PHNs go to war with industry on GP data and software

20 minute read


Private and publicly funded companies are tussling over Australian GP patient data. GPs (and patients) own the data so why are they being left out?


If “Data is the new oil” (Clive Humby ) patient data is the “new oil” of health transformation.

People all over the world aren’t quite there in realising its value yet but everyone understands it is hugely valuable so there is a rush on to obtain it and control it.

In Australia, there are two huge oil wells of data that parties are rushing to obtain and use: patient data from the electronic medical records (EMRs) of hospitals, and patient data from the patient management systems of GPs and specialists.

In the data lie secrets to all sorts of upside for our healthcare system – how to much better identify and manage patients for chronic conditions, where to concentrate particular health system resources, where and how to fund doctors in the community more efficiently, where to locate hospitals, what resources to put in those hospitals, and so on.

Given the inexorable shift of our health system towards chronic care management in the community, GP patient data is probably the most valuable and accessible data well. So the rush to control GP data is in full swing.

It started in earnest messily mid 2019 when the Department of Health set up Practice Incentives Program (PIP) and its Quality Improvement (QI) incentive and started paying doctors to extract data and send it on to their PHNs.

GP data is also the easiest to extract and aggregate, and this is pushing up its value in the short term.

But GP data extraction and use is largely happening without input from GPs, and without any meaningful consideration for returning any value to GPs for the data they have collected, and which, to all intents, they own.

De-identified data of patients is the property of a practice that treats that patient and keeps their records in its patient management system.

Parties getting access to this data now include most of the PHNs, the Australian Institute of Health and Welfare (AIHW), some other government agencies, large and sometimes global health data firms, some smarter GP practices and pharmaceutical companies.

Access to the data is made possible through using extraction and consent software products, many of which have been developed over the years. The major scriptwriters have dabbled in the extraction and analysis of de identified patient data for a long time now, either directly or through integrations with third party software vendors. From its early days Medical Director has had a data division which, with the permission of specific practices, extracts and analyses longitudinal patient de-identified data for sale to certain parties.

The main main supplier to PHNs, and the government currently is a group called Pen CS. When the government introduced PIP QI incentives in mid 2019, Pen CS was in pole position to benefit, as it was already working with many PHNs to help them extract and analyse the data of their GPs. After this incentive was introduced, and the government mandated that all PHN data collected would be governed and centralised within the AIHW, Pen CS took off as a business.

Pen CS supplies 29 of the 31 PHNs with its products and services. It does not hold any of the data itself, though it does consult with various parties on extracting certain types of data with their products. The other data extractors for PHNs and government are two products developed by PHNs themselves. All these products are our now integrated into the major PMS systems.

Most GPs by default use Pen CS. This is because the PHNs buy a master license and offer it to their GPs for free. This is usually seen as a good deal by GPs as they would otherwise have to pay for the data products themselves.

Most GP practices are unaware exactly what happens in extraction, and that they are free to use any software they choose to supply the data required to meet the PIP QI payment. Many aren’t aware that they don’t have to give their data to their PHN if they don’t want to. That if they wish they can buy their own extraction software, do their own extraction and keep control of their own data, and still meet PIP QI requirements.

Most GP practices using the services of their PHN, and through them, Pen CS, have little idea what data is actually leaving their patient management systems. They are assured that it is patient de-identified, and sometimes told it is only those fields which are required to meet the PIP requirements.

But this is not always true. In 2019 it became apparent to some practices that through extraction software, every de-identified record of most patients were being dragged out of their systems. Some GP owners and practice managers at the time were suitably horrified.

PHNs decide to take on software industry

On September 14, the West Australian Primary Health Alliance submitted an application to the ACCC for special dispensation to build software for their PHNs, and several others they had joined forces with, presumably so they could gain more control over the entire process.

The application was put in terms which might allow PHNs to create a virtual monopoly on key GP data sets across the country.

It’s an extraordinary move, especially given WAPHA and participating PHNs ,one in Queensland, and unspecified others, do not own the data themselves; their GPs do, and there appears to have been very little, if any, meaningful engagement with practising GPs on the matter.

PIP QI offers a practice up to $50,000 a year to extract certain data and offer it up to the AIHW for developing insights into population heatlh. The return here is pretty transparent and up front for a GP practice.

