Analysis: health authorities face many technical, financial and data protection challenges in delivering an integrated digital health system in Ireland

We may have a right to our personal health information, but Ireland's current basic system makes it difficult to access this. It took a pandemic and emergency legislation to get electronic prescriptions up and running, but we're still a far cry from the digitally connected health service that we urgently need.

A patient portal would be a relief for those facing paper-based and fragmented systems that dont always communicate. It would ease the worry that crucial information about their health might be missed somewhere along the way, and reduce reliance on faxed reports or a patient's own memory. And it would increase the efficiency of how healthcare professionals work.

During the pandemic, countries like Denmark, Norway and Estonia benefitted from existing patient portals and digitally connected health systems. This allowed people to book tests, see their results, book vaccinations online and download vaccination certs, which automatically reflected additional booster shots, immunity from infection or a negative test result. Meanwhile, people in Ireland had to pay for private antigen or PCR tests to get a negative result required for travel, because the text message from the HSE-provided service couldnt be used as proof.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's Drivetime, CEO of St James's Hospital Lorcan Birthistle talks about ehealth and the introduction of an electronic health record system

While there have been developments in electronic systems at a local level, such as in GP clinics or individual hospitals, were in a scenario where a lot of things are siloed. "We might have electronic systems, but we don't have that shared care record", explains Dr Orla Fennelly, researcher at the Irish Centre for High-End Computing.

There is a recognition that Irelands health information services need radical transformation. To get there, the development of a national electronic health record (EHR) is central, but we cant do it without assigning everyone in the country a unique, individual health identifier (IHI).

The health record is a cornerstone of the "eHealth" strategy for Ireland, the first of which was published in 2013, and is one element of Sláintecare's ten-year vision to reform health and social services in Ireland. The Sláintecare Implementation Strategy and Action Plan for 2021-2023 highlights eHealth, the rollout of individual health identifiers and a shared health record as ongoing projects.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ News, report on the heated exchanges at this month's Oireachtas health committee over delivery of Sláintecare reforms

For example, St James's Hospital in Dublin made the leap from paper to digital in 2018. A large digitisation of records now shows a patients medical history, test results, medications, conditions and treatments in one easy-to-access system across the hospitals various departments.

The "biggest barrier" to the creation of a national EHR, says Fennelly, is that Ireland doesnt have a unique patient identifier. This single number, which she says is "critical", is used to safely and accurately identify an individual and their health information throughout their lifetime. It was legislated for in the 2014 Health Identifiers Act and is is being used, albeit very slowly (PPS numbers were used for the most part during the rollout of the Covid vaccine).

But it's clear that the public are eager to see it happen. Findings from the National Public Engagement on Health Information published by HIQA last year, showed 86% of people surveyed would like to have access to their own digital records via a national patient portal. 99% of respondents said a hospital doctor should be able to access their health information electronically.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's Drivetime, HIQA's Director of Health Information and Standards Rachel Flynn on the introduction of electronic health records

There are many obstacles, however, to implementing an e-health record. These include tech infrastructure, training, data protection and privacy considerations, funding, legislation and governance, as well as public engagement, trust and understanding.

A timeline for when Irish citizens might have the benefit of a national electronic health record is unclear. The Department of Health says electronic health records "are part of a long-term programme of work to be deployed over a number of years." It said EHRs will be deployed at the National Forensics Hospital and the National Rehabilitation Hospital next year, while the new Children's Hospital will be digital-first and going live with an EHR when it opens in 2024. There is also continued deployment of EHR in maternity hospitals and units nationwide on an ongoing basis.

The pandemic has accelerated the development of some aspects of ehealth, such as ePrescriptions and online consultations. It has also sped up the rolling out of the individual health identifiers. The department said IHI was widely utilised as part of the national vaccination programme and the EHR will use this as the key patient identifier as systems are deployed.

As we've learned from health projects in Ireland, the rollout of ehealth will not be cheap

As we've learned from health projects in Ireland, the rollout of ehealth will not be cheap. In a recent report, the ESRI estimated Ireland has consistently spent less of the health budget on health information systems and information and communication technology compared to other European countries.

