The Australian agenda on healthcare reform provides room for the Australian citizenry to register for PCEHR. The goal is to ensure the sharing of healthcare records for patients in a bid to facilitate access to patient information among healthcare practitioners. This strategy enhances quick and effective service delivery. The process of implementing PCEHR is overseen by NEHTA, which is the body to which the Smart-Care Medical Facility (a hypothetical health facility) is accountable.
It reports to it on the progress of the implemented PCEHR. Through the primary purpose of PCEHR, the facility endeavors to provide a secured summary of patients’ electronic medical history. Concerning the hypothetical medical facility, this paper offers a description of the PCEHR from the basis of why it has been developed, who has developed it, how the organization may be able to interface with the PCEHR, and whether the organization should interface with the PCEHR. The paper also examines the status of the PCEHR and its underlying requirements.
In a healthcare organization that serves more than 400 patients daily, there is a necessity for the development of ways of enhancing the speed of accessing patients’ historical medical records. One of such ways entails the development of an electronic system for storing and navigating medical records within a healthcare facility. This requirement underlines the main reason for developing a PCEHR system at Smart-Care Medical Facility. The system was procured from a vendor, namely Meditech Global, although it was customized to meet the needs of the facility whilst complying with the Australian national PCEHR system.
The facility’s PCEHR information system has databases for patients’ health records, including medications, effects of the drugs on patients, and potential allergies. This historical information is recorded in an easily accessible format to enhance its retrieval. To facilitate information sharing, the facility’s PCEHR system databases are networked with other systems in other medical facilities where patients who seek service from the medical center may also ask for either alternative or additional healthcare services. Interconnection of the facility’s medical history databases ensures that medical practitioners can have access to patients’ medical history, irrespective of the location of any medical facility (Spriggs 2012).
At the facility, the PCEHR system is currently operated based on the opt-in approach. The system has an IHI (individual healthcare identifier), which constitutes an assigned unique access code for each participant. A patient or his/her appointed representative controls the code. Once one logs in, the medical practitioner can either read or add on the information contained in particular patients’ historical records. The IHI ensures that patients’ information is not exposed to the public domain. The system operates on XDS software.
Organizational Interface with PCEHR
For successful utilization of the electronic personal medical record system in enhancing quick and efficiency in the delivery of medical services at the Smart-Care Medical Facility, the organization needs to have the capacity to interface with the PCEHR system. Although system medical records are maintained at the facility as buffer solutions in case of low-system operational speeds due to system jam or increased traffic, Smart-Care Medical Facility has a policy that requires practitioners to deploy the electronic system in all situations.
To promote information security, medical practitioners can only interface with the PCEHR system with the help of the patient or his/her appointed representative. The practitioners also need to have the authority to access medical records for patients during or when preparing for the treatment process. This process underlines the necessity for NASH PKI (National Authentication Service for Health Public Key Infrastructure) certification.
NASH PKI constitutes a certification that authenticates practitioners in the healthcare sector in Australia to have access to patients’ electronic healthcare medical records. The certificates are loaded onto the practitioners’ smartcards. They are then deployed in conjunction with the medical practitioners HPI-I to have access to patients’ medical records. However, this goal can only be achieved with the help of patients’ IHI.
This system ensures the secure electronic exchange of information between different healthcare-providing organizations. At the Smart-Care Medical Facility, PKI permits the organization to identify persons who send messages to ensure non-alteration of messages as they move from the sender to the receiver, in this case, the Smart-Care Medical Facility. Additionally, in Australia, PKI is critical in ensuring that message senders do not dispute that they never crafted the messages, and/or that the messages were not received by people whom they did not target (Greenwood, 2012). At the Smart-Care Medical Facility, PKI ensures that access to the PCEHR interface does not attract any legal liability for the organization due to unauthenticated admission.
Status of the PCEHR
Currently, PCEHR has incredibly proved effective in enhancing quick diagnosis and treatment of patients based on their medical history. Smart-Care Medical Facility has three branches in Australia. The facility serves an average of 471 patients per day. 80-percent of these patients have already had their medical history captured by the national PCEHR system through other healthcare organizations that are located in Victoria or elsewhere. The facility offers various medical services, including diagnosis and treatment through medicinal and therapeutic techniques of any type of illness.
However, where patients’ health conditions require specialized treatment, the medical facility refers them to specific organizations that specialize in the treatment of the condition. In this process, the sharing of patients’ medical health information between Smart-Care Medical Facility and the recommended organization becomes incredibly essential to avoid repetition or to offer a more focused diagnosis.
Implications for the Health Service / Stakeholder Implications
Sharing of patients’ historical medical information between two healthcare organizations and/or access to such information by healthcare personnel raises serious ethical and legal concerns. All people who are involved in the medical practice should adhere to core principles, ethical values, and codes of conduct about handling patients’ information without infringement of any of them (Wafa, 2010).
