The challenges facing the aged care sector have attracted a lot of attention in recent times due to the Royal Commission into Aged Care Quality and Safety and the COVID-19 pandemic also highlighting the significant workforce issues within this sector. These challenges relate to the vulnerable people who are recipients of aged care services and workforce challenges evident across the whole Australian economy but specifically prevalent in the aged care sector, difficulties generating income and the increase of associated costs.
The two overarching workforce issues facing aged care providers are workforce management and rostering, and quality and safety in care delivery. In response to recommendations by the Royal Commission, the Department of Health has outlined a $17.7 billion plan that focuses on five pillars, over five years. These pillars are home care, residential aged care services and sustainability, residential aged care quality and safety, workforce and governance.
Innovation and technology can offer solutions to help organisations in managing these challenges; however, it is important to understand and address the diverse compliance and privacy issues that can arise from the data collection associated with the use of technologies.
Technology procurement
Technology allows care providers to reduce costs, better engage with their workforce and patients, and supports consistent delivery of high quality care, whilst simultaneously monitoring for safety and regulatory requirements.
These technology solutions include using biometric technology and automatic data collection to monitor the amount of care time. These solutions offer to providers the capability to demonstrate that they are meeting regulatory requirements and delivering great care to the individuals, it has a non-financial cost, being collection and custodianship of personal information.
Workforce management and rostering
In the aged care sector, providers are facing an estimated increase in costs of 20% due to changes to the Social Community, Home Care & Disability Services Industry Award (SCHADS Award). The changes followed a review by the Fair Work Commission and came into effect on 1 July 2022.
The biggest impact is the requirement for shifts to be a minimum of two hours long. Given that some clients only receive services for 0.5 or 1.0 hour at a time, providers must construct shifts of at least two hours duration with workers to deliver services to multiple consumers in close enough geographic proximity, to minimise the cost of travel time.
In residential care:
• From October 2022, government funding will be linked to care minutes under the Australian National Aged Care Classification (AN-ACC) funding model (the legislation for this is expected to be passed in the first sitting of the new parliament.)
• From October 2023, providers will be required to meet mandatory care time standard of an average of 200 minutes per day for each resident, including 40 minutes of RN time. Facilities will also be required to have a RN on site for a minimum of 16 hours per day.
Increased use of technologies in aged care settings, in forms such as GPS tracking, CCTV and RFID, can bring up certain privacy issues for both the workforce and the patients receiving the care across both facility and home-care environments.
It is important to understand the legal issues which are associated with tracking carers and implementing increased surveillance. To ensure meeting business priorities and also addressing the legal issues at play, facilities should ensure they are operating under the Privacy Act and being transparent with carers and clients about how information is being collected and used.
Quality and safety
Aged care providers have a number of obligations under the Aged Care Act. One of them is to ensure that they provide care and services that meet the requirements of the Aged Care Quality Standards and report incidents or allegations of abuse under the Serious Incident Response Scheme.
Similarly, there is a requirement to respond to complaints from care recipients and the representatives about the quality of care and services. Complaints can be made directly to the provider or through the Aged Care Quality and Safety Commission. In order to satisfy these quality and safety standards, increased surveillance in facilities will need to satisfy both state-based workplace and surveillance laws and the federal Privacy Act, and consider and address the following issues:
- What is a private conversation?
- Who is a party to a private conversion?
- Has appropriate consent been received?
How to evolve innovation efforts while safeguarding intellectual property
A significant component in innovation and improving industry efforts can often come in the form of partnering with a university or research organisation. However this collaboration also surfaces several intellectual property issues that should be considered and addressed.
Specifically, where innovation is developed using contributions from each partner, or the funding for research and development is coming from a separate funder, consideration should be paid to questions of intellectual property ownership and future commercialisation rights during pre-collaboration stages. If research, development or trials are being funded by a government grant for example, it is important to review the grant agreement to agree on ownership of the deliverables, key IP assets and commercialisation rights prior to committing.
Cyber security considerations
According to a recent study, approximately 30% of the world’s data is currently being generated by the health sector. By 2025, the CAGR of collected data for the health sector will reach 36%, which is higher than the manufacturing, entertainment or financial services sectors.
The link between technology and healthcare has been supercharged by the fallout from COVID-19 and the need to digitise everything from appointments to prescriptions. This also makes the aged-care sector a prime target for cybercrime, which involves repeat attacks by organised cyber criminals for the high-value information and time-sensitive nature of the work.
In June 2020, just months into the pandemic, the University of California’s School of Medicine was targeted and sensitive data was held to ransom, forcing the university to pay more than US$1 million to carry on its important research. Additionally, in October 2021, the healthcare system that serves the province of Newfoundland and Labrador in Canada was hit by a devastating ransomware attack that one local expert said was the “worst cyber-attack in Canadian history.” Employee and patient data were stolen and thousands of vital appointments, including chemotherapy sessions, were cancelled or delayed. These are just two of the hundreds of cyber-attacks occurring worldwide, on a weekly basis.
In 2021, it was reported that there was an average of 830 cyberattacks every week (up 71% from 2020), with many of these businesses unable to recover from these attacks.
The health sector continues to experiment with and find alignment with Internet of Things (IoT) solutions, including wearable biometrics, infusion pumps and patient monitors in hospitals, or take-home biometric devices, connected wheelchairs, automated prescriptions, online MRI machines. These solutions result in a wider ‘attack surface’ and can increase the potential for security breaches. It is important for a facility to acknowledge how to minimise the potential attack surface and reduce any risks to the organisation, which includes a combination of people, processes and technology. Organisations need to be thinking about how to minimise this potential attack surface and reduce risk to the organisation, which is a combination of people, process and technology.
This is a complex and growing area for discussion as the aged care sector continues to innovate and increased technology is rolled out in the delivery of services. To avoid unauthorised IP ownership and data breach issues, it is important to engage with these challenges early by ensuring an organisation has the correct procedures and processes in place when it comes to privacy laws in a state or territory, and cyber security prevention tactics.
If you are concerned about your own businesses’ data security or have any enquiries, please contact our Intellectual Property, Technology and Cybersecurity or Health and Aged Care teams.