The Department of Health says the 2022 National Service Plan, which is due for publication soon, has allocated a total of €333 million for ICT and eHealth this year. Almost €15 million of this will be allocated specifically for electronic health record projects. But despite overall increases in funding since the first eHealth strategy in 2013, Ireland still spent just 0.8% of the public health budget as of 2021 on eHealth and health technologies. This is much lower than similar sized countries, who spent up to 3%.

A move from paper will bring huge benefits for patients and healthcare professionals alike, but there are clear risks to data protection in going digital. Last year's cyberattack on the HSE affected thousands of patients across the country and resulted in a total IT shutdown.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's Today With Claire Byrne, Det Chief Superintendent Paul Cleary on the cyberattack on the HSE

While it's important to recognise the HSE was the victim of cybercrime and considerable effort was made by personnel to respond to the incident, there are other issues to consider. A PwC report, commissioned by the HSE in the aftermath of the attack, highlighted that the organisation "is operating on a frail IT estate that has lacked the investment over many years required to maintain a secure, resilient, modern IT infrastructure."

The report said the State body "does not possess the required cybersecurity capabilities to protect the operation of the health services and the data they process, from the cyber attacks that all organisations face today. There were several missed opportunities to detect malicious activity, prior to the detonation phase of the ransomware". The report added that the organisation "remains vulnerable to similar or greater attacks."

"I mean, how more damning than that can it get?" says Dr Maria Grazia Porcedda. "Everything that could have gone wrong, went wrong there." Cybersecurity is a complex and evolving area and the legislation around it is relatively recent, says Porcedda, who is Assistant Professor of IT Law at Trinity College, Dublin.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's The Business, Pat Moran from PwC on the stark findings of their report into the HSE cyber attack

There are no reliable cybersecurity figures, so it's a massively underreported crime. Prosecutions are particularly difficult, Porcedda explains, and the expenditure needed is open-ended. The International Telecommunications Union publishes an annual cybersecurity index: Ireland ranked 46th in the world and 28th in Europe overall in 2021.

But that's not the full story. "When you look at it more closely, then the situation becomes more and more nuanced," Porcedda says. Ireland is not a party to the 2001 EU Budapest Convention on Cybercrime, but introduced legislation in 2017 with the Criminal Justice Act, in a step towards ratification. In 2018, Ireland also transposed the 2016 EU Network and Information Security directive into law.

Robust IT systems are crucial when it comes to cybersecurity concerns and protecting people's data in a digital health portal. Data can be misused, making the collection of personal health data "a constant game of assessment of the risks and the kind of measures that may need to be taken to protect this data," says Porcedda. "Sometimes the misuse is not immediately apparent. So sometimes you can overprotect and the risks arent actually as likely as you would expect them and sometimes you can under-protect and then you can face very serious consequences.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's Drivetime, do EU member states need to act together to protect our public services from cyberattacks?

"The data that you don't collect is not lost. The data that you secure is more difficult to access and with all layers of protection in place, you're going to make it really difficult for the attacker. This was the problem with the HSE attack."

The HSE accepted the key recommendations from the PwC report and has deployed additional protection measures to improve cyber security defences. The HSE told RTÉ Brainstorm it is now working with "international and national cyber security experts" to protect against future attacks. It has also deployed a number of measures including greater email security, reduced access to external partners and implemented controls to monitor and manage threats to its network. Further, it says the service plan for 2022 outlines capital funding of €62m and €43m of additional funding for cyber initiatives, which compares to €37m last year.

While the cyberattack caused enormous difficulties for the health system and exposed flaws, all roads still point to a digital system being the most efficient way to go to achieving an integrated, modern healthcare system. There are also benefits at a national level to collecting all of this aggregated health data, beyond individuals having access to it, particularly when it comes to making data-led health decisions on what services and care are needed.

"Cyber attacks are always a risk, but paper records are as huge risk as well. Repetitive use of information, critical healthcare information being lost because it's on a paper record, so there's huge risk to not having this system," Dr Orna Fennelly explains. "Things that were taking years, they happened within months during Covid and I think people now say 'look there's no excuse, we can make it happen when we try'."


The views expressed here are those of the author and do not represent or reflect the views of RTÉ