Healthcare Identifiers Act and Service Review - Final Report - June 2013

Appendix 5: Recommended Actions

Page last updated: 28 November 2013

In addition to the recommendations identified in the body of the report, the following actions are recommended:


Organisation responsible

Service component

Actions

Priority

DOHA

Governing Agreements

Amend references to the National Partnership Agreement on E-Health in the HI Act in line with the revised Agreement.

High

DOHA

Governing Agreements

Consider extending HPI-O participation agreements to introduce a requirement to support clinical safety incident investigations relating to HIs.

Medium

eHWG

Governance

Re-establish engagement with the NHIRF working group

Medium

NEHTA

Governance

Expand membership of the Joint NEHTA Medicare Australia Strategic Steering Committee to include jurisdictional representation to ensure that the requirements and priorities identified and agreed in the National Health CIOs Forum are considered in setting the work program of the HI Service

High

NEHTA

Governance

Establish a reference group to act as a consultative committee to the change approval board

High

NEHTA

Governance

AHPRA be included on key HI governance groups.

Medium

NEHTA

Governance

Routinely involve DHS representatives in tiger teams tasked with defining requirements to ensure that all stakeholders have a common view of business requirements and input into high level solution options

High

NEHTA

Governance

Invite the CIO of DHS and AHPRA to regularly engage with the National Health CIO Forum

Medium

DHS

Governance

Include a DHS IT representative on HISOC to support information flow between HI stakeholders and DHS IT Services

Medium

NEHTA

Policy

Develop and issue a policy on quality assurance that defines the activities, scope, permitted disclosures and responsibilities.

High

NEHTA

Policy

Develop and issue a policy framework and guidelines to all Medicare Locals regarding the extent of their authority to act for the GPs in their area.

Medium

NEHTA

Policy

Review the requirements for Seed and Network structures, Responsible Officers, Organisation Maintenance Officers and authorised employee authorities to make sure that the structure defined is appropriate for all types of organisations.

High

NEHTA

Policy

Ensure that all policy and other communication documents relating to the HI Service are made accessible through a single point to facilitate access by stakeholders.

High

DHS

Policy

Confirm the compliance requirements in relation to address validation for Evidence of Identity.

Medium

DHS

Risk management

Engage input from clinical advisors in formulating privacy and risk assessments to ensure a balanced assessment of potential risks.

Medium

NEHTA/DHS

Change and adoption

Identify relevant data and agree on process to release information to support more effective targeting of change and adoption activities, such as utilisation by area and error rates for identification data fields.

High

NEHTA

Change and adoption

Include an overview of the obligations, risks and impact on business processes to be managed by healthcare providers in relation to the use of Healthcare Identifiers in the change and adoption processes for all programs using the HI Service.

Medium

DOHA/DHS

Change and adoption

Consider leveraging and expanding the role of DHS Business Development Officers to support implementation of HI.

Low

NEHTA

Communication and engagement

Assess opportunities to leverage AHPRA’s existing communication processes with providers to disseminate information on the HI Service and other e-Health programs.

Medium

NEHTA

Communication and engagement

Develop a series of communication materials/guidelines targeting providers using the HI Service to clarify:

  • Business processes (electronic and manual) where use and disclosure of Healthcare Identifiers is and is not permitted
  • The use of Healthcare Identifiers in sectors such as aged care, disability services and healthcare services operated by insurers
  • What disclosure is permitted in the investigation of incidents, who should lead and participate in these investigations, what information can be disclosed and the extent of vendors' obligations to investigate
  • Considerations and potential impacts for different organisation types associated with seed and network structures
  • IHI collection processes to inform local implementations
  • Targeted information for providers on permitted uses and circumstances where penalties would apply to mitigate concerns about inadvertent disclosure
  • Data management responsibilities to support the effective operation of the HI Service

High

DHS and NEHTA

Communication and engagement

Develop and agree processes to engage and manage stakeholder expectations and their participation in requirement definition and sign off of specifications, design and testing.

High

AHPRA

Business processes

Develop business rules for the assignment of HPI-Is for healthcare providers who are not Australian residents.

Low

NEHTA/DHS

Business processes

It is recommended that a more strategic approach be adopted to prioritising and scheduling Change Request (CR) development and implementation, for example by grouping CRs touching the same functional areas, rather than managing each CR independently.

Medium

DHS

End user support

Review current training materials/processes to ensure a consistent message is always provided by service desk staff.

Medium

NEHTA

Data quality improvement

Release the Data Profiling and IHI Match Rate Assessment report to sites to enable the findings to be used to formulate targeted data quality strategies.

High

DHS

Data quality improvement

Develop and implement processes to feed the results of ongoing data quality monitoring back to providers to support local data improvement activities.

High

NEHTA

CCA

Review the scope and on-going resourcing requirements to manage CCA in line with the HI development roadmap.

Medium

NEHTA

CCA

Develop best practice guidelines to assist vendors to determine when a formal CCA/NOC process is required and when testing can be incorporated into the vendors own test/Quality Assurance  process.

Low


Top of page