Joint Committee on Health díospóireacht -
Wednesday, 10 May 2023

The purpose of today's meeting is for the joint committee to meet with the Department of Health to conduct pre-legislative scrutiny of the general scheme of the health information Bill 2023. I am pleased to welcome from the Department of Health Mr. Muiris O'Connor, assistant secretary, Mr. Peter Lennon, assistant principal, Dr. Sarah Gibney, principal officer, and Mr. Niall Sinnott, principal officer.

All those who are present in the committee room are asked to exercise personal responsibility to protect themselves and others from Covid-19. Thankfully, there has been a declaration on that and we have removed the screens and everything else, so there is a bit normality in that regard.

Witnesses are reminded of the long-standing parliamentary practice that they should not criticise or make charges against any person or entity by name or in such a way as to make him, her or it identifiable or otherwise engage in speech that might be regarded as damaging to the good name of the person or entity. Therefore, if any of their statements are potentially defamatory in relation to an identifiable person or entity, they will be directed to discontinue their remarks. It is imperative that they comply with any such direction.

Members are reminded of the long-standing parliamentary practice to the effect that they should not comment on, criticise or make charges against a person outside the Houses or an official either by name or in such a way as to make him or her identifiable.

I also remind members of the constitutional requirement that they must be physically present within the confines of the Leinster House complex to participate in public meetings. I will not permit a member to participate where he or she is not adhering to this constitutional requirement. Therefore, any member who attempts to participate from outside the precincts will be asked to leave the meeting. In this regard, I ask any member participating via Microsoft Teams that prior to making his or her contribution to the meeting, he or she confirms he or she is on the grounds of the Leinster House complex.

To commence our discussion, I invite Mr. Muiris O'Connor to make his opening remarks on behalf of the Department of Health.

I thank the Cathaoirleach, and I wish a good morning to members. I thank the committee for inviting us here today to talk about the health information Bill 2023. We very much welcome and appreciate this early engagement on the Bill. I am the assistant secretary in charge of the research and development and health analytics division at the Department of Health. I am joined by Mr. Peter Lennon and Ms Roisin O'Neill, who lead on the health information Bill and the EU regulation on the European health data space in the health information policy unit. Ms Amy Brennan is also a key member of the team.

Given the range and size of the health information Bill, I do not intend to go into details on all its provisions in my opening statement but, instead, I will set out the key principles and objectives of the Bill, as well as its main features. I hope this approach is agreeable to the committee. My colleagues and I are very happy to answer any questions the members of the committee have on the Bill.

The main purpose of the Bill is to underpin a modern, fit-for-purpose national health information system in Ireland. It will do so by providing a robust legislative framework for the collection, use and sharing of health information both for care and treatment and wider health service goals, which are called "relevant purposes" in the Bill. At its core, the Bill is about delivering patient-centred, integrated care; improving performance and innovation in the health service; supporting digital and data initiatives in healthcare; and building public confidence and trust in how health information is handled.

To get a full appreciation of what is in the Bill and the approach adopted, some contextual background might be helpful. A modern health information system, coupled with more effective information management, is essential to the development of a high-performing and integrated healthcare service as envisaged in Sláintecare. Health information initiatives taken to date have generally lacked a legislative framework which is tailored to the particular challenges of the health services. Consequently, some have not succeeded as envisaged. That is not to say that legislation on its own will solve all the problems, many of which are embedded organisational and cultural ones. However, without the right holistic legislative framework to underpin the required change process, the same suboptimal outcomes as before will simply be repeated.

The reality is that, at present, the health information system does not exist at a coherent and co-ordinated national level. Instead, it operates at organisational level with considerable reluctance to share information. When it comes to the private side of the health system, there is an information black hole which wholly undermines any serious attempt at population planning. In addition, healthcare lags other areas of society regarding digital innovation. All of that directly impacts adversely on the treatment of patients, on those who provide that care, and on the policymaking and planning processes. I am not going to say those challenges are new. They are not, and that is what makes the Bill overdue and urgent.

Our own internal analysis of what needs to be done in the Bill lines up very closely with national and international studies. I want to reference two studies from 2021. One, by the Economic and Social Research Institute, ESRI, is called Developments in Healthcare Information Systems in Ireland and Internationally. The other, by the Health Information and Quality Authority, HIQA, is called The Need to Reform Ireland’s National Health Information System. Both argued that significant action, including legislation, was necessary. The HIQA report also featured examples of countries which assign governance and management of national health information systems and data collections to key organisations. For example, Australia, New Zealand, England and Finland have established dedicated organisations with significant responsibilities in the health information area. HIQA concluded that a national, single-purpose health information body was the required way forward for Ireland.

Internationally, a 2019 OECD study found that, comparatively, Ireland lags other countries regarding the maturity of health information infrastructure and governance of health information. Other international reports similarly identified the policy actions needed to transform the health information system in Ireland, including the implementation of a health information governance framework; unique identification of health records for data linkages linked to a wider public service ecosystem; a quality-based approach to health information; integrated systems and structures; and the development of a central data body. Those areas form the key provisions of the Bill, which I would now like to turn to.

The provisions in the Bill are designed to deliver on the Bill’s objectives, and I will go through each of the parts at high level to give a sense of their purpose. Part 1 contains the commencement and definitions provisions. It is envisaged that the Bill will be commenced on a phased basis in line with a well-thought-out implementation plan.

Part 2 focuses on care and treatment and the development of digital records. To ensure patient information follows the patient throughout his or her care and treatment, the Bill introduces a duty on health service providers to share relevant patient-level health information. It is intended that, after a suitable transition period, the sharing will be done digitally so that information updates are made in real time. That will help deliver on the Sláintecare objective of the right information, in the right place at the right time, which will benefit not only the patient but also, importantly, the health professionals providing the care and treatment. Supporting the digital transformation of healthcare are the provisions in the Bill that provide the legislative structure for the implementation of summary care records, shared care records and electronic health records by the HSE. The logical progression, based on the experience in other countries, is that summary care records containing high-level patient information come first as an early deliverable from a broader project to implement shared care records and electronic care records.

Part 3 responds to the challenges posed by ongoing and significant health information deficits and the reluctance to share health information for a range of essential population health service activities. It provides for a structured, public interest framework which will mandate the provision of health information. It also provides that the health information provided can be made available to legitimate third parties, but only on an anonymised or pseudonymised basis, and it creates a new offence where an attempt is made to identify individuals from that data.

While individual provisions in the Bill contain specific data protection safeguards, Part 4 has a dedicated provision, based closely on section 36 of the Data Protection Act 2018, empowering the Minister for Health to prescribe a range of tailored safeguards to ensure the highest degree of protection for data subjects in the processing of their personal health data. This is an important measure that will ensure the flexibility necessary to respond with legislative force to any issues or concerns affecting public confidence which may emerge.

The new health information framework needs dedicated strategic leadership if it is to succeed. Part 5 provides for that leadership with the proposed establishment of a single-purpose national health information authority. That will be the body which will mandate the provision of health information under Part 3 and put in place the strict governance rules for accessing it. The Department has considered the extent to which repurposing of existing bodies to fill that role might be feasible and will further examine such possibilities in the business case it is preparing for the new authority. Part 5 also provides for the wider use of the personal public service number, PPSN, in the health services as the primary health identifier to organise, link and match health information, and to help ensure the health services are part of the wider public service ecosystem rather than stand-alone. It also makes provision for the use of eircodes to help ensure unique, accurate and safe identification for health-related purposes.

A core objective of the Bill is building and maintaining public confidence and ensuring stakeholders have an ongoing voice in the development and operation of our health information system. That is why Part 6 provides for a consultative forum to be established by the national health information authority. Membership of this will be based on public expressions of interest and on the need for a diversity and inclusiveness of views.

Supporting public confidence is the reason for the proposed national health information guardian provided for in Part 7. The concept is based on the UK model where the guardian provides guidance to the Government and the health and adult social care system on data confidentiality, security and patient data choice. The role is primarily to advise and challenge the health and social care system to help ensure individuals' health information is safeguarded securely and used properly to support direct care, and to achieve better outcomes from health and social care services. The Data Protection Commission has particularly welcomed this initiative.

Part 7A provides the opportunity to explicitly address the information requirements of the HSE. It strengthens necessary and legitimate health information flows to the HSE. The provisions are tightly drawn and directly aimed at improving the operational and management performance of the HSE. Separately, the provisions also deal with the flow of health information within the HSE and with the provision of health information by the executive to the Minister.

Part 8 contains several specific measures to strengthen the existing rights of individuals in relation to their personal health information, including putting a legal obligation on a health service provider to provide an individual’s health records to another health professional at the request of the individual, and making the buying and selling of personal health information by anyone other than the individual concerned an offence.

Part 9 deals with how the Bill interacts with certain other health information legislation already in place and Part 10 deals with proceedings for offences under the Bill.

The Bill has also been prepared with a close eye on EU developments in the digital and data spheres, particularly the proposed EU regulation on the European Health Data Space, EHDS. It is noted that there is considerable alignment between the aims and objectives of the Bill and the EHDS project.

