Auckland software developer i-Health is using a $400,000 grant from Technology New Zealand to research the Holy Grail of health IT — the creation of electronic health records that satisfy privacy and security requirements.
The research is being done in association with a UK hospital in anticipation that an electronic health record (EHR) system being trialled there may be used as a model elsewhere in the world.
“A lot of what we learn in terms of privacy and security will be coming back into New Zealand,” says i-Health director Brian Allen. He says the UK system involves centralising patient records.
“There will be an element where patients can look up and navigate their own records and the security must meet the requirements of privacy laws.”
The Technology NZ grant was awarded late last year to cover preliminary work involving prototyping and architecture design and putting a system into pilot use, says i-Health market development director Niqui Keen.
The project is taking place in Auckland and at Wirral, an EHR trial site in Cheshire in north-west England, but the EHR model being used in the study is broader, Keen says.
“It can be applied in many settings — it’s relevant to New Zealand, where there is high demand and interest in sharing information between providers. [The question is] how do you enable it to happen but still have the mechanisms in place for security and confidentiality?”
It’s not so much about firewalls and the like, she says, but rather “defining, within a software application, a flexible architecture that will be suitable for use in that environment”. The result will be “a flexible system based on codes, keys and skeleton keys that can be applied to EHR in the right context”.
There is a key difference between an electronic patient record (EPR) and an EHR, says Keen. “An EPR is a patient record within the confines of one health provider, such as a hospital or GP practice. An EHR is a shared record which has contributions from EPRs — it’s a longitudinal patient record across many health providers, within a defined geographical area.”
The project’s development environment is Microsoft-based, uses thin client and web technology and Microsoft tools such as IIS and Transaction Server.
Ministry of Health corporate information deputy director general Debbie Chin says patient privacy is already protected by the Privacy Act and other laws and with EPRs and EHRs “we have a different medium and we have to look at how we protect privacy in an e-environment”.
“We need to ensure we have high level security.”
Counties Manukau District Health Board CIO Phil Brimacombe agrees privacy issues are important and says different players in the health sector have different definitions of the term EHR.
I-Health does most of its business in New Zealand but expects to earn more overseas — in particular in the UK — within 12 months.