amendment to the Privacy Act 1988 since the introduction of the Australian Privacy Principles in March 2014.
The Bill provides that if there is what is termed an ‘eligible data breach’ that leads to a ‘likely risk of serious harm’ there will be a statutory duty to notify the Office of the Australian Information Commissioner. This in turn is likely to lead to an investigation. The Explanatory Memorandum to the Bill comments that serious harm is defined to include not only physical but ‘psychological, emotional, economic and financial harm’.
An eligible data breach will occur if there is unauthorised access to, or disclosure of information, or a loss of information. There is provision for steps to be taken before serious harm arises and this will be dependent on the facts of each case.
For the avoidance of doubt, the Privacy Act 1988 applies to medical practitioners in private practice. It is important that any digital health information is securely stored and only appropriate access provided to staff.
We are on the cusp of a significant transformation in the provision of health care due to digital innovation. E-health, digital health and telehealth will become commonplace. The medical profession is not alone as there is also significant transformation occurring in the legal and other professions.
This transformation will bring many benefits to the provision of health care. We have acted for a number of exciting start up health businesses looking to capitalise on the technology now available to improve patient outcomes, reduce waste and increase efficiency in health care. However, the changes bring new medico-legal risks and are likely to bring new levels of regulation. For those medical practitioners who are still using a facsimile machine, are sceptical of My Health Record, have not recently updated their practice software or not considered the impact of digital health, now is the time to consider the future and properly understand the potential medico-legal implications of digital health.
 My [Electronic] Health record – Cui Bono (For Whose Benefit)? By Danuta Mendelson and Gabrielle Wolf, 24 JLM 283, 2016
Karen Keogh, Partner
John Petts, Partner
Cindy Tucker, Partner