Upload
donovan-rice
View
27
Download
0
Embed Size (px)
DESCRIPTION
The possible support of the Crossroads Bank for Social Security (CBSS) and the eHealth platform to a Belgian Longitudinal Health Information System. Frank Robben General manager CBSS and eHealth platform Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: [email protected] - PowerPoint PPT Presentation
Citation preview
The possible support of theCrossroads Bank for Social Security (CBSS)
and the eHealth platform to aBelgian Longitudinal Health Information System
Frank RobbenGeneral manager CBSS and eHealth platformSint-Pieterssteenweg 375B-1040 BrusselsE-mail: [email protected] CBSS: http://www.ksz.fgov.beWebsite eHealth platform: https://www.ehealth.fgov.bePersonal website: www.law.kuleuven.be/icri/frobben
28/11/2010
Overall objective of the CBSS to be the motor of e-government in the social sector, i.e.
• to stimulate and to support the actors in the Belgian social sector to grant more effective and efficient services with a minimum of administrative formalities and costs for all the involved; based on a common and concerted vision, the actors in the Belgian social sector should benefit from the new technologies to improve and re-organize radically their mutual relationships and processes
• to promote the information security and the privacy protection by the actors in the Belgian social sector so that all the involved institutions and people can have justified confidence in the system
• to deliver integrated statistical information to the politicians and the researchers in order to support the social policy
38/11/2010
Overall objective of the eHealth platform how?
• through a well-organised, mutual electronic service and information exchange between all healthcare actors
• with the necessary guarantees in the area of information security, privacy protection and professional secrecy
what?• optimization of healthcare quality and continuity • optimization of patient safety• simplification of administrative formalities for all healthcare actors• reliable support of healthcare policy and research
48/11/2010
Missions of the eHealth platform development of a vision and a strategy for effective,
efficient and secure electronic services and information exchange in healthcare, with respect for privacy protection and in close cooperation with the various public and private healthcare actors
documentation of useful IT related functional and technical norms, standards, specifications and basic architecture for the use of IT to support this vision and strategy
verification that software packages managing electronic patient records comply with established IT related functional and technical norms, standards and specifications, as well as registration of these software packages
58/11/2010
Missions of the eHealth platform creation, development and management of a
cooperative platform for safe electronic data exchange with the corresponding basic services (see below)
agreement on a task division regarding the collection, validation, storage and availability of data exchanged over the cooperative platform and of the quality norms with which this data must comply, and verification of continued compliance with these quality norms
promotion and coordination of the realisation of programmes and projects which reflect the vision and strategy and use the cooperative platform and / or the corresponding basic services
68/11/2010
Missions of the eHealth platform management and coordination of IT related aspects of
data exchange in relation to electronic patient records and electronic medical prescriptions
role as an independent trusted third party (TTP) for the coding and anonymising of personal healthcare data for certain organisations, listed by law to support scientific research and policy
promotion of necessary changes for executing the vision and strategy
organisation of cooperation with other public services working on the coordination of electronic services
78/11/2010
Vision and strategy of the eHealth platform no central storage of personal healthcare data safe electronic data exchange between all actors in
healthcare if the patient wishes so, gradual referencing to places
where his / her personal health data are available, without being able to deduce from those references any intrinsic information about health
unrestricted application of law concerning• privacy protection• professional secrecy• patient rights• the exercise of medicine
88/11/2010
Vision and strategy of the eHealth platform special attention to information security and privacy
protection• end-to-end encryption of exchanged personal health data• very thorough preventive access control• personal health data can only be exchanged through the eHealth
platform with permission provided legally, by an independent Sectoral Committee of the Privacy Commission or by the patient
• logging of electronic services performed (who, what, about whom, when – not exchanged personal health data !)
