MEDIARELEASE

3July2012

PerformanceAuditReport
EmergencyDepartmentPerformanceInformation
TodaytheEmergencyDepartmentPerformanceInformationreportwaspresentedtotheSpeakerfor tablingintheACTLegislativeAssemblybytheACTAuditorGeneral,DrMaxineCooper. ThereportprovidesanindependentopiniontotheLegislativeAssemblyontheresultsofaperformance auditon: the circumstances associated with the alleged misreporting of Canberra Hospital EmergencyDepartmentperformanceinformation; the effectiveness of the Health Directorates systems and processes for reporting EmergencyDepartmentperformanceinformation;and the financial implications for the Territory associated with any potentially misreported EmergencyDepartmentperformanceinformation.

AttachedisChapter1Reportsummaryandconclusions.Thisincludesrecommendations. Thereport CopiesofthereportareavailablefromtheACTAuditorGeneralsOfficewebsite,www.audit.act.gov.au andtheOffice(pleasecall62070833orgoto11MooreStreet,Canberra).

Level 4, 11 Moore Street, Canberra City, ACT 2601 | PO Box 275, Civic Square, ACT 2608 Telephone: 02 6207 0833 | Facsimile: 02 6207 0826 | Email: actauditorgeneral@act.gov.au

1.

REPORTSUMMARYANDCONCLUSIONS

INTRODUCTION 1.1 This report presents the results of a performance audit that examined the circumstances associated with the alleged manipulation and misreporting of EmergencyDepartmentperformanceinformationattheCanberraHospital.

EmergencyDepartmentservicesintheACT 1.2 In the ACT, emergency hospital services are provided at the Canberra Hospital (Woden)andCalvaryPublicHospital(Bruce).TheCanberraHospitalisoperated bytheACTHealthDirectorate.TheCalvaryPublicHospitalisoperatedbyCalvary HealthCareACTLtdonbehalfoftheHealthDirectorate. InJune2011anExpertPanel,whichwascommissionedtoprovideadviceonthe implementation of the National Partnership Agreement on Improving Public HospitalServicestargetsandincentives,reported:
Emergencydepartmentsarethefaceofthepublichospitalsystem,andproblems inemergencydepartments,suchasovercrowdingandambulancequeuesarethe most visible sign of strain on our public hospitals to patients and the general public. In 200910, Australian public hospitals provided almost 7.4 million accident and emergencyservices,withanannualgrowthrateof4.3percentperyearoverthe past five years. In conjunction with the increase in demand for emergency services, there has been an increasing awareness of the extent and impact of emergencydepartmentovercrowding,includingdelaysinpatientcare. Asemergencydepartmentsfilluptotheircapacityandbeyond,staffarestretched between morepatients,ittakeslongerforpatientstobeseen, andambulances beginqueuingoraredivertedasthereisnoroomfornewpatients.1

1.3

1.4

In 201011 the Health Directorate reported that there were 112,213 presentationstoACTemergencydepartments.Thiswasanincreaseof5percent over 200910 figures and represents an overall increase of 15 percent since 200708. TimelyaccesstotreatmentintheACTsemergencydepartmentsisimportantto the ACT community and the timeliness performance of the ACTs emergency departments is a continuing focus of the ACT Legislative Assembly, the media andthebroadercommunity.

1.5

Expert Panel Review of Elective Surgery and Emergency Access Targets under the National Partnership Agreement on Improving Public Hospital Services. Report to the Council of Australian Governments. 30 June 2011, p.21.

CanberraHospitalEmergencyDepartmentdataanomalies 1.6 On 5 April 2012 the Australian Institute of Health and Welfare (AIHW) notified the Health Directorate of some apparent anomalies in Canberra Hospital Emergency Department data that had been provided to AIHW. In response, between9April2012and19April2012theHealthDirectorateundertooksome initialinvestigationsintothepotentialdataanomalies.TheHealthDirectorates initialinvestigationsindicatedthatamoredetailedinvestigationwasrequired. Following the initial investigations, on 21 April 2012 an executive met with the DirectorGeneral of the Health Directorate and admitted to making improper changestohospitalrecords. On 24 April 2012 the DirectorGeneral of the Health Directorate held a media conferenceinrelationtothematter.On27April2012theACTHealthMinister wrote to the AuditorGeneral requesting the AuditorGeneral undertake a performance audit of the Health Directorates data collection, reporting and integrity systems. On 1 May 2012 the ACT Legislative Assembly passed a resolutionwhich,interalia,requestedtheAuditorGeneraltoinquireintodata discrepanciesinEmergencyDepartmentwaitingtimesatTheCanberraHospital. On3May2012,theAuditorGeneralissuedamediareleaseannouncingthatthe ACT AuditorGenerals Office would conduct a performance audit in relation to thematter.

1.7

1.8

1.9

AUDITOBJECTIVES 1.10 The objective of this audit was to provide an independent opinion to the LegislativeAssemblyon: the circumstances associated with the alleged misreporting of Canberra HospitalEmergencyDepartmentperformanceinformation; the effectiveness of the Health Directorates systems and processes for reportingEmergencyDepartmentperformanceinformation;and the financial implications for the Territory associated withany potentially misreportedEmergencyDepartmentperformanceinformation.

AUDITCONCLUSION 1.11 Theauditconclusiondrawnagainsttheauditobjectivesaresetoutbelow.

