Fines of up to €200,000 will be imposed on people illegally selling or accessing confidential health information, under planned Government legislation.
In a measure designed to prevent identity theft, the Health Information Bill 2023 also provides for fines of up to €100,000 on anyone who illegally accesses or leaks patient care records or gives false information about them.
The Department of Health has published the general scheme and a regulatory impact analysis of the Bill, which aims to modernise health information systems and thereby improve patient care.
Ireland lags behind other countries in developing e-health systems, with different IT in place in different hospitals, and none in some. The Government is developing a new system using people’s PPS (personal public service) numbers as a primary health identifier and also using Eircodes to gather health information on the population.
Markets in Vienna or Christmas at The Shelbourne? 10 holiday escapes over the festive season
Ciara Mageean: ‘I just felt numb. It wasn’t even sadness, it was just emptiness’
Stealth sackings: why do employers fire staff for minor misdemeanours?
Carl and Gerty Cori: a Nobel Prizewinning husband and wife team
There is no general facility under the proposed legislation for patients to opt out of the HSE creating a record of their care or assigning them an individual health identifier.
This differs from the approach taken by the national health service in the UK, according to an explanatory note.
“From the perspective of individual care and treatment, patient safety, public health, and public interest, it is considered essential that every person should have a Summary Care Record which is why unlike in the NHS there is no complete opt-out,” the note states.
Patients will be required to provide health information for a relevant purpose where a substantial public interest is involved, according to the Bill.
This power is recognised as being broad but is consistent with the policy purpose of the Bill and the scale of the information challenge, according to the note. As the Bill aims to provide population health information for essential health activities, “an opt-out would defeat that intended purpose”.
Currently, a health information “black hole” is undermining any serious attempt to plan for the needs of the population, a Department of Health official told the Oireachtas health committee on Wednesday.
Information systems in health do not exist at a coherent and coordinated national level, but rather at the level of organisations that are reluctant to share information, department assistant secretary Muiris O’Connor said, while healthcare lags behind other areas of society on digital innovation.
“All of that directly impacts adversely on the treatment of patients, on those who provide that care and on policy-making and planning processes,” he told a session on pre-legislative scrutiny of the Bill.
Acknowledging the bill is “urgent and overdue”, Mr O’Connor said it aimed to underpin a modern, fit-for-purpose national health information system.
TDs at Wednesday’s meeting, while supportive of the Bill, expressed concern about the pace of digitisation in the health service. Officials were unable to provide a timeline for the implementation of the new system but said a framework outlining future developments will be published in the summer.
Universal electronic patients records based on PPSNs will be introduced first in the new children’s hospital and then rolled out nationally, but HSE officials have previously said this could take five to seven years.
Dublin TD Neasa Hourigan warned it could be 2032 before rollout of the new system is completed, by which the landscape for health tech will look “very different”.
Mr O’Connor agreed this timeframe was “unacceptable” and “depressing”, and that it could “take a century” to introduce the new system sequentially in all sites after the children’s hospital, The e-health strategy is currently being “refreshed” to ensure quicker delivery of the project, he added.