Of high importance to psychologists is one of the central pillars of the eHealth record system - that the consumer receiving health services will have final say over access to, and use of, their electronic health record.
The documentation released by NEHTA and the proposed legislation all indicate that there will be ways in which the consumer can exercise personal control over the electronic health record. This is the ‘personally controlled’ aspect of the eHealth record:
These provisions have clearly been matters of considerable discussion as they constitute a significant limitation to the completeness of the record. However consumers who have been subject to trauma, sexual assault or who experience mental health disorders and have received treatment for these may justifiably want to limit the access to such records.
It has also been established that under emergency circumstances when the consumer is not able to be fully engaged in the consent process, the eHealth record may be opened, including those sections that have been subject to limited access. This will not include those documents that have been effectively removed.
Information from psychologists that may be in an individual’s eHealth record
What the eHealth record will NOT contain
It is also of utmost importance to psychologists that storing and sending information online will not affect the security, confidentiality and trust with their clients.
The National Authentication Services for Health (NASH) is a system under continuing development which will allow healthcare providers and organisations under the eHealth system to be accurately identified before they are able to access secure health information electronically. NASH will ensure that all requests come from a legitimate healthcare provider by requiring either a HPI-I or a HPI-O, and will then check and authorise the HPI-I or HPI-O that has been supplied.
To enable use of the eHealth record system from 1 July 2012, individual health service providers and organisations will be issued with an authentication token with a NASH certificate to enable authentication when accessing an eHealth record. At this stage it is still under discussion whether the authentication token will be a smartcard/swipe card or a USB stick. It will be the responsibility of participating health service organisations to register the HPI-I of all individual health service providers to enable the authentication token with NASH certificate to be issued.
You may already be familiar with authentication certificates if you use the Public Key Infrastructure (PKI) service and HPOS system with Medicare.
InPsych June 2012
‘Getting ready for the new eHealth record system’
InPsych April 2012
‘eHealth records to be introduced for all Australians from 1 July 2012’