HospitalrecordsattheCanberraHospitalhavebeendeliberatelymanipulatedtoimprove overallperformanceinformationandreportingoftheCanberraHospitalsEmergency Department.Theverypoorcontrolsovertherelevantinformationsystemmeansthatit isnotpossibletouseinformationinthesystemtoidentifywithcertaintythepersonor personswhohavemadethechangestothehospitalrecords.Underaffirmation,an

executiveattheCanberraHospitalhasadmittedtomakingimproperchangestohospital records.Whilethisisthecase,Auditconsidersthatitisprobablethatimproperchanges torecordshavebeenmadebyotherpersons. ThereisevidencetoindicatethathospitalrecordsrelatingtoEmergencyDepartment performanceweremanipulatedbetween2009andearly2012.Itislikelythatupto 11,700recordsrelatingtoEmergencyDepartmentpresentationsweremanipulated duringthisperiod.Therecordsthatweremanipulatedmeanthatpubliclyreported informationrelatingtothetimelinessofaccesstotheEmergencyDepartmentandoverall lengthofstayintheEmergencyDepartmenthavebeeninaccuratelyreportedoverthis period. Datamanipulation Theexecutivehasadmittedtomanipulatinghospitalrecordsinitiallyin2010andona muchlargerscalethroughout2011intoearly2012.Theexecutivesadmissionof manipulatingrecordsdoesnotaccountforallofthechangesthatweremadetohospital records,wheretimelinessinformationwasimproved.Theexecutivedidnotadmitto makingchangestorecordsin2009.Furthermore,changestohospitalrecordsmade throughout2010andearly2012arenotallaccountedforbytheexecutives admission. Theexecutivesrationaleformanipulatingrecordswasthattheyfeltundersignificant pressuretoimprovethepubliclyreportedperformanceinformationoftheEmergency Department.Inthisrespect,Auditnotesthatthereisasignificantandongoingfocuson thetimelinessperformanceofthetwoCanberrahospitalsmorebroadly,andtheir emergencydepartmentsmorespecifically.AuditalsonotesthattherecentNational PartnershipAgreementbetweenthestatesandterritoriesandtheCommonwealthhas placedanadditionalfocusonhospitalwaitingtimes,targeting$3.4billionininvestment overtheeightyearsto201617onhospitalimprovement.OfthisCommonwealth funding,acomparativelysmallproportion($200millionnationallyand$3.2millionforthe ACT)isdirectlydependentonimprovementstoEmergencyDepartmenttimeliness performance.Thereisaconsiderablelackofattentiononqualitativeindicators,which mayprovideamoreappropriateandroundedassessmentofEmergencyDepartment performance. Managerialpressurewasplacedontheexecutivetoimprovetheperformanceofthe EmergencyDepartment.Thismanagerialpressurereflectsthesignificantandongoing focusonthetimelinessperformanceoftheCanberraHospitalandtherequirementsof theNationalPartnershipAgreement.Anorganisationalchangemanagementagendawas alsounderwayattheCanberraHospitalsincetherestructureoftheHealthDirectoratein early2011.TheorganisationalchangeprocessunderwayattheCanberraHospitalsought toachieveimprovedperformanceandaccountabilityforperformance. Organisationalchangecanbechallengingandconfrontingforstaff.Inrelationtothe organisationalchangethatwasunderwayattheCanberraHospitalthroughout2011,one

stakeholdercommentedtoAudit: Thehospitalisveryresistanttooutsiderscomingin,veryresistant.Inaway, itsaveryprotectedcommunityandithasdevelopedfromasmallregional hospital,youknow,theWodenValleyHospital,tothemajortertiaryreferral centrefortheregion.Andoneofthechallenges...iswhetherthechangehas happenedasitsneededtoforstafftomoveintothatmuchmoreprofessional highpressuredynamicorganisation. Althoughmanagerialpressurewasplacedontheexecutivetoimprovetheperformance oftheEmergencyDepartment,thiswasnotmanifestedindirectorindirectinstructionor guidancetodeliberatelymanipulatehospitalrecords.Furthermore,therewasnodirect orindirectinstructionbyanyotherperson,includingtheMinisterforHealth. Verypoorsystemsandpractices TheverypoorsystemsandpracticesinplaceintheCanberraHospitalandtheHealth Directorateforpreparingandpubliclyreportingperformanceinformationcreatedthe opportunityforpersonstomanipulatethehospitalrecords.TheEmergency Departmentsmanagementinformationsystem,whichisusedtopreparethe performanceinformation,hasverypoorsystemaccessandusercontrols.Thereisalack ofgovernanceandadministrativeaccountabilityforthissystem,whichmeansthatthere isnoidentifiablesystemownerwithresponsibilityforensuringtheintegrityofthesystem andtheappropriatenessofitsaccessandusercontrols. TheverypoorsystemaccessandusercontrolsovertheCanberraHospitalsEmergency Departmentmanagementinformationsystemhaswiderimplicationsbeyondthe inaccuratereportingoftimelinessperformance.Thereareriskstotheprivacyand confidentialityofpatientinformation.Theverypoorsystemsandpracticesalsomean thatthereisariskthattheHealthDirectoratedoesnotmeettherequirementsof Principle4.1oftheHealthRecords(PrivacyandAccess)Act1997relatingtothe safekeepingofpersonalhealthinformation. Auditnotesthatthesamemanagementinformationsystem,albeitanewerversion,is usedattheCalvaryPublicHospital.Therearemoreeffectivesystemaccessanduser controlsoverthenewersystemattheCalvaryPublicHospital.Nevertheless,some featuresofthenewersystemanditsimplementationattheCalvaryPublicHospitalmay alsogiverisetorisksrelatingtotheprivacyandconfidentialityofpatientinformationand thepotentialmanipulationofhospitalrecordstoimprovetimelinessperformance reporting.Thereisalsoarisk,albeittoalesserextent,thatCalvaryPublicHospitaldoes notmeettherequirementsofPrinciple4.1oftheHealthRecords(PrivacyandAccess)Act 1997relatingtothesafekeepingofpersonalhealthinformation. Therewasalsoalackofmonitoring,reviewandassuranceoftheintegrityandaccuracyof theHealthDirectoratespubliclyreportedEmergencyDepartmentperformance information.VariousdatavalidationprocessesareinplacewithintheHealthDirectorate,