• information security policies and advisors respect for and support of
• existing local or regional initiatives regarding electronic cooperation in healthcare
• private initiatives regarding electronic service to healthcare actors
98/11/2010
Vision and strategy of the eHealth platform use of the eHealth platform is optional, not mandatory platform is managed by the representatives of the
various healthcare actors respect for the therapeutic liberty of healthcare providers the eHealth platform does not change the intrinsic task
division between the various healthcare actors control of safe operation of the eHealth platform by an
independent Sectoral Committee of the Privacy Commission
the eHealth platform does not perform studies itself and provides no intrinsic policy support in the area of healthcare
108/11/2010
Legal translation of research support CBSS
• the CBSS gathers social data at the social security institutions, stores them, merges them, codes or anonymizes them, and communicates them to persons who need them to conduct research useful for the knowledge, the conception and the management of social security (art. 5 Law CBSS)
eHealth platform• the eHealth platform gathers data, merges them, codes or
anonymizes them, and communicates them as information useful for the knowledge, the conception, the management and the delivery of health care (art. 5, 8° Law eHealth platform)
• limited to addressees listed in the law, but possibility to extend the list of addressees by Royal Decree
128/11/2010
Basic servicesBasic serviceseHealth platformeHealth platform
Network
eHealth platform: basic architecturePatients, healthcare providersPatients, healthcare providers
and institutionsand institutions
ADSADS ADSADSADSADS
Suppliers
Users
eHealth eHealth platformplatformPortalPortal
Health PortalHealth PortalVASVASVASVASVASVASVASVAS
Healthcare Healthcare institution institution softwaresoftware
VASVASVASVASVASVASVASVASMyCareNetMyCareNet
VASVASVASVASVASVASVASVAS
Care provider Care provider softwaresoftware
VASVASVASVASVASVASVASVASRIZIV-INAMI RIZIV-INAMI
sitesiteVASVASVASVASVASVASVASVAS
ADSADSADSADSADSADS
138/11/2010
eHealth platform: basic architecture value-added service (VAS)
• a service made available to patients and / or its healthcare providers
• the provider of a value-added service can for this purpose use the basic services offered by the eHealth platform
basic service• a service developed and made available by the eHealth platform,
which can be used by the provider of a value-added service in developing and offering that value-added service
authentic data source (ADS)• a database containing reliable information that can be accessed
via the eHealth-platform• the database manager is responsible for the availability and
(organisation of) the quality of the information made available
148/11/2010
eHealth platform: basic architecture 9 multifunctional basic services are provided free of
charge by the eHealth platform the development and maintenance of the value-added
services and of the authentic data sources is the primary responsibility of other actors: already 24 value-added services use one or more basis services of the eHealth platform
the eHealth platform acts as the developer or hosting platform for certain value-added services or authentic data sources not containing personal health data concerning patients
the choice was made to work as much as possible based on open standards or, at least, open specifications in order to prevent dependence on one or a limited number of suppliers
158/11/2010
eHealth platform: standards and specifications norms are established for registration of the software
packages for GPs a number of technical interoperability standards have
already been defined• KMEHR (Kind Messages for Electronic Healthcare Records) with
message structure in XML• X.509 (certificates)
in a number areas, semantic interoperability standards have been defined• hospitals: ICD-9• GPs: ICD-10 and ICPC2• physical therapists: ICF• clinical laboratories: LOINC
168/11/2010
eHealth platform: basic services fully operational
1. coordination of electronic processes
2. web portal (https://www.ehealth.fgov.be)
3. integrated user and access management
4. logging management
5. system for end-to-end encryption- for communication of data to a recipient known at the time of the encryption- for communication of data to a recipient not known at the time of the
encryption
6. personal electronic mailbox for each healthcare supplier with basic features
7. electronic time stamping
8. coding and anonymizing
178/11/2010
eHealth platform: basic services operational by the end of 2010
9. reference directory (“metahub”)
operational by the second quarter of 20116. personal electronic mailbox for each healthcare supplier with
extended features
188/11/2010
Coordination of electronic processes
Application Application ApplicationClients
eHealth Service Bus (ESB)
Providers Application Application Application
OrchestrationOrchestration Application Integration & Monitoring
Exposed services
Consulted services
198/11/2010
Example: simplification chapter IV requests
A couple of days
A couple of days
A couple of
days
After many daysSickness fund
medical advisor
Prescriber
Pharmacy
208/11/2010
Example: simplification chapter IV requests
A few seconds
A few seconds
Prescriber
Sickness fund
medical advisor
A few seconds
Pharmacy
228/11/2010
User and access management
UserPolicy
Application(PEP)
Application
PolicyDecision (PDP)
Policy Administration
(PAP)
Policy Information(PIP)
Policy Information(PIP)
Policy Repository Authentic Source Authentic Source
Administrator
Action on application
Action on application ALLOWED
Action on applicationDECLINED
Fetch Policies
InformationQuestion/Answer
InformationQuestion/Answer
Decision answer
Decision request
Authorisation management
238/11/2010
EncryptioneHealth platformHealthcare actor
Person or entity
Inte
rnet
Iden
tific
atio
nce
rtifi
cate
Iden
tific
atio
nce
rtifi
cate
Web serviceRegister key
Connector or other software togenerate key pair
Sendspublic key
Stores private keyin a secure way
Public keysrepository
1
2
2
Authenticates sender
Storespublic key
3
4
248/11/2010
Iden
tific
atio
nce
rtifi
cate
Encryption
Internet
eHealth platform
Public keysrepository
Authenticates sender
Sendspublic key
2
3
Message originator
Iden
tific
atio
nce
rtifi
cate
Asks for public key
Encryptsmessage
4
1
Message recipient
Decrypts message5 Stored
privatekey
Identificationcertificate
Web serviceAsk public key
Send message
Any protocol
258/11/2010
Encryption
User 2Recipient
User 1Originator
Key Management
/ Depot
MessagesDepot
1 asks for key
2 sends keySymmetric
