Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
5.1 IntroductionPrivacy protection and appropriate security are critical aspects of the PCEHR System. Successful delivery of both will increase an individual’s access to, and control over, their health information, limit any opportunity for inappropriate access and ensure trust and confidence in the system.
The protection of privacy and security is being considered from the outset of the PCEHR System design. It should be recognised that there is no single solution to address privacy and security issues. The PCEHR System has significant potential to address the problems created by fragmented information in the current healthcare system and to provide individuals and their healthcare providers with better access to their healthcare information. A combination of technical, policy, governance and legislative safeguards will need to be in place to facilitate access by the right people and prevent inappropriate access and use of healthcare information.
Individuals will have significant control over their PCEHR and how it is used. Individuals can choose to have (or not have) a PCEHR, can access all information in their PCEHR, set access controls around healthcare provider access, apply greater controls to sensitive information, and choose which information is not available through their PCEHR. These and other controls provide numerous options for individuals. Many individuals who choose to have a PCEHR will probably not exercise all these options. However, when building a national system we must allow for those people with specific sensitivities to participate in a way that is respectful and responsive to their concerns.
In addition to this, the PCEHR System will record details of every access made to an individual’s PCEHR. Individuals will be able to view this information through an online audit record and make enquires and complaints about potentially inappropriate access.
Furthermore, additional safeguards will underpin the PCEHR System, including: technical security measures, training, effective and transparent governance arrangements, legal protections and penalties, and regulatory oversight.
This Concept of Operations focuses primarily on the technical control and business process layers required for a PCEHR System. The PCEHR System’s governance arrangements, regulatory framework, including complaints management and sanctions are being developed. A Legislation Issues Paper has been issued for consultation [DOHA2011b].
Top of page