buttheseprocesseshavenotbeendesignedtoprovideassuranceovertheintegrityand accuracyofpubliclyreportedEmergencyDepartmentperformanceinformation. Auditnotesthatthecurrentmonitoring,reviewandassuranceprocessesoverthe publiclyreportedEmergencyDepartmentperformanceinformationarenotconsistent withtheapparentimportanceoftheperformanceinformation,asdemonstratedbythe significantHealthDirectoratemanagementandstakeholderinterest. Commonwealthfunding A comparatively small amount of Commonwealth funding under the recent National PartnershipAgreement($3.2millionoverthefouryearstoDecember2015)iscontingent upon the ACT meeting relevant timeliness targets. $0.8 million is contingent upon the ACTstimelinessperformancein2012.Thisfundingmaybeatrisk,asitappearsthatthe ACTisnotmeetingitstimelinessperformancetargets.However,itshouldbenotedthat thisrewardfundingmayberolledoverandprovidedinfutureyearsupto2015. KEYFINDINGS 1.12 Theauditconclusionissupportedbythefollowingfindings:

EmergencyDepartmentperformanceinformation(Chapter2) Between200809and201011,demandforACTEmergencyDepartmentservices hasincreasedbymorethanthegrowthintheACTpopulationandmorethanthe averagenationalgrowthindemandforEmergencyDepartmentservices. Inalljurisdictions,thereisastrongpublicfocusontheperformanceofthehealth system. In the ACT the performance of the two public hospitals is particularly important and this receives significant and ongoing attention from the media, LegislativeAssemblyandthecommunityingeneral. Since 200001, based on the Health Directorates publicly reported performance information,therehasbeenvariableperformanceagainstwaitingtimeindicators, anditisapparentthattherehasbeenanoveralldeclineinperformanceoverthe last ten years. On the basis of the apparent manipulation of hospital records discussed in detail in Chapter 4, it appears that the Health Directorates performancehasbeenoverestimatedduringthisperiod. Thelevelofoverestimationcannotbeestablishedwithcertaintyduetothelack of a clear audit trail identifying what were legitimate and what were fabricated entries in patients records. Nevertheless, Audit estimates that in the latest twelvemonthsforwhichrecordshavebeenexamined(April2011toApril2012), the Canberra Hospitals ATS Category 3 results (i.e. achievements against the target) were overstated by at least 19 percent, and ATSCategory 4results were overstatedbyatleast10percent.

Emergency Department waiting times are reported with reference to the AustralasianTriageScale(ATS).TheAustralasianCollegeforEmergencyMedicine conductedareviewoftheATS,whichidentifiedthattheATSshouldonlybeused to describe urgency and that separate measures are needed to assess quality of care. Emergency Department length of stay is primarily reported against the recently introduced four hour National Emergency Access Target (NEAT), which has been introduced as part of the National Partnership Agreement on Improving Public HospitalServicesagreedtobytheCommonwealthandallstatesandterritoriesin 2011.AnExpertPanelreviewoftheintroductionoftheNEATidentifiedthatthere arerisksassociatedwiththeintroductionofquantitativetargetssuchastheNEAT. The Expert Panel recommended that the targets themselves may pose a risk to safetyandqualityofpatientcare,intheabsenceofabalancedsuiteofindicators whichmeasuredifferentdimensionsofquality. The ACTs hospitals performance against timeliness indicators is regularly reportedexternallythroughanumberofdifferentmechanisms.Thereisalackof qualitativeindicatorsagainstwhichtheHealthDirectorateregularlyreports. Internalreportingonperformanceoccursonahighfrequencybasisandisfocused on quantitative measures. There is an opportunity to develop a more extensive and effective suite of indicators for public reporting, including qualitative indicators, against which Emergency Department performance should be reported. Emergency Department personnel spoken to by Audit advised that Emergency Departmentpersonnelareprimarilyinterestedinsavinglivesandprovidinghigh quality care, regardless of the existence of the targets. Emergency Department personnel advised that the performance indicators are not targets that can be achieved by the Emergency Department itself, as they are dependent on many variables that they have no control over, such as staffing, access block and demandforemergencyservices. TheintroductionofafourhourruleintheUnitedKingdom,similartotheNEAT, wasaccompaniedbywidespreadgamingandfraudulentmanipulationofhospital data. A2009VictorianAuditorGeneralsOfficereviewofperformancemeasurementin Victorian public hospitals identified that there was a significant risk of incorrect reporting associated with Emergency Department timeliness performance. Inconsistently interpreted reporting rules and data capture methods, as well as poorsecurityoverinformationsystems,meantthatitwasnotpossibletoassure that reported performance against the majority of access indicators fairly representedactualperformance.

