MAHALA: Welcome to today's webinar secondary use of general practice data as part of our eHealth webinar series. My name is Mahala and I'm the Project and Events Officer for the RAC GP practice technology and management team and I'll be your host for today. I'm joined by Dr Rob Hosking a GP based in Melbourne. He'll deliver the presentation for you today. Rob has been interested in eHealth since commencing practice in Bacchus Marsh in Victoria in 1990. He gained his graduate certificate in health informatics from Monash University in the Year 2000.
Rob has worked in a number of a health-related committees at NPS medicine wise and the Royal College of Pathologist of Australia. Rob has been involved with the RACGP eHealth committee since 2008 and is currently the chair of the RACGP Expert Committee Practice Technology and Management. Rob, welcome to the webinar.
ROB: Thanks Mahala and welcome everybody. I hope you're not as hot as I am in Melbourne, well just outside of Melbourne, where it's a bit warm and sticky here and I don’t know about you guys.
MAHALA: Yeah, it's a bit gross tonight.
Rob, myself and the RACGP would like to thank everyone today for taking the time out of your busy schedules to participate in tonight's webinar. And before we begin, I'd like to make an acknowledgement to Country. I would like to acknowledge the Traditional Owners of the respective lands on which we are meeting today, and pay my respects to Elders past and present. I would also like to acknowledge any Aboriginal and Torres Strait Islander people present.
And just a quick note to say this webinar is presented in collaboration with the Australian Digital Health Agency.
ROB: And as you can see that on the screen what we want at the end is that you'll be able to describe the value of general practice data for secondary use; describe necessary considerations when responding to a request for data; and be able to discuss the privacy obligations around providing patient data; also the importance of de-identifying the data and responding to requests for general practice data.
So if we look at the next slide on the agenda, so this is how we're going to cover that. So we're going to describe what is secondary data, secondary use of data, what is the value of using data for secondary purposes, the considerations on how data should be de-identified and let you know what we think patients need to know about it. Do they need to consent or not?
We're going to discuss a bit about the PIP QI because it's very topical at the moment the, quality improvement program practice incentive program quality improvement, and we're also going to talk a bit about My Health Record and secondary use of data and provide a bit of an update on the My Health Record and principles for managing requests and show you the RACGP resources, and hopefully we'll have time for Q&A.
What are the kinds of general practice data that you collect, we collect or our receptionist collect?
So there's a huge amount of information in our systems
- family history
- pathology
- diagnostic imaging
- prescribing
- consultation notes
- therapy recommendations
- measurements
- images
- demographic data
- financial and billing data
And when you're sending data to other places you want to figure out which bits of this are you actually going to send and how is it going to be de-identified.
Some people may or may not be aware that there are a number of data extraction tools provided by the PHNs and many of those extract pretty much all of those things and I'm not sure many people are aware that their financial and billing data, particularly Medicare item numbers, are is exported to the PHN on the current agreements.
So what is secondary use of data? Health information that is collected as part of delivering clinical care it can be used for secondary purposes. When the data is used for the purpose other than which it was originally collected it is referred to as the secondary use of data. So it includes such activities as research, quality and safety measurements, provider certification or accreditation and marketing.
Electronic health records have enabled data to be collected as part of routine clinical care. Previously paper-based systems meant that BEACH and other research programs required manual entry of data by GPs who volunteer their time to provide data on their patients. With the advent of electronic records Healthcare data is stored in multiple places such as in our Practice Management Systems and Clinical Information Systems, such as Medical Director, Best Practices, Genie and others. And I apologize if I've left yours out.
Hospital patient management systems, pathology systems, all sorts of areas that data is stored and data has become a very highly valued commodity and you need to think carefully from your practice perspective about the worth of your data and the intended purpose of secondary use.
In the practice setting patients will generally expect their health information to be used for a wide variety of activities that are directly related to the provision of their health care, but they may not expect that their data is being used for other secondary purposes even in a de-identified form.
So in the next slide, what is the value of secondary use of practice data?
There's potential huge public health gains from the secondary use of de-identified data including clinical research outcomes, better informed epidemiological research and improved service planning and quality assurance.
However as healthcare information is considered one of the most sensitive types of personal information the use of healthcare data is controlled through legislation to ensure that patient privacy is maintained.