There has been formal engagement with major stakeholders across the spectrum of interested parties and there is widespread agreement on the need for, and support of, the aims and policy intent of the Bill. The Department fully accepts that the implementation agenda must be realistic and include initiatives to enhance capability and capacity to share health information. Consultations with members of the public were carried out by Ipsos consultants on behalf of the Department. That consultation exercise revealed that the public is strongly in favour of greater sharing of health information for better care and treatment and fully appreciates the importance of information sharing in delivering a high-performing health service. Concern was voiced by the public regarding the slow pace in implementing digital solutions to support information sharing and the ongoing need for patients, or their carers, to have to repeat the same information each time they engaged with different health service providers involved in their care. The development of an electronic summary care record was flagged by the public as something that would be a real benefit to patients and those caring for them. No concerns were expressed by any stakeholders regarding the personal public service number, PPSN, as the primary health identifier, subject to governance arrangements being in place.

The Data Protection Commission. DPC, has expressed support for the legislative intent of the Bill to bring clarity, certainty and consistency to the processing of personal health data for care and treatment and for wider health service activities. The commission also welcomed the early and ongoing engagement by the Department on the Bill. On specific points raised by the commission as flagged in the general scheme, we have had very careful regard to them and look forward to continuing our engagement with the DPC.

Information and e-health initiatives are never more than a means to an end. That end is to improve the care and treatment people receive and the ability of health professionals, and the health system generally, to deliver that care to individuals and to society as a whole. We believe the Bill has an important role to play in making that happen.

Maybe my name was misspelled. I welcome our guests and thank them for their presentation. I have a number of questions. On confidentiality, are we satisfied that the new system, when it is in full operation, will be absolutely confidential as regards the availability of information to the constituent, patient or user of services and, equally, those in the medical profession who need to have access to the information in the shortest possible time?

Absolutely. Confidentiality of identifiable personal information is central to the trust needed by citizens in respect of their health information. The Bill provides that access to identifiable personal health information is only available to the individual and any health or social care professional with a direct and legitimate interest in his or her care. That is absolutely provided for.

The wider purposes of performance oversight and assessment of the effectiveness of health interventions does not require identifiable personal information. Arrangements will be made to make such information available for research and performance analysis purposes, but in an anonymised and pseudonymised way that will not allow for the identification of any individual. Does Mr. Lennon have anything more to add?

I thank the Deputy for the question, which goes to the core of this project. We make the point that public confidence is essential. Sometimes, people say things but, from our perspective, right from the outset, we have seen public trust and confidence in this as being key. We engaged at a very early stage with the Data Protection Commission, which stated that our engagement was open, constructive and substantial. We will have an ongoing relationship with the commission as the Bill is drafted and implemented. As regards audit, the commission has obviously stressed the privacy protection measures, about which we have had very careful regard.

Yesterday, in advance of this meeting, I looked at the number of times we mentioned transparency, governance and security, etc. On the provision in the Bill for the processing of summary care records, we make the point that it must be done in a secure processing environment. When it comes to the part of the Bill that deals with secondary purposes or management research purposes, we make the same point. As Mr. O'Connor pointed out, in care and treatment, identifiable patient information is obviously needed. That is restricted to the individual concerned and the person who is treating that individual. A very rigorous framework is in place in the area of information for management research and public policy and planning purposes, as dealt with in Part 3 of the Bill, which states that such information can only be requested when a substantial public interest is involved. The only time it can be requested is when the national health information authority is satisfied there is a substantial interest. If the request relates to identifiable patient information, it has to be clear as to why the research cannot rely on anonymised or pseudonymised information. That is the default position for the national health information authority. If identifiable patient information is needed, it has to be shown the person or entity making the request is fully justified in seeking that information.

To the extent that we have stressed in the Bill the importance of security, we have placed considerable emphasis on trying to ensure such an attack does not happen. Obviously, there cannot be a complete guarantee against it. It is there to the extent that we have highlighted the need to ensure it does not happen. It is a point that has been raised by the public and other stakeholders and is one we are fully conversant with. It is the case that we can say every effort that is humanly and technically possible to ensure the security of the data will be taken.

Have we a system or systems in place to isolate an attack in the event it takes place? In other words, can we ensure the attacker does not have access to the entire system to use at his at her leisure? Have we a means of freezing certain segments of the system so an attacker can go no further? Is that part of our defence?

We are not the team that deals directly with the roll-out of e-health and cybersecurity but the Department has significantly increased the investment of resources in that area. There is very substantial recruitment to the HSE to build up the skills and capacity to manage cybersecurity. Lessons have been learned from the cyberattack we suffered from and from other attacks. We are working across Government, with the Office of the Government Chief Information Officer, CIO, the Department of Justice and others to ensure maximum security in our health information.

The potential attacker in such situations will always be alert to the insulation of firewalls that will, as I stressed, isolate and limit the attack. Is the Department satisfied that we have sufficient provision in place to ensure that is developed to the maximum extent? I know the officials cannot guarantee that, but the degree of success or failure of the whole system will depend on the extent to which we can protect the entire system.

The whole approach to cybersecurity has been transformed. There is a whole-of-government approach to cybersecurity that the health system is now very directly connected into. The health services have substantial resources, including key new posts in charge of cybersecurity and the resilience and security of the health information system. It is not my area directly, but the firewalling and isolation of any attacks is a very important part, as the Deputy recognised, in closing down-----

My colleague on the management board, Mr. Derek Tierney, works on that. The e-health infrastructure is being managed as part of strategic capital investment. We work extremely closely. As the Deputy will see from the Bill, we are working in parallel and hand in glove with colleagues in e-health in the Department and the HSE. This is the legislative base and they have the-----

I know that date of birth is one of the things referred to all the time - or not all the time, as was said - so this will be of tremendous benefit. Has the Department got over the objections in the past to the use of a single identifier? Is Mr. O'Connor satisfied that all the way has been smoothed for that purpose?

Yes, we are very comfortable with and excited about the adoption of PPSNs and eircodes into the health and social care services. The vaccine roll-out was a concrete demonstration of the Irish public's comfort with supplying PPSNs. It is a number people know, and I think that when it came to their being assured that the health system knew who they were, knew their previous set of vaccinations and so forth, there was broad comfort. There were no issues surfacing and no discomfort conveyed to us from our public consultations or from any of the engagements. There is a sense, I think, that this is the right move and will allow for a much more coherent approach.

The individual health identifier was adopted in the Department of Health under 2014 legislation. Deputy Durkan is right that within that legislation, as well as date of birth, surname and forename, PPSN was one of a set of keys that the health system was allowed to collect in the development of the IHI. All that work done over recent years stands to us still because, in general, the HSE will know the PPSN where it has an IHI, so it will make the linkage of health records across different service providers much easier. We are very confident about-----

As regards the black hole to which Mr. O'Connor referred between the private and the public systems, is he satisfied that that has been sufficiently covered in the course of the proposals? Is he happy that information will be available to the appropriate people and the patient as and when necessary, and quickly, without an untoward delay?

In the opening statement we do say legislation is one of the confusions that has frustrated the sharing of data in the Irish system. There is culture and behaviour, which we will work on as well, and maybe clarity on the information requirements. However, I think the legacy and the nature of the Irish health and social care system, with its complex public, private, voluntary and charity mix, that background, has complicated and frustrated the flow and the linkage of health information in the Irish system. We have adopted a very cautious interpretation of the general data protection regulation in this country, while other European member states have managed to link health information and develop summary care records under the GDPR. The black hole on our side has emerged because of confusion about the obligations of private providers or voluntary providers to participate in a national system. This legislation is crystal clear on the obligations of any health and social care provider, regardless of its status, public, private, voluntary or charity, to provide information and maintain up-to-date health records for the citizens of Ireland. It will remove any legislative excuses for not sharing health information, and we will work on any other barriers there because it is in people's interest.

I welcome our witnesses. If I may, I will start by reading back to Mr. O'Connor some of his opening statement and then agreeing with what he said but also using that as context and backdrop to the Bill being brought forward. His opening statement was quite sobering as to how far behind we are not only on patient data and information sharing but also on IT systems and e-health. He said, "The reality is that, at present, the health information system does not exist at a coherent and co-ordinated national level." We have known about that for a long time, yet we either seem to have pushed back or are reluctant to invest in this area to make sure that the systems are connected, that there is interoperability, at the very least, between systems, which does not exist at present. There was reluctance previously even to accept the use of unique patient identifiers and all the obvious solutions we need. Mr. O'Connor went on to say: "Instead, it operates at organisational level with considerable reluctance to share information." That has to be challenged and broken down. He then said, "When it comes to the private side of the health system, there is an information black hole which wholly undermines any serious attempt at population planning." That might be the case, but I think that could equally be attributed to the public sector, and I will give the committee some examples of that in two seconds. I think the black hole Mr. O'Connor says exists in the private sector also exists in the public sector. In fact, it could be worse in the public sector. He went on to say:

In addition, healthcare lags behind other areas of society with regard to digital innovation. All of that directly adversely impacts on the treatment of patients, on those who provide that care, and on the policy-making and planning processes.

A business case was submitted to the Department of Public Expenditure, National Development Plan Delivery and Reform on the use of electronic health records. When was it submitted? I refer to the one that was rejected by the Department of Public Expenditure, National Development Plan Delivery and Reform. What year was that?

So here we are in 2023, and the cases that were made in both 2017 and 2019 were rejected by the Department of Public Expenditure, National Development Plan Delivery and Reform. Where are we now, then, with a business case for electronic health records? When Mr. Fran Thompson was last before the health committee on this issue, he said we are not even at the starting line.