Confidentiality is one of the ethical values in the medical profession. It is one of the major values that all medical practitioners uphold (Melnyk & Fineout-Overholt, 2011). Medical professionals are not permitted to disclose any information regarding patients’ health to anybody except to persons who are mentioned in the patients’ attorney form or in a directive from the patient to give authority to someone else to decide on the patients’ health matters (Moore & Savage, 2012). Disclosure to other parties has legal implications.
Sharing information among different healthcare organizations, including the Smart-Care Medical Facilities raises the question of confidentiality of patients’ health information. Indeed, medical practitioners must ensure the privacy of information that is included in the patients’ medical files as issued by a doctor, an individual, or an organization that is taking charge of a healthcare issue (Wilson, 2008).
They must also protect insurance or billing information that relates to a patient. Conversations between patients and doctors also require protection in the effort to ensure optimal confidentiality. Under the current Australian ethical guidelines, about the confidentiality of patients’ information, healthcare organizations are obliged to provide information to the extent that it facilitates the treatment process of a patient (Moore & Savage, 2012). Sharing of information electronically through the PCEHR system at Smart-Care Medical Facility complies with these ethical requirements.
Information to be sent
An important question that arises from the sharing of patients’ health information entails exposure of PHI (protected health information) to scrutiny by various persons who are engaged in addressing healthcare issues at Smart-Care Medical Facility. In Australia, regulations on PHI provide that all covered entities should only disclose patients’ information for purposes of treatment facilitation, payment of medical bills, and/or healthcare operations. In this process, all covered entities are given legal freedom to do so without having to seek written permission from the patient (Wilson, 2008). Any other information that is meant to serve other functions apart from the mentioned functions must be disclosed by the covered entities after seeking written permission from the patient.
In Australia, there is also a limitation to the magnitude of information, which can be provided by the covered entities. Such entities should only provide minimum disclosure of information, which is adequate to achieve the desired objective (Wilson, 2008). When sharing information between Smart-Care Medical Facility and other healthcare organizations, the information must only be crucial in realizing a given objective.
This information must only relate to the patients’ medical conditions. Thus, if the information does not serve the purpose of facilitating the treatment process, it should never be shared through the facility’s PCEHR system. Such information should only be sent in a manner that does not jeopardize the confidentiality rights of the patients (Kavilanz, 2011). Practitioners who exchange information must be NASH PKI satisfied. First, the patient must log into the PCEHR system with his or her healthcare identifier (IHI) before a third party can have access to the information. It is also important to ensure that the system does not alter the information during the process of its transfer from the source to its destination.
Conclusion and Recommendation
Patients can be treated more effectively when there is the sharing of diagnostic information and other medical information among healthcare providers. As indicated in the paper, in Australia, the government has put in place strategies for facilitating these concerns through PCEHR. Consistently, Smart-Care Medical Facility has also developed a customized PCEHR. It also complies with regulations on the sharing of patients’ information among healthcare organizations. Although the system facilitates quick and more efficient access and sharing of patients’ information at Smart-Care Medical Facility, the system comes with ethical concerns, especially in matters of PHI concerns.
The facility has no mechanism of preventing offensive access to patients’ information by unauthorized third parties. Nevertheless, through IHI and NASH PKI certification, Smart-Care Medical Facility ensures that only authorized medical practitioners have access to patients’ information subject to their (patients) approval. It is recommended that the organization should continue to look for ways of preventing cybercrime to curb unauthorized access to patients’ information at the custody of the facility’s databases and/or in the process of transfer through the network system.
Greenwood, S. (2012). Political capital: the electronic health record challenge. The Australian Journal of Pharmacy, 93(1103), 18–19.
Kavilanz, P. (2011). Healthcare reform stands: how it impacts employers. Journal of Health Politics, 13(2), 113-119.
Melnyk, M., Fineout-Overholt, E. (2011). Transforming healthcare from the inside out advancing evidence-based practice in the 21st century. Journal of Professional Nursing, 21(6), 335-344.
Moore, L., & Savage, J. (2012). Participant Observation, Informed Consent, and Ethical Issues in Medical Practice. Nurse Researcher, 9(4), 58-69.
Spriggs, M. (2012). Ethical Questions must be considered for Electronic Health Records. Journal of Medical Ethics, 38(9), 535–539.
Wafa, T. (2010). How the Lack of Prescriptive Technical Granularity has Compromised Patient Privacy. Northern Illinois University Law Review, 30(3), 419-427.
Wilson, J. (2008). Health Insurance Portability and Accountability Act Privacy rule cause ongoing concerns among clinicians and researchers. Ann Intern Med, 145(4), 313–316.