A recent event in Dun Laoghaire provided valuable insights regarding the proposed new Individual Health Identifier (IHI) being rolled out by the Health Services Executive.
Under the terms of the Health Identifier Act, (2014) and covered in the Health Information and Patient Safety Bill, first published in 2015, the individual code will be assigned to every citizen availing of health care or treatment within the state. It will be an integral elements of the provision of electronic health records, a game-changing and long-awaited initiative in Irish health-care.
The objective of the Identifier is to uniquely identify each individual, and reduce the risk of confusion, mis-diagnosis and mis-treatment of any person simply because their name, date of birth or address is similar to that of another person. There have been a lamentable number of such cases down through the years.
We know from the recent launch of the Eircode that there are in excess of 300,000 non-unique postal addresses in Ireland. There are even more non-unique personal names, so it should be reassuring that a solution is being introduced that will eliminate, or at least reduce, the risk of such confusion.
In addition, the IHI should reduce the amount of time being lost in recounting one’s medical history to a new clinician or practitioner – by providing one’s IHI, the medical consultant or administrator can immediately access that person’s full medical history in a matter of seconds. That, at least, is how the system is envisaged to work.
Consisting of ten digits, the Identifier itself will not contain clinical information or any personal identifying information. However, authorised staff, administrators and practitioners will be able to refer to the National Register of Individual Health Identifiers to find the appropriate code for any patient, applicant or service user.
This National Register will contain, among other things, the name, address, contact details, date of birth, gender and other identifying information on each individual to whom an identifying code has been assigned.
Practitioners and administrators will then be able to use the identifier to access the broad history of health records available on any individual – often considerably more information than they might have been able to access in the past.
The IHI should not be confused with the individual Electronic Health Record (EHR), which will be the collated health history of each individual, based on all health care they have received from a broad range of practitioners and clinicians. So while the HSE correctly states that the IHI itself does not contain clinical or medical information, it is fundamentally necessary for the EHR solution to work.
Furthermore, to quote a HSE staff member at the event, “it only really works if everybody has one”. Therefore, the HSE will not be seeking individual consent in rolling out the IHI – it will simply be assigned to every citizen, including the recently deceased and even the (as yet) unborn, in a move that has created concern among those concerned for vulnerabilities to personal privacy.
In turn, access to the IHI information will only be granted to those health care and administrative staff who are authorised to do so, by being listed on the National Register of Health Services Providers. It should be remembered that the Data Protection and other legislation understands a very broad definition of Health Services, to include sickness prevention, diagnosis, treatment, long-term care, medical research and financial management and administration. Therefore, the IHI will facilitate access to highly confidential and sensitive personal data of individuals across this broad range of topics, where it exists.
In general, the international experience of such identifiers has been welcomed but fraught with concerns regarding individual privacy, security and the risk of unauthorised or unspecified, secondary use. This is especially true where access to the data might fall into the wrong hands, or be used to access and disclose information which would not normally have been accessible by an individual practitioner or administrator.
For example, a GP conducting a pre-employment health check on an applicant, and using the IHI, might become aware of previous medical treatment or mental health issues which the applicant considers to be resolved and not worth mentioning, or not pertinent to the role in question. This then raises an ethical dilemma for the practitioner as to whether that information must be disclosed to the prospective employer.
Taken further, if the data were to fall into the hands of an unscrupulous individual, or a disgruntled former employee who is in dispute with their employer, the disclosure of such highly personal data could be all the more damaging and detrimental to the person.
So how do we prepare for the IHI?
Clearly, the intention of the HSE is that this facility will be rolled out, and we welcome the recent Privacy Impact Assessment, conducted by the HSE to assess the privacy and confidentiality implications of the code across a broad range of considerations.
As mentioned, individuals will be informed over the coming months of their 10-digit code, and are likely to be asked for the code by their GP, consultant, practice nurse, dentist or therapist. Naturally, while we will not have an option of having an identifier assigned, we will have an option as to whether we voluntarily provide our IHI when requested. However, that will not prevent the practitioners and administrators from sourcing and using the Identifier for their own administrative and record-keeping purposes.
The experiences of other states where such a code has been introduced have led to the following recommendations – and we can only hope that our friends at the HSE, to whom so much of our valuable and sensitive personal data has been entrusted – will learn from those lessons, as well as the recent PIA, when eventually rolling out the Identifier:
- There must be a credible governance structure in place, monitoring usage and access to the National Register, and involving regular, meaningful audits of processes across all organisations with such access
- Training and awareness of staff to prevent unlawful or inadvertent access to or disclosure of the IHI data
- Clarity of the HSE’s intended roll-out programme, so that all stakeholders understand and appreciate their role in the safe, secure use of the National Register
- Stakeholder engagement, so that all those authorised to use and avail of the Identifier are involved and actively engaged in ensuring its appropriate and compliant use
- Buy-in from primary care practitioners, who will always be the ‘heavy users’ of such a system, and on whom its success and effectiveness will depend
- Limitations on access, closely controlled and regularly monitored, so that the use of the Identifier is limited to those with authority to do so
- System compatibility, ensuring that all administrators, clinicians and practitioners have the infrastructure and functionality to access, avail of and properly use the code
- Proportional security measures in place to control access while at the same time ensuring that the facility is efficient and does not delay or impact the provision of treatment or care
- Privacy Impact Assessment of future legislative changes so that, as the new Regulations are introduced, their implications are understood, accurately anticipated and appropriate changes to the system functionality are implemented.
Sytorus will continue to be engaged with the medical and health services sectors in the coming months to monitor the roll-out of the IHI, and we look forward to being able to provide timely updates as things progress.