A 2008 Deloitte Touche Tohmatsu internal audit of emergency department performance reporting in New South Wales concluded that triage benchmark reports are limited in value as an accurate record of emergency department activityand performance due to inconsistencies in the waydata iscaptured and recorded. The audit also found that the majority of hospitals used the same information system that is currently in use at the Canberra hospitals and that access controls within the system were ineffective and provided poor audit trail capabilities. TheACTHealthMinisteradvisedAuditthatshehasraisedtheissueoftheriskof inaccurate measurement and reporting of performance indicators under the National Partnership Agreement at the National Ministerial Standing Council on Health.

Systemsandprocessesforreportingperformanceinformation(Chapter3) An Emergency Department management information system primarily captures workflows and the allocation of patients for treatment according to ATS categories.Thesystemalsofacilitatestherecordingofclinicalandadministrative datarelevanttoapatientstreatment. The Canberra Hospital and the Calvary Public Hospital both use the iSOFT Emergency Department Information Solution (EDIS) system. EDIS had been in place at the Canberra Hospital for approximately 15 years, while EDIS was only introduced at the Calvary Public Hospital in January 2012. iSofts EDIS has been implementedinover190emergencydepartmentsacrossAustralia,NewZealand, CanadaandtheUnitedKingdom. At the Canberra Hospital there is very poor EDIS system governance documentation, with no documentation for describing the system, its business owner, applicable policy, recordkeeping obligations, training requirements and roles and responsibilities. While there was a lack of similar documents at the Calvary Public Hospital, Audit identified a range of governance documents reflectingtherecentdevelopmentandimplementationphasesofthenewEDIS. AttheCanberraHospital,thereisnoidentifiableEDISsystemadministratorwith responsibility for managing internal administrative issues such as user management and activity monitoring. The lack of an identifiable system administrator has lead to a number of policy breaches, administration gaps and poor system practices. Discussions with Health Directorate and Shared Services ICT staff indicated that each party thought the other was responsible for key systemadministrationactivities. TherearenoformaltrainingarrangementsinplaceattheCanberraHospitalwith respecttotheuseofEDIS.AttheCalvaryPublicHospital,plannedandstructured traininghasnecessarilybeenprovidedwithrespecttoEDISanditsuse,giventhat

itisanewlyimplementedsystem.Atthetimeofauditfieldwork,however,there wereanumberofCalvaryPublicHospitalpotentialuserswhoareyettoreceive training. System security controls over EDIS are very poor at the Canberra Hospital. The very poor system security associated with EDIS at the Canberra Hospital means thatanumberofHealthDirectorateandACTGovernmentpolicieshavenotbeen compliedwith.ThereisnoevidencethatEDISanditsdatahadbeenclassifiedor thatthereisadocumentedsystemsecurityplan,asrequiredbytheSharedService ICTSecurityPolicy. User access controls over EDIS are very poor at the Canberra Hospital. The proliferation of EDIS access throughout the hospital, the widespread use of genericuserlogonsandtheverypoorpasswordcontrolsoverthegenericlogons hasseverelycompromisedtheintegrityofthedatainthesystem.Theverypoor user accesscontrols associated with EDIS at the CanberraHospital means that a number of Health Directorate and ACT Government policies have not been compliedwith. ComputerterminalscarryingtheEDISapplicationarewidelyavailablethroughout the Canberra Hospital, yet all EDIS applications use the same workstation identification. The use of a common workstation identification, combined with theuseofgenericaccountsmeansthatanyauditlogofEDISaccessandEDISuse is ineffective. These practices mean that any improper changes made to EDIS recordsareimpossibletotracetoanindividualuser. User access controls over EDIS aremore effective at the Calvary Public Hospital, butthereremainssomeroomforimprovement.Keyshortcomingsrelatetothe proliferationofEDISaccessthroughoutthehospital,theuseofgenericuserlogons andtheverypoorpasswordcontrolsoverthegenericlogons. Due to poor user access controls and system security for EDIS, there is a risk at both hospitals that they do not meet the requirements of Principle 4.1 of the Health Records (Privacy and Access) Act 1997 relating to the safekeeping of personalhealthinformation. The use of, and practices supporting, EDIS within the hospitals was variable and hasdevelopedovertimewithrespecttoreportingkeyclockstartingandclock stopping moments. The different practices mean that data accuracy over time cannot be fully relied upon and publicly reported timeliness performance informationshouldbetreatedwithcaution. ThedatavalidationprocessattheCanberraHospitalallowsadministrativestaffto reviewEmergencyDepartmentpresentationswheretimelinesstargetshavebeen breached for the day before the review occurs. The only purpose of the data validation process is to identify opportunities to improve publicly reported

timeliness figures. Records where timeliness targets have been met are not reviewedaspartofthisdatavalidationprocess. The Health Directorate has limited review and assurance processes over its publicly reported Emergency Department timeliness information. Despite the apparent importance and preeminence of Emergency Department timeliness performanceinformationtotheACTGovernment,theACTcommunityandother stakeholders there is a lack of rigor in the monitoring, review and assurance processesoverthisinformation. Performance against ATS categories is not audited by the ACT AuditorGenerals Office on an annual basis as these indicators are not included in the Health Directorates Statement of Performance. These indicators were last included in the Health Directorates Statement of Performance in 200304, where the ACT AuditorGeneralsOfficeidentifiedanEmphasisofMatterinitsauditreportbased on the finding that the results were unable to be independently verified due to incompleterecords.

