Mr. Muiris O'Connor:

I begin by thanking the committee for inviting us here today to talk about the health information and patient safety Bill. This Bill aims to facilitate efficient and effective health information systems in the interests of enhancing our capacity to utilise data and information to plan and deliver safe quality health services.

I would like to introduce myself and my colleagues. I am Muiris O’Connor, assistant secretary in charge of the research and development and health analytics division in the Department. It is a new division, which was established in 2015, and reflects the importance that the Department attaches to information, research and eHealth. I am joined by Mr. Kieran Smyth and Ms Louise Kenny from my division's research policy unit. Ms Bernie Ryan and Mr. Peter Lennon are from our corporate legislation unit which has put the various elements of the general scheme together.

Dr Kathleen MacLellan is the director of the newly established National Patient Safety Office in the Department. Specific patient safety policy objectives in Parts 6 and 7 are intended to promote a culture in health care where there is open acknowledgement, reporting and learning from adverse incidents when they occur and where health care activity is regularly clinically audited to ensure that areas of poor practice are identified in order to support quality improvement. These parts were dealt with previously by the then Joint Committee on Health and Children and the points made are being considered in the Department. Part 9 which forms parts of today’s proceedings has the specific patient safety policy objectives to extend HIQA’s remit to the private health service.

Given the range and size of the health information and patient safety Bill, I do not intend to go into details on all its provisions in my opening statement but will set out the key principles and also use the statement as an opportunity to briefly outline the broader context of what we have in mind in terms of health information policy generally. My colleagues and I are, of course, very happy to answer any questions that the members have on the Bill. I hope that this approach is agreeable to the committee.

The key objectives of the Bill are to support a number of health service goals by providing an enabling legal basis in the following areas. The first objective is to support the development of better information systems, information capacity, data quality and the eHealth agenda. This will be done mainly through the provisions on prescribed national data matching programmes and prescribed national health information resources and by the provisions on setting standards to support the electronic exchange of information and best practice in the management of health data. Data matching is where personal information collected for one purpose by one organisation is subsequently matched with data collected for another purpose by the same or another organisation. Health information resources in the general scheme are defined as registries, databases, indexes, etc., that contain personal data.

The general scheme provides for the Minister to prescribe a health information resource or a data matching programme where he or she is satisfied that the purpose is of significant health importance. A person who operates a prescribed health information resource or data matching programme will be able to require the provision of relevant personal information. The provisions on prescribed data matching programmes and health information resources are very detailed in the general scheme, reflecting the intention to carefully regulate these areas, and the Minister must consult with both HIQA and the Data Protection Commissioner before prescribing a programme or resource. The resources and or programmes will operate under HIQA standards. The aim is to ensure a clear and certain governance structure for the operation of the prescribed programmes and resources in a way that balances the needs of a modern integrated health service for relevant information, which benefits everyone, with the need to have regard to the privacy considerations of individual data subjects.

Another objective of the Bill is to encourage health research in Ireland. Health research is extremely important for innovations in health care that can directly benefit the patient and the health system and there are also benefits for the economy in terms of jobs. EU law already governs research ethics approval for clinical trials of medicinal products for human use and medical devices and the Bill will not apply to that research. What the Bill will do is to provide for a new voluntary research ethics structure for other health research. The purpose is to have a more streamlined system and to avoid fragmentation which can happen at present. This more streamlined system for research ethics approval will be through HIQA-approved research ethics committees.

There is also a separate tightly controlled data protection consent exemption for certain health research in limited and specified situations. Only a researcher using the new research ethics approval structure will be able to apply for a data protection consent exemption. The general scheme provides that the decision on the consent exemption will be for the Data Protection Commissioner.

The third objective is to strengthen patients' rights in relation to their health information in specific areas. Measures include ensuring that a patient's health record at the patient's request can follow the patient from one health care provider to another, which is essential for effective continuous clinical care; requiring that the patient is made aware of arrangements for his or her health records when a health services provider is closing down or retiring; and creating an offence in relation to the buying and selling of personal health information by those who obtained it in the course of employment or business or in a professional capacity.