I am not interested in the history because the history speaks for itself: it is appalling. Obviously, there was pushback from the Department of Public Expenditure, National Development Plan Delivery and Reform, which in and of itself was unacceptable, and I do not accept the reasons it gave for pushing back. In any event, we are not even at the starting line. The Department is bringing forward a Bill which is very worthy but useless unless we have the systems that can deliver it. A basic starting point is electronic health records. That is one of the very basic systems we need, yet we were told only a few months ago that we are only at the starting line or not even at the starting line. What I am asking today is where we are with a business case for electronic health records.

That was a rejection. When Mr. Thompson was here he accepted that it was rejected and he said there were a couple of reasons for that. He said:

First, we put forward our business case to the Department of Public Expenditure and Reform, which was not accepted. It is around capacity and around the people and additional bodies on our side of it.

He was therefore accepting that it was essentially rejected. Saying, then, that the national children's hospital will roll out an element of it is not good enough. If the Department is serious about this Bill, we need to be serious about electronic health records. I ask the question again. That business case was pretty much rejected. It is a very straight question. Where are we now with that business case, and when are we likely to see it resubmitted to the Department of Public Expenditure, National Development Plan Delivery and Reform and some delivery on it?

Mr. O'Connor is telling me there is work under way when this goes back to 2017 and 2019. We are now in 2023. Work under way does not mean anything to me because it does not give me any date or timeframe. If Mr. O'Connor does not have the answer, he can just tell me that he does not know when it is likely this work will be done and that the Department does not have a timeframe. If that is the case, he can just be straight with me.

But it is not as simple as just resubmitting a business case that was not fully accepted in 2019. I do not have the exact figures, but we have doubled, I would think, the investments in e-health in the HSE in that time. The number of staff in e-health in the HSE was about 120 in 2015; it is now close to 800.

That is part of our investment in the capacity of the health service to roll out and manage-----

Bear with me. Is there a timeframe? Mr. O'Connor is saying they have to scale up capacity. I accept that, but I am asking a straight question. Cases were made in 2017 and 2019. In 2019, the business case was rejected. We are here in 2023. We want this delivered and whatever roadblocks and barriers in place need to be overcome. Is there a date or timeframe that the Department and the HSE has in relation to being able to go back with a business case? Mr. O'Connor is saying it is not as straightforward as that. That is fine. It is not fine in the sense that it shows the poor state of where we are. All I am asking for is some sort of time horizon as to where we might be with delivery of this because I have to put it to Mr. O'Connor that if this is not done, large elements of this Bill will be irrelevant. Would Mr. O'Connor agree with that?

We have a timeframe. Within, I would say, two months, the Department of Health will publish a new digital health and social care strategic framework. That will set out the key objectives and the timeframes for the roll-out of the summary care record, shared care record and the electronic care record. We have, as I said,-----

Absolutely not. It is an early deliverable in the programme to roll-out electronic healthcare records. One of the things we are trying to do in the legislation and in building capability into the health service is to ensure that we can organise the data in ways to make it accessible to the public so that they can be provided with summary care records while the digitisation of the health and social care facilities is rolled out.

To be honest, I am not at all comforted by the response in terms of how quickly we will get to a solution on electronic health records. There is not the urgency that needs to be there and whatever happened over the last seven years was unacceptable.

Would Mr. O'Connor accept, because he is responsible for analytics, that information sharing in terms of patient information flow is important and that it is an important part of this Bill but data from patient activity, it is also important for the running of the health service? Data is gold dust for healthcare professionals.

Would Mr. O'Connor accept as well that there are weaknesses and gaps in providing data? It is frustrating when we table parliamentary questions and we cannot get access to information. Here are a couple of examples. I asked the Minister for Children, Equality, Disability, Integration and Youth the number of children on disability service waiting lists for children's disability network teams and the response was that the information is not collated on the average time on waiting lists and some individual children's disability network teams, CDNTs, indicate they do not have a separate system in place to capture this level of activity. I asked the Minister the number of people on disability service waiting lists for each service type, excluding children's disability network teams and the response was that there are no centrally-maintained waiting lists for these service. I asked the Minister the level of outstanding inpatient charges owed to the health service and the number of patients this relates to and the response was that the Minister regretted to inform me that the information on the number of patients with outstanding debts is neither centrally recorded nor readily available. I have loads more. Much of it is fairly basic data as well. If we cannot capture data, if our systems are not connected and if they systems do not interconnect, we do not have interoperability.

The Department is bringing forward a Bill that will be fairly worthless unless we invest in the information technology. We do not have a centralised financial system. We do not have systems that speak to each other. Mr. O'Connor is talking about a black hole in the private sector. I have to put it to him that the health service, in addressing information deficits, electronic health records, e-health, collecting data and having centralised systems that can speak to each other, is light years behind where it needs to be. Unless we solve that problem, I am afraid this Bill, worthy as it is, will not be able to do what it needs to do.

I will bring in Mr. Lennon in a second.

We have many other examples of basic information that is not available or not aggregated in sensible ways at present. That motivates us, in moving forward on this legislation and in the development of the digital framework.

I thank Mr. O'Connor.

I could not agree more with Deputy Cullinane. The Deputy gave a number of examples and, as Mr. O'Connor said, we can give a number of additional examples. The truth is that it is nowhere near where it should be. That is the reality. In terms of this Bill from the beginning, what we have tried to do is be realistic and credible in terms of how we can go forward.

When you look at the health system, you can start with the concept of a data controller, which is a hospital, a GP practice or any type of organisation. There is a cultural and organisational resistance to sharing health information. That is just the bottom line. We decided to address it head-on. If you look at Parts 3 and 5 of the draft Bill-----

I thank Deputy Cullinane for saying that because we believe it is the credible and realistic answer to dealing with this question. What we have done is to provide, as the Data Protection Commission, DPC, will confirm, that clear consistency in a legislative framework that takes choice out of the equation. It must be provided and there is a civil sanction if it is not provided.

We talk about strategic robust governance, etc., and leadership. HIQA, too, in its analysis, talks about the need for a national single dedicated organisation that would lead in this area. That is the role of the national health information authority. It will have the legal tools to mandate the provision of information to it.

In terms of what legislation can achieve, we see it as twofold: to provide the legislative power to the national health information authority, NHIA; and to provide the institutional structure, in terms of the national health information authority, to make that happen. That is something that is within the control of the Department to do, and the Oireachtas, if the Oireachtas is pleased to pass this legislation. It is a major step forward.

If I can go back to the earlier point in relation to electronic health records, etc., in a sense Sláintecare made an important point in relation to the early delivery of patients' summary care records. While taking the Deputy's points in relation to the all-seeing and all-dancing electronic health record system that might ultimately emerge, it is nonetheless the case that the public and health practitioners want early deliverables. Like the members and everybody in this room, they want to see tangible outcomes of what is being done. The development and delivery of a patient summary care record which is available 24/7 will be a major step forward.

It is not a comprehensive electronic health record system and we are not claiming that it is. We make the point that in other jurisdictions they have gone from the summary care record-----

I thank the Chair and wish everyone a good morning.

I find this whole area quite confusing because we have been talking about it since 2014 and much of the terminology is changing. It is hard to know whether it is a matter of trying to start afresh and forget about all the nonsense that happened in the past. There is an element of that. The Department is using new terminology, etc.

Having the legislative underpinning for this is fine and, obviously, that is critically important, but what I am not getting from the Department is how the system will work and what is the intention. We have been here before on several occasions. I can recall the Taoiseach, then Minister for Health, announcing the e-health programme and the appointment of a fine person, in Mr. Richard Corbridge, who in the end gave up due to frustration. Mr. Corbridge went on to have very senior roles in the UK. For example, he was the chief information officer in Boots. Mr. Corbridge is currently in the UK Department of Work and Pensions. That was utter frustration. Mr. Corbridge walked out.

Various interests have been holding this back, but it seems that one of the major ones is the Department of Public Expenditure, National Development Plan Delivery and Reform. We have already discussed what happened in 2018 when the business case was refused. It is all very well having legislation on the Statute Book, but what will happen in the context of the system? Will Mr. O'Connor talk us through the sequence of events he expects to happen under this programme? For example, where do matters stand regarding the very starting point, namely, the IHI? Does Mr. O'Connor accept that having to have an IHI is the first step?

There is a technical team and a business team within eHealth. These are assigning and looking at all the records, such as the hospital inpatient system, HIS, the primary care reimbursement service, PCRS, and all the big data systems that are in place. They have done work to ensure that each individual has an IHI within those. That is as part of a step to better connect that information. We can built on that-----

I thank the Deputy. As I worked on the health identifier legislation, I hope I can provide an answer. As Deputies Cullinane and Durkan pointed out, we are moving to a situation where we are proposing that someone's PPS number will be the principal unique identifier. However, by way of background, when the health identifier legislation was being put together in 2012 and 2013 - it was enacted in 2014 - it was determined that there should be a unique identifier for the health service. It was determined that it would be a stand-alone number for the health service. That has been assigned to individuals. As I understand it, everybody is entitled to have one.

It is assigned to them. It is a 16-digit number that was created for the purposes of unique identification by the HSE. It is assigned to everybody, and everybody can then elaborate on it. While it has been assigned to everybody, its usefulness is not actually in the context of the individual having it. Its usefulness lies in its being embedded in health care systems, GP practices, hospitals, etc.

