Medicare enrolments

Medicare is Australia's universal health insurance scheme. Underpinning Medicare is one of Australia's largest and more complex computer databases—the Medicare enrolment database. At the end of 2004, the Medicare enrolment database contained information on over 24 million individuals. This audit examines the quality of data stored on that database and how the Health Insurance Commission (HIC) manages the data.

HIC has had responsibility for administering Medicare since its introduction in 1984. It operates a network of over 230 Medicare Offices throughout Australia and, in 2003–04, HIC processed over 226 million Medicare claims, accounting for over $8.6 billion of government expenditure. An essential requirement for the successful administration of Medicare is reliable information on eligible people enrolled in the program. In 1984, HIC established the Medicare Enrolment File (MEF)—a computer database designed to receive, store and manipulate Medicare enrolment data.

Now 20 years old, the MEF has difficulty in supporting the range of e-Business initiatives envisaged by HIC. It cannot easily accommodate further enhancement. In 2004, HIC was preparing to replace the MEF with a Consumer Directory—incorporating a more up to date database management system, with improved Internet capability and greater functionality. One of HIC's major projects was the migration of Medicare enrolment data from the MEF to the Consumer Directory. HIC moved the data from the old to the new system in October 2003. However, the new system will not go into operation until 2005. Therefore, the audit was conducted just before the switch from the old MEF to the new Consumer Directory system, but at a time when the old and the new enrolment databases could be compared.

The objective of the audit was to examine the integrity of data stored on the Medicare Consumer Directory and to report on HIC's management of this data. In particular, the audit considered the data migration process as well as measures of the accuracy, completeness, validity and consistency of Medicare enrolment data. Data integrity also relies on ensuring the security of the data. The audit assessed whether HIC appropriately managed the data in accordance with legislative requirements—particularly in relation to maintaining the privacy and security of personal information.

Key findings

Data migration

HIC carefully planned its data migration arrangements. The new Consumer Directory Management System (CDMS) is well documented and ANAO considers that it will provide better control over the recording and management of Medicare enrolment information than the old system.

As part of its day-to-day administration of the database, and in preparation for the large data migration exercise to come, HIC analysed large amounts of Medicare enrolment data. HIC implemented only some of its own recommendations for specific data cleansing. HIC carried out limited data cleansing prior to the first data migration trial. Consequently, the data migrated to the Consumer Directory in 2004 still exhibited many of the same data quality problems HIC identified in its 2002 analysis.

Allied to this, HIC decided not to apply all CDMS business rules during the data migration, thereby foregoing an opportunity to improve the integrity of Medicare enrolment information in the new system. As a result, the quality of data residing in the new Consumer Directory system is only marginally improved on that of the old MEF.

Data integrity testing results

ANAO found that the great majority of data contained in the Medicare enrolment database was sufficiently accurate, complete and up to date to support HIC's efficient administration of Medicare. Notwithstanding, we found that some data, particularly in fields containing various dates, was logically inconsistent or in error. For example, some records indicated that the consumer was enrolled in Medicare before they were born.

ANAO found that up to half a million active Medicare enrolment records were probably for people who are deceased. The majority of these records were for people who would be over the age of 85 years, according to the recorded dates of birth in the Medicare enrolment database. This number represented approximately 2 per cent of the Medicare enrolment database and presented a risk, admittedly not significant, to the efficient administration of the Medicare program.

HIC allocates a Personal Identification Number (PIN) to each consumer. ANAO confirmed that all PINs in the Consumer Directory were valid and conformed to the required format. We found that a very small number of people appeared to be enrolled in Medicare more than once and that HIC was aware of the problem as well as working to merge the duplicate records.

Over 800 000 consumers were legitimately associated with more than one Medicare card—such as a child who is listed on both parents' different Medicare cards. Our analysis highlighted some inconsistent recording of data across these records. For example, we found a small number of people had their sex recorded as male on one card and female on the other—or had different dates of birth recorded against the two cards.

ANAO found that HIC had developed an automated process to consolidate consumer information for these 800 000 records. The technique took most of the consumer's information from the most recently active of the two records, and built a new, single record for inclusion in the Consumer Directory. ANAO found that, while this may be a sound approach to adopt, given the inconsistent recording of consumer information across the two records, HIC should have more thoroughly reviewed the effectiveness of the technique by manually assessing a sample of consolidated records.

