Healthcare Identifiers Act and Service Review - Final Report - June 2013

2.1 Governance

Page last updated: 28 November 2013

Role delineation

Discussions with NEHTA, DHS and DOHA highlighted a number of functions where there is insufficient clarity about the roles and responsibilities of the various partners involved in delivering the Service. Interviews highlighted a certain degree of fragmentation, and in some cases duplication, between functions that is impacting the efficiency of some processes, communication, decision making and governance.

This is perceived as a lack of transparency by stakeholders, which impacts confidence in the operation of the Service. This is reported to have become more of an issue since the Service transitioned to the Business As Usual operation. Examples of areas of roles and responsibilities that would benefit from further definition and formalisation are: development and maintenance of information collateral, customer management, Healthcare Identifiers product development prioritisation, and policy development.

There are other functions, such as clinical safety, where responsibilities are clear but would benefit from further developing the processes between DHS and NEHTA (for example, to agree on a referral process so that DHS refers all issues that may have a clinical safety impact to NEHTA, collaborative investigation processes and escalation processes).

Once roles and responsibilities are clarified it would be beneficial to communicate these widely to external stakeholders.


At present AHPRA’s sole function in relation to the HI Service is as a Trusted Data Source, however there are opportunities to leverage AHPRA’s regular interaction with providers to expand the communication and promotion of e-Health programs. This would be facilitated through the inclusion of AHPRA in formal governance groups.

DHS and AHPRA are working towards finalising a Memorandum of Understanding which will include the requirements for the HI Service. Finalising this would clarify expectations about data, quality standards and issue resolution processes.

Meeting structures and Terms of Reference

The Identification, Authentication and Access Reference Group (IAARG) was the major vehicle for stakeholder input into the Healthcare Identifiers system. The IAARG membership included three jurisdictions, private hospitals, vendors, the Medical Software Industry Association (MSIA), the Australian Information Industry Association (AIIA), consumer representatives, DOHA, DHS and NEHTA.

Meetings became less frequent after the Service became operational and while attempts were made by IAARG in 2011 to review the terms of reference to reflect the change in focus, these were not endorsed. This reference group has now been terminated but information has not been provided to jurisdictions on alternative consultation mechanisms. At the same time there is a high level of frustration from stakeholders that their business requirements and priorities are not being reflected in new releases of the Healthcare Identifiers system. In July 2012, at the National Health Chief Information Officers (CIOs) forum the jurisdictions and NEHTA agreed a revised governance structure but this is yet to be fully implemented.

It is inevitable that there will be changes required to the HI Service as the requirements of these other programs are better understood. This will continue to be an issue as new programs and new uses of the Service emerge. It is critical for the success of the HI Service and the wider e-Health agenda that governance structures are in place to enable rapid access to people with expertise in the business requirements of end users to ensure appropriate design decisions are made.

It is also important that the membership of these committees reflects the highly integrated nature of the Healthcare Identifiers system with other e-Health systems to prevent disconnects between programs that may impact the utility of the HI Service.

The National Health Information Regulatory Framework (NHIRF) working group has not been meeting regularly, but would be a valuable mechanism for resolving issues around interpretation of the Act and communicating this to stakeholders to increase the level and consistency of understanding.


The interdependencies between the HI Service, the PCEHR system, and other programs like Secure Messaging and NASH require a close collaboration between NEHTA, DHS and DOHA to manage dependencies and incidents effectively and plan future development. The scale of the e-Health strategy and the number of organisations who are an integral part of delivering these programs make this very difficult to achieve without integrated governance and process frameworks. Currently, different programs have separate governance structures, management and support processes. These present a navigation challenge to end users. At the same time, it is a challenge to manage communication, stakeholder engagement and benefits management so that changes made in one program will not negatively impact the operation of another.

This environment will become even more complex as additional programs start to be rolled out that have a dependency on the HI Service. Co-ordination of contractual terms and obligations, Service Level Agreements (SLAs), support structures, help desks and communication, engagement and change activities to ensure all services operate as an integrated whole from a user perspective will be very important to promote utilisation.

Recommendation 1 – Governance

It is recommended that roles and responsibilities of all organisations contributing to the full end to end management process for the HI Service be reviewed to ensure that responsibilities and accountability for all aspects of the Service are clear. These should be formalised in appropriate contracts/agreements, and communicated to all stakeholders. In particular the following responsibilities and management processes should be further refined:

      • Policy development and advice
      • Legal review and risk assessments
      • Support call procedures and handoff processes between service desks
      • Healthcare Identifiers Service assurance
      • Communication and stakeholder engagement.

Recommendation 2 – Governance

It is recommended that governance structures be reviewed to assist closer integration of the governance, development and operation of COAG and PCEHR programs of work.

Recommendation 3 – Governance

It is recommended that a process of regular review of governance structures and processes be implemented by DOHA to make sure they remain appropriate as the system moves through different stages of its lifecycle and new dependent systems start to be implemented.

Top of page