The reason for that is the way the legislation was framed back in the day. The idea was to look at the health system as a stand-alone system that was wholly separate from the rest of the public service ecosystem. If one takes housing, social welfare or whatever, there is a direct link between an individual and the health system and the wider social welfare, health, and housing systems.

They are intimately connected. There is an identity management service being built up within the HSE and it has used PPS number to generate a register of IHI numbers. We recognise that, in the context of interactions with the public, people are comfortable with PPS numbers. It is one of the few numbers people actually know and it is in the interest of patient safety that we switch the primary identifier away from the IHI to the PPS number, while building on all the investment that has been done on identity management. That stands to us because the PPS number is in there.

I will ask one last question. There is clearly a lot of concern about the sharing of health information and particularly in relation to the information that GPs have. The relationship between a person and a GP is very personal.

How does the Department intend to proceed regarding access to that health information, if GPs need to share health information with some central body? Does it have a schedule of people with access to that information based on seniority in the health service?

The Deputy is right that GPs are at the centre of the health system and they probably hold more information on an individual than any other healthcare provider. We have a good engagement with the Irish College of General Practitioners. In 2019 there was engagement on health service developments between the Department, the HSE and the Irish Medical Organisation, IMO, where the development of a summary care record was fully teased out. The summary care record is likely to be provided by GPs. Even though we say the information can be input by other health service providers, the likelihood is that the development of a summary care record will be framed on the basis of information provided by GPs and our engagement today suggests that GPs are happy for that to happen because it is directly relevant to their patients.

I am not talking about that; I am talking about ensuring confidentiality from a patient perspective. We need to ensure that only those at a senior level would have access to that information. Is there a schedule of that? Will, for example, the public health nurse have access to that? Is it a consultant? Is it a hospital manager? How is it determined as to who will have access to that confidential information?

The Bill provides that access will be to two people, namely, the health service professional actually providing the current treatment and the individual. The Bill actually provides that at the point of care and treatment, the individual consent of the patient allows that access to happen. Therefore, it is a health service provider who is providing care and treatment, subject to the consent of the individual patient.

I welcome the witnesses before the committee again.

That is and interesting point because those involved in the EU work have also struggled with who is a data holder and who would have access to data, particularly where it overlaps with things like wellness apps. There is a very live conversation in the US on this at the moment. Obviously, wellness apps, which are proprietary, contain very important information for some people with conditions like diabetes and obesity. We might return to that at some stage. From this morning's conversation, I am very aware that the departmental officials are only able to do what they are able to do in the scope of what their job is and that other people are involved in the e-health issue.

I want to return to the schedule and I have a particular reason for doing so. As we heard in a number of other sessions, it was all agreed between 2014 and 2016. The original business case was put forward in 2018 and 2019. That business case has been linked to the completion of the national children's hospital. During those sessions we discussed in great detail that the children's hospital is not quite complete yet and it would probably need to be operational before we can prove through a business case that this will all work. In the most favourable case, that would be at the end of 2024 or 2025. The officials can stop me if I am getting the timeframe wrong. This means it would be 2025 before we could have a reasonable expectation that the programme could be linked to a business case, which would then go to the Department of Public Expenditure, National Development Plan Delivery and Reform. Mr. Thompson advised that the completion of the business case, procurement and roll-out across all facilities would take between five and seven years. That timeframe brings us to 2032. I know this is not all on the desks of the officials present.

When we are talking about e-health as it relates to this Bill, we are talking about proprietary programmes. Nobody in the Department of Health is writing the code for e-health or for wellness apps. Nobody expects them to do that. They are all proprietary items. Under that timeframe, with the business case at the end of 2024 or 2025, procurement happening in 2026 or 2027, followed by roll-out, in the best case scenario, we are looking at up-to-date technology that is current in 2027 or 2028.

Would the officials consider the stagnation that we are seeing on e-health a barrier to the development of legislation like this? This is not technology that we make. This is technology we buy from a private entity. Given the work in the EU and developments in e-health, I can only imagine that the landscape will look very different in 2027. That is at least four years away. In that other session, my version of the timeline was being described as ambitious. I understand the officials are laying down principles about how it will work. Given that we have no idea what that technology will look like - technology is moving so fast at the moment- is there concern about the relevance of this Bill? I understand that it will be useful on a number of fronts, but is there a concern as it relates to e-health?

I do not mean to cut across Mr. O'Connor. I welcome a strategic framework. People who sit on committees like this are very used to that kind of language. However, there was a very straightforward way ahead here which was not to link the business case to the hospital currently in development. We hear all the time that versions of e-health are being rolled out in maternity care and elsewhere. Let us not link it to the children's hospital; that was the way forward. The strategic framework is excellent and fantastic. As we heard in January, we should redo the business case, leave the children's hospital to one side, look at international experience and go forward. That would knock at least two years off that timeframe.

The timeline that has been worked to up to now was the outcome of the set of deliberations across various Departments. All those Departments are open to a refreshment and reframing of the framework. I know strategic framework sounds a bit nebulous, but it actually will be an acceleration and a utilisation of the investment.

The Deputy asked great questions about the future-proofing of this Bill. One of the things that gives us comfort around the enduring relevance of the Bill is that we have not focused on any technology in particular in the Bill because we recognise that the real value lies with the data. We are confident that we can deliver real value for people, real value for health and social care professionals working across our system and organising the information in meaningful ways, irrespective of the technology.

The timeline the Deputy mentioned is absolutely depressing and is not acceptable to us because it places us at the end of this decade reviewing the children's hospital and getting approval to go to another site, and it would take a century to digitise services around the country. We are not accepting that. We want to adopt more national approaches. There are only 5 million people in the country, which is the equivalent of a large city in other countries. We are confident that we can organise information. The summary care record, the sharing of care records and focusing on the data will future-proof us.

Regarding wellness apps and so forth, we are focusing on the legislation, but colleagues are looking at the practicalities. However, there are great possibilities to build on a summary care record with a standard set of information as set out in Part 2 of the Bill. That could be the core central module of a summary care record. Other countries are doing interesting things where individuals can allow, with due consent, the wellness app to access their information and to be situated alongside it.

I want to stick with that data issue. I have been following the EU debate. One thing that strikes me is the difficulty they have run into with regard to exporting personal data to third countries. How are we looking at that? I am thinking in particular of the National Treatment Purchase Fund and how much we rely on the UK for cataract treatment, and how that would be eased. I know there are obviously agreements now between the EU and the UK. Does this Bill work alongside those and how is that being addressed?

Yes it does. There is a provision in the Bill that provides for the summary care record to be accessible outside of the State subject to government rules. That would protect the information. The Deputy is right to say the proposed regulation on the European Health Data Space is at this stage grappling with the issue. It is a European Health Data Space and health information can be shared beyond the borders. It is an ongoing area.

Ever since the proposed regulation was launched by the European Commission on 3 May 2022, we have been careful to align. If you take, for instance, the definition of relevant purposes, which we have in the Bill, that definition is drawn conclusively from the EHDS. We are monitoring what is happening in the EU on an ongoing basis. Ms O'Neill is the representative at the EU, and I do not know if she wants to say something. We are keenly invested in that. There are 27 member states and bringing them together is a bit of a challenge. We are trying to do two things. The first is to provide in the Bill a response to our national leads, but at the same time to do it in a way that aligns with developments at the EU.

I will answer the question on third countries and how, from the EU perspective, data would move outside of the EU between Ireland and third countries. We are monitoring it closely as that EU regulation is developed to ensure there are no pitfalls for Irish citizens, particularly when it comes to moving data across the border with Northern Ireland or further afield.

The original draft was published by the European Commission on 3 May 2022. It is currently being reviewed in Council by the working party on public health and by all 27 member states, and at the same time by the European Parliament. We fully expect a report to be issued by the Parliament possibly by September of this year. We could also see a general approach coming out of the Council potentially by the end of the year, all going well. It is a very large and unwieldy file, and could take a little longer. Beyond that we would see it go into trilogues, which could take another lengthy period of time to create a final document that we could review. That being said, at every stage in the process we are ensuring that there are no massive pitfalls for Irish citizens moving their data as we go along, step by step.

I thank the witnesses for their presentation. I will return to what Deputy Shortall said about aligning the PPS number and the client identifier number. I am concerned about that and about the timescale. I will give a simple example that happened with me yesterday. Someone had a PPS number that was the same as their husband's, but with the letter "W" added to it. A new PPS number had been assigned but when they went to register something with a State authority, it was rejected on the basis that the date of birth did not correspond with the PPS number. They used their old PPS number without realising that a new PPS number had been assigned. Neither had their employer been aware of it. When I contacted Revenue the date of birth registered for that person was 1 January 1852. I do not understand why there were two PPS numbers being used by the same person and by the Department of Social Protection, but they had not been put in together even though it was one person. When we move from PPSN to client identifier, will we have the same problem? I am a bit concerned about how it is going to be done and the kind of the timeframe it will take. Has that been worked out?

In this case the person was working for a State agency, and the State agency was not given the new PPS number at any stage. I have looked at the payslips for the past five years. Even though this PPS number had been allocated to this person, their employer, which is a State agency, was not made aware of it. I am concerned about how we are now talking about putting client identifier numbers and PPS numbers together. What is the system for doing that?

The Department of Social Protection and the Revenue are dealing with this issue and they had not even put their numbers together. The Department has client identifier numbers and is now talking about PPS numbers. I am concerned about the timeframe for getting that done. Are clear targets going to be set out?

