Draft Concept of Operations Feedback Analysis Report
4.2 Access control, security and privacy
containing this theme
|Breakdown of submissions containing this theme by group|
4.2.1 DescriptionThe most common theme raised in submissions was that of access control, security and privacy. For the most part this was supportive feedback with a number of submissions raising further questions on details of access control, emergency access and audit logging.
4.2.2 Key Points1. Consumer access controls
- Interest was expressed in the functionality enabling PCEHR consumers to be able to hide particular data types (e.g. chronic illnesses, blood born diseases)
- Several submissions from healthcare bodies and healthcare professionals requested that critical health care information (e.g. allergies) always be made available to healthcare personnel; however, there were a number of submissions from members of the public that supported having the ability to keep some data private
- Questions were raised by the members of the public submissions over the sharing of information which is marked as hidden
- Concerns were expressed by healthcare bodies over the potential inability of healthcare professionals to view hidden information in an emergency event
- A number submissions stated that provisions should be made to make all PCEHR information available to healthcare personnel when it is in the patient’s best interest
- Comments were made on the need to have an audit logging function, capturing any changes or updates to a consumer’s PCEHR
- Clarification was sought concerning what information is captured in the audit log and how long such information is stored
4.2.3 PCEHR program positionAccess Control Settings – Access controls have been grouped into two categories around ‘basic’ and ‘advanced’ access controls. An online tutorial is required to be completed before individuals are permitted to create advanced access controls to ensure individuals understand the implications of the controls they may set. These changes will make it easier for consumers to exercise personal control over access to their record by improving the ease of use of the access controls, and providing training material to users who wish to make use of the access controls.
The include list and the exclude list have been simplified into a single ‘access list’ to enhance the usability of the list by consumers.
A time limit has been set to ensure that organisations that have not accessed an individual’s PCEHR for a period of time will be removed automatically from the access list. This gives consumers greater certainty and control over who has access to their record.
Consent to see data – An option has been included to enable the individual to choose to make Medicare information from the Department of Human Services (DHS) available as part of their PCEHR.
Refined audit trails – The information detailing the audit trail has been refined to be clearer about the contents of the audit trail, and the extent of content which different types of consumers are permitted to see. Clarifying key aspects of the audit trail will enhance the confidence of both individuals and healthcare providers in the PCEHR around personal control and provide greater visibility of activity and changes.
Proof of record ownership – A range of proof of record ownership services have been added to facilitate online and assisted registration processes. These services are based on work with the Department of Human Services (DHS) on how online proof of record ownership can be reliably undertaken. Leveraging proven, existing identity verification processes provides increased confidence to consumers and providers about the efficacy of the PCEHR’s services for proof of record ownership. It also provides some commonality from a user perspective with other existing Commonwealth identity verification services, helping to provide an integrated user experience.
Option to remove clinical documents – Consumers will have the ability to remove information from their clinical record. This will replace the “No Access” option described in the previous version of the ConOps. Removed items will not be considered to be part of the consumer’s current PCEHR and as such will not be visible during emergency access. They will however be recoverable by the System Operator if required for legal reasons (e.g. if it is necessary to establish what information was viewable by a clinician at a particular point in time). .
Temporary access during emergency situations – For emergency situations, the ConOps has been amended to allow providers to temporarily access ‘limited access’ and ‘general access’ clinical documents within an individual’s PCEHR, regardless of advanced access controls in place. The ability to access these documents will remain for a period of 5 days for that provider, before reverting back to the pre–emergency level of access.
Top of page