NLMA calls for system upgrade after audit reveals MCP problems

Newfoundland and Labrador's medical care plan is under scrutiny after Auditor General Denise Hanrahan reported serious concerns surrounding the disbursement of funds — including double payments and cybersecurity vulnerabilities.

Dr. Stephen Major, a family physician and president of the Newfoundland and Labrador Medical Association, is calling for an updated system in light of Hanrahan's findings.

"Despite the government knowing that it needed to be updated, they haven't," said Major. 

The system involves codes based on the types of services the doctor is offering. After an appointment, the doctor will input a code into the system that represents the type of service, so that MCP can then pay them for it. 

Major says for specialists the codes can become more complex, and mistakes can easily occur. There's currently no way for a doctor to make sure they're being paid correctly, or go back and correct a code that has a mistake, he said.

"It's a very basic rudimentary system. There's no way to verify what you're doing is the right thing or that you're actually sometimes getting paid for the work you do," said Major. 

The rules that govern the codes were written 40 years ago, resulting in a lack of clarity between physicians and MCP about how the codes should be interpreted, he added. If MCP disagrees with how a physician coded a patient assessment, it would result in a long audit, which can sometimes result in physicians being asked to pay back large sums of money, said Major. 

He said there needs to be an updated system that prevents physicians from building wrong codes, with clear rules, and the ability to easily correct mistakes. 

Listen to the full interview on On the Go: 

On The Go11:25MCP IT system outdated, says AG

The Auditor General says our MCP IT system is outdated and rife with error and fraud. We hear from a front end user of the system - a family physician who also represents all the other doctors in the system as president of the NL Medical Association. (Krissy Holmes with Dr. Stephen Major)

Cyber risk

Major worries the outdated system could be breached, allowing someone to hack in and steal patient information. 

"We need an upgraded system, and we just need a commitment from government to actually invest in that and make things better than they are right now," said Major. 

The auditor general also found that a process called "business continuity and disaster recovery" is not being tested every year like it should be.  

Many of the problems contained in her report were also found in an audit published in 2014.

The disaster recovery process is supposed to be an emergency response to something catastrophic, like a cyberattack, said Memorial University engineering professor Jonathan Anderson.

Anderson likened that process to a fire drill. A safe building will have an evacuation plan that requires testing every year to know whether it works, he said.

"It might be that the disaster recovery plan is great, but unless you test it, you can't really know for sure," said Anderson. 

Acting Health Minister John Haggie told reporters "because of the history of the system itself, [it] actually provides a modest degree of protection while we figure out how best to replace it." 

Anderson said Haggie could be saying the system is too old to be attacked, which is possibly concerning. 

"Is it a matter of like, doctors have to use a dial-up modem to submit their billing or something? If so, then there's a little bit of potential for kind of security by obscurity, and that could be slightly problematic," said Anderson.

Anderson said it's critical the government is vigilant about keeping the system up to date. 

According to Hanrahan's report, there's currently no plan to replace the MCP system. 

Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador.