The Australian Dental Association (ADA) thanks the Department of Health (Department) for the invitation to comment on the Electronic Health Records and Healthcare Identifiers: Legislation Discussion Paper (Discussion Paper). The ADA is the peak national professional body representing the vast majority of Australia’s dentists and dental students across both the public and private sectors. While the ADA overall supports the changes outlined in the Discussion Paper, the following suggestions should be adopted by the Department. For convenience, the feedback is largely framed around the headings of the Fact Sheets and the Discussion Paper. Preliminary matters While the Discussion Paper states that the new name for the Personally Controlled Electronic Health Record (PCEHR) will be “My Health Record”, retaining the name “Record” risks being confusing for health practitioners and patients alike. Given it is a summary and not a complete record the title “My Health Summary” is more appropriate. 3.2 Governance The ADA supports the formation of the Australian Commission for Electronic Health (ACeH). However, the ADA urges that the ACeH Board and its advisory committees include representatives from dentistry and also allied health as part of its membership. To date, work on progressing the PCEHR system has focused primarily on engaging medical practitioners (namely General Practitioners); which neglects the input of dental practitioners and allied health practitioners in ensuring the system meets the needs of all within the health sector. 3.3 Participation Ultimately participation in the PCEHR system will be best maximised when there is a concerted and comprehensive public awareness and education campaign outlining the benefits of the record system to healthcare providers and individuals alike. The Discussion Paper refers to feedback already provided by stakeholders about the importance of supporting materials and on-the-ground training to ensure maximum take-up by all health practitioners. This feedback also noted the importance of the Department working with practice software vendors so there is adequate uniformity and interoperability of software to support the PCEHR and its integration into, for example dental practice patient management . The ADA supports distinguishing between healthcare providers and organisations in the Healthcare Identifiers Act 2010 (HI Act) so that there is no longer ambiguity about whether information about organisations is considered to be ‘personal information’. However the legislation must ensure that identifiers for healthcare provider organisations that will be publicly available (and not afforded the same privacy protections as ‘personal information’) cannot be misused by those wishing to engage in fraud. The ADA supports the trial of an opt-out approach to the PCEHR and supports the one million people sample size. However, the ADA would like to raise the following concerns with the proposed timing for the opt-out trials: 1. “(b) Trial registration period”: The ADA questions whether two weeks is an adequate amount of time to register eligible individuals in trial regions (that is, to create PCEHRs). While it is expected that registration activities will draw upon information already accessible to the Department and associated agencies, considering the trial regions are intended to encompass a million people, the ADA suggests putting a longer time period for this phase. 2. “(c) Transition period and (d) provider access”: The Discussion Paper does not explain what is expected to occur in the intervening period between phases (c) and (d). Phase (d) states that from around July 2016 “healthcare providers can access PCEHRs created for individuals in the trial regions and will be able to upload records” (ADA italics). While the ADA notes that the trial of the opt-out is focused on individuals’ experience with having their record established and using the system, there must be consideration as to the kinds of assistance and resources that will be provided to assist healthcare providers to upload documents relating to their patients’ records. As referred to earlier, software vendors have indicated to the ADA that when it comes to dental practice software, there will be little work done on developing interoperability with the PCEHR until such a time as the Department and the then National E-Health Transition Authority (NEHTA) provided clarity on how the PCEHR System was to work with dental practice software. Our understanding is that other non-medical health practitioners’ software vendors have adopted similar positions. Also more broadly, the dental profession is an example of a health profession that has to date not been provided with targeted incentives and support to ensure that they are able to access and use the system. Other non-medical health practitioners face similar constraints. If this situation is not addressed, a large number of health practitioners will not be able to upload records as Phase (d) envisages. With respect to the section on registering healthcare provider organisations and other entities in opt-out trials, it states “Healthcare provider organisations will be encouraged to use the system through revised incentives, education and training services” (page 15). The ADA would like to emphasise that these initiatives are critical for the trial, and ultimately, the overall operation and use of the PCEHR by individuals and healthcare providers. Dental practitioners and allied health practitioners must be provided with the same support and incentives as medical practitioners to ensure that the benefits of the system can be realise for all participants and patients. The ADA also suggests that a future education and awareness raising campaign also include informing trial participants when they can revisit their PCEHR after the successful upload of documents to that record by health practitioners. This way, trial participants can see that their record is populated and will be used. A successful registration per se would not be sufficient to convince individuals of the PCEHR’s value. Naturally, provided that all health practitioners are provided with adequate training and support to use the PCEHR they will be able to demonstrate to individuals how the system further supports their healthcare. 3.4 Obligations of parties The ADA notes that: … it is proposed to amend the PCEHR Act requirement to report data breaches to include healthcare provider organisations and contracted service providers. This would help standardise the response of participants in the PCEHR system should there be a breach and would rationalise obligations for healthcare provider organisations and contracted service providers. Amendments would also be made to clarify when data breach notifications must occur (page 17). Should this requirement be implemented, there must be a concerted information campaign to inform healthcare provider organisations of their reporting obligations and processes around this; considering the potentially severe penalties for failing to do so. These penalties risk dissuading practitioners from participating in the system; it further emphasises the importance of adequate funding and educational support to ensure that all practitioners are able to be on the system and use it effectively and appropriately. Under “3.4.3 Obligation for organisations to have PCEHR policy”, the ADA is concerned that: “… there is no requirement for this policy [that addresses PCEHR matters] to address how the organisation will ensure data quality so it is proposed that this requirement be included. … This is to ensure that all participants in the PCEHR system have appropriate security and information handling practices in place” (page 17). This proposal adopts a ‘one size fits all’ approach which does not consider the fact that the majority of dentists work in office based practices and as such the resources available to them are limited and not the same as those for health practitioners in hospital or corporate organisations. The ADA urges that any security and data quality requirements be reasonable and proportionate and take into account that health practitioners work within a variety of organisational and business structures and so they have varying levels of resources at their disposal to confirm to security/data requirements. 3.5 Privacy The ADA supports SMS/email notifications to be given to individuals whenever their PCEHR is opened; noting however there should be options to provide a gradation of types of notifications, on what type of access and so on. The ADA is not averse to including a range of criminal penalties in addition to the civil penalties available to address misuses of PCEHR information and individuals’ healthcare identifiers; provided that the threshold for what constitutes serious, criminal misuses of this information is reasonable and reflected in other provisions that deal with misuse of such information on other contexts (such as financial data and so on). Naturally these provisions must ensure that natural justice and procedural fairness requirements with respect to investigations and enforcement are met. The ADA supports changes to enable other Commonwealth entities to perform the role of HI Service Operator. Dr R Olive AM RFD Federal President, Australian Dental Association