[LINK] Centralised IHI architecture ...

Stephen Wilson swilson at lockstep.com.au
Mon Mar 15 15:22:39 AEDT 2010 


Marghanita da Cruz wrote:
> Stephen Wilson wrote:
> <snip>
>> My real beef is not actually with Medicare, it's with the centralised 
>> IHI architecture arrived at by NEHTA.  Whomever operates a 
>> centralised IHI directory, I think the structural privacy problem is 
>> that this architecture centralises IHI resolution and creates 
>> needless event logs.  Why should *anyone* know about my consultation 
>> with a family planning clinic, ER, drug & alcohol service or mental 
>> health service, apart from me and my clinician, and secondarily, 
>> other clinicians that I have consented to be involved? 
> <snip>
>
> Are you speculating or do you have concrete counter examples - to
> disprove the proposed model?
Concrete examples of the exposure of information about consults?  Sure, 
it's in the legislation.

As APF pointed out, the legislation only includes one use case: when a 
healthcare provider needs to access a patient's IHI.  The only way to do 
this contemplated by the legislation is that for the provider to send 
identifying information about the patient to the IHI service, which then 
serves up the IHI.  It is not expected that the patient will ever 
disclose their IHI direct; indeed, NEHTA testimony to the senate 
committee was repeatedly to the effect that there is no need for 
patients to know their own IHI.

Therefore, the first time I present at a clinic, a provider or 
administrator will send a request to the IHI service for my identifier 
(once they have the IHI, and have injected it into their own local 
systems, it seems unnecessary to request it againe).  Not explicit in 
the legislation but surely essential is that the clinic will also have 
to authenticate itself to the IHI service, revealing the name of the 
facility and, I guess, the name of the person requesting the identifier.

So  ... the IHI service will have a detailed event log of almost every 
initial consultation that patients have with health services.  The event 
log will presumably record the patient name, DOB and other identifying 
information (as spelled out in the Bill, this can and -- and in the vast 
majority will -- include Medicare no.), the date of the visit, the name 
and address of the clinic, the healthcare organisation identifier, and 
surely also the name and provider identifier of the person authorised to 
request the IHI.

It has been said over and over and over that there is no clinical 
information information 'attached to' the IHI or included in the IHI 
database.  This overlooks all the metadata that will be generated.  The 
IHI system will record (indeed, has to record for audit) ...

15/7/2014 1:25AM Stephen Z. Wilson IHI downloaded by Sister Alice Smith 
at Royal General Emergency Room Admissions HPI 222222
16/7/2014 10:00AM Stephen Z. Wilson IHI downloaded by Dr Ida Bett at 
Melbourne Major Drug & Alcohol Centre HPI 666666
21/7/2014 3:10PM Stephen Z. Wilson IHI downloaded by Dr Fred Nurk at 
Toorak Psychiatric Services HPI 123456
22/7/2014 9:00AM Stephen Z. Wilson IHI downloaded by Ms. Ima Clerk at 
Inner City  Mental Hospital HPI 654321

So the IHI system doesn't *explicitly* say that Steve had an episode 
that caused him to attend an emergenecy room late one night, that he 
went on to drug and psychiatric counselling before being admitted to an 
acute mental health facility.  But it would all be obvious in the log.

In my view, this logging is a by-product of a centralised IHI service 
designed in response to a particular challenge: people carrying their 
IHIs for themselves and presenting them to clinicians as needed.  THe 
NEHTA design has avoided this, seemingly because it's deemed too hard.  
The logging of IHI requests is not inherently necessary for the 
provision of IHIs, but of course, once you commit to a centralised 
architecture, the logging is necessary (ironically) to help individuals 
prosecute their own privacy.

There should be alternative choices for carrying one's IHI, such that 
they way you use the IHI remains confidential between you and the 
healthcare provider. 


Cheers,

Steve.

Stephen Wilson
Managing Director
Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au <http://www.lockstep.com.au>


Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.  Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.

More information about the Link mailing list