The final key objective is to enhance patient safety measures. Patient safety and quality are at the heart of our health services and it is important to keep patients and service users at the centre of everything we do. Delivery of health care is, however, inherently risky and while it is inevitable that things go wrong, there is much that can be done to prevent harm or error, identify and act when that occurs and to learn from it to improve services.

I referred earlier to Parts 6 and 7 which are intended to build a positive patient safety culture where reporting and clinical audit are part of the clinical governance agenda and can provide the evidence for assuring the quality of clinical care, drive improvements where required and inform health service planning. In addition, health professional regulatory bodies and other regulatory bodies will be enabled to share information with each other for the better performance of their statutory functions.

As the members of the committee will be aware, HIQA has played a major role in recent years in driving improvements in patient safety and quality across a number of areas of the health system, in relation to the provision of services for older people, for people with disabilities and in many facets of our public hospitals. However, at present HIQA has no role in relation to the regulation of private hospitals. The Bill being considered today will rectify that situation, bringing the private sector within the scope of the Health Act 2007, allowing HIQA to set standards and monitor performance against them, as well as undertaking investigations in the same way that it does for the public system. This development is part of the Department's phased approach to regulation in health care, and in particular the introduction of a legislative framework on hospital licensing. This will involve the creation of a system whereby both public and private hospitals, as well as certain designated high-risk activities, will require a licence from HIQA in order to operate.

These provisions form part of a number of initiatives to improve the governance and management of patient safety and quality in general. The national patient safety office, which was established two weeks ago in the Department of Health, will provide required patient safety policy leadership and will lead the programme of major patient safety reforms agreed by the Government last November.

Before turning to the broader health information policy context, I should say that in its development the general scheme was the subject of considerable engagement with HIQA and the Office of the Data Protection Commissioner and we will, of course, continue that engagement. I mentioned the broader context. As the committee is aware, the health system is necessarily information intensive. The right information needs to be in the right place at the right time for both patient care and health service management. If we cannot achieve that outcome, we will not succeed in achieving a health service fit for purpose. The health information and patient safety Bill is, therefore, part of a bigger information project in the Department. We have already begun work on a framework for a new health information policy. The last time that was done was in 2004 with the national health information strategy and much has changed since then. One of the key issues is about how we protect and safeguard people's health information which is fundamental to building public confidence. A core part of our information policy development process is, therefore, to examine the different perspectives that exist in relation to greater information sharing in our health system.

In all of that, we are very aware of the new EU data protection regulation which becomes effective in May 2018. Unlike most EU regulations, which are self-implementing, this regulation has scope for member states to introduce their own legislative rules on processing of personal data. It is worth making the point that the inclusion of that flexibility in the regulation is most likely a reflection of the differences that exist in the health systems of EU member states and their information cultures. The nature of that diversity and the historical, cultural and legal reasons for it are something to be borne in mind when looking at information systems and data protection regimes in other countries, even other EU countries.

In relation to the health information and patient safety Bill and the EU data protection regulation, it is important to point out that the general scheme was being prepared at the same time as the regulation initiated by the EU Commission in January 2012 was being considered and amended by the EU Council and EU Parliament. While careful attention was paid to developments on the regulation in the preparation of the general scheme, the latter was finalised before the former and we are mindful of the need to ensure that there is no inconsistency between the two as we progress the Bill. In that context, the Office of the Data Protection Commissioner has raised a concern about its role in making the decision on the health research data protection consent exemption. We acknowledge and understand the point made and we are examining it.

I hope my opening statement has been helpful and I look forward to the committee’s questions. I have outlined a clear set of health information and patient safety requirements for a framework which will provide for a health system built on a solid foundation of data and information. The Bill will ultimately allow our health system to utilise data and information to plan for the future and to monitor its performance in the achievement of clinical outcomes and population health. This health information approach will lead to a health system which is more person centred, planned in line with population need and informed by trusted data ensuring that it has the capacity to benchmark and evaluate itself in real time.