Practices have no visibility or control over the QI PIP data collection which could easily lead to patient’s privacy being breached if the identified data is sent by mistake in PHN’s automated process. Furthermore, practices are liable for any patient data breach under the Data Extraction Tool Agreement they have to sign as part of the sign up for the QI PIP with their local PHN.
No Visibility on QI PIP Data Collection
In light of the article on Australian Doctor about PBS data being used to identify patients with bi-polar it got me thinking about the QI PIP and this data extraction tool agreement which I signed in June this year as part of the new QI PIP requirements. But firstly let me just say from the outset that the story on Australian Doctor is absolutely horrifying.
From my perspective, as a practice manager, this raises privacy concerns about the recent Quality Improvement PIP where de-identified data must be shared with the PHN who in turn notify the Department of Health that we have shared our data. On the face of it, I have no problem with it but it is the process of how this data is being collected which gives the practice providing the data no visibility to ensure mistakes are not being made in its collection and submission to PHN.
How the De-identified Data Collection Process Works for QI PIP
To be eligible for the QI PIP, the data is de-identified through an automated process run by PEN CS who use a program called Scheduler and Cat 4. No one at the practice, including myself, have visibility over this process on our server and I personally watched the installation through Team Viewer last month.
In fact, when I asked PEN CS for visibility and they said I could not as it was controlled at their end. I could just tell them a preferred collection time which they would set it up for me. The date is determined by my local PHN. The data is collected quarterly.
Mistakes can be made
Last month, when Cat 4 and Scheduler was installed on my new server as part of the QI PIP rollout, I said definitely do not do a data extraction now as it slows down our network and we were seeing patients. I knew this because when I do manual collections, Cat 4 comes up with a warning about slowing the network when you are about to do a collection. I told them do not do a collection right now multiple times in the same conversation during the install because the first time I said it the PEN CS tech support person seemed hesitant.
Anyway, I checked the next day and YES they did TWO collections, one at 1am which is what I requested and another right at the end of install which I said I did not want to happen but they still did it. We are all human and clearly PEN CS make mistakes. I am just using this story as an example that mistakes can be made. But how do I know PEN CS haven’t made a mistake and transmitting the identified data by mistake? I have zero visibility or control.
The Data Extraction Tool Agreement provides Practices with no protection
The Data Extraction Tool agreement which PHN asked me to sign in June of this year is very one sided. This agreement had to be signed as part of the QI PIP. An extract is set out below:
Except with respect to any Non-Excludable Guarantees under the Australian Consumer Law or for any proven gross negligence or wilful misconduct, the Practice agrees that:
(1) PHN is not responsible for:
(a) Any non-performance, failure or other aspect of the Software;
(b) Any loss, alteration or corruption of the Software or Practice Data; and
(c) The security of the Practice Data.Data Extraction Agreement p10
What exactly will this Data be used for?
Most patients don’t even know their de-indentified data is being collected by PHN for the new QI PIP. What exactly is this data being used for? According to the PHN this data is being used to improve population health mapping and identification of service maps.
If you read the guidelines of the Quality Improvement Pip there are only 10 areas but they collect much more data in other areas than they require for this PIP because apparently Cat 4 can not accommodate this specific request.
What safeguards are in place to make sure PEN CS are accidentally transmitting the identified data by mistake?
In my opinion, more needs to be done to safeguard patient’s privacy in the data collection process of the Quality Improvement PIP.