keyEncrypted with public
key of user 1
3 sends encrypted message
Message encrypted with
symmetric key
Encrypted with public key of
Message depot
Message encrypted withsymmetric key
4 justifies right toobtain key
4 justifies right toobtain message
Symmetric key
Encrypted with public
key of user 2
5 receives key
5 receives message
Message encrypted with
symmetric keyEncrypted with public key of
User 2
268/11/2010
eHealthKey depot
Recip-e
1 asks for key2 gives key
3 sends encrypted recipe
4 asks for key
5 gives keyPrescriber Pharmacy
4 asks recipe
5 gives recipe
Example: out-patient electronic prescriptions
298/11/2010
Electronic time stamping
User
document A1
hashcode A
eHealth platform
2hashing
document B
hashcode B
timestamp bag3
electronictime stamping
4
electronicsignature
5
archive6
archive6
308/11/2010
Reference directory is developed through a trapped system
• reference to the care provider(s) or care institution(s) where one or more electronic documents are available for a patient is, with the informed consent of the patient, stored in a local or regional reference directory (a so-called "hub")
• the reference directory managed by the eHealth platform (the so-called "metahub") only contains references to the hub(s) where references for a patient are stored
development through a trapped system• respects the organisation of regional and local networks between
care providers and/or care institutions• avoids the possibility that health information about the patient
can be deduced from the information stored in the reference directory managed by the eHealth platform
318/11/2010
Reference directory publication of the reference in a hub and the metahub
requires the informed consent of the patient concerned access to information to which reference is made in a
hub requires a therapeutic relationship between the requesting care provider and the patient concerned
a guidance committee has been created within the Consultation Committee of the eHealth platform
338/11/2010
Example: exchange of patient data: future
A
CB
1: Where can we find data?
3: Fetch data from hub A
3: Fetch data from hub C
Meta-Hub
4:All data available
2: In hub A and C
358/11/2010
Concrete functions CBSS
• trusted third party for- ad hoc anonymizing of personal data- ad hoc coding of personal data
• management of a data warehouse labour market and social protection (available variables are described at the website of CBSS, section “Statistics”)
• organisation of sending of surveys to target groups
eHealth-platform• trusted third party for
- ad hoc anonymizing of personal data- ad hoc coding of personal data- for a limited, listed number of addressees
368/11/2010
Critical success factors data quality: “garbage in is garbage out”
technical interoperability
semantic interoperability
if merging of data from several sources is needed, unique identification number (best candidate: social security identification number)
respect of principles of privacy protection and information security
378/11/2010
Data categories anonymous data
• data that cannot be related to an identified or identifiable person by any one
• are not personal data => Privacy Protection Act does not apply
coded data• data that cannot be related to an identified or identifiable person
by the controller of the data processing, but that can be related to an identified or identifiable person by an intermediary organization
• are personal data => Privacy Protection Act applies
non-coded data• data that can be related to an identified of identifiable person by
the controller of the data processing• are personal data => Privacy Protection Act applies
388/11/2010
Evaluation of identifiability an identifiable person is one who can be identified,
directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller of the data processing or by any other person to identify the said person
398/11/2010
Relevant privacy protection law (art. 4 PPA)Personal data must be processed fairly and lawfully; collected for specified, explicit and legitimate purposes and, taking
into account all relevant factors, especially the reasonable expectations of the data subject and the applicable legal and regulatory provisions and must not be further processed in a way incompatible with those purposes; under the conditions established by the King, having received the opinion of the Commission for the Protection of Privacy, further processing of data for historical, statistical or scientific purposes is not considered incompatible
adequate, relevant and not excessive in relation to the purposes for which it is collected or further processed
kept in a form that allows for the identification of data subjects, for no longer than necessary with a view to the purposes for which the data is collected or further processed; having received the opinion of the Commission for the Protection of Privacy, the King shall establish appropriate safeguards for personal data stored longer than stated above for historical, statistical or scientific purposes
408/11/2010
Relevant privacy protection law (art. 7 PPA)The processing of health-related personal data is prohibited. The prohibition to process the data does not apply in the following cases: a) the data subject has given his written consent to such processing, with
the understanding that the consent can be withdrawn by the data subject at any time
d) the processing is necessary for the promotion and protection of public health, including medical examination of the population
e) the processing is required by or by virtue of an act, decree or ordinance for reasons of substantial public interest
j) the processing is necessary for the purposes of preventive medicine or medical diagnosis, the provision of care or treatment to the data subject or to one of his relatives, or the management of health-care services in the interest of the data subject, and the data is processed under the supervision of a health professional
k) the processing is required for the purposes of scientific research and carried out under the conditions established by the King by decree after deliberation in the Council of Ministers, having received the opinion of the Commission for the Protection of Privacy
418/11/2010
Relevant privacy protection law (Royal Decree)Art 2. The further processing of personal data for historical, statistical or scientific purposes shall be considered compliant with article 4 of the Act if it is carried out under the conditions set forth in this chapter. The storage of personal data for historical, statistical or scientific purposes, as referred to in article 4 of the Act, is authorized under the conditions set forth in this chapter.
