4 October 2019

All aboard the PIP QI exemption! But hang on, who is liable and who pays?

General Practice Practice Management

An increasing number of practice managers and owners are expressing concern and confusion of the Department of Health’s latest attempt to bridge the complexity around how a practice will share de-identified data with its PHN in order to qualify for the PIP QI.

In a possible acknowledgement that the new PIP QI data scheme needs a lot more time and thinking on the part of all parties in order to sort out governance, security, and in some cases, practice technology, the department early this week sent an email to practices titled: “Urgent  – PIP QI Time Limited Extension Update”.

The exemption extension email provides a form for practices to complete which still wish to receive their PIP QI for data delivery to their PHN, but  aren’t able  to deliver the data because either their technology is not capable, or they don’t have a suitable understanding or agreement with their PHN in place.

In order to be eligible for the extension for the last quarter of this year, you only have until October 15 to make your decision on signing, and thereafter you will need to exempt yourself in January, April  and July, if you want the full extension.

If you win an exemption you can get your PIP QI payment without submitting any data  as far out as July31 next year.

But, if you are not exempting  because you simply aren’t going to provide data,  you have to agree to  start working in earnest on a way to get the appropriate technology and contracts in place with your PHN in the meantime.

The ‘small print’ around who is responsible for just about everything in this process has a lot of  practice managers  and owners perplexed.

 “I acknowledge that I am fully responsible for developing the Solution, including for any cost, time, resources or liability arising from it and that my local PHN is not required to contribute financially to developing or maintaining the Solution.” 

It is well known that practices have until now had virtually no role in data extraction, no knowledge of  how it actually works, no involvement in a solution, and no control over how their PMS vendors treats software which extracts the data. Until this PIP QI project, data extraction has largely occurred without the PMS vendors’ knowledge or co-operation.

All  PHN data extraction has been done so far via third party extraction software being operated by the PHN. It is apparent that the variance in PHN competence on the management of this data and in data governance overall is highly variable across the country.Most don’t have a data governence regime in place or a data governance officer.. The extraction is done usually with some form of agreement with the practice, but it has often been a loose agreement.

PENCAT is the major commercial third party supplier with two other suppliers having emerged through commercial deals PHNs have done with software developers.

There are several points of the data trail from practice to PHN today, where conflict of interest seems to be possible. Sometimes management of PHNs are also downstream practice owners using the service. In some instances, PHNs are commercially developing their own extraction software, which they are using on their GP practices.

The whole area of PHN third-party data extraction is still very grey. Some practices have been surprised at what actual data their PHNs have been taking, and in most instances practices still don’t know exactly what the PHNs are taking, other than they are being promised it is de-identified MBS data.

Many practices have simply chosen to opt out of the scheme entirely until there is more clarity on how the data will be managed and used. Some practices believe that the data may eventually be used for practice benchmarking by the Department of Health, which ultimately controls the PHNs via funding.

The next clause in the exemption form that should be worrying for a practice manager and owner is:

“I acknowledge that any Solution must be compliant with the PIP QI Guidelines and the PIP Eligible Data Set Data Governance Framework, including that a PIP QI Eligible Data Set must only contain de-identified data, and my local PHN requirements for receiving and storing the PIP Eligible Data Set securely.  I am required to liaise with my local PHN in relation to my local PHN’s requirements.” 

So a practice manager or owner has to commit to paying for, be liable for and organising with their PHN to suit all their needs, all the work that will be needed to comply with QI PIP including that the whole set up will be complaint with the Eligible Data Set Governance Framework (EDSGF). Apart from there being virtually no way a practice can ensure its PHN will manage their data correctly, the EDSGF is yet to be actually be fully developed. Practices are being asked to sign up to a data compliance regime that doesn’t effectively exist yet.

As things stand, nearly all GP practices have no means by which they could be competently  be responsible for developing a “solution” that meets all the needs the exemption form is outlining, particularly given a key part of those needs, compliance with the EDSGF, has not even been defined yet. As far as their PMS is concerned, practices are mostly at the development program whims of their supplier/vendor.

The department looks like it is trying to insulate the risk for a massive de-identified patient data program that it is driving and asking GPs to participate in (for the greater good), outside of the department and even beyond the PHNs, into the practices themselves. It’s hard to see why any practice would commit themselves to such a risk. They have no means of controlling the risk and very little means of paying to ensure that they aren’t at risk.

Over and above that, where masses of patient data are concerned, why are we distributing the solution to contain the risk to more 6,000 practices across the country to solve with 31 differently operating PHNs?

In terms of data compliance, the way this form is designed, it is  effectively asking every practice in the country for to develop a bespoke solution, pay for it, and take on any liability associated with that development.

Surely this is a recipe for massively amplifying the risk of data and privacy breaches, and the cost of general practice.

You can read the PIP QI Exemption Form HERE

You can read the Exemption Fact Sheet HERE

COVID-19 live update