eHealth: some challenges

Frank Robben

General manager eHealth-platform

Sint-Pieterssteenweg 375

B-1040 Brussels

E-mail: Frank.Robben@ehealth.fgov.be

Website eHealth-platform: https://www.ehealth.fgov.be

Personal website: www.law.kuleuven.be/icri/frobben

2 21/09/2012

Some evolutions in healthcare

• More chronic care on top of merely acute care

• Remote care (monitoring, assistance, consultation,

diagnosis, operation, ...)

• Mobile care

• Multidisciplinary, transmural and integrated care

• Patient-oriented care and patient empowerment

3 21/09/2012

Some evolutions in healthcare

• Rapidly evolving knowledge => need for reliable,

coordinated knowledge management and

accessibility

• Threat of excessively time-consuming administrative

processes

• Reliable support for healthcare policy and research

requires reliable, integrated and anonymous

information

• Cross-border mobility

4 21/09/2012

Those evolutions require ...

• Collaboration between all actors in healthcare, not

necessarily based on centralized data storage

• Efficient and safe electronic communication between

all actors in healthcare

• High quality electronic patient records, across

specialties

• Technical and semantic interoperability

5 21/09/2012

Those evolutions require ...

• Optimized processes

• Guarantees for

• information security

• privacy protection

• respect for the professional secrecy of healthcare providers

• Trust of all stakeholders in the preservation of the

necessary autonomy and the security of the system

6 21/09/2012

Electronic communication also stimulates..

• Quality of care and patient safety

• prevention of erroneous care and drugs

• negative drug interaction

• drug contraindications (e.g. allergies, diseases, …)

• prevention of errors in administering care and drugs

• availability of trustworthy databases containing information about

best care practices and decision support tools

• Qualitative support of healthcare policy and healthcare

research based on reliable, integrated and

anonymized information

7 21/09/2012

The Belgian approach

• At first creation of an adequate governance and consultative structure about eHealth and then further implementation under control of the governance and consultative structure

• Stimulation of multidisciplinary and high quality electronic patient records

• If the patient wishes so, gradual referencing to places where his/her personal health data are available

8 21/09/2012

The Belgian approach

• Common patient identifier

• Well elaborated legal and ethical framework

• patient rights

• privacy protection

• professional secrecy

• Respect for local, regional or national healthcare

organisation structures and initiatives

• never use ICT to impose change to organisational structures

9 21/09/2012

The Belgian approach

• 2008: eHealth-platform creation

• a new parapublic institution, instituted by law

• governed by representatives of the stakeholders (healthcare

providers, healthcare institutions, patients, sickness funds,

relevant government institutions, …)

• based on the experience in the social sector

10 21/09/2012

The Belgian approach

• eHealth platform: an interoperable technical platform

for safe and reliable electronic information exchange

• based on a service oriented architecture

• with common basic services

• using technical and semantic interoperability standards

11 21/09/2012

Basic services

eHealth-platform Network

Basic architecture

Patients, health care providers

and health care institutions

AuthS AuthS AuthS

Data providers

Users

Portal eHealth-platform

Portal Health

VAS VAS VAS VAS Software health care institution

VAS VAS VAS VAS MyCareNet

VAS VAS VAS VAS

Software health care provider

VAS VAS VAS VAS Site RIZIV

VAS VAS VAS VAS

AuthS AuthS AuthS

12 21/09/2012

The Belgian approach

• eHealth-platform common basic services (provided for

free):

1. Process orchestration

2. Integrated portal

3. User and access management

4. Logging

5. Encryption

6. Timestamping

7. Coding and anomyzation

8. eHealthBox

9. Reference directory

10. Consultation of the National Register and of the Crossroads

Bank Registers

13 21/09/2012

eHealth-platform basic services

1. Process orchestration: allows a flexible and harmonious

integration of the different processes linked to the implementation of

several basic services into one and the same application

2. Integrated portal: a web window offering a variety of online

services to health care actors in order to help them provide the best

possible healthcare. The integrated portal provides all useful

information on the services that are offered by the eHealth-platform,

its tasks, its standards, etc. It contains, among others, the

documents users need to configure the right settings in order for

them to have access to the available online services.

14 21/09/2012

eHealth-platform basic services

3. User and access management: allows to guarantee that only

authorized health care providers/ health care institutions have

access to personal data to which they are authorized to have

access

• access rules are defined by law, by authorizations of the Health

Section of the Sectoral Committee (established within the Privacy

Commission)

• each application defines its own accessibility rules

• when a user authenticates its identity (using the electronic identity

card or the token), the generic verification model of the tool is set in

motion: it consults the rules established for the application, verifies

if the users comply with these rules and provides access or not to

the application.

