EHealth: some challenges Frank Robben General manager eHealth-platform Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ehealth.fgov.beFrank.Robben@ehealth.fgov.be.

eHealth: some challenges

Frank RobbenGeneral manager eHealth-platformSint-Pieterssteenweg 375B-1040 BrusselsE-mail: Frank.Robben@ehealth.fgov.beWebsite eHealth-platform: https://www.ehealth.fgov.bePersonal website: www.law.kuleuven.be/icri/frobben

221/09/2012

Some evolutions in healthcare

• More chronic care on top of merely acute care

• Remote care (monitoring, assistance, consultation, diagnosis, operation, ...)

• Mobile care

• Multidisciplinary, transmural and integrated care

• Patient-oriented care and patient empowerment

321/09/2012

Some evolutions in healthcare

• Rapidly evolving knowledge => need for reliable, coordinated knowledge management and accessibility

• Threat of excessively time-consuming administrative processes

• Reliable support for healthcare policy and research requires reliable, integrated and anonymous information

• Cross-border mobility

421/09/2012

Those evolutions require ...

• Collaboration between all actors in healthcare, not necessarily based on centralized data storage

• Efficient and safe electronic communication between all actors in healthcare

• High quality electronic patient records, across specialties

• Technical and semantic interoperability

521/09/2012

Those evolutions require ...

• Optimized processes

• Guarantees for

• information security• privacy protection• respect for the professional secrecy of healthcare providers

• Trust of all stakeholders in the preservation of the necessary autonomy and the security of the system

621/09/2012

Electronic communication also stimulates..

• Quality of care and patient safety

• prevention of erroneous care and drugs• negative drug interaction• drug contraindications (e.g. allergies, diseases, …)

• prevention of errors in administering care and drugs• availability of trustworthy databases containing information about

best care practices and decision support tools

• Qualitative support of healthcare policy and healthcare research based on reliable, integrated and anonymized information

721/09/2012

The Belgian approach

• At first creation of an adequate governance and consultative structure about eHealth and then further implementation under control of the governance and consultative structure

• Stimulation of multidisciplinary and high quality electronic patient records

• If the patient wishes so, gradual referencing to places where his/her personal health data are available

821/09/2012

The Belgian approach

• Common patient identifier

• Well elaborated legal and ethical framework

• patient rights• privacy protection• professional secrecy

• Respect for local, regional or national healthcare organisation structures and initiatives

• never use ICT to impose change to organisational structures

921/09/2012

The Belgian approach

• 2008: eHealth-platform creation

• a new parapublic institution, instituted by law

• governed by representatives of the stakeholders (healthcare providers, healthcare institutions, patients, sickness funds, relevant government institutions, …)

• based on the experience in the social sector

1021/09/2012

The Belgian approach

•eHealth platform: an interoperable technical platform for safe and reliable electronic information exchange

• based on a service oriented architecture

• with common basic services

• using technical and semantic interoperability standards

1121/09/2012

Basic servicesBasic serviceseHealth-platformeHealth-platform

Network

Basic architecture

Patients, health care providersPatients, health care providersand health care institutionsand health care institutions

AuthSAuthS AuthSAuthSAuthSAuthS

Data providers

Users

PortalPortaleHealth-eHealth-platformplatform

Portal HealthPortal HealthVASVASVASVASVASVASVASVAS Software Software

health care health care institutioninstitutionVASVASVASVASVASVASVASVAS

MyCareNetMyCareNetVASVASVASVASVASVASVASVAS

Software health Software health care providercare provider

VASVASVASVASVASVASVASVASSite RIZIVSite RIZIV

VASVASVASVASVASVASVASVAS

AuthSAuthSAuthSAuthSAuthSAuthS

1221/09/2012

The Belgian approach

• eHealth-platform common basic services (provided for free):

1. Process orchestration

2. Integrated portal

3. User and access management

4. Logging

5. Encryption

6. Timestamping

7. Coding and anomyzation

8. eHealthBox

9. Reference directory

10. Consultation of the National Register and of the Crossroads Bank Registers

1321/09/2012

eHealth-platform basic services

1. Process orchestration: allows a flexible and harmonious integration of the different processes linked to the implementation of several basic services into one and the same application

2. Integrated portal: a web window offering a variety of online services to health care actors in order to help them provide the best possible healthcare. The integrated portal provides all useful information on the services that are offered by the eHealth-platform, its tasks, its standards, etc. It contains, among others, the documents users need to configure the right settings in order for them to have access to the available online services.

1421/09/2012

eHealth-platform basic services

3. User and access management: allows to guarantee that only authorized health care providers/ health care institutions have access to personal data to which they are authorized to have access

• access rules are defined by law, by authorizations of the Health Section of the Sectoral Committee (established within the Privacy Commission)

• each application defines its own accessibility rules

• when a user authenticates its identity (using the electronic identity card or the token), the generic verification model of the tool is set in motion: it consults the rules established for the application, verifies if the users comply with these rules and provides access or not to the application.