The health care system as we know is facing a number of challenges including more chronic disease and caring for an aging population and multi morbidity presentations for patients. So the collection of high-quality health data at a general practice level has the potential to facilitate increased efficiency in the care we deliver to these complex patients, create more proactive preventative interventions identify at-risk populations, inform health strategy and planning, such as in which localities require extra services and identify service gaps in certain areas and support quality improvement initiatives in general practice in Australia.
So the collation and aggregation of patient healthcare data creates new analytical possibilities for researchers, providers, and policy makers. So it's a really complex area and our data is useful and when we say data we really just mean records information. We often don't think of it as data we think of it as our patient clinical records, but it's made up of a huge amount of data elements
So if we move on to de-identification and we've got a polling slide here. So, let's see if we can find out some answers to what you think about this.
MAHALA: And yes, thanks Rob.so the next polling question we have for you is which of these items from a medical record could be used to potentially identify someone and you can select all that apply. So could name, address, date of birth, postcode and/or Medicare number identify someone?
So you can select more than one answer. Will give you a few more moments for this one.
Which of these items from a medical record could be used to potentially identify someone?
So it looks like most of you have responded now, so I will share those results.
ROB: Okay, so obviously name and address and date of birth are very highly identifying. Postcode and the Medicare number is highly identifying. The correct answer really is all of these items can be used. Interestingly postcode could be used because somebody might live in a small community and they might have only one representative with that name, date of birth and sex and perhaps medical condition so it's risky to be putting postcode in with small data sets for example.
So, how do you do identify your data?
The Office of the Australian Information Commissioner (OAIC) states that there's no right way to de-identify data and techniques need to be carefully chosen. And you need to remove direct identifiers such as name and address and other directly identifying information, and you may need to remove or alter other information that allows someone to be identified. As I alluded to earlier. So it's a fairly complex area and The Office of the Australian Information Commissioner de-identification decision-making framework is being sent to you in your message box now and you can choose to have a look at that if you like.
Now the next slide - Can my practice use its own data for secondary purpose?
So appropriate use of an individual's patient information to improve that patients health outcomes within the general practice is not considered secondary use of data. So if you're using a patient's information for their health their own health benefits, that's not considered secondary use. Practice data can be used within the practice for quality improvement, undertaking clinical audits of the practice population and benchmarking where the appropriate permissions exist.
This is secondary use of data within the practice. So the distinction is that individual patients healthcare information used for that individual is not secondary use. But within a practice, if you're aggregating parts of your practice population, extracting information using audits and doing internal research, that would be considered secondary use.
Now any decisions on changes to practice systems and clinical care as a result of quality improvement initiatives can be assisted by practice data and can include things such as implementing preventive programs for patients. For example, targeting Zostavax.
Like we did in our practice where we identified people who are 70 and over and our nurse rang and organized people to come in. That's a targeted program and maybe you're demonstrating a practice populations level of need. Perhaps if you aggregate your data and you can apply for grants to the local government etc promoting the need for better community facilities and services to promote preventive activities in your community for example, promoting physical activity services available in your local community. Now, this could be again done it the assistance of your PHN or local government. So you can see how useful it can be in your practice and then starting to move across into the broader community.
Now what do patients need to know in the next slide?
So your practice needs to ensure that your patients’ rights and privacy are protected. Your patients need to be assured that the data collection, disposal, collection, disclosure and the way the data is held is conducted in accordance with the Privacy Act. It's a requirement to advise your patients that their healthcare information may be de-identified and used for secondary purposes.
You practice must display information publicly, for example in the waiting room, on your practice website, perhaps on a Facebook page, perhaps in a patient brochure or all of those things. The information should provide patients with assurances and advice on their rights and how their data is protected and must clearly state your practices approach to collection of healthcare information for primary and secondary purposes. You must also provide patients with the ability to opt out of the secondary use of their data.
And we'll talk more about that a bit later. So on to the topic of the interest at the moment, which is the PIP QI a brief overview.
We really can't talk about secondary use of data without talking about the Practice Incentive Program Quality Improvement. So we'll spend a couple of slides looking at this. This is a just a brief overviews o I encourage you to have a read of our fact sheet and the supporting resources from the Department of Health after the webinar. The links are in your message box now.