DatamanipulationattheCanberraHospital(Chapter4) Approximately11,700EDISpatientrecordswerechangedbetween2009and2012 sothatEmergencyDepartmentwaitingtimesandpatientsoveralllengthofstay inthedepartmentappearedtobeshorterthantheyactuallywere. The very poor EDIS user access and system controls and the very poor audit log function means that it is not possible to identify, based on EDIS records, the personorpersonswhomayhavedeliberatelychangedtheEDIShospitalrecords. AHealthDirectorateexecutivehasadmittedtochangingEDISrecordstoAuditin an interview on affirmation, pursuant to section 14A of the AuditorGeneral Act 1996. While an executive has admitted to changing EDIS records, it is probable thatEDISrecordshavealsobeenmanipulatedbyotherpersonswithaccesstothe system.TheexecutivesadmissiontoAuditdoesnotappeartoaccountforallof the changes to EDIS records that have been made to improve timeliness performance. The executive has stated that they were not instructed or influenced to change EDISrecords.HealthDirectoratepersonnelintheexecutiveslineofreportingup toandincludingtheDirectorGeneral,theMinisterforHealthaswellasafamily memberoftheMinisterforHealthwhohasaclosepersonalrelationshipwiththe executive, have advised Audit, under oath or affirmation, that they have not providedanydirectorindirectinstructionorinfluencetochangehospitalrecords. Audit considers that the actions of the executive who has admitted to manipulating hospital records is seriously inappropriate and improper conduct. TheexecutivemayhavebreachedtheACTPSCodeofEthicsandsection9ofthe Public Sector Management Act 1994, as well the terms of their executive employmentcontract.

RECOMMENDATIONSANDRESPONSETOTHEREPORT 1.13 1.14 Audit has made 10 recommendations to address the audit findings detailed in thisreport. In accordance with section 18 of the AuditorGeneral Act 1996, a final draft of this report was provided to the DirectorGeneral of the Health Directorate. Chapter 3 of the final draft report was also provided to the Chief Executive of CalvaryHealthCare(CHC)ACTforconsiderationandcomments.

HealthDirectorateresponse 1.15 TheDirectorGeneralsoverallresponseisshownbelow: TheHealthDirectoratewouldliketothanktheAuditorGeneralfortheReportand welcomestheopportunitytocommentonthereportanditsrecommendations. TheDirectoratehasagreedtoalltherecommendationsandbelievethattheywill provideabasistoimprovethedataandperformancereportingsystemsforthe Directorate. Theissuesaddressedinthereportareveryserious.However,theDirectorate wouldliketoemphasisethattheyinnowayreflectonthequalityofcareinthe CanberraHospitalEmergencyDepartment,ortheprofessionalismofthedoctors, nursesandalliedhealthstaffwithintheED.Thecareprovidedwithinthe EmergencyDepartmenthasnotbeenaffectedbyanychangestothedata,and thesechangesweremadeafterthecareprovidedintheEDhadbeencompleted. TheAuditreportdiscussestheincreasingpressurethatEmergencyDepartments areexperiencingnationally,andshowsthatpresentationstotheEDsintheACT areincreasingataratethatisbothhigherthantherateforEDselsewherein Australia,andsignificantlyhigherthantherateofpopulationgrowth.Atthe sametime,attentionon,andcallstoimprove,EDtimelinesshasalsoincreased, creatingsignificantpressureonhospitalstaff.Thisisparticularlythecasewith theCommonwealthtargetsforStatesandTerritoriesandrewardfunding attachedtoachievementofthesetargets. ThecapacityforEDstoimprovetimelinessisdependentnotonlyonthecapacity andperformanceoftheEmergencyDepartmentbutalsoonthecapacityand performanceofotherareasofthehealthsystem,rangingfromprimarycare servicesthroughtoinpatientareasofhospitals.However,theattentionplacedon EDtimelinessasaperformancemeasureissignificantlyhigherthantheattention placedonalmostallotherpartsofthehealthsystem.Additionally,astheAudit reporthighlights,thefocusonEDtimelinessdoesnottakeintoaccountbroader measuresofpatientoutcome.

