Medtech and Medicly protecting patient data

Medtech and Medicly protecting patient data

Medtech and Medicly protecting patient and practice data

Medtech is ensuring the responsible and reliable transfer of primary care data and improving the performance of its practice management system (PMS) by working only with Certified Partners from 2024.

Medtech distributes and supports more than 80 percent of the practice management systems across New Zealand.

Historically, a number of third-party applications have connected into the Medtech PMS to provide bespoke digital services or enable sharing and extracting of patient data.

The problem

Medtech’s general manager integration and infrastructure, Lawrence Peterson, has identified a number of issues including a user’s PMS not working, slowing down or not upgrading properly, and errors created due to data being inserted into the wrong place in the wrong format.

“On average one to two sites per month come to us for help with their Medtech PMS, and when we have investigated, we have identified an underlying trigger or process from a non-Medtech application has caused the problem” he explains.

In order to stop these problems occurring, Medtech has implemented a Certified Partners Programme and has reached out to all systems interacting with the Medtech database inviting them to join.

As part of that process Medtech looks at what the partner is doing and why and ensures it is not interfering with the business operations of the Medtech users.

“We have had a lot of success and are now working with a number of partners where we know what they are doing and what data they are taking and the purpose of that,” explains Peterson.

However, the team also came across some bad practices in the market, with tools that are not fit for purpose extracting large amounts of data without a clear purpose, which in one case was being stored in a staging server outside of New Zealand.

“We have come across a tool that was taking things like doctors bank account details and secret passwords for secure messaging agents, lots of really sensitive stuff and we shut that down,” Peterson says.

“When patients lose trust in the system that is holding their health data, they also lose trust in their doctors and that is harmful.”

The solution

A Medtech upgrade in early 2024 will cleanse the database, removing all non-certified applications, tables, queries, stored procedures, and triggers running on the Medtech system.

Further development releases will strengthen the security through encryption at rest and change in the security architecture in line with the Health Information Security Framework (HISF).

In 2024, third parties will need to use either ALEX® or Medicly to facilitate data extraction from the PMS.

Medtech ALEX® enables event driven data sharing using FHIR® APIs for things like patient health summaries. Third parties who access patient information are governed by a Medtech Partner Programme Code of Conduct.

Medicly is a secure data exchange that provides the mechanism for safe and secure bulk data extraction for population health and health research, often for primary health organisations (PHOs).

Medtech chief executive Geoffrey Sayer says the upcoming change is about improving security, permissions and informed consent around the Medtech product.

“We all have an obligation under HISF and when you keep putting different agents on to a practice’s software, you invite vulnerability,” he explains.

Sayer believes that too often in health the attitude is that because an organisation is paying for a person’s healthcare, they should by default get access to the data resulting from that. However, the Health Information Privacy Code states that any data extracted must have a clear purpose and be consented to on that basis.

Medicly puts rules in place and provides governance around meeting the Privacy Code while still allowing the really important population health related extractions to occur.

This means that if a patient has denied consent for their medical record to be shared, their data will be excluded from any extraction, something which is not always being implemented now.

Medicly is built on Eightwire’s Data Exchange platform that processes over 3.5 billion records every month in the social, healthcare and law enforcement sectors and has achieved SOC 2 certification.

General manager Andy Ellis says they partnered with Medtech to make an existing process more robust, scalable and secure.

“Medicly simplifies and secures the data exchange process, providing governance across data extraction and auditability for ensuring the patient and their data is protected,” he explains.

“We act as an intermediary to ensure the right controls and consents are in place, but we do not have access to the data and no other parties can see or access it either.

“This ensures patient privacy is protected. There is no bending the rules with our system, but organisations can still access the important analytics they need to guide improvements to the health system.”

The Medicly platform can deliver 4000 records per second and by managing the process through a secure data exchange, it also gives time back to data analysts to do the important work of pulling out insights, rather than fixing data errors and system crashes, Ellis says.

The future

The Medtech team has been communicating with PHOs, practices and vendors about the 2024 deadline when uncertified applications will no longer work, to ensure valuable tools are retained by using one of the two certified pipelines into the system.

“We are locking bad practices out, to make sure the data is safe and secure and only used for the purposes that it is consented for,” Peterson says.

“This is to ensure accuracy and security of the data and ensuring that applications are not interfering with the performance and the warranty of the Medtech software.”

Peterson believes practices are largely unaware of the magnitude of the data that is being taken in some cases and when they become aware and asked if they are happy with it, the answer is a “resounding no”.

“Population health data informs a lot of very important work, and we are certainly not trying to stop that happening: this is about how the data is taken, and what data is taken,” he explains.

Sayer says trust is at the heart of a doctor patient relationship and the use of Medicly means the movement of data is properly consented.

“It is critical that we address these issues of patient consent and data governance before the new world of Artificial Intelligence comes into play,” he says.

Ellis agrees, saying this partnership to enable secure access to primary healthcare data is laying the foundations for the use of emerging technologies.

“To adopt those, you need to have scalable and secure data sharing in place across Aotearoa. This creates opportunities for speeding up delivery of current and future data and digital projects to benefit clinicians and patients.”

Find out more about the Medtech Partnership Programme.

Or contact the Partnerships Team on

Picture: Jason Gleason, Eightwire chief executive, Andy Ellis, GM Medicly, Lawrence Peterson Medtech GM integration and infrastructure, Alex Cauble-Chantrenne, product manager clinical integration Medtech (left to right)