Chairperson, members, on behalf of the Health Information and Quality Authority (HIQA) I would like to thank you for the opportunity to address the Joint Committee on Health this afternoon. (As the Chairman noted) I am joined by my colleagues Mary Dunnion, Director of Regulation and Chief Inspector of Social Services; and Rachel Flynn, Director of Health Information.

We are pleased to be here today with the Data Protection Commissioner to discuss the Health Information and Patient Safety Bill 2016. I will keep my statement short to allow as much time as possible for questions at the end.

HIQA was established almost ten years ago to regulate Ireland’s health and social care sector and to promote quality and safety in services. Our remit has grown substantially since then; however, our core activities remain the same, that is, to monitor and regulate health and social care services, develop standards, carry out health technology assessments (HTAs) and advise on the collection and sharing of information across our healthcare services. All of these functions are focused on making services safer and better, providing assurance to the public as to the quality of these services and ensuring that the findings of our work are reflected in decision-making at local and national level. Putting the needs and the voices of the people who use these services to the fore is the essence of everything we do.

The Health Information and Patient Safety Bill is a broad piece of legislation that sets out a legislative framework for the better governance of health information and the mandatory reporting of patient safety incidents. The Bill also includes measures to support clinical audit and provides for the extension of HIQA’s remit to private health service providers, including private hospitals and cosmetic surgery clinics. In this instance HIQA will be required to set standards, monitor compliance and undertake investigations. It is an important piece of legislation and we welcome the fact that it was made a priority issue in the Programme for a Partnership Government.

Today, I will discuss the main provisions of the Bill as they relate to HIQA. At the request of the committee, I will not refer specifically to Parts six and seven, which underwent pre-legislative scrutiny by the Committee on Health and Children in the 31st Dáil.

Health information plays a vital role in improving patient safety. Better information means better decisions and better, safer care. While information plays a vital role in improving patient safety, it is important that information is governed correctly and personal health information is protected.

Unlike other European countries, Ireland currently does not have a legal framework around electronic health records or a national information governance framework for the sharing of information across the public and private sector. Personal health information is currently governed by Irish data protection legislation, but from 2018 it will come under the General Data Protection Regulation (GDPR), which provides for a harmonisation of data protection regulations across the EU. Notably, healthcare data under the GDPR will be subject to a higher standard of protection than personal data in general. Many EU Member States will have national provisions that apply directly to the healthcare sector.

HIQA’s Health Information Directorate is currently responsible for developing a coherent and integrated approach to health information. We set standards for all aspects of health information based on international best practice. In 2017 we will commence a programme to monitor compliance with health information standards in order to drive improvements in the governance, quality and use of data held by national data collections. In addition, we evaluate the quality of the information available on health and social care and make recommendations on how to address gaps where information is needed but is not currently available.

The Health Information and Patient Safety Bill sets out the legislative remit for a number of important health information initiatives and, in a number of cases, assigns additional functions to HIQA, including to the private sector as regards the management of health data. As required, HIQA will be asked by the Minister to set standards in several areas, including for the electronic exchange of health information, for the management of health data held by health services, for data matching programmes and for health information repositories such as national registries.

Furthermore, HIQA will be tasked with monitoring compliance with a number of these standards and will advise the Minister and the Commissioner on any breaches in this regard. However, in relation to standards on the electronic exchange of health information (part two of the Bill), the HSE will be required not only to follow the standards once approved, but to report to the Minister on the extent to which they have been implemented and observed.

As regards enforcement, covered in part ten, most breaches of the provisions of the Bill dealing with personal data and personal health data will be dealt with by the Commissioner. However, summary proceedings for offences relating to false or misleading statements may be brought and prosecuted by HIQA.

The Health Information and Patient Safety Bill contains many positive initiatives; however, while it makes advances in providing an information governance framework for the management of health data, it does not address the sharing and collection of data within the private sector.

In addition, further legislation is required to enable the sharing of electronic health records and advance the eHealth agenda in Ireland, as set out in the eHealth Strategy. While there are many benefits to implementing eHealth solutions, there are also some challenges, particularly in terms of information governance and upholding the privacy rights of individuals. Other EU member states address this through legislation in order to achieve semantic, technical, organisational and legal interoperability.

Research ethics is covered in part three of the Bill. A new framework for research ethics governance for research other than clinical trials is proposed, whereby the intention is to improve the approval process, creating a voluntary, national, streamlined structure. HIQA is to become the ‘single point of contact’ for health researchers in its role as supervisory body for approved research ethics committees (ARECs). Proposed national legislation will confer a similar supervisory function on HIQA with regard to research ethics approval for clinical trials. It is important for the efficient operation of research ethics committees that the requirements of both systems of research ethics approval and governance are harmonised as much as possible.

Part nine outlines amendments to the Health Act 2007 to extend HIQA’s powers to private hospitals and certain private services as regards setting standards, monitoring compliance and undertaking investigations. ‘High risk services’, where general anaesthetic is administered in the treatment of patients, are included.

Based on our research on healthcare regulation internationally and our experience of regulating services provided and funded by the HSE, HIQA strongly supports the proposal to introduce a system of regulation to the private health sector.

However, it should be noted that the regulatory system in Ireland varies significantly to those in place in other countries as regards regulatory reach, monitoring and enforcement. The current programme, as funded by the Department of Health, merely allows for targeted monitoring in high-risk areas. To date our programmes have focused on inspecting nutrition and hydration care in hospitals, reviewing how public acute hospitals are tackling antimicrobial stewardship and monitoring acute hospital’s compliance with the National Standards for the Prevention and Control of Healthcare Associated Infections. We have also conducted a review of pre-hospital emergency care services, including ambulances, and an inspection of the child protection and welfare services provided to children living in direct provision accommodation.

Whilst we believe that this Bill potentially provides for greater oversight of private sector compliance with nationally-mandated standards, it is important that members of the Oireachtas and the public realise the limitations to HIQA’s legal powers. The proposed Bill does not confer HIQA with the same powers of registration, inspection and enforcement that we have in the social care sector, e.g. in nursing homes and disability centres. It is for this reason that we have worked with the Department of Health over many years to progress the Patient Safety Licensing Bill, which provides for the introduction of a more formal programme of regulation to private sector services. Furthermore, it must be noted, and understood, that the conclusions and recommendations HIQA issues on completion of an investigation are not, and, under this Bill, will not be legally binding.

The extension of HIQA’s remit in several areas, and amendments to the way we work under the Health Act 2007 will have considerable resource implications and HIQA will be required to take on a number of additional staff with specialist expertise. Much preparatory work is required in advance of the commencement of the new functions and as such sufficient staff must be in place at least six months prior to the commencement of any relevant legislation.

To conclude, HIQA is generally supportive of the Health Information and Patient Safety Bill with a view to improving quality and patient safety, notwithstanding the reservations I have outlined. Indeed, it is paramount that this legislation focuses on the patient, rather than on the institution. HIQA will work closely with the Department of Health and the Oireachtas to prepare for the enactment of the Bill. I wish to thank members of the committee for inviting us here this afternoon and we would be happy to answer any questions you may have.

ENDS