TheHealthDirectoratesupportstheauditrecommendationsfordeveloping broadermeasuresofEDperformance,andnotesalsothat,forthesemeasuresto beeffective,thecurrentfocusandcommentaryontimelinessastheprimary measureofEDperformancewillneedtobesimilarlybroadened. TheHealthDirectorateacknowledgestheproblemsidentifiedwiththecontrols andmanagementoftheEDISsystemattheCanberraHospital,andwillworkto implementtheactionsrecommendedintheAuditreport.AsnotedintheAudit report,theEDISsystemwasdevelopedtoassistpatientcareandworkflowinEDs, hasbeenwidelyimplementedacrossAustraliaandperformsthisfunction effectively.EDISwasnotdesignedtoproducethesortofperformance informationthatisnowbeingexpectedfromEDs.Problemsexperiencedinthe ACThavebeenexperiencedbyotherhospitalsusingEDIStogeneratetimeliness informationforperformancepurposes.TheHealthDirectorateis,however, committedtoprovidingaccurateperformanceinformationandwillworktoputin placesystemsthatcanensuretheintegrityoftheinformationreported. TheHealthDirectoratenotestherecommendationregardingtheExecutivewho hasadmittedtomanipulatingtheEDISrecords.Asamatterofnaturaljustice, anyemployeewhoisaccusedofmisconductmustbegivenanopportunityto commentontheallegationsbeforeanydisciplinaryactionistaken.TheHealth DirectoratewillputtheAuditorGeneralsfindingstotheExecutiveaspartofa misconductinvestigation,andoncetheoutcomeofthemisconductinvestigation hasbeenconsidered,adeterminationwillbemadeonwhatdisciplinaryaction willbetakeninrelationtotheExecutivesemployment. CalvaryHealthACTresponse 1.16 TheChiefExecutiveofCalvaryHealthCare(CHC)ACTsoverallresponseisshown below: CalvaryHealthCare(CHC)ACTwelcomestheopportunitytorespondtothe AuditorGeneralsReportintotheEmergencyDepartmentPerformance Information. CHCACTcommencedimplementationofEDISVersion9.48on17thJanuary.The initiationofthisaudithasoverlappedwiththeimplementationprocesses,policies andproceduresandhasthereforecomeatatimewhenmanyoftheprocesses arebeingdevelopedandimplemented.Itdoeshoweverprovideanopportunity forcheckandreviewoftheimplementationaswellasanopportunitytoimprove theoverallsystemgovernanceandsecurity.

Withreferencetothisaudit,wenotenoevidenceofgamingordata manipulationfromwithinorCHCEmergencyDepartment.CHCACTprovidesa specificresponsetoeachoftherecommendationsthathavebeenreferencedto CHCACT. 1.17 In addition, the DirectorGeneral and CHCACT Chief Executive both provided responsestotherelevantrecommendations,asshownbelow. (Chapter2)

Recommendation1

TheHealthDirectorateshouldreviewitsperformanceindicatorsforpubliclyreportingthe performance of Canberras hospitals emergency departments to include and give a greateremphasistoqualitativeindicatorsrelatingtoclinicalcareandpatientoutcomes. HealthDirectorateresponse: Agreed TheHealthDirectorateagreesthatmeasuringtimelinessaloneisnotsufficienttoassess thequalityandeffectivenessofEmergencyDepartmentservices.Thisisconsistentwith thesummaryoftheviewsoftheAustralasianCollegeofEmergencyMedicineoutlinedin theAuditreport. TheHealthDirectorateiscurrentlyresearchingotherindicatorsthatwouldbetter representthequalityandperformanceofEmergencyDepartments.Itislikelythatthese indicatorswillneedtotakeintoaccounttheinterdependenciesbetweentheperformance ofotherhospitalservices,primaryhealthcareservicesandtheEmergencyDepartments. Inconductingthisresearch,theHealthDirectoratewillalsoconsultwithotherStatesand TerritoriesandtheNationalHealthPerformanceAgencyaswellastheExpertPanel establishedbytheCouncilofAustralianGovernmentsundertheNationalPartnership AgreementonImprovingPubicHospitalServicestoprovideadviceontheimplementation oftargetsandincentivesundertheAgreement.

Recommendation2

(Chapter3)

The Health Directorate and Calvary Public Hospital should develop essential EDIS governancedocumentation,including: a) anoverarchinggovernancestatementthatdescribes: i. ii. thepurposeanduseofthesystem; its business owner, system administrator and all roles and responsibilities associated with the system and its support (including thirdpartystakeholderssuchasSharedServicesICT); thesecurityclassificationofthesystemanditsdata; applicablepolicyandadministrativeguidance; recordkeepingobligations; trainingrequirements;and what is monitored and audited to ensure compliance with policy and supportingsystemdocumentation.

iii. iv. v. vi. vii.

b) standardoperatingproceduresforallrolesandresponsibilitiesassociatedwiththe systemanditsuse; c) training material that covers all dimensions of EDIS including user roles and responsibilities,processesdescribedinstandardoperatingproceduresandspecific policythatisapplicabletothesystem;and d) a System Security Plan, which is informed by a risk assessment and risk managementplan. HealthDirectorateresponse: Agreed TheHealthDirectoratehascommencedworktostrengthencurrentdocumentationto addresstheareasofconcernoutlinedintheAudit.TheHealthDirectorateissupportiveof workingwithCalvaryPublicHospitaltodevelopconsistentdocumentationacrossthetwo ACTpublichospitals. CalvaryHealthCareACTresponse: Responseto2(a):

Agreed ItshouldbenotedthatCHCACThasprovidedevidencetotheAuditorGeneralofanumber ofgovernancedocumentswhichunderpinanoverarchingframework. Action: CHCACTwilldevelopanoverarchinggovernancestatement,aggregating thedocumentsalreadyinplaceandhavethisendorsedbyCHCACT Executiveby16thJuly2012.

Responseto2(b): Agreed CHCACTStandardOperatingProceduresareindevelopmentandwillbefinalisedasa priority. Action: AllSOPswillbefinalisedafterconsultationandreviewwiththeusersand endorsedbyCHCACTExecutiveby30July2012.