So the PIP QI is a payment to encourage practices to participate in quality improvement activities aimed at improving patient outcomes through the delivery of quality care.
It was launched in August, 2019. To be eligible to participate practices must be accredited against the RACGP Standards for general practices. Practices need to register now, here is a few acronyms that might get you going.
You register using PRODA some of you may know about that, that's Provider Digital Access, which connects you to HPOS, which is Health Provider Online Services run by Medicare. So using PRODA to access HPOS you then sign up to the PIP QI and you let your PHN know that you have signed up. Currently.it is estimated that somewhere around the high 70s low 80% of accredited practices have signed up.
Practices will be required to electronically submit the PIP Eligible Dataset from their general practice clinical information system. So from your record system to your local PHN on a quarterly basis.
This PIP Eligible Dataset is comprised of de-identified patient data collected against 10 specified Improvement Measures, which will show you shortly.
General practices also need to commit to implement continuous quality improvement activities in partnership with their local PHN.
So in brief, there are two requirements to receive the PIP QI, you need to be uploading data, every quarter and you need to agree to join in partnership with your PHN some quality improvement activities.
The amount that you practice receives for the PIP QI depends on the size of your practice and its maximum is $12,500 per quarter and it's based on the calculation of $5 per standardized whole patient equivalent per year. Now you can't work out your own patients Standardized whole patient equivalent, that's a magic number that appears out of Medicare somewhere. But to obtain this maximum of $12,500 per quarter or $50,000 per year you would need to have 10,000 SWPE or standardized whole passion equivalent. So that's a big practice. My practice which has 4,000 SWPE will be able to get $20,000 in a year for this program
So a number of Practice and Service incentive payments ceased with the introduction of the QI PIP. So the asthma, diabetes, cervical screening, quality prescribing and incentives are no longer available under this new program. So you may lose money there. And if you meet these PIP QI incentive program requirements, you will gain some of that money back, maybe more, probably more.
The data provided to PHNs will assist PHNs to work with general practices to support quality improvement through reporting and feedback on managing the practices patient population and to contribute to service planning and population health mapping. The PHNs will share the aggregated data with the National Data custodian, which is the Australian Institute of Health and Welfare for National analysis and research. Now, that's not going to start until later next year. Researchers may apply to access this data securely and in line with the PIP Eligible Dataset Governance Framework, and if you want to you can review the PIP QI Fact sheet through the message box.
Now if we move on to the next slide - What are the data improvement measures of the PIP QI, sorry, quality improvement measures?
You can see them on your screen there.
So they're mainly proportion of patients with for example diabetes with current HbA1C, smoking cessation, weight classification, aged 65 and over immunized against the flu, diabetes and COPD immunized against the flu, alcohol consumption status recorded, the necessary risk factors to have CVD or cardiovascular disease assessment, proportion of your eligible patients with up-to-date cervical screening and the proportion of patients with a blood pressure record if they are diabetic.
So these things seem fairly random, but they were decided after discussion between the PIP Advisory Group, of which the RACGP is a member, and our member was trying very hard to keep the list down to a manageable level so that it wasn't too hard to achieve.
So the next slide the PIP QI considerations. T
These are things to that you need to think about so you need to share these ten data elements data associated with these 10 specified Improvement measures. Interestingly there's no goal attached to this. There's no suggestion that you need to improve your collection of data, you just need to submit the data that you have in your systems, but I dare say that one of the programs that the PHNs will be looking at will be Can we help you to improve your data collection? if your data collection is not the greatest. There's no specified data extraction tool that must be used, despite what your PHN is saying to you. You can use other tools and at the moment they are still being developed by some of these software vendors that you may use like Medical Director and Best Practice are developing their own data extraction tools. So if you're not comfortable with the way the PHN is extracting data and some PHNs have been saying “you’ve got to use our tool and you've got to send us everything that's in your record” And as I said earlier some of that may include Medicare item numbers that you may not be comfortable sending.
So I would encourage you to look into the contracts and discuss these things with your PHN and see how things are traveling.
And now to find out a bit about what you guys are doing we've got a polling question for you.