I have a question about maternity services. Four of the maternity hospitals are now totally computerised, as regards patient admission and the whole of patient management. That is in place for the past five years. We are now talking about doing another hospital this year. There are only 19 units across the country. Why can that not be expedited for the remaining units, because at least then the Department is starting with a base? I know the argument is that we are going to do it with the new children's hospital, but we already have the structure in place for four or five of the maternity hospitals. Why have we not done all 19 units in the past five years?

It is in four. When it is done on the one site, the first site in Ireland, that generates enormous learning and can accelerate the rollout to others. My understanding is that the pandemic delayed the rollout, but it has resumed. I do not have the note in front of me, but I was reading a note as part of my briefing that said 70% of children born in Ireland, as of next year, will have an electronic health record from the system. While it is not the full 19, they are generally working on the larger sites.

The second point I want to raise is the issue relating to the private healthcare sector. How will that be tied in, because a lot of them are already electronic?

What about a situation where, for example, someone is in CUH today and then in a private setting in 12 months' time and back into CUH 12 months after that? How are we going to tie all that in?

It is a good question. There is a specific provision in the Bill around the duty to share information. Going forward there will be a legal obligation on anybody providing care or treatment to an individual to share that information with another health service provider providing that care or treatment. They have to share the information. It is also provided under that head that within a certain period of time - there will be a transition period - that sharing of information will have to be done on a secure digital basis. The scope of the Bill with regard to information applies across the spectrum of the health service, irrespective of where the patient is receiving his or her care and whether at one stage in their journey through the health system they receive it on the private side and then go to the public side and back to the private side. What we are looking at in the Bill is a national health information system that recognises no barriers between the various parts of the health system in terms of the movement of information.

I may be wrong about this but at one stage we had something like 1,700 different types of computer systems in the health service. I am not sure what that number is now but that was five years ago. I am sure it has changed somewhat. I keep raising this issue. Denmark started in 1996. About four or five years ago they had 25 different systems and they are working towards having five. If there are private hospitals with a different type of system, how are we working with them on this? It is likewise with the GPs and pharmacies. What is being done so all of the systems can blend together and so there are not any hitches in the sharing of information that is necessary in order to look after the patient?

That goes to the heart of the concept of interoperability between systems. Health information standards provide for consistent specifications for systems to talk to each other. It is a big project. That figure of 1,700 legacy systems is likely to be significantly reduced but there are a number of legacy systems out there. That is why moving immediately to a wholly digitised system just is not feasible. The implementation plan that will be put in place, if it is to be credible to those who are affected by it, will have to set out a realistic timeline for when it will be possible for all systems to talk to each other.

I raised the issue of the maternity units and setting targets already. Is that not also important? It seems to be very much drifting without any clear targets, such as a two-year target, a three-year target or a five-year target. I am just wondering whether that can be done in the plan. In fairness to other State agencies, the Department of Social Protection, for example, issued 305,000 new PPS numbers last year and there was not a huge delay in getting a PPS number. It was able to do it. That is a huge number but it was able to get the information in and give people their PPS number. Likewise, we need to be able to fast-track some of these processes and deliver them. I am just wondering about targets. Can we set targets? Can we set targets for the maternity units or paediatric units? Can that be done? We are going to do it with the children's hospital but could we do it for all the other paediatric units around the country following on fairly fast after that?

I fully expect that the refreshed e-health framework and the corresponding implementation plan that the HSE will develop will absolutely lock in timeframes and clarity on deliverables. That refresh of the strategy, the strategic framework and the legislation we are discussing here today are intended to be a real acceleration and a real push on national approaches to the roll-out of electronic health records and the digitisation of health services. I am sorry I cannot give the Deputy timeframes now but it is fully expected that timelines will be clarified in the course of the framework and the implementation plan, which will be completed in the immediate months ahead.

I welcome the witnesses. I have a question regarding Part 5 of the Bill and the wider use of PPS numbers. There has been a lot of debate over the years about the use of PPS numbers, which I understand are the property of the Department of Social Protection. Would that be correct? That was one of the reasons given that it was not legislated for. Will this Bill, under Part 5, now put that to bed? Will the Department of Health have equal rights to the PPS number, which is effectively a unique identifier number?

Yes. The PPS number, as the Senator will know, is already used in a number of areas of the health system. There is a degree of uncertainty and lack of clarity about its use. The particular provisions in the Bill relating to the use of PPS numbers were discussed fully with the Department of Social Protection and the DPC, amd the DPC just asked if we have a justifiable case for doing it. The main reason is of course that the health system is not a stand-alone system. It is part of a wider public service and societal system. We are going with that on the basis that the PPS number will be fully legislated for for full use within the health system.

That is great news. There has always been that uncertainty. It is in effect a unique identifier number, notwithstanding the anomalies my colleague Deputy Burke has referred to. With regard to records, I am christened John but use the name Seán, for example. Some people use a fada on that name and some do not. People get married or use the Irish version of their name when they may have been christened with an English name. All that sort of stuff changes. A number of things do not change. Your date of birth does not change and your gender does not change - although assigned genders can. A PPS number in conjunction with a date of birth should be perfectly acceptable for all of this. The HSE could even combine the two of them if it wanted, like banks do with BIC and IBAN numbers. When this Bill goes through, if it provides certainty around the use of the PPS number I will welcome that.

Eircodes are interesting to see if there are geographical spreads of certain conditions that are more prevalent in the north west or the south east, for example. That would make sense. I know Eircodes change and people move but for capturing the data at that moment, that would be interesting information.

Part 7 relates to the national health information guardian. Would that involve establishing an office within the Department of Health or would that be an individual? What kind of role would the witnesses see there?

This is something we see as extremely important. We talk about trying to transform the landscape of health information and bringing the public with us in terms of public confidence. We looked very closely at the situation in the United Kingdom and Britain. Dame Fiona Caldicott was the first UK NHS data guardian and the second is Dr. Nicola Byrne. We met with her team and discussed what they do and how they make a difference in building confidence around how health information is handled. They challenge the health information system to achieve best practice and champion the rights of the individual. It is important to say that from our engagement with the DPC, it is quite clear that the DPC is our regulator and supervisory body. There is no conflict between the two. The role of the data or information guardian is to act as a champion of data subjects' rights and to hold the health system to the highest levels in terms of best practice. I think the guardian will be an individual but the experience in the UK is that she or he would be assisted by a small team, maybe with a legal expert, an IT expert etc. We are not seeking to create a whole new panoply in competition with anybody but to have a focused position. The person appointed as national health information guardian would have to be somebody who has public confidence. That is a key thing. The legislation can provide for the role and function of the guardian and their appointment but when it comes to the crunch, it will be a matter of whether the person appointed actually enjoys public confidence. If that is not the case, then it will fail.

We are providing for it on a statutory basis. In the UK, it was set up on an administrative basis initially.

In 2017, they decided the best way to protect the office and ensure it had a high status and profile was to provide for it on a legislative basis, which is what we are seeking to do. However, that would not prevent us appointing somebody in advance of the Bill being enacted.

In Part 8, there is provision for putting a legal obligation on the health service provider to provide an individual set of records to another health professional at the request of the individual and on making the buying and selling of personal health information by anyone other than the individual concerned an offence. I welcome all of that. With regard to somebody who is in a coma, not able-bodied to make the decision on next of kin or partner, is that standard or would it be included in the records? Can organ donations and other issues be linked into those records? Has that been considered?

It is another very good question. With regard to the particular provisions with regard to the summary care record, there is demographic information, clinical information and a part of the summary care record which allows the individual to provide particular types of relevant information. The individual may ask not to be resuscitated, allow his or her organs to be donated or make other requests. We want to ensure the creation of records going forward is not just a clinical exercise, but empowers the individual citizen and patient. He or she will have a direct input. The patient will not have an input into the clinical content, because that should be done by healthcare professionals, but he or she will have input into his or her own information and wishes for medical treatment.

I apologise if the witnesses have already dealt with some of my questions, but I am finding some of the information difficult to pick up. I get that the current system is not acceptable. The idea of moving from paper to digital and access for researchers to files and so on makes sense. Some of that is going on at present, but not to the extent to which it should be. Highlighting gaps in services also makes sense. I get the eircode idea, even though many of us do not use the eircode. It is probably important to use it as we move forward.

I get the idea that we have a paper system at present and if I live in Dublin and get sick down in Limerick or something, the current system is all wrong. Even in the Dublin system, if a patient is attending two hospitals, one hospital is not talking to the other. I will give the example of the Mater hospital and St. James' Hospital. One of the issues that has been raised before is the current system. If I have someone applying for a medical card who is seriously ill, there are challenges in trying to get the card and even in trying to get information on it. I know of an individual who is attending two hospitals and trying to get an update for their medical card. The application is based on the person's finances, income and medical condition. It is almost impossible to try to get that in certain circumstances, especially if a person is ill. If a person is ill, he or she has a difficulty in trying to get someone to talk to in the hospital. If a person sends an email, he or she might get an answer to it. It is not a case of going to the hospital to try to get information. The current system is not working for people in that situation. What would be the situation with regard to a medical card in the new system? What access can I, as an individual, get to a medical card? I think it was said that 70% of people have an individual health identifier number in the current system. Is the percentage higher than that?