PHNs say they want to extract, own and control data to analyse it and feed back insights to their GPs, which they almost certainly want to do. But controlling such data would also make them much more powerful in a healthcare ecosystem where currently their future is decidedly uncertain.  

Yesterday, the Medical Software Industry Association of Australia (MSIA), wrote to the ACCC, with an intent to have the WAPHA application delayed to allow proper consideration of its impact on the software industry and other key stakeholders.

But essentially the MSIA, for various obvious reasons, is seeking to have the application rejected outright.

In the letter to the ACCC, the MSIA points out that the application fails to identify the MSIA and all its members as an interested party.

Given that many of the members of the MSIA are involved intimately in GP data collection, extraction and analysis (Best Practice, Medical Director, Pen CS, Telstra Health are just a few) this is either a pretty big fail on the part of WAPHA, or it’s a deliberate attempt by WAPHA to sidestep parties that have an obvious commercial interest and stake in the sector.

Either WAPHA is not identifying what are in effect the key players in the GP data ecosystem in their application because they didn’t think they were important (doubtful), or they are trying sneak one past the ACCC.

The MSIA letter points out a few other things of concern that the WAPHA application appears to be trying on:

  • Other non-MSIA entities that are important are left out of the application as well, such as university groups doing important work in the area, and Australia’s largest and most successful data analytics group, Quantium.
  • That PHNs are tasked by government to commission products and services on behalf of their GPs, NOT to build them. This hasn’t stopped PHNs in the past though.
  • That the application unfairly attempts to sideline decades of private investment that has gone into the private development of software and data products for health, where those entities took on all the risk.
  • That despite claiming it has all the expertise and skills to protect and manage data, WAPHA is a private entity with no history of managing data, or any framework of governance over it to ensure it has the requisite skills and processes in place to manage such data.

The latter claim that the MSIA makes is possibly the most worrying.

Who is looking carefully at WAPHA and its related PHNs to determine if these are organisations with the requisite expertise, skillset and experience to manage data at scale, and then, potentially, to manage it fairly as a monopoly?

As much as this publication likes to criticise the My Health Record, the governance around the build, its security protocols and operational framework is transparent, and best of breed. It cost the government $2 billion to get to that point, and even then, it will probably be hacked at some point say pundits.

But PHNs apparently think they can manage data security while they do all the normal things they have been tasked to do.

PHNs are all differently constituted and governed, and each is an independently incorporated company. There is a lot of variation in how they operate and how well they perform.

Who knows if one large and competent PHN can run and manage software and data as a business, along with all the other things PHNs are tasked to do, let alone an alliance of many different PHNs that are are differently constituted, governed and run.

The scary answer to the question so far is no one.

The data game is moving so fast now that government simply can’t keep up.

That it can’t keep up was in part illustrated by the the initial reaction of the ACCC to the MSIA’s worries and fears expressed in its letter. It told the MSIA that it had very little understanding of the machinations of the medical software industry, PHNs and the the management of health care data. On a conference call to MSIA members a spokesperson admitted that the sector seemed very complex and would take some time to understand.

At least the ACCC was being honest.

The truth is that even for government departments and agencies that should know – the Department of Health and the AIHW are perhaps the major examples – keeping up with what is going on, both commercially and technically, is very hard and endlessly expensive.

Look at what advantage Uber, Airbnb and various other digital players took of so many governments in the past 10 years.

Technology is simply outpacing the  legislative and logistical capability of governments to keep up.

Sometimes this can be good, and sometimes it can be bad.

Why do PHNs want to play in technology?

That PHNs are attempting to enter the technology game is not surprising.

Since they were morphed from Medicare Locals to PHNs and were given a remit for allied health, population health and other things to broaden their roles, GPs have been downgraded just a little in their focus and overall reason for existing.

Anecdotally, most GPs aren’t fans of their PHN.

In some respects, PHNs are lost between having to prove their worth to their government paymasters (they are independently set-up not-for-profit companies funded by government, not an arm of government) and their mainly GP customers. In many, management is conflicted by them also holding roles running doctor practices, or other organisations (some of them in commercial vendors) that serve GPs.

What WAPHA is describing in its ACCC application has a long track record of failure among past PHNs and equivalent organisations in Australia and New Zealand.

Tens of millions of taxpayers’ dollars have been squandered by not-for-profit semi-government agencies attempting to get into the software and data game in health in the past.

