A report by the Australian National Audit Office (ANAO) has found a number of problems with the award of e-health incentives to general practices under the Practice Incentive Program (PIP), a joint initiative of the Department of Health and Ageing (DHA) and Medicare Australia, which is part of the Human Services Portfolio.
Under the PIP scheme, general practices apply for incentive payments in exchange for developing healthcare operations deemed necessary by DHA. Beyond e-health capacity, incentive areas include domestic violence, aged care, indigenous health, after-hours services and rural loading.
According to the audit report – released on 15 September 2010 – the e-health incentive is designed to “encourage practices to keep up to date with the latest developments in e-health”.
Practices are eligible to receive funding if they comply with the following requirements:
1. Secure messaging capability that allows exchange of patient clinical and medical information. The capability must be provided by an eligible supplier i.e. one that has participated in the National eHealth Transition Agency (NEHTA) consultation process and is compliant with NEHTA’s specifications;
2. A Public Key Infrastructure (PKI) certificate issued by Medicare Australia; and
3. Provision of access to a range of electronic clinical resources.
However according to the audit report, only the third of these requirements has been operational and/or enforced and yet health practitioners have been making claims under this criteria since August 2009 and have received as much as $83 million in incentive payments.
In terms of the first requirement, the audit report explains that NEHTA did not publish its specifications until March 2010 and that no timeline has been implemented with regards to compliance. Therefore, any secure messaging capability since August 2009 has not been provided by an eligible provider as defined by the PIP eligibility requirements.
“The risk of delay in software suppliers adopting NEHTA specifications was identified in August 2008, but no specific action plan was developed to address this risk,” the report states.
The report makes the criticism that “DoHA’s (DHA’s) approach to constraining the delay has been limited”.
Furthermore, the report outlines a number of problems with the second requirement.
“Once general practices receive their Medicare Australia PKI certificates, there is no obligation for either the practice or their GPs on their use”, the report explains.
DHA has advised ANAO that the PKI requirement was included in the eligibility criteria in an effort to encourage health practitioners to gain experience with digital certification in the lead-up to NEHTA’s introduction of a national authentication system based on PKI.
Secure messaging software that is compliant with NEHTA specifications will be fully operable once the National Authentication System for Health (NASH) is up and running and NASH PKI certificates are available.
On the same day the audit report was released, NEHTA took the first step in making NASH a reality. A Request for Tender (RFT) was put out by the agency seeking a provider to design, build and operate the NASH system. Beyond PKI certificates, NASH will also administer secure tokens such as smartcards.
NEHTA is seeking a supplier that is able to:
- Deliver end to end detailed design;
- Develop detailed specifications for the technical service(s) and business operations of the service;
- Provide a detailed delivery plan, resource plan and costs;
- Build and commence operation of the Credential Management Services (PKI) and Token Management Services to support e-health; and
- Provide an ongoing operational capacity/capability for these services.
The RFT indicates that NASH is still in its early stages, meaning it will be some time before the problems with the PIP e-health incentive requirements are ironed out.
Meanwhile, procurement for e-health projects is going ahead business-as-usual. CSC Australia has been awarded a $1.94 million contract by DHA for the provision of planning and costing services relating to e-health technology.