I think everybody has been assigned an IHI, but its true value is not just the fact that you or I have it, it is the fact the IHI is used in hospital and GP systems. The HSE, after assigning the IHI to everybody, is now rolling the number out to the GP practices and hospitals in order that they will have our IHI when we go to hospital and the GP practice. By asking us a question such as our name, date of birth or personal public service number, PPSN, they will be able to generate our IHI. There is the distinction between everybody having one and its practical implementation, which is based on its roll-out to GP practices and hospitals.

-----will assign its own medical record number to the patient. I have reasonable confidence that if someone returns to a hospital, such as St. James' Hospital, he or she will remain with that medical record number for the hospital. However, if the patient goes to Beaumont Hospital the next week, Beaumont Hospital will generate a new medical record number. The HSE, with its identity management service, is chasing those numbers down, looking at the individual hospital records and assigning an IHI, whereby we know it is the same individual in both cases. However, that is laborious and time consuming and the cases do not always get connected.

Everybody knows his or her PPSN, but it is true that even though the IHI is assigned to everybody, people have not been advised. If one was to ask me how to get his or her IHI, I would say the place to write to is the HSE identity management service. That service should give it to you, because there is not reason not to. If a person feels the HSE is being difficult about it, he or she can always exercise his or her rights under data protection legislation to get the IHI. However, the person should not need to exercise those rights. The HSE should provide the IHI, if a person asks for it.

In the new system proposed, we will be moving to a PPSN. When I arrive at the hospital, my PPSN will be used rather than the hospital number. Is the PPSN the new number I will be assigned? If I go to St. James' Hospital, the Mater or wherever else, will I be using my PPSN as my hospital number and my health identifier number?

-----the conclusion of which was to distinguish health from other areas and generate an ID unique to the health area. It is clear enough from our discussion, the members' confusion and our patchy answers on it, that it does not stand up as a system capable of being rolled out. The system is complex in a way that compromises safety. Simplification is a key objective here. For all the anxieties that surfaced in the earlier debates, when push came to shove, the people of Ireland were not just comfortable, they were assured and confident about being asked for their PPSN. They know the number and can repeat it. I know there is some-----

The PPSN is the simplest option, but why not put IHI data on PPSN records, as a back-office exercise?

In future, can we all not just operate on the basis of our PPS numbers? Over time, all the health facilities could start to use that instead of a 16-digit number.

Several people are trying to get in. I suggest that we go into private session at the end of the meeting to talk about where we will go in respect of the general scheme. This would be helpful. Again, if members indicate they wish to come in on the second round, I will do that.

Turning to what is happening now, this is about information. What is the current situation regarding insurance companies getting access to medical information and what will change in this regard? Will these companies be able to get more or less information after the proposed legislation completes its passage through the Oireachtas? I am just using insurance companies as an example, but it could also apply to anyone else looking for such information.

This issue concerning insurance companies and their getting access to information has been raised over the years. The drill is that they can only get access to information with the consent of the individual concerned. In other words, if I want to allow an insurance company to get access to my information, it would be necessary for that company to obtain my consent. That will not change because consent is the best basis on which to provide protection to the individual. More generally, however, in the context of health information planning and management, Part 3 of the general scheme, which is concerned with allowing information to be collected for management purposes, policymaking, research and innovation, etc., provides that people can make access requests for access to information in anonymised or pseudonymised form. This could be useful for the health insurance industry, for example, to allow companies in that sector to get access to information for better planning and management for health insurance purposes. They will be able to ask for access.

There is a very detailed application process, set out in head 25, to get access to any information from the national health information authority. Let us take a situation where this requirement can be satisfied. If there was a legitimate reason to access information, the company would only get anonymised or, if a very strong case could be made, pseudonymised information. We are seeking to protect the rights of the individual and empower individuals, while also recognising that the health service needs management and planning information. Some of this activity take placed in the commercial sector, as the heads and explanatory notes make clear. What we are saying is that in situations where consent is not given by the individual to that person's individually identifiable information, companies will just not get it.

I will give an example of a situation where I, as a politician, am acting on behalf of someone who has mental health issues, someone who cannot read or write or in one of several other situations of which there is a list. Will this system change in the context of allowing me to get access in this regard? Will the situation improve, deteriorate or be much the same in the context of the proposed legislation? It is challenging at the moment, to say the least.

The situation now is that we rely on the explicit consent of the individual. If someone has explicit consent to get access to another person's information, that will remain the case in the context of the general scheme. Information will be provided on the basis of consent. There will be no access by virtue of being a particular individual. Regarding the summary care record, for example, it is provided in this case that the individual can designate another person to get access to that information. Again, however, that designation is consent based. The general scheme is very strong on protecting confidentiality and privacy, which was part of the first question we were asked this morning by Deputy Durkan.

The legitimate third parties will be people such as health researchers, policymakers, those involved in public health and so on. If we look at the relevant purposes set out in the proposed legislation, these include health service management goals, having a dynamic health service and public health clinical audits. A clinical audit team in a hospital, for example, could apply, if a national study were being undertaken, to the national health information authority to gain access to information relevant to that clinical audit study. The only information that audit team would get, though, would be anonymised or, if a very strong case were made, pseudonymised. No personally identifiable information will be provided. Any time personally identifiable information is required, the consent of the individual concerned will be required.

No, it should be fine. It was mentioned that there are sometimes errors regarding duplication in the system. By and large, this is the most robust system we have. The Department of Social Protection, which leads the management of the system, is constantly reviewing and updating the system to digest any findings and learn from any duplicates and iron them out.

Mention was also made of sharing information with other countries. We have a unique relationship with the North of Ireland. Co-operation is in place right across the health system, education and concerning people working in Border areas who travel back and forth, etc. Is it envisaged that the systems in the North, which is under the NHS, and our own system will in future allow people to have access? I remember travelling to the US several years ago and discovering that no matter where American veterans are in the world, if they go to a veteran's hospital, they can get their complete files. I presume the idea we are contemplating is that if I get sick an hour up the road, my information would be available in the hospitals in the North, despite them being in a different jurisdiction. Is this seen as the way forward in this regard? Are we having these discussions? How advanced is this process?

Ms O'Neill pointed out that as a member state we are very concerned about the debate on the European health data space and ensuring that none of the proposals makes it any more difficult to co-operate across borders. We are absolutely committed to North-South co-operation and to continuing and deepening health service co-operation between North and South. In fact, Mr. Tierney and Mr. Sinnott on the eHealth side are very closely linked with Mr. Dan West, the CIO in the North. Northern Ireland is of direct interest to us right now. It is rolling out a very ambitious electronic health record programme across the entire province on a trust-by-trust basis. I do not think it encompasses GPs, but all other aspects of the system are included. We are working very closely with the health service there to share lessons learned and to ensure that the work we both do is aligned. Altnagelvin Hospital provides cardiology services and follow-up cancer care to all the people in County Donegal. In that context, there is a need for an exchange of records between Letterkenny and Altnagelvin hospitals. Much of the time, this consists now of a folder that travels with the patient. We want to ensure, and we are committed to ensuring, that the digital health data can move between North and South. In fact, I would think that Northern Ireland remaining close to and aligned with us in terms of data and technical standards emerging from the EU will open the wider European neighbourhood as well. We are very committed to this. It was a good question.

Again, perhaps Mr. O'Connor could give the committee a note on this issue at some stage. Turning to the European health insurance card, EHIC, this is one of those important documents people need when travelling abroad or whatever. How will this change in the context of the unique health identifier? Will it be added to that card? Could we not use that number instead of-----

I do not envy the witnesses at all.

I wish the Department of Health well in the work it is doing. The Health Information Bill 2023 is very good legislation from the get-go and its intent, depth, and breadth are very impressive. I fully support the practical measures proposed in it. We need to see them happen. I do not blame the officials present for the legacy issues but they will understand our frustration that this practical Bill that can do good things will be impeded by those legacy issues. Investments should have been made over a long period and had we had those investments and with more work on areas such as the individual patient identifier, IPI, and electronic health records, we would be in a much better position. That is just a starting point.

I want to get something clear because it is a bit confusing. When I read the documentation for this session I found it difficult to get my head around some of the terminology used in the Bill. I understand it is complex and difficult legislation. I will start with the IPI.

It is called different things but let us not confuse things even more. At the moment, people attending Beaumont hospital will have their own medical number. If they then go in to St. James's Hospital for a different operation, they generate a different number. That is what happens currently. The witnesses said that everybody has been assigned a unique identifier so we all have one. Is that now working? For example, is it still the case that someone could go in to two or three hospitals right now and the hospitals will generate a different medical number or are hospitals starting to use those numbers that everybody has been assigned? What is happening currently?

No, we are moving beyond the IHI and building on the work the IHI did. At the moment, the HSE is kind of chasing behind. St. Vincent's Hospital will give the medical record number unique to it and St. James's Hospital will do the same. Beyond that, the HSE, based on the name David Cullinane and having checked a few things such as date of birth and gender, will determine it is confident that it is the same David Cullinane and the IHI will apply here or there.

The provision in the Health Identifiers Act 2014 specifically provides that in communications between health service providers, between one hospital and another hospital, they will use the IHI. That is a legislative requirement. However, they can only use the IHI when it is embedded in their systems.

That is what I am saying - the hospitals should embed the IHI in their systems. Is it the case that a medical record number will still be generated when people go into hospital and this will then be traced to their IHI but if the hospital shares information with a different hospital, the IHI will be used?