MAHALA: We sure do, thanks Rob.
So the last question I have for you tonight is Has your practice signed up for PIP QI? Yes or yes we have but we've applied for an extension. No, we will not be participating. Undecided or don't know, or not applicable for those not in general practice.
So has your practice signed up for PIP QI?
I’ll just give you a few moments here and I will share those results with you.
ROB: Okay, so a fair percentage, but there's also a fair percentage who don't know and that may be because you work in a practice where the decisions been made and you're not aware of that or maybe you haven't considered your practice hasn't considered it yet.
Now I didn't mention earlier and I should have, I'm sorry, but the with the data extraction there is the ability to apply for a time limited extension for up to 12 months if your software is incompatible, or if you choose not to use the PHN provided free data extraction tool and we're talking about things like PEN Cat and POLAR, which are the most common ones, although on the Gold Coast has another one called Primary Sense.
These are data extraction tools that send at the moment unless you have restricted it they are sending all of your data from your practice. All of that information goes to the PHN and if you're not comfortable with that, you can as I said apply for an extension through the Department of Health and it is up to 12 months. You can continue to claim the PIP QI based on the number of SWPE you have, your number of patients, but you don't have to be providing any data during that time.
However, after that 12 months you do need to make a decision whether you're going to use the data extraction tools provided by the PHN or one of the other data extraction tools, which we hope will have been developed by then or whether you're going to not continue anymore at all.
So we go on to the next slide, which is about the My Health Record and the secondary use of data.
So the primary purpose of My Health Record is to support provision of safe and efficient care for individual patients. So it's for the individual patient who has their My Health Record so that they can then take that somewhere or get it looked at by somebody else or look at it themselves. There's a variety of potential secondary users of information in the My Health Record system such as for research and public health purposes, even law enforcement and the system operator functions.
So this slide is going to talk to the use of the information in My Health Record for research and public health purposes only. It's not going to cover the uses described in the My Health Record Acts such as for law enforcement or system operator functions.
If you want a full description of all circumstances in which identified My Health Record data can be released you can go and look up section 61 to 70 of the My Health Record Act and I can just hear everyone rushing off and looking at it now but stay here and listen. It's expected that the My Health Record data will be used for public health and research purposes from 2020, so that's sometime next year. It's expected that most applications which are assessed will be for the use of de-identified data. Consumers can elect not to participate in secondary use of data for research and public health purposes via the consumer portal in the My Health Record so you can still have a My Health Record, but you can ask not to be involved in secondary use research.
So there are step by step instructions available on the My Health Record website and on the information sheet. Now we've experimented with this and it is quite easy to turn on and turn off in the appropriate section of My Health Record. It's in the same section where there's privacy settings where you can get it to do cool things like send you an SMS if you if your My Health Record is accessed. This is as an individual I'm talking about it's not for practices.
So it's just so that you're aware when you're talking to patients about can they have a My Health record?, Do they have to provide permission for secondary use of their My Health Record data you can say no you don't have to but if you want to you can leave things as the as they are. The basic setting is that its defaults to sharing it.
Applications for researchers to use identified data for public health purposes.
There's no ability to release data unless specific consent from the individual patient or owner of that My Health Record has been obtained, so you can reassure people that they won't be identified unless somehow they are contacted and asked to be participants.
I'm not even sure I can see how that's going to happen either. So if you want more information that's in your message box at the moment.
So the with regards to how the system operator is going to manage the secondary use of My Health Records system data, they've developed the framework to guide the second use of data and it talks about the two issues about de-identified versus identified. The framework specifically does not permit the secondary use for commercial or non health related purposes.
It specifically excludes secondary use for the provision of My Health Record data to insurance agencies and it specifically excludes the use of My Health Record data for clinical trials recruitment until an explicit consent option available in the My Health Record access control. So it sounds like they're planning to perhaps have a control button like they have for sending SMS that somebody's accessed the record or the control button to turn off secondary use of My Health Record data. They'll have a similar one for possible clinical trials. We haven't heard any more detail on that and I suspect that is still a fair way off yet.
So on the next slide, we have the guiding principles for managing requests.
So we're going to talk through this and the RACGP has recently released a new resource of the same name as above and you can find a link to it in your message box now.
