Upload
shawn-patrick
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
The eHealth platform: current situation and future perspectives
Leuven.Inc
Frank RobbenGeneral manager of the eHealth platformQuai de Willebroeck 38B-1000 BrusselsE-mail: [email protected] eHealth platform https://www.ehealth.fgov.bePersonal website: www.frankrobben.be
13/05/2014
Some evolutions in health care
•more chronic care instead of merely acute care•remote care (monitoring, assistance, consultation, diagnosis, operation, ...), and home care•multidisciplinary, transmural and integrated care•patient-oriented care and patient empowerment•rapidly evolving knowledge => need for reliable and coordinated management and access to knowledge•threat of excessively time-consuming administrative processes•thorough support of health care policy and research requires thorough, integrated and anonymised information•cross-border mobility•need for cost control
213/05/2014
These evolutions require...
• collaboration between all actors in health care• efficient and safe electronic communication between all actors in
health care• high-quality electronic patient files, across specialties• care pathways• optimised administrative processes• technical and semantic interoperability• guarantees concerning
– information security– privacy protection– respect for the professional secrecy of health care providers
13/05/2014 3
Overall objectives of the eHealth platform
• how?– through a well-organised, mutual electronic service and information
exchange between all actors in health care– by providing the necessary guarantees with regard to information security,
privacy protection and professional secrecy
• what?– optimisation of health care quality and continuity – optimisation of patient safety– simplification of administrative burden for all actors in health care– thorough support of health care policy and research
13/05/2014 4
eHealth platform In practice
The patient consults his doctor
Administrative advantages
Possibility to register therapeutic relationships and informed consent
513/05/2014
Medical advantage
s
eHealth platform In practice
Laboratory results
Look up medical history through the
SumEHR
Medication schedule
Online advice and guidelines
Electronic medical referral form
Electronic prescriptions
613/05/2014
Adminis-trative
advantages
eHealth platform In practice
Tarification,billing
Create and send
certificates
Update SumEHR, medication schedule, ...
Send a report to the GMF owner
Registrations
713/05/2014
Basic servicesBasic serviceseHealtheHealth platform platform
Network
Basic architecture
13/05/2014
Patients, health care providersPatients, health care providersand health care institutionsand health care institutions
VASVAS VASVASVASVASSuppliers
Users
Overall Overall objectives of objectives of the the eHealtheHealth
platformplatform
Health portalHealth portalAVSAVSAVSAVSAVSAVSAVSAVS Software Software
health care health care institutioninstitutionAVSAVSAVSAVSAVSAVSAVSAVS
MyCareNetMyCareNetAVSAVSAVSAVSAVSAVSAVSAVS
Software Software health care health care
providerproviderAVSAVSAVSAVSAVSAVSAVSAVSSite NIHDISite NIHDIAVSAVSAVSAVSAVSAVSAVSAVS
VASVASVASVASVASVAS
8
10 missions
1. development of a vision and a strategy with regard to eHealth
2. organisation of collaboration between other government agencies charged with coordinating electronic services
3. acting as a key driver for the necessary changes in order to carry out the vision and strategy with regard to eHealth
4. establishing the functional and technical norms, standards and specifications and the basic ICT architecture
5. registration of software for management of electronic patient files
13/05/2014 9
10 missions
6.creation, development and management of a cooperative platform for safe electronic data exchange with the corresponding basic services
7.to agree on task division and quality standards with regard to information storage, and to verify whether these standards are complied with
8.as an independent trusted third party (TTP), being in charge of the coding and anonymisation of personal health data for the benefit of specific agencies, as established by law, in order to support scientific research and policy
9.promoting and coordinating the development of programs and projects
10.managing and coordinating the ICT aspects of data exchange within the framework of electronic patient files and electronic medical prescriptions
13/05/2014 10
10 basic services
13/05/2014
1. integrated user and access management2. orchestration of electronic subprocesses3. portal environment (https://www.ehealth.fgov.be)4. logging management5. system for end-to-end encryption6. personal electronic mailbox for each health care provider (eHealthBox)7. timestamping8. coding and anonymisation9. consultation of the National Register and of the Crossroads Bank
Registers10. reference directory (metahub)
11
6.1. integrated user and access management: makes it possible to guarantee that only authorised health care providers/ health care institutions have access to personal data to which they are authorised to have access
• access rules are defined by, among other things, the law and authorisations issued by the Health Section of the Sectoral Committee (established within the Privacy Commission)
• each application defines its own access rules • when a user authenticates his identity (using the electronic identity card
or token), the generic verification model of the tool is set in motion: it consults the rules established for the application, verifies if the user does indeed meet these rules and accordingly grants or restricts access to the application
10 basic services
13/05/2014 12
Integrated user and access management
UserPolicy
Application(PEP)
Application
PolicyDecision (PDP)
Policy Administration
(PAP)
Policy Information(PIP)
Policy Information(PIP)
Policy Repository Authentic Source Authentic Source
Administrator
Action on application
Action on application ALLOWED
Action on applicationDECLINED
Fetch Policies
InformationQuestion/Answer
InformationQuestion/Answer
Decision answer
Decision request
Authorisation management
1313/05/2014
6.2. orchestration of electronic subprocesses: allows for the flexible and harmonious integration of the different processes that are linked to the implementation of several basic services into one, single application
6.3. portal environment: a web window offering a variety of online services to health care actors in order to help them provide the best possible health care; the portal environment provides all useful information on the services that are offered by the eHealth platform, its tasks, its standards, etc. It contains, among other things, the documents users need to configure the right settings in order for them to have access to the available online services
10 basic services
13/05/2014 14
6.4. logging management: management of a register of access to the information management system: all read, write and delete accesses are registered and have probative value in case of a complaint
6.5. system for end-to-end encryption: transfer of complete and unmodified data from one point to another by making them indecipherable (encryption), provided that these data have not been decrypted with a keyTwo methods:• In the case of a known recipient: use of an asymmetric encryption
system (2 keys)• In the case of an unknown recipient: use of symmetric encryption
(the information is encrypted and stored