After a delay to strengthen privacy and security protections, the expansion of the government’s centralised digital medical records system is complete. The rollout of My Health Record reflects a significant shift towards the digitisation of healthcare and Australia’s vision to make patient records more accessible.
This has resulted in the creation of new opportunities to improve care across a range of health services.
The possibilities, while endless, also open up a range of challenges regarding privacy and consent – challenges which nearly 300,000 Australians aren’t prepared to face, having opted out of the system by November 2018.
Connected but secure
Using digitised services ranging from online health records to remote monitoring tools such as wearables or apps, organisations are seeking to improve patient outcomes.
On the flip side, this heightened level of connectivity also creates additional points of exposure. It may be a bitter pill to swallow, but Australians have shown that they are unwilling to comprehensively divulge all medical information due to privacy and security issues.
What is required the establishment of a proper trust relationship among patients, care providers and digital services. The two critical pieces in doing this are authenticated identity and consent management.
Systems must be secure whilst also facilitating immediate access to patient data and history to inform care regimes. They must also maintain certain levels of user control to ensure that only relevant information is shared with the authorised third party.
As connected care becomes more commonplace, the potential for identity theft also increases, especially if access and controls systems aren’t established from the onset. Ensuring privacy and security of patient data means verifying user identity and permissions to ensure that the mantra “no data about me, without me,” rings true.
Creating a better system
Balancing health data interoperability with patient privacy is another challenge.
Case in point: Sweden’s rollout of electronic health records (EHRs) and the resulting increased regulatory pressure spelt out the need for open healthcare API standards. The use of data from clinical trials, registries and patient outcome databases for research purposes also came under scrutiny when the General Data Protection Regulation (GDPR) was being finalised.
However, in every challenge there is an opportunity.
Researchers are now able to undertake research and apply deep learning on EHRs to predict healthcare-associated infections. It is these kinds of developments that Australian researchers can look to emulate through secure access to EHR databases.
Regardless of the outcome, this kind of progress shouldn’t come at the detriment of meaningful patient control. A simple opt-in checkbox restricts sharing capabilities, limiting a patient's ability to direct how their data is accessed and used on a daily basis.
A patient’s health status can deteriorate or improve in a matter of minutes, and their ability to consent needs to be able to adapt in the same way.
User-Managed Access (UMA) offers patients a simple and powerful way to manage health data ecosystem impacts, allowing them to determine who gets access, for how long and under what circumstances.
Implementing the Health Relationship Trust (HEART) standards, which profile UMA, helps promote patient control and ensure the secure exchange of patient information.
A seamless experience
With the My Health Record, patients want to interact with a single health portal. This brings with it the expectation that patients want to take charge of their health and digital identity. In this situation, reducing friction from secure authentication experiences becomes more important than ever.
The continued digitisation of the healthcare system, beyond the creation of digital records, means providers must establish systems which accommodate users, devices and the systems which securely facilitate data sharing and recording.
This transformation needs to factor in the consolidation of once-isolated systems and devices to create a unified patient profile across all digital channels. This ensures that services are consistent and personalised, delivering better health outcomes.
A robust customer identity and access management (CIAM) strategy can enable strong authentication and authorisation, while offering a single view of the patient and relevant data, and keeping controls firmly in the hands of the patient in a way that makes managing their health and relationship with healthcare providers seamless.
As digital transformation continues to drive advancements in healthcare, safeguarding patient data will influence widespread adoption. Whether data collected is by devices and apps or through a visit to the doctor, an effective CIAM strategy is critical for organisations wanting to deliver connected care and foster trust with patients.
Eve Maler is Vice-President of Innovation and Emerging Technology at ForgeRock.