Responseto2(c): Agreed Asstatedwithinthereportformaltraininghasbeenprovidedtokeystaffgroups.CHCACT willfocusonthegapsidentifiedbyAuditorGeneralsreport,andreviewandedittheuser databaseandalsocontinuetherequiredtrainingforanynewusers. Action: Anyuntraineduserswillbetrainedby16July2012.Trainingprogramswill remainongoingforthetrainingofnewstaff.

Responseto2(d): Agreed Action: AsystemsecurityplanwillbedevelopedandendorsedbytheCHCACT Executiveby16thJuly2012. (Chapter3)

Recommendation3

TheHealthDirectorateshould,inconjunctionwithSharedServicesICT,finalisethedraft Business System Support Agreement between Shared Services ICT and the Health DirectorateforEDIS. HealthDirectorateresponse: Agreed

TheHealthDirectoratewillworkwithSharedServicesICTtofinalisethedraftBusiness SystemSupportAgreement. Recommendation4 (Chapter3)

TheHealthDirectorateandCalvaryPublicHospitalshould: a) review the current distribution of access to EDIS throughout the hospital and remove any users who do not have a specific and documented requirement for accesstothesystem;and b) developpolicies,administrativeproceduresandsystemcontrols(ifpossible)that restricttheuseofgenericuseraccountsoutsidetheEmergencyDepartmentwork environment. HealthDirectorateresponse: Agreed TheHealthDirectoratewillundertakeareviewofaccesstoEDIStoremoveanyuserswho donothavearequirementforaccesstothesystemandtominimisetheuseofgeneric useraccounts.AccesstoEDISbothwithinandoutsidetheEmergencyDepartmentis essentialforthecontinuedeffectivemanagementofpatientcarewithinoftheCanberra Hospital.Inundertakingthisreview,theHealthDirectoratewillensurethatthe effectivenessofpatientcareisnotcompromised.Furtheranalysiswillbeundertakenon thetechnicalfeasibilityofrestrictinggenericuseraccountsforusesolelywithinthe EmergencyDepartment. TheHealthDirectorateissupportiveofworkingwithCalvaryPublicHospitaltoimplement thisrecommendation. CalvaryHealthCareACTresponse: Responseto4(a): Agreed DuringtheinitialimplementationphasealllistedusersfromtheformerEDsystemwere transferredtothenewEDISsystem.Anumberoftheseusersdonotandwillnotrequire access to the new system. Although a large number of user files were migrated to the newsystemonlythosewhorequiredaccesshavebeenprovidedwithacurrentpassword, enablingsystemaccess. Action: ReviewandeditthelistofregisteredusersoftheEDISsystem.Actiontobe completedandendorsedbytheCHCACTExecutiveby16thJuly2012

Responseto4(b): Agreed TheneedforGenericuseraccountshasbeendiscussedwiththeAuditorGeneralsOffice. TrialsofindividualpasswordaccessoccurredintheinitialrolloutofEDISandprovedtobe challenging. After an analysis of the issues was completed, generic user accounts have been adopted within the ED environment. Any generic user accounts outside of the ED environmentareunderreview. Action: Develop policies, administrative procedures and system controls that removeanygenericuseraccountsoutsideoftheEDworkenvironmentand updatetheorganisationalpolicyonaccounttypes.Actiontobecompleted andendorsedbytheCHCACTExecutiveby16thJuly2012 (Chapter3)

Recommendation5

TheHealthDirectorateandCalvaryPublicHospitalshould: a) identify and document responsibilities for user access management and log monitoringforEDIS;and b) develop a process to monitor user activity within EDIS and how to report and escalateunusualactivitytotheappropriateauthorities. HealthDirectorateresponse: Agreed InlinewithRecommendation2abovetodevelopessentialEDISgovernance documentation,theHealthDirectoratewilldevelopaprotocolthatsetsoutadditional processestomaximisethedataintegrityofEDIS.HealthDirectoratewillseekfurther technicaladviceonthemosteffectiveapproachtoimplementingthisrecommendation, ensuringthatclinicalcarewithintheemergencyDepartmentisnotcompromised. TheHealthDirectorateissupportiveofworkingwithCalvaryPublicHospitaltoimplement thisrecommendation. CalvaryHealthCareACTresponse: Responseto5(a): Agreed TheAuditorGeneralsreportnotesthatsomecontrolsalreadyexistinthesystemat CHCACT.CHCACTwillworktoimprovesystemsecuritythroughaccesscontroland monitoring.CHCACTsharestheviewdescribedinthereportbyOaktontotheAuditor

General(3.98)thatpracticalitiesoftheworkplacedonotallowtherecordingoftheinitial datathroughasecurepersonspecificlogin. CHCACTwillworkwiththeACTHealthDirectoratetofindsolutionstobeimplementedto facilitatefastaccessandrecordingofsecureloginswhilstmaintainingpatientflow. Action: CHCACTwillidentifyanddocumentresponsibilitiesforuseraccess managementandlogmonitoringby16July2012.