So if we're going to the next slide - so the secondary use of data must be transparent and appropriate. Before agreeing to share data, practices should be clear regarding what data will be extracted and how their data will be used. This allows practices to make informed decisions about releasing your data. So the purpose for what the requesting party wants to use the data must be clear and they should only use the data for this purpose.
Practices should look at who is requesting the data and evaluate whether the third party is reputable and whether their purpose for using the data open, honest and appropriate. So an example of appropriate purposes could be the use for health research by an ethical organization, population health measures to improve health care planning or public health surveillance.
Examples of inappropriate use of general practice data might be commercial purposes not clearly linked to improve patient care, examples might be targeted marketing of a product. We saw an issue recently around one of the online appointment booking companies providing patient data to legal firms, and they were targeting them, that was considered inappropriate.
Other inappropriate use might be any linkage of datasets held by these agencies, such as workers compensation insurers, private health insurers or Centrelink for compliance or risk assessment purposes. Another of inappropriate use might be performance management of individual groups of clinicians so people in your practice, it's not appropriate for this data to be used by Medicare to come in and tell you that you're not doing the right thing or even your PHN to public benchmark practices, health professionals or medical services without explicit consent.
So you may want to be benchmarked against other practices using certain ethical organizations but without your consent you should not be benchmarked and we don't want that out in the public domain either.
Another area might be considered inappropriate is compliance audits to make sure that you're doing the right thing and another one would be to carry out low-quality dubious or unethical research. Perhaps through drug companies that might not be working in the best interest of the of the practice or the patient's.
So you've got to ask the third party who's requesting your data that they have an understanding of general practice, the context of how the data is collected and the nature of the data. And your practices can ask the party who's requesting information to demonstrate this and I encourage you to ask whether it will be a university whether it be NPS Medicinewise whether it be PHNs review the contracts, query what they have in them and what is it they're actually extracting and whether you think that's a good idea or not.
So on the next slide, we've got there the requesting third parties must extract and manage the data to required standards. According to the Privacy Act and Australian Privacy Principles de identify the data and how it's done, that should be done before it leaves the practice and if the patient data is not de-identified before leaving the practice the patient needs to have explicit consent for that. Evaluate the risks that the data could be re-identified and steps to prevent this happening. This is really tough because we're seeing some big organizations being able to demonstrate re-identification of data. Usually it's pretty low and there are exclusion samples as we mentioned earlier small data samples make it much harder to identify people with rare conditions or a collection of items that could identify them. The data must be adequately protected with these security processes and procedures in place to ensure not only the appropriate extraction, but the appropriate transmission. Make sure it's encrypted or secure as its passing through the internet storage at once it's received at the other end and the management of that data and note that it's actually illegal under the Australian Privacy Principles to store data outside Australia. So these must not leave Australia and go through servers or cloud storage areas that are based overseas. You should implement risk mitigation strategies to protect against misuse of data. So this is the recipient, they must have strategies in place to protect the data.
Ensure the data is only kept for specified period and also destroy the data once it's no longer needed.
So we're going to the next slide.
So practices should implement procedures for providing data and the patients must be made aware as we said and must have that publicly displayed. The information should include assurances on patients rights and access to correct information.
Whilst individual patient consent for sharing de-identified data is not a legal requirement, so you don't have to get consent for de-identified data most data extraction tools have the ability to enable individuals to be removed if they request to not be involved similar to the My Health Record situation.
So a practice may wish to put a procedure in place to manage requests from patients who don't want their data to be used for secondary purposes and to do that you probably should have, well you must have a privacy officer in the practice. That might be one of the senior GPs, might be the practice manager, somebody who will assess requests and provide permission to requesting parties for practice data to be used for secondary purposes and practices should consider how they wish to be involved in data collection and analysis and kept informed of any results and outcomes. The Office of the Australia Information Commissioner has advice on their website about the de-identification in the Privacy Act and there's a link being sent to you now.
So agreements and contracts. This is the real nitty-gritty. I think you've got to really look at these agreements and consider including clauses to explicitly address the principles of the document. So as de-identified data can be re identified, especially when used in large data sets that can combine multiple sources of data. It's recommended that a legal agreement between the practice and the requesting party includes assurances data will not be used in a manner that enables re-identification and there should be an indemnity in favour of the general practice providing the data in the event that this is assurances bring breached.