HIC's CDMS incorporated an extensive set of business rules, against which ANAO assessed the integrity of Medicare enrolment data. While we considered most of the business rules to be well constructed and valid, we identified some minor deficiencies and reported these to HIC. For example, while a business rule identified a single, very narrow, application of recording an ‘individual consumer reference number' of zero, we found that a zero was used to mean three distinct situations. ANAO also found that HIC had decided not to enforce business rules, relating to different Medicare entitlement types and dates, during the data migration.

ANAO found that HIC had successfully attempted to ensure the most up to date recording of Medicare consumer addresses. Although the number of known out of date addresses was small—at 1 to 2 per cent of the database—ANAO concluded that the database was sufficiently accurate to support the various business processes that relied on accurate mailing addresses for consumers.

The accuracy of dates of birth recorded in the Medicare enrolment database has become more important over time. In 2004, the Australian Government introduced a monetary incentive for doctors to bulk-bill Commonwealth Concession Card holders and children under 16 years of age. ANAO noted that a reliable record of the patient's age will be essential to ensure the correct level of Medicare benefits is paid to doctors in the future. In light of this, ANAO encouraged HIC to review the accuracy of recorded dates of birth.

Improving data quality

HIC had steadily improved the quality and integrity of Medicare enrolment information. HIC checked and revised consumer information through such activities as an automated Medicare card replacement program, families registering for the Safety Net scheme, identifying and merging duplicate enrolments and processing information from the State Registrars of Births, Deaths and Marriages.

ANAO found that HIC monitored the quality of enrolment data and had recently implemented its Continuous Data Quality Improvement Program. The Program was well conceived, business focused and designed to assist program managers to identify the causes of data quality problems.

Privacy and security

ANAO found that HIC's organisational culture incorporated a strong focus on protecting the privacy and security of consumers' personal information. A comprehensive Privacy, Information Access and Release Policy guided HIC staff in the use of consumers' personal information and established a series of robust administrative and procedural controls.

ANAO found that, in general, HIC's data collection, management and release practices complied with the Information Privacy Principles of the Privacy Act 1988 and the secrecy provisions of the Health Insurance Act 1973. HIC had also designed and implemented a comprehensive Privacy and Security Training module for all staff, consultants and contractors.

ANAO found that the Federal Privacy Commissioner had required HIC to develop a Technical Standards Report, dealing with the physical separation of Medicare and Pharmaceutical Benefit Scheme claims data. HIC was unable to provide a copy of the required Technical Standards Report, although ANAO found evidence to support the view that such a report was developed in 1995.

In relation to the security of electronic records, ANAO found that HIC had taken reasonable steps to prevent unauthorised access to Medicare enrolment information, by HIC staff or outsiders. ANAO noted that HIC was improving its management of user access. In 2003, the Defence Signals Directorate certified HIC's Internet Gateway.

Overall audit conclusion

As a result of our examination of HIC's data management practices and our analysis of key aspects of the Medicare enrolment database, ANAO concluded that the database is sufficiently complete, accurate and current to support the effective administration of Medicare. ANAO also noted that HIC has a strong culture of protecting the privacy and security of personal information stored on its database.

HIC is introducing the most significant change to the structure and form of the Medicare enrolment database in the twenty-year history of Medicare. ANAO noted that HIC had carefully planned its data migration strategy and concluded that the new system would deliver major improvements to the management of enrolment data. However, ANAO also noted that HIC had not comprehensively cleansed the data, nor had it enforced all the business rules for the new environment. ANAO encouraged HIC to complete these activities and so commence the operation of the new Medicare enrolment database with the highest possible quality dataset.

Recommendations

The ANAO made six recommendations, addressing matters including:

• further data cleansing;
•  enforcing all CDMS business rules prior to the changeover from MEF to Consumer Directory;
•  resolving duplicate enrolments;
•  checking the accuracy of some techniques employed during data migration;
•  making better use of information from State Registrars of Births, Deaths and Marriages to update records of people who are deceased; and
•  redeveloping a Technical Standards Report.

The Health Insurance Commission's response

HIC provided the following response to the draft audit report.

HIC welcomes the assurance provided by the ANAO's report that the Medicare enrolment database is sufficiently complete, accurate and current to support the effective administration of Medicare and the recognition HIC has a strong culture of protecting the privacy and security of personal information stored on the database.

In relation to the new Consumer Directory Management System, HIC further appreciates the recognition that HIC has carefully planned its data migration strategy and that the new system would deliver major improvements to the management of enrolment data.

HIC agrees with the ANAO's recommendations on data cleansing and the enforcement of business rules to achieve the highest possible quality dataset.

In addition, HIC provided a response to each of the recommendations. The relevant responses appear immediately following each recommendation, in the body of the report.