This article is more than 1 year old
Who botched Oz cancer registry rollout? Pretty much everybody
Another day, another botched government contract
Australia's derailed outsourcing of its National Cancer Registry is the latest project red-flagged by the Australian National Audit Office.
The audit, released yesterday, reaches the seemingly-contradictory conclusions that the Department of Health's management of the tender was effective and achieved value for money; but that the “objectives sought by the Government have not been achieved in the agreed timeframe and additional costs have been incurred as a result.”
In May 2016, during the pre-election caretaker mode, the government pushed through a contract that gave Telstra the job to consolidate the country's cancer registries, ousting the nonprofits that used to handle the job.
At the time, one of those nonprofits, the Victorian Cytology Service (which also bid on the register), complained that Telstra had no experience in such a project in spite of the carrier splashing a couple of hundred million buying health startups.
The contract was reportedly worth AU$180 million in 2016, but the auditor's report puts it at $220 million.
By February this year, it was clear that things weren't going to plan: Telstra Health botched the data integration, missed its March deadline to unify the registries, and consequently bumped the planned May 31 launch to December (a date that's “contingent on the new national register being in place”).
As a result, the government will be stung $16.5 million to keep cervical cancer screening running until Telstra is ready, and that includes AU$3m to try and stop pathology staff fleeing.
The ANAO report plucks out several less-than-encouraging details from the project: nine Department of Health officials handling the project didn't disclose that they held Telstra shares; risk management was inadequate; and Telstra isn't yet compliant with privacy or security requirements.
On the privacy front, Telstra hasn't managed to produce a data protection plan that meets the Department of Health's requirements; both its privacy policy and a security risk management plan are missing in action, although they were due last November; not all Telstra's contractors have completed their deeds of confidentiality and privacy; and the carrier hasn't finished putting project staff through security clearance.
Since the project includes Telstra access to individuals' Medicare data, lack of privacy and security controls is of particular concern.
At 17 March 2017, the report says, 37 deliverables were due under the contract, and Telstra had managed to have just two accepted and two provisionally accepted.
And that's with help from Department of Health staff, it seems: the report says “when deliverables were not achieved, Health staff ‘tended to help Telstra’ to achieve compliance, and were (initially) reluctant to escalate early”.
Telstra, for its part, has complained to the department that Medicare data, a requirement for the project, was incomplete and unreliable. ®