Art 3. The further processing of personal data for historical, statistical or scientific purposes shall take place using anonymous data.
Art 4. If it is impossible to achieve the historical, statistical or scientific purposes using anonymous data for the further processing, the controller of the further processing for historical, statistical or scientific purposes may process encoded data pursuant to the provisions of section 2 of this chapter.
In that case he shall mention in the notification of the processing, which he shall make pursuant to article 17 of the Act, the reasons why it is impossible to achieve the historical, statistical or scientific purposes using anonymous data for the further processing.
428/11/2010
Relevant privacy protection law (Royal Decree) Art 5. If it is impossible to achieve the historical, statistical or scientific purposes using encoded data for the further processing, the controller of the further processing for historical, statistical or scientific purposes may process non-encoded data pursuant to the provisions of section 2 of this chapter.
In that case he shall mention in the notification of the processing, which he shall make pursuant to article 17 of the Act, the reasons why it is impossible to achieve the historical, statistical or scientific purposes using encoded data for the further processing.
Art 6. The controller of the further processing of personal data for historical, statistical or scientific purposes must not perform any operations that aim to convert anonymous data into personal data or encoded personal data into non-
encoded personal data.
438/11/2010
Relevant privacy protection law: Royal Decree coded data
• notification to the Privacy Commission prior to further processing for historical, statistical or scientific purposes
- specific motivation of the need for coded data- complementary information in case of need for processing of sensitive or
health data
• coding prior to further processing for historical, statistical or scientific purposes
- by the controller of the original data or an intermediary organization when data originate from one controller
- by an intermediary organization when the data originate from several controllers
- the intermediary organization needs to be independent from the controller of the further processing for historical, statistical or scientific purposes
• coded data may only be disclosed to the controller of the further processing for historical, statistical or scientific purposes after receipt of the proof of the notification to the Privacy Commission
448/11/2010
Relevant privacy protection law: Royal Decree coded data
• information duty of the controller of the original data or the intermediary organization towards the data subjects, unless
- impossibility to inform the data subjects- information duty involves a disproportionate effort (notification duty to the
Privacy Commission in case of sensitive or health data)- data are coded by an intermediary organization being an administrative
authority having the explicit legal task to act as an intermediary organization (e.g. CBSS and the eHealth platform)
458/11/2010
Relevant privacy protection law: Royal Decree non-coded personal data
• notification to the Privacy Commission prior to further processing for historical, statistical or scientific purposes
- specific motivation of the need for non-coded personal data
• explicit informed consent of the data subjects prior to further processing for historical, statistical or scientific purposes, unless
- data are public- information duty involves a disproportionate effort (notification duty to the
Privacy Commission in case of sensitive or health data)
• non-coded personal data may only be disclosed to the controller of the further processing for historical, statistical or scientific purposes after receipt of the proof of the notification to the Privacy Commission
468/11/2010
Relevant privacy protection law role of sectoral committee in the social and health sector
• social data- every exchange of non-coded personal data by a social security institution
has to be authorized by the sectoral committee- every coding of data by the CBSS has to be authorized by the sectoral
committee, indicating whether the encoding should be reversible or irreversible
- every anonimyzing of data by the CBSS has to be submitted for advice to the sectoral committee, unless the anonymizing is executed for a number of addressees listed in the law
• health data- every exchange of non-coded personal data has to be authorized either by
the data subject, either by the law, either by the sectoral committee- every coding of data by the eHealth platform has to be authorized by the
sectoral committee, indicating whether the encoding should be reversible or irreversible
- every anonimyzing of data by the eHealth platform has to be authorized by the sectoral committee