Yes. While one would like to say that every health identifier system would be perfect, Deputy Colm Burke gave the example of somebody with two PPSNs. Having a PPSN, which is the public-facing identifier, backed up by an IHI ensures there is a better chance of having certainty of unique identification.

I am not suggesting that, to be fair. I am just saying that from what I have heard, if we were starting from scratch it would make sense to do it that way.

On summary care records, shared care records and electronic health records, what is the difference between a summary care record and a shared care record?

Yes. That is basic and key information, such as blood type, allergies and medicines. It is the kind of thing people would want known about them if they were knocked down on the road and taken to an accident and emergency department. Shared care records and electronic health records are quite similar. The shared care record is not just the summary template, which is the summary record, but the ability to see that a person got an X-ray somewhere and to be shown the record, so that the X-ray itself and the diagnostics move across sites. The shared care record is the train track that connects information between different sites. It is fuller information beyond the core components in a summary care record. Electronic health records are the full digitisation of a health facility. The children's hospital is the one where this is being deployed now. It is a full database at the heart of the operation. They are usually campus-based specific sites and hold all information on the site.

The whole purpose of this Bill is to have that level or depth of information in a person's health records, including information on scans that can be seen by different hospitals. It strikes me that it will take some time to get to that point. The summary care record is basically a very simple, basic set of information that will not provide a real difference to a patient's experience, in my view. It is basic information and it will be the first step. Is there a timeframe of when we will get to the use of shared care records and then the full bells and whistles electronic health records?

Work is ongoing in the HSE to spec out what a tender for a shared care record would look like. We do not regard the summary care record as a distinct project. It is a deliverable at an early point in the roll-out of shared care records.

That would be more valuable to health and social care professionals, and to us all as individuals, than was set out by the Deputy. We can consider including information that can be followed up, such as a summary care record listing the patient's most recent GP, the hospital in which the patient had an X-ray and, even before the X-ray is transferable digitally right across the country, the key information of where the patient was last seen and the check-ups undergone. That will facilitate a more connected and patient-centred approach to health. As a Department, we will clarify timelines. We will be working intensively with our colleagues in e-health, the HSE, HIQA and others.

We are conscious that, in terms of the timeline for a Bill, we are no longer sequential in our thinking. We cannot be so. We feel the frustration in the room in respect of delivery and digital health. We are working with the HSE and HIQA to ensure that in the period when the Parliament is legislating on the Bill, HIQA will be doing concrete work to advance the detail for the information requirements in the summary care record and the HSE will be moving to deliver it as part of a wider shared care record programme.

I am a little worried in spite of the assurances. I do not think answers are being given. I do not think they can be given in certain instances. For example, many people regard their PPSN as private personal information. I cannot understand that has to be supplied or put it into the chain or system so that a multiplicity of organisations can access it. Many organisations can and do access it. Insurance companies do these things all the time for obvious reasons, as do banks. Ireland has a Constitution, unlike the UK where there is no written constitution. There is a big difference between what can be done in the context of confidentiality in this country and what is being done in the UK. It is a totally different system. I refer to a marriage between the two systems. What works in the UK may not necessarily work here. I emphasise the point that many people regard their PPSN as private and personal information. It is not an identifier for anything other than access to the system insofar as they are concerned and nobody else. How do we get around that? Have those problems been resolved? They arose two, three or four years ago when a major row blew up in respect of the potential use of the PPSN as a universal identifier.

That is one of the questions we specifically addressed in our engagement with members of the public. It was clear they were interested in the same thing everybody in this room is interested in, namely, the deliverable by the health services in digital solutions. We asked them directly about the use of the PPSN. There was no issue in respect of its use, subject to there being be proper governance arrangements in place. In the context of the recent Covid pandemic, for example, when people were getting Covid vaccinations and digital Covid certificates, the PPSN was widely used by everybody and no issue was raised. We discussed it with the Data Protection Commission, which is satisfied that a robust legislative framework for its use is sufficient. In some ways, we have probably moved on from the way it was back when the original health identifier legislation was in place. There is probably more confidence in the PPSN now. It is better orchestrated and managed by the Department of Social Protection. There is recognition that it is already widely used for a range of services within the health service. The EHIC card to which the Cathaoirleach referred already uses the PPSN. It is not new. In the context of the original legislation on health identifiers, we saw clearly at the time the potential of the PPSN. That is why we specifically provided for the PPSN to be a key component of the IHI project. We are now turning it slightly. The IHI will be supporting the PPSN, one could say, rather than the way it was originally, when the PPSN supported the IHI. We recognise it is not a stand-alone health system; it is a health system that is linked up to the rest of society and the public services.

I realise it is important that the maximum amount of information be made available to the appropriate authority, whatever it may be. There may be a multiplicity of such authorities in these circumstances, however. There may be several hospitals or health institutions, for example. Depending on the security system that is in place, that can be successful or widely abused. From past experience, when there is a cyber raid on one of these institutions - it can start in a minor way or a major one – all the information is immediately let loose and the raiders have it all together. Is there a way to ensure the information is restricted? For example, if a person enters a bank account number on foot of a debit card or something like that, there are several verification systems the person must satisfy straightaway. They can do what they like with the information they get but there are several protective systems. I think the systems are there to protect the financial institutions but they will say the systems are there to protect the customer. When a person's bank card suddenly goes blank at an ATM, the information has to be supplied straight away. The person may wonder if he or she put in the right number and may automatically put in a different number because it has been challenged. If it is only a security issue, the person was probably right the first time but then put in a wrong number to correct the supposed mistake in the first instance. That happens all the time to several people I know.

We need to build a system that is going to stand firm and be of help to the general public and the individual, particularly in the context of health issues, which this is supposed to deal with. As the information could be made available to an outsider, I am still uneasy about it. I do not think it will work in the way it is envisaged because if others have the ability to access confidential information by whatever means, legal or illegal, that weakens the system considerably. They will have that ability unless there are firewalls, segmented information blocks or particular codes in place. I will let the Cathaoirleach in on a secret. When I started off in public life-----

And getting longer. The big problem used to be to making sure you wrote to the right person and got a reply. It was always difficult to get a reply. Some of those present might remember those days. I devised a system that let me know at a glance when and to whom the letter was written, the number of times the person was reminded and the result. Up until a few years ago, a coded number was used in the immigration system. It is now known as a legacy number. It has been discontinued. There is now a different code. It is not possible for me or any other public representative to understand what the code represents. It could mean anything. It could be sensitive information. In any event, one does not get it. It was easy to deal with the queries in the older system as things were simpler to identify. Broadening the system is fine but if that means a diminution in confidentiality, it will cause a problem. I hope I am wrong but I have my doubts about it. If it takes four, five or ten years to perfect it and integrate it into the system, that is not in the interests of anybody, particularly the patients who may be waiting.

I will finish with my regular gripe in respect of the medical card system and the information system that comes from there. One has to repeatedly remind people in that regard. It is almost as if one is infringing on their privacy in order to get information one already has.

We are so mindful of the vital importance of data security and confidentiality. There absolutely will not be generalised access to our individually identifiable healthcare records. Access to records would not even be campus-wide in any hospital. The health and social care professional as an individual would have to have a direct, immediate and legitimate interest in your care and treatment. That will be managed very carefully.

On roll-out, we have learned a lot of lessons from other countries. Estonia has a facility where its citizens can access a lot of their government information. They can access health records directly online. On the side of the screen, there is an audit so there is a record of all other people who have accessed the record. Then there is a facility for the person to report that they are concerned about it. They might see it was their pharmacist, which is okay, and their doctor and surgeon which they knew about and so on. We will build in that auditing and transparency. We will do everything we need to do to ensure confidence and the security of the data.

Oh I know, but we can learn a lot. I do not like that we are behind other countries in the digitalisation of health but there are also huge advantages. It is very interesting for us that the European ambitions around digital health are being clarified at this time because we can frame that. We want to deliver value, not only in the context of our own territory but we will have summary care records that will be read all over Europe and we will have e-prescriptions in a few short years that can be dispensed all over Europe. We can mind Europeans when they are here and be minded when we are there. There is huge value to that. Again, I am not an expert but there are secure data-processing environments and arrangements that are becoming increasingly common where you do not have the honey-pot type database at all but rather a live draw-in from different systems to aggregate the relevant information in a summary care record in a shared-care record. I assure the Deputy we share his prioritisation of security and confidentiality, and access will be very limited, but it will be there to facilitate integrated care and team working across health and social care around the needs of individuals.

The logical approach would be that might happen but those hospital number systems have been built up over time and it might take some time for the individual health organisations to phase them out. The way it should work is that you would have two unique identifiers, the PPSN which is the public-facing one which you give at the desk and for verification purposes, it is backed up by the IHI. On communication between the hospital you attend first and the next one, the PPSN will be the number that is on the correspondence. It may also have the IHI, if necessary. But there should no longer be the medical record numbers following the patient around the system. It will be the PPSN that follows them.

That is work done between the HSE, the Department of Health and the Department of Employment Affairs and Social Protection. There is a public service database that includes all of us and our PPSNs and that has been populated with IHI. When we say it has been assigned, it has been assigned in that back catalogue.

Yes. The legislation was enacted in 2014 and we are now in 2023. It has been commenced on a phased basis to allow that to happen. They are required to use it but that is on the proviso that they actually have it. As Mr. O'Connor said, it is that seeding or embedding process. We all have an IHI that was centrally generated by the HSE because it has responsibility under the Health Identifiers Act for doing that. The next stage, which has proven to be complex and challenging, is to seed that into the system. I was at my GP practice two weeks ago where my GP was able to call it up. What was missing from my information was the IHI.