1521/09/2012

eHealth-platform basic services

4. Logging: management of a register of access to the data management system: all read, write and delete accesses are registered and have probative value in case of a complaint

5. Encryption: transport of complete and unmodified data from one point to another by making them indecipherable (encryption) provided that these data have not been decrypted with a key. Two methods:

- in the case of a known recipient: use of an asymmetric encryption system (2 keys)

- in the case of an unknown recipient: use of symmetric encryption (the information is encrypted and stored outside the eHealth-platform, the decryption key can only be obtained through the eHealth-platform)

6. Timestamping: makes it possible to assign a date that is accurate to the second to a health care document and allows, in this way, to ensure the validity of its content throughout time by appending an eHealth signature

1621/09/2012

eHealth-platform basic services

7. Coding and anonymization: makes it possible to hide the identity of the individuals behind a code so that useful data of these individuals can be used without infringement of their privacy + makes data anonymization possible by replacing detailed data with generalized data. These encoded or anonymized data preserve their usefulness, but don’t allow the direct or indirect identification of the person

8. Consultation of the National Register and of the Crossroads Bank Registers: gives authorized health care actors access to the National Register and to the Crossroads Bank Registers under strict conditions

1721/09/2012

eHealth-platform basic services

9. eHealthBox: a secured electronic mailbox for the exchange of medical data

10. Reference repertory: indicates which types of data are stored by which health care actors for which patients with the consent of the concerned patient

1821/09/2012

• More than 40 value-added electronic services for healthcare actors have been implemented within 3 years by several partners, always using the basic services of the eHealth-platform

• eHealth-platform core business focused on electronics data's exchanges systems projects such as:

• communication system of electronic patient records between care providers

• electronic prescription

• disease en therapy registries

• Evidence Based Medicine

• verification and registration of medical record software packages

• semantic interoperability

• …..

Achievements/Projects

1921/09/2012

The priority: multidisciplinary data sharing

• Sending• snapshot of the data (do not remain up-to-date)• sender chooses recipient• sender is responsible for sending the data to recipients who are

entitled to have access to these data

• Sharing• evolutive data• the sender does not know in advance who will consult the data

(eg doctor on duty)• organizational measures are required to limit access to the data

to those who are entitled to have access

2021/09/2012

Informed consent/therapeutic relationship

Informed consent• inform patient about the system• patient may give his authorization and decide “to get into the

system”• healthcare providers and patient decide together which

information can be shared

Therapeutic relationship• only healthcare providers who have a therapeutic relationship

with the patient (1) have access to the information they need in order to fulfil their job (2)

- (1) proof of the therapeutic relationship determines access to the right patient - (2) role determines which data can be accessed

2121/09/2012

eHealthBox• Sending of messages to ‘healthcare actors’

• based on • Social identification number• NIHDI-number• CBE-number

• through webapplication or integrated in the medical file• with (or without) encryption based on eHealth certificates/

eHealth keys

• other functionalities: • receipt-, publication-, reading confirmation

• reply & forward

• consultation of multiple mailboxes

• priority level

• auto-delete

- …

2221/09/2012

Multidisciplinary data sharing

Data from hospitals• sharing of documents stored by hospitals• the “hub and metahub system”

extramural data• sharing of structured data stored by extramural healthcare

providers• the “extramural vault”

Coupled and interoperable• standards• informed consent• therapeutic relationship• …

2321/09/2012

Exchange of patient data: now

Remote files unknown

2421/09/2012

Exchange of patient data: future

A

CB

1: Where can we find data?

3: Fetch data from hub A

3: Fetch data from hub C

Meta-Hub

4:All data available

2: In hub A and C

25 2521/09/2012

2621/09/2012

Extramural health care providers

A

CB

Meta-Hub

VitaLink

Intermed

2721/09/2012

Reference directory

• Developed through a trapped system• reference to the care provider(s) or care institution(s) where one

or more electronic documents are available for a patient is, with the informed consent of the patient, stored in a local or regional reference directory (a so-called "hub")

• the reference directory managed by the eHealth-platform (the so-called "metahub") only contains references to the hub(s) where references for a patient are stored

• Development through a trapped system• respects the organisation of regional and local networks between

care providers and/or care institutions• avoids the possibility that health information about the patient

can be deduced from the information stored in the reference directory managed by the eHealth-platform

2821/09/2012

Reference directory

• Publication of the reference in a hub and the metahub requires the informed consent of the patient concerned

• Access to information to which reference is made in a hub requires a therapeutic relationship between the requesting care provider and the patient concerned

• A guidance committee has been created within the Consultation Committee of the eHealth-platform

2921/09/2012

Extramural health care vaults Content :

• synthetic data emanating from local information systems of different (types of) first-line health care providers (Sumehr)

• health care programs and health care plans• journals• (reference to) the vaccination status

Allows a granular access control by means of software developped in a coordinated way (registered software)

Can interact with the information systems of the different types of health care providers by means of open standards and computerized business processes

With an operational management by bodies with representatives of the different types of first-line health care providers, hospitals and patient organizations

GP Pharmacist Homecare Specialist

Patient

Therapeutic relationships

NISS

SoftwareAs Aservice

MetaHUB

eHealthkadastereHealth

box

Own

software

SoftwareAs Aservice

SoftwareAs Aservice

Own

Software

HospitalHUB

Informedconsentby thepatient

…

3221/09/2012

X!ilqshnf2@0à

Key 1Key 1 Key 2Key 2

In DB :

X!ilqshnf2@0àResult :

Without keys

3321/09/2012

With key 1

X!ilqshnf2@0à

Key 1Key 1 Key 2Key 2

In DB :

B8i!(mà}z1&ajtResult :

3421/09/2012

With key 2

X!ilqshnf2@0à

Key 1Key 1 Key 2Key 2

In DB :

K9l#'ç9gnh3lkResult :

3521/09/2012

With both keys

X!ilqshnf2@0à

Key 1Key 1 Key 2Key 2

In DB :

Clear dataResult :

Th@nk you !

Any questions ?