PHNs will say that they are doing it to protect their GP and patient cohorts.

Commercial providers of software platform and data services to GPs will from time to time fund their products and businesses by doing things GPs usually would find uncomfortable.

For instance, Pen CS, which has a near-monopolistic position in data extraction at this time in the country, having contracts with 29 out of the 31 PHNs to extract data from GPs, makes a fair bit of money out of selling data extraction and consent products and related services to pharmaceutical companies.

And it’s not just them providing a service to GPs for their patients identifying patients for much-sought-after clinical trials, which feels like a win-win for the private sector and the GPs, pharmaceutical company involvement or not.

Some of the services provided include burying algorithms in their software that direct GPs in their clinical decision making towards new drugs that are being marketed by pharma companies.

We understand that in all the instances this occurs, the redirection is clinically relevant; that is, if a new drug is pointed to for a certain condition, it will be a drug which is relevant to put in front of a GP for whatever reason.

But if you ask a GP if they noticed the fine print identifying the sponsor of the algorithm, or the particular piece of research they are engaging with, they aren’t likely to know there was one, or remember.

It’s fine print, after all. You wont find direct mention of pharmaceutical companies being clients anywhere on the Pen CS website either.

But while you can’t say that the current major supplier of GP extraction software to PHNs is lily-white as far as what GPs might think is appropriate or transparent, the failures of past PHNs, and this application by WAPHA and a group of other PHNs to oust the commercial suppliers using government licence and money, does not look like it is only about helping GPs out.

The politics of power are in play, and data is power.

PHNs have been here before and failed

Som years ago in Queensland, a large PHN obtained a government grant of $20 million to build what amounted largely to a new patient management /data system for its GPs. It justified the project on the grounds that it would promote far more efficiency in the region for GPs, hospitals and related entities, and that the private-sector solutions were far too fragmented. Interestingly, its justification looks much the same of WAPHA in the ACCC application.

The group made a compelling but highly flawed argument. Flawed because this group was not a software company and had no experience at all to bring to the project, management or otherwise. The group did hire PWC to build its product, but during the process one of its executives left to start a private company that was then contracted to the PHN to help build and commercialise the group’s product.

When PWC backed out of the project, pointing out that its work was being laundered into a private entity, the PHN and its private contractor went it alone, and ended up failing spectacularly. The private group went into bankruptcy and the $20 million was all lost.

The PHN in question continues to operate today.

A very similar thing happened in New Zealand more recently with one of the 20 District Health Boards using government funding to build its own data and patient management solution for its GPs.

This group spent millions in NZ government funding and competed directly with several commercially developed patient management system vendors who operated in New Zealand. The project ultimately failed.

The failure was one of many contributing factors to the decision made by the New Zealand government earlier this year to consolidate its 20 separate District Health Boards on the grounds that having 20 separate legal entities working independently of one another was highly inefficient.

All 31 PHNs in Australia work independently of one another. At least they have, until now.

PHNs have done a lot of dabbling in the commercial side of the software industry, mostly with a view to honestly trying to improve the experience of their healthcare professionals.

But sometimes blurred lines between the PHN and related start-up for-profit ventures appear.

As with the Queensland debacle, some PHN executives have left their PHN to start up for-profit technology ventures that end up servicing the PHN.

One of Sydney’s largest PHNs now operates closely with a fast-growing software firm run by one of its previous executives. The firm has ties to all sorts of other private healthcare interests, including other software vendors and private hospitals.

The problem with such set-ups, if you perceive it as a problem, is that there remains very loose governance of PHNs and their activities.

Loose governance and data ownership and management aren’t good bed partners.

Who governs and audits the commercial and non-commercial activities of PHNs, or like organisations?

The problem is evident in the current unfolding battle between WAHPA, its various identified and unidentified PHN partners, and the MSIA.

We asked WAPHA a series of questions on the matter but at the time of going to press they had not gotten back to us.

The questions we asked included:

  • How much consultation did the group do with their coalface GP cohort before proceeding with their strategy on building their own technology and applying for what in effect could turn out to be a monopoly on important aspects of GP-generated data?
  • Why has WAHPA built its own data lake (at a cost of about $10 million in government funding) and why is it proposing to build its own software to manage PHN extraction and consent management to compete with existing and long-established commercial players?
  • What specific reservations does WAPHA have around commercial third parties being involved in data extraction and consent?

