Australia’s Department of Health and Aged Care has been criticized for lacking sufficient assurance over the quality of the data it uses to monitor and report on immunization coverage against COVID-19.
A report recently released by the Australian National Audit Office (ANAO) reviewed the department’s handling of the COVID-19 vaccine rollout, which it said was “one of the largest exercises in health logistics in Australian history”.
WHY IT MATTERS
The Department of Health has set up four key systems to manage and monitor vaccine rollout, namely the Australian Immunization Registry (AIR), the Vaccine Administration System (VAS), the COVID-19 Vaccine Administration System (CVAS) and the Solution Vaccine Data. Data collection and IT management for these systems were outsourced to IT services firms including Services Australia (for AIR), Salesforce (for VAS and CVAS), Accenture (for reporting dashboards) and Amazon Web Services (for CVAS).
According to the audit report, the department cannot delegate its responsibilities under various laws for the confidentiality, privacy and security of data collected through these systems.
“There is no health [the] assurance that third parties have IT controls in place to ensure data confidentiality, integrity and availability,” he said.
The report also found that the department “did not formally review the data” entered into these systems, which resulted in “undetected and undetected inaccuracies” in the data, particularly in the AIR and CVAS systems.
It said the department did not clarify its responsibility for data quality in AIR, where all vaccination data is mandated to be reported. The national registry was noted to have a 14% error rate, based on a 2018 study by the National Center for Immunization Research and Surveillance. While mandatory reporting of vaccination through AIR may have improved the error rate, “there is no available evidence to support this,” the report said.
Also, the audit highlighted that there were gaps in the data regarding the vaccination status of some priority and target groups. The department noted that it does not have accurate data on the vaccination rate of critical and high-risk workers – a priority group in the first phase of the vaccine rollout – “as occupational data was not collected in the AIR”.
Meanwhile, the ANAO still acknowledged the department’s use of available data to plan and support vaccine rollout, despite inaccuracies in data collection. “However, [the Health Department] has not quantified inaccuracies in internal or external data processes in the period under review.”
In response to the auditor general’s findings and recommendations, the Department of Health agreed to put in place processes to ensure it “regularly reviews and reviews” data quality assurance and IT controls in externally managed systems over a risk basis, including IT security, change management and batch processing. “The department will undertake an independent review of its IT controls and the application of its internal quality assurance framework.”
THE LARGER CONTEXT
The ANAO said it conducted the audit to provide independent assurance to parliament that the country’s COVID-19 vaccine rollout was “effectively planned and implemented”.
In essence, it found that while the Department of Health’s final governance arrangements in managing vaccine rollout have been “largely effective,” its implementation has been “partially effective” in its administration of the vaccine to priority groups and the general population. “that does not meet the objectives”.
The auditor general then recommended improving data quality and IT controls and conducting a comprehensive review of vaccine rollout. “To [Health] The department is committed to the effective implementation of the recommendations and has already started the steps to address the issues identified in this audit”, the response states.
Since administering the first COVID-19 vaccines in February last year, the department has administered about 63 million doses nationwide as of August 2022.