Responseto5(b): Agreed Action: CHCACTwillthroughtheintroductionofpolicydevelopasuitableprocessto monitoractivitywithinEDIS,documentingescalationandreviewprocesses thoughareportingmechanismby30July2012. (Chapter3)

Recommendation6

TheHealthDirectorateshould: a) reviewthecurrentEDISupgradeprojectandlinkitwithcurrentHealthDirectorate IdentityandAccessManagementandRapidSignOninitiativesthatarecurrently underway,toallowstafftobeindividuallyaccountablefortheiractions;and b) reviewallavailableEmergencyDepartmentsoftwaretoevaluatewhetherornot thecurrentEDISshouldbereplacedwithonethathasstrongconfidentialityand integritycontrolsaswellasappropriateprocesslinkages. HealthDirectorateresponse: Agreed HealthDirectorateplanstoproceedwiththecurrentupgradeofEDISwhichisalmost readyforimplementation.HealthDirectoratewillthenundertakefurtheranalysisand seektechnicaladvicefromsoftwarevendorsonthemosteffectiveapproachtolinking EDISwiththeIdentityandAccessManagementandRapidSignOninitiatives.TheHealth DirectoratewillalsoseektoworkcollaborativelywithCalvaryPublicHospitalandother StateandTerritoryjurisdictionstoidentifyalternateEmergencyDepartmentsoftware withenhancedfunctionalitythatcouldpotentiallyreplaceEDIS.

Recommendation7

(Chapter3)

TheHealthDirectorateshoulddeveloppolicyandadministrativeguidanceforEDISdata validation activities for the two Canberra hospitals. The policy and administrative guidanceshouldidentifyanddocument: a) agreedEmergencyDepartmentactionswhichconstituteclockstartingandclock stoppingmomentsforthepurposeofEDIStimelinessrecords;and b) protocols for data validation activities in the day(s) following a patients presentationtotheEmergencyDepartment. HealthDirectorateresponse: Agreed HealthDirectoratehascommencedworkonstrengtheningitscurrentpolicyand administrativedocumentationanddatadefinitionssupportingagreedEmergency Departmentactionsandvalidationactivities.Indoingso,theHealthDirectoratewillwork withtheAustralianInstituteofHealthandWelfare(AIHW)andotherStatesand TerritoriestoensurecontinuedconsistencyofACTdatadefinitionswithnational definitionsandtosupportconsistencyofdatadefinitionsacrossStatesandTerritories. Inrelationtovalidationactivities,theHealthDirectoratewillworkwithAIHWtoidentify whetherchangestotheAIHWroutinevalidationprocessesshouldalsobeconsidered. TheHealthDirectorateissupportiveofworkingwithCalvaryPublicHospitaltoimplement thisrecommendation. Recommendation8 (Chapter3)

TheHealthDirectorateshouldimplementadditionalreviewandassurancecontrolsover the preparation and reporting of Emergency Department timeliness performance information.ThesereviewandassurancecontrolsshouldaddressbothCanberraHospital and Calvary Public Hospital performance information. The Health Directorate should considerwhethertheadditionalreviewandassurancecontrolsshouldbeappliedtoother performanceinformation. HealthDirectorateresponse: Agreed TheHealthDirectoratewillundertakethisworkaspartofabroaderreviewofdataand reportingcontrolsacrosstheDirectorate.

TheHealthDirectorateissupportiveofworkingwithCalvaryPublicHospitaltoimplement thisrecommendation. Recommendation9 (Chapter4)

TheDirectorGeneraloftheHealthDirectorateandtheACTPSHeadofServicenotethe findings of this report with respect to the executive who has admitted to manipulating hospital records, and consider whether this executive has engaged in misconduct in breach of section 9 of the Public Sector Management Act 1994 and their executive contract. HealthDirectorateresponse: Agreed TheHealthDirectoratenotesthefindingsoftheAuditwithrespecttotheExecutive.Asa matterofnaturaljustice,anyemployeewhoisaccusedofmisconductmustbegivenan opportunitytocommentontheallegationsbeforeanydisciplinaryactionistaken.The HealthDirectoratewillputtheAuditorGeneralsfindingstotheExecutiveaspartofa misconductinvestigation.Oncetheoutcomeofthemisconductinvestigationhasbeen considered,adeterminationwillbemadeonwhatdisciplinaryactionwillbetakenin relationtotheExecutivesemployment. Theallegationsareobviouslyveryserious.Accordingly,theExecutiveinvolvedwill henceforthbestooddownwithoutpaypendingtheoutcomeofthemisconduct investigation. Recommendation10 (Chapter4) The Health Directorate reinforce to Health Directorate employees, especially executive staff,theneedtoactwithintegritywithrespecttothemaintenanceofhealthrecordsand associateddata. HealthDirectorateresponse: Agreed TheHealthDirectoratewillstrengthenitscurrentprocesses,includingorientationand managertrainingprograms,toreinforcetheseissues. TheHealthDirectoratewillalsoworkwiththeHeadofServicetoidentifywhetherfurther trainingorinformationisrequiredforExecutivesacrosstheACTPublicServicegenerally.

Assistanceinthepreparationofthisreport 1.18 1.19 In preparing this report, Audit acknowledges the assistance of Oakton in providingadviceinrelationtoICTsystemsandpractices. AuditalsoacknowledgestheworkconductedbyPricewaterhouseCoopers(PWC) on behalf of the Health Directorate in undertaking a forensic investigation into thismatter.Anumberofgraphsandtablesinthisreportrelyondataanalysis conductedbyPWC.Thisisacknowledgedthroughoutthereport. Audit also acknowledges the assistance of the Tasmanian Audit Office in providingqualityassuranceassistanceinthepreparationoftheauditreport.

1.20