Unfortunately some of the contracts that we've seen lately between practices and people wanting our data have actually said that the general practice is liable in the event that the receiving organization has a breach that identifies patients. So I think you've got to make sure that your contract is very secure and the contract that is being developed for the PHNs at the moment, we're trying to get a generic one that is the same across Australia, at the moment there are 31 PHNs and each one has their own contract.
And if you're not happy with the contract that they're providing then maybe you should apply for the extension and wait until a better contract is available.
You should also look for clauses that the party can't sell, provide or transfer the data to other parties without permission of the practice. There should also be clauses that include an assurance the data will not be used in a manner that allows re-identification of individuals as we said earlier.
Indemnify your practices, there should be a clause about that. Include assurances that the third-party adheres to the Privacy Act and the Australian Privacy Principles. There should be clauses that state parties will not use the data to publicly benchmark general practices or manage GPs performance or will be used for compliance purposes.
There should also be a assurances in the contracts that data analysis will be academically and ethically rigorous and there should be a GP involved in any research process and analysis of general practice data, because otherwise we get sort of silly comments that are made like came out earlier in the year that the most common GP consultation is for repeat prescription and now we all know that that those sort of consultations don't just include repeat prescriptions usually it'll be involving something else, but that may not have been included in the reason for attendance when the doctor saved those notes.
So I think we need GPs in these research organizations who can correct some misinterpretations, but it also behoves us to have good quality data.
So these clauses also should state that agreement expires on a particular day or includes a date to review the agreement and that the contract can be terminated at any point for failure to meet these principles
So we'll go on and have a look at decision making tools. So if you practice receives a request for de-identified data for secondary peruse the RACGP has developed a checklist that can assist in making an informed decision about you how you want to proceed with the request the links being sent to you in the message box now.
So you can work through the checklist and this can help form part of your risk mitigation strategy when you're providing de-identified data for secondary. The checklist will assist your practice to develop comprehensive processes and procedures to ensure that this information shared ethically, legally, securely and confidentially. It's a guidance tool, it's not a sort of standards or accreditation tool.
So if we go on to the RACGP Practice Technology and Management that's our team and some of the team are on the line at the moment controlling the slides and making sure everything works for you and the team, also with the GPS involved in the group on the committee, have developed these resources that you might find useful. They're available on the website. So they’re relevant to the topic were talking about today.
There's Improving health record quality in general practice, this may help you get more out of your record system for data analysis within the practice and assist in providing high-quality data for external analysis for secondary use.
The privacy and managing health information in general practice is a very important document that has been used for a long time and it's actually aligns with current high quality practice and reviews all the various acts and privacy principles.
The next one is the Information security in general practice. This is the document that is being supported in the 5th edition standards for general practice accreditation.
So when your practice is accredited some of the information from this is used to decide if your IT system is secure and managed properly.
Then to help support that there's a Guide to information back up in general practice, which is fairly self-explanatory.
And then there's a Notifiable Data Breaches resource that was released in soon after the OAIC, The Office of the Australia Information Commissioner came out with the notifiable data breaches scheme, and it should be noted that the healthcare sector has the highest rate of data breaches notified to the OAIC and so it's something we all need to pay a great deal of attention to and that document helps you if you think you may have a data breach and what you should do next. So that's in the message box.
So the next one is a note from our sponsor the Digital Health Agency is helping to provide resources for this webinar and they've asked us to give a brief update on the My Health Record about some new bits that have been included. So I don't know how many of you are using the My Health Record but if you are you may have noticed that there's now an improved pathology and diagnostic imaging view.
So previously when you went in there was just a pile of or a long list of documents that you had to click on to find out what was in each one. Now it's being sorted according to pathology in one folder diagnostic imaging in another and they also can be sorted by name of the pathology report or the examination for diagnostic imaging and the third section is group reports which are grouped by test names or diagnostic imaging names and the final section allows for authoring providers to be there in the administration detail so, in other words which pathology lab or diagnostic Imaging lab.