15 21/09/2012

eHealth-platform basic services

4. Logging: management of a register of access to the data management system: all read, write and delete accesses are registered and have probative value in case of a complaint

5. Encryption: transport of complete and unmodified data from one point to another by making them indecipherable (encryption) provided that these data have not been decrypted with a key. Two methods:

- in the case of a known recipient: use of an asymmetric encryption system (2 keys)

- in the case of an unknown recipient: use of symmetric encryption (the information is encrypted and stored outside the eHealth-platform, the decryption key can only be obtained through the eHealth-platform)

6. Timestamping: makes it possible to assign a date that is accurate to the second to a health care document and allows, in this way, to ensure the validity of its content throughout time by appending an eHealth signature

16 21/09/2012

eHealth-platform basic services

7. Coding and anonymization: makes it possible to hide the identity

of the individuals behind a code so that useful data of these

individuals can be used without infringement of their privacy +

makes data anonymization possible by replacing detailed data with

generalized data. These encoded or anonymized data preserve

their usefulness, but don’t allow the direct or indirect identification of

the person

8. Consultation of the National Register and of the Crossroads

Bank Registers: gives authorized health care actors access to the

National Register and to the Crossroads Bank Registers under strict

conditions

17 21/09/2012

eHealth-platform basic services

9. eHealthBox: a secured electronic mailbox for the exchange of

medical data

10.Reference repertory: indicates which types of data are stored by

which health care actors for which patients with the consent of the

concerned patient

18 21/09/2012

• More than 40 value-added electronic services for

healthcare actors have been implemented within 3 years

by several partners, always using the basic services of

the eHealth-platform

• eHealth-platform core business focused on electronics

data's exchanges systems projects such as: • communication system of electronic patient records between care

providers

• electronic prescription

• disease en therapy registries

• Evidence Based Medicine

• verification and registration of medical record software packages

• semantic interoperability

• …..

Achievements/Projects

19 21/09/2012

The priority: multidisciplinary data sharing

• Sending

• snapshot of the data (do not remain up-to-date)

• sender chooses recipient

• sender is responsible for sending the data to recipients who are

entitled to have access to these data

• Sharing

• evolutive data

• the sender does not know in advance who will consult the data

(eg doctor on duty)

• organizational measures are required to limit access to the data

to those who are entitled to have access

20 21/09/2012

Informed consent/therapeutic relationship

Informed consent

• inform patient about the system

• patient may give his authorization and decide “to get into the

system”

• healthcare providers and patient decide together which

information can be shared

Therapeutic relationship

• only healthcare providers who have a therapeutic relationship

with the patient (1) have access to the information they need in

order to fulfil their job (2)

- (1) proof of the therapeutic relationship determines access to the right patient

- (2) role determines which data can be accessed

21 21/09/2012

eHealthBox

• Sending of messages to ‘healthcare actors’

• based on

• Social identification number

• NIHDI-number

• CBE-number

• through webapplication or integrated in the medical file

• with (or without) encryption based on eHealth certificates/

eHealth keys

• other functionalities:

• receipt-, publication-, reading confirmation

• reply & forward

• consultation of multiple mailboxes

• priority level

• auto-delete

- …

22 21/09/2012

Multidisciplinary data sharing

Data from hospitals • sharing of documents stored by hospitals

• the “hub and metahub system”

extramural data • sharing of structured data stored by extramural healthcare

providers

• the “extramural vault”

Coupled and interoperable • standards

• informed consent

• therapeutic relationship

• …

23 21/09/2012

Exchange of patient data: now

Remote files

unknown

24 21/09/2012

Exchange of patient data: future

A

C B

Meta-

Hub 4:

All data

available

25 25 21/09/2012

26 21/09/2012

Extramural health care providers

A

C B

Meta-

Hub

VitaLink

Intermed

27 21/09/2012

Reference directory

• Developed through a trapped system

• reference to the care provider(s) or care institution(s) where one

or more electronic documents are available for a patient is, with

the informed consent of the patient, stored in a local or regional

reference directory (a so-called "hub")

• the reference directory managed by the eHealth-platform (the so-

called "metahub") only contains references to the hub(s) where

references for a patient are stored

• Development through a trapped system

• respects the organisation of regional and local networks between

care providers and/or care institutions

• avoids the possibility that health information about the patient

can be deduced from the information stored in the reference

directory managed by the eHealth-platform

28 21/09/2012

Reference directory

• Publication of the reference in a hub and the metahub

requires the informed consent of the patient concerned

• Access to information to which reference is made in a

hub requires a therapeutic relationship between the

requesting care provider and the patient concerned

• A guidance committee has been created within the

Consultation Committee of the eHealth-platform

29 21/09/2012

Extramural health care vaults Content :

• synthetic data emanating from local information systems of different (types of) first-line health care providers (Sumehr)

• health care programs and health care plans

• journals

• (reference to) the vaccination status

Allows a granular access control by means of software developped in a coordinated way (registered software)

Can interact with the information systems of the different types of health care providers by means of open standards and computerized business processes

With an operational management by bodies with representatives of the different types of first-line health care providers, hospitals and patient organizations

GP Pharmacist Homecare Specialist

Patient

Therapeutic relationships

NISS

Software As A service

MetaHUB

eHealth kadaster

eHealth box

Own software

Software As A service

Software As A service

Own Software

Hospital HUB

Informed consent by the patient

…

32 21/09/2012

X!ilqshnf2@0à

Key 1 Key 2

In DB :

X!ilqshnf2@0à Result :

Without keys

33 21/09/2012

With key 1

X!ilqshnf2@0à

Key 1 Key 2

In DB :

B8i!(mà}z1&ajt Result :

34 21/09/2012

With key 2

X!ilqshnf2@0à

Key 1 Key 2

In DB :

K9l#'ç9gnh3lk Result :

35 21/09/2012

With both keys

X!ilqshnf2@0à

Key 1 Key 2

In DB :

Clear data Result :

Th@nk you !

www.ehealth.fgov.be