It called up my PPSN, my name, date of birth, etc. The IHI is the last link in the chain, as it were. Given that the IHI has a database underpinning it, which includes the PPSN, I imagine that sometimes it seems rather convoluted by when the legislation was enacted in 2014, the IHI was at the apex of what was called an identifier data set.

It is what a GP would hold, which is name, date of birth, sex and nationality. It includes the PPSN. The IHI is the remaining component that must be put in.

I agree with Deputy Shortall's instincts. She is articulating the policy as reflected in the Bill. This is what Deputy Shortall is asking for and it is what we support very strongly. It is a simplified approach whereby we as individuals can connect and provide a PPSN in any of the sites. This is the simple approach. We can build on the skills. The teams in the HSE delivering on identity management are moving to incorporate the PPSN and have it baked in. This is one of the saving graces of the earlier legislation. The Health Identifiers Act provided for six keys, including forename, surname, date of birth, gender and PPSN. We can build on this. In what people will experience of the health service, the IHI will not feature too much. It will be the PPSN that is brought to each encounter.

There are several areas I want to cover. The first is the IHI and it is like wading through custard talking about it. On the IHI, I agree with Deputy Shortall that we have all come to a conclusion that the direction of the legislation is that the PPSN is the core identifier. Earlier it was said that sometimes PPSNs are wrong or that people might have two of them. Having two unique identifiers will double the possibility that there will be a data error. Identifiers can be wrong too. It was said that various hospitals were, in the past, generating their own IHIs. It seems like a tautology to have two unique identifiers and they are naturally in conflict. I have a couple of questions on this.

The obvious question coming from the consensus at this meeting is whether we are actively looking to phase out the use of IHIs. Are we possibly not doing this because we have commissioned quite a lot of ICT in recent years that relies on IHIs? Is this a fair statement?

I am not 100% sure whether it is but we know from discussions that, particularly where patient safety is concerned, rather than increasing the risk of wrongly identifying we will reduce the risk by having a backup number that also serves as a unique identifier. I disagree that it increases the risk. I believe it reduces it but that is my view.

If it proves necessary but we have no reason to believe it is. One of the first things the HSE did when that legislation was passed was to set up an identity management project. It is only this team that can issue an IHI. There had been some speculation before the legislation was enacted that a hospital could issue an IHI but that would mean there was no integrity in the system. It is only the HSE that issue it.

I want to go back to access for research. I am unashamedly coming at this from a position where I would like to see a lot of access. I want to protect everybody's privacy and see disaggregated data of course but I would like reasonable access for researchers. I went down a rabbit hole on data matching and how some of it works. Will the witnesses provide some detail on how accessible disaggregated data would be? What type of permissions does it require?

We are giving effect in a way to the data access, storage, sharing, linkage, DASSL, model that emerged from the Health Research Board, HRB. It is intended to support population-based, high-quality research of scale. We envisage there will be governance arrangements through which researchers or other interested parties, such as scientists and policymakers, could submit requests for particular data sets. The national health information authority would have access to the data at an individualised level and would be able to match data on the basis of IHI moving to PPSN. After the matching of the data, it would generally be totally anonymised or perhaps pseudonymised if there was a case for that. That would be made available for the purposes it was requested for.

The legislation provides that this will be the responsibility of the NHIA. We are very much aware that Dr. Avril Kennan appeared before the committee on 25 January and made a very impassioned and positive plea for information to be available for health research, with which we very much agree. We also did the health research regulations in 2018. The purpose of Part 3 is definitely to ensure health information is available for health research purposes. It will be on an anonymised or pseudonymised basis, which seems appropriate. It will not rule out the possibility of health researchers also being able to get identifiable information, with the consent of the individuals concerned.

It will not be the case. If a researcher is to approach the NHIA to provide the type of detailed information set out in head 25, the authority can make the decision to give that information. It would, therefore, be important to allow access on an anonymised or pseudonymised basis. It will be important that there are clinical people engaged and people familiar with health information in the NHIA. It will be a broadly-based organisation. It does not have to go to the DPC every time it receives a request for information.

It is always open to go to the DPC. In the Bill, a very strong engagement is set out with the DPC. That goes to public confidence. If there was a particular issue, for example, genetic information, it may in the early years after it is set up want to ensure the DPC has an input or consultation role. We do not rule it out but it is not required.

I mentioned the idea of data access and Deputy Hourigan referred to researchers. On the surface, it all sounds very good but I asked about the likes of insurance companies and whether they would be one of the stakeholders. For instance, if there are researchers and the eircode, etc., is known, could there be a negative impact? For instance, in a particular area, such as a deprived area or an area with high levels of obesity, it may be more difficult for someone living there to get access to private healthcare. Another example would be an area with a high number of smokers and lung cancer rate. There are positive elements we as legislators can respond to but there could also be a downside. Some people have concerns about this. For instance, when there was talk of a public service card, there was a lot of pushback because some people legitimately felt we were moving down the road of a national identification card, more information and a Big Brother state. Deputy Durkan spoke about other regimes and how they use that. There was pushback; we recall the conversations at the time. It was said someone does not need a public services card but it is hugely problematic to try to get a pension or other services if he or she does not have one. There are many positives on the road we are going down. For instance, there are long waiting lists at the moment. In the future, if people are waiting for an operation, will they be able to use their PPSN to find out whether they are 160 or 10,060 on the list under this system and perhaps go somewhere else that may be available? At the moment, they do not really know where they are on the list unless some Deputy perhaps asks a question and they are told they might be waiting for two years, five years or three months, depending on where they live. There are many positives to it. Do the officials see those positives in the way the system will develop? There can be negatives in how we use that research as well. I have other questions but I am conscious that we are trying to go into private session. Do the witnesses wish to respond on security cards, etc.?

Both in the health information Bill and to align with the regulations proposed at European level and the EHDS regulation, there is a list of when anonymised data is accessed by research, what it can be used for - permissible purposes and prohibited purposes. At EU level, we have been working to try to ensure that among those prohibited purposes is access by an insurance company or mortgage broker for non-health-related purposes to potentially increase premiums. We are actively working to ensure that type of use of research data and anonymised or personalised data is not accessed by those entities.

I get the idea of building a system. Witnessed referred to the IHI and stated that number will not be used. Whether we change it to the PPSN, we are building a system that can itself read. It can update itself. It is not impossible for computers to read 20 numbers or whatever else; that is what computers do. Humans are not as good at it. If a system is built, it can be added to and changed and so on. I presume that is what the Department was trying to do with the original IHI. It did not have permission to use the PPSN. The new legislation will move towards that and whatever else we develop in the future.

Absolutely. Simplification is an important part of this. I reassure the committee that eircodes and PPSNs are to support the provision of direct care. It is not for secondary purposes. When we say data for research or analysis or even whether an insurance company is interested or a policymaker or a doctor with a special interest in outcomes arising from particular interventions, they would be pseudonymised and anonymised. The eircode and PPSN will be the first things removed, along with names and addresses. There could be some interesting area-based analysis, which would be legitimate and would not compromise any individual's privacy. Eircodes and PPSNs will be hugely transformative. They will be a crucial part of how the RHAs will roll out. At the moment, there are waiting lists but they are lists of procedures being waited on, rather than people waiting on services. To get the PPSN across all those waiting lists and understand in a case where an individual is low on this list and that list, they are on all lists so their prioritisation may be recast and they could be brought in quite urgently. The eircode has obvious benefits at planning level and in assigning waiting lists to the management of RHAs and the local areas below them. We think they will be really helpful.

It will undoubtedly be the case that the information held by the NHIA can supplement and complement the information that the Department has. It will be a national body and will have significant powers to get information from across the spectrum of the health service that we cannot get at the moment.

Someone mentioned the frustration with parliamentary questions and how a great deal of data are not available. Let us say I tabled a parliamentary question about the incidence of diabetes in the greater Dublin area. Presumably, the Department would not have to go through the authority to get permission to respond to that question. Can the Department continue to access whatever health data are currently in the system?

Absolutely. As a further safeguard, we have stressed the point that access to information held by the NHIA will be anonymised and that we will be creating a criminal offence of attempting to re-identify an individual from that information. These are important measures from the point of view of public confidence.

The Deputy is correct in that the authority will not impact adversely on any information that is in the system. It should serve to increase the information that is available to answer parliamentary questions.

Yes. I gave an example of insurance companies. If someone lives in a particular area where there are a number of break-ins, his or her insurance premium will increase. In this instance, if someone lives in an area where there are many people with obesity, for example, it follows that insurance companies may point to that and it could be a negative.

The Bill contains specific provisions that prohibit the use of health information for particular purposes, including the insurance premiums the Cathaoirleach just described. The EHDS does the same. We do not want this information to be used as a means of discriminating against or targeting people in any way. We are mindful of the fact that the committee has given us an early engagement on this Bill and we will consider how to reflect the points raised by members in the Bill as drafted and implemented.

Perhaps we will end on that positive note. I thank the Department for assisting the committee in its pre-legislative scrutiny of the health information Bill. We will be in touch with the Department shortly about this matter.

I propose that the committee suspend and then discuss the matter in private session. Is that agreed? Agreed.