So the other new thing is the pharmacist shared medicines list. So this is a list of medicines that a patient is known to be taking including prescribed over the counter and complementary medicines at the time that the list is created. The list is created by a pharmacist and it also includes allergies and adverse.
So this is like the pharmacy version of the Shared Health Summary that we provide in general practice. So it's an opportunity for pharmacists to engage with the My Health Record and provide a list of the medications. They might do these when they do domiciliary medication reviews or aged-care medication reviews, or they may just do it as part of the community and some of the hospital pharmacists may be doing it when a patient is discharged from hospital depends on which part of Australia in at the moment is to how good that is, various states are doing it better than others.
So it's designed to improve information sharing between health professionals and ensure continuity of medicine management, particularly when you're transferring between care settings, so like between hospital and the community. We're used to getting these documents in the form of a faxed piece of paper or a bit of paper that the patients brought in and the patient holds it, this is going to be available in the My Health Record, it's the same sort of thing and it's just another source of information that we can access to reduce medication errors, so it may be quite useful, it may not be depending on whether you already have that information in a discharge summary or the patient's provider to you.
And don't forget that there are My Health Record in general practice learning modules and you can get CPD points for that.
MAHALA: As Rob just said we have time for Q&A so please send them through to us in the question box and we'll do our best to get a few answered tonight. So one that I have here already is - In a practice that is signed up for PIP QI can individual GPs opt out of some or all data collection for the clinical data that they themselves generate?
ROB: Excellent question and we're assured that yes that's coming. I don't know that it's actually available yet. I would check with your PHN but that is supposed to be an option, yes.
MAHALA: And can also do patients have the right to sell their own medical data?
Rob: Well, yeah, it's interesting patients can't breach their own privacy. So if they want to get their data from you, yes, they can sell it as an individual I suppose, but you may be uncomfortable with that if it's your records, so you have you are legally obliged to provide access to patients to look at your records. There's no recommendation as far as I'm aware that you have to actually provide a copy of the records. So they may choose to do their own thing with the My Health Record. They might be able to download and print off health summaries and they can do with that what they like. They can post it on Facebook is and there's no problem with that.
MAHALA: Thanks Rob. The next question I have here is Can I share our practice data for secondary purposes with International organizations
ROB: No, as we said the data is not allowed to leave Australia. International organizations may partner with Australian organizations to do research and if the data remains in Australia and is aggregated and interpreted in the research done from that, then it may be published in international journals etc, but there would be no inclusion of data within that, it can't be exported out of Australia according to the Australian Privacy Principles.
MAHALA: Thanks Rob. So the next question is actually two questions, but they relate so I’ll go through them both now, so do patients to have the right to opt out of sharing data and how do you manage removing that patients data from being used for secondary purposes?
ROB: Yeah, well as I mentioned yes patients do have the right to not consent for secondary use of their data and so in your own practice, as I said, you should really have a privacy officer who is available for the patient to state that to somebody as, I said, it might be a practice manager, it might be a senior receptionist, it might be one of the GPs and then the person who has that role can go into the extracting data software and in the example in the case of PEN CAT and POLAR I'm told that there are fields that you can go into and click that the patient doesn't want their data shared. Certainly I know for PEN CAT you can, I've seen that and that can happen at practice level. The person managing should know how to do it. If they don't they should ask the PHN how you do it.
I suspect It won't be a large number of patients unless your documentation or notification of patients creates hysteria, like it did with the My Health Record and everybody was jumping off bridges if there are they're worried about things being done with their data, but it's really a matter for the individual to make a decision and but as we said you don't need to seek informed consent to provide de-identified data through these sort of tools.
MAHALA: Great. Thank you Rob. So we have just hit 9.30 so that does bring us to the end of our webinar tonight. I see there are a couple of questions there that we haven't got to so if we didn't answer your question tonight, please feel free to email ehealth@racgp.org.au org and we will respond to you via email
Rob Thank you for a great presentation.
ROB: Thanks very much Mahala, and thanks everybody. I hope you got something out of that. I hope we didn't cause too much uncertainty, but there's a lot of resources that the Practice Technology and Management team have and either go through the website and look for them, send an email off to the team and they'll answer it, or you can even phone up and they'll try and do their best to see what they can find out for you. So thanks everybody and good night everybody.