The medical software industry is as vital to GPs as PHNs are (maybe more)

Software platforms such as Best Practice and Medical Director, the country’s two major patient management systems for GPs, are gatekeepers of highly valuable data – high-grade “new oil”.

By undertaking to get into the software platform game, and the data collection, storage and analysis game, semi-government organisations like PHNs are almost certainly aiming to secure themselves more power in our evolving healthcare ecosystem.

The MSIA letter points out something that the WAPHA people are apparently happy to ignore: that PHNs are tasked with commissioning, not building, services, for their GPs, and that they are seeking authorisation to not only ignore this directive, they are seeking to secure what most commercial competitors would deem unfair market constraints.

For what reason? Because they ultimately serve government?

What if WAPHA could develop something far more functional and appropriate for its GPs than exists commercially?

Should the government and taxpayers be taking the risk that WAPHA might succeed?

If WAPHA was seeking to get its funding from the private market, as commercial vendors have to, it likely would not be successful.

But WAPHA has already obtained $10m to build its data lake from government and now it is seeking more government money to build out its competitive software products and asking to be granted a “virtual” monopoly by the government as well.

Is it fair or sensible that government funds groups like PHNs to compete with the private sector like this?

To be clear, in its application, WAPHA says it won’t require its PHNs to use its product once it builds it. That’s a bit cute, though. They run all the WA PHNs. Their application looks like a pre emptive tactic to protect their strategy in case down the track their activities are challenged as being unfair market manipulation.

Where do GPs fit in the data value chain?

WAPHA’s application plays pretty innocent but, as the MSIA points out, it is missing certain important information the ACCC would need in order to make a proper assessment.

WAPHA says in its application its reasons for applying are:

  • To meet its objectives as a PHN – namely increasing the efficiency and effectiveness of medical services in its region. Would it though if it failed to build a competitive product to what already exists?
  • Cost savings for PHNs – if it succeeded, this might happen, but if you add up failures so far by PHNs in this game you’re in the multiple 10s of millions. Why does a PHN think they can outsmart vendors who have been building software for decades and surviving without any government funding?
  • Clinical improvement – which of course might happen, but it is competing with companies that are entirely focussed on building software and data products, when software and data management are not and never have been a core part of what PHNs do.
  • Greater PHN responsiveness – see above
  • Infrastructure synergies – see above.

The list starts to get a little thin on the ground towards the end, which might be telling.

One thing in this unfolding war remains very unclear, from WAPHA, other PHNs,the government, and even from members of the MSIA who currently service GPs with software and data services.

If this data is so important and so valuable, and no one had it before the past few years, but it’s being harvesting en masse now, and the intention is to keep industrialising its harvest and then make it even more valuable through analysis and application, where do GPs sit in this value chain?

Where to from here?

Turns out, the federal government might be in front of the problem already. On July 12 the Australian Financial Review ran a story on government health contracts that included a snippet indicating that PwC had been awarded a three-month $600,000 contract to review the governance and efficiency of the PHNs.

As far as we know covid has held this review up. But you’d have to think that WAPHAs ACCC application might now feature in any review by the consulting firm.

We are going to ask GPs in our next HealthEd/TMR survey what they think of this situation so we will get back to you in a couple of weeks.

In the meantime, you might be interested in this survey on PHNs published in March by PwC. Interestingly there isn’t a whiff here that PHNs think they should move up in the world and become software and data platform builders and service providers.

Stay tuned.

Note: 12.01 pm Saturday October 2: We first contacted WAPHA on Thursday afternoon by phone and asked to speak to key managers there to put the questions to them that appear in this article and were asked to put those questions on email, which we did on Friday morning. We put more questions to them about 1pm on Friday. We had no reply by the time of going to press later on Friday night. At 11.50am today we were notified that our email was “rejected” by the WAPHA servers. Normally email rejection or non delivery is notified within minutes. None the less we have to assume the questions in this article put to WAPHA were never seen by WAPHA and that therefore they did not fail to get back to us by the time of publishing. We will be trying to work out what happened with our email and fix the issue first thing on Tuesday and get back with any comment they have to this article. We apologise to WAHPA for suggesting they had not replied to our questions by the time of going to press.

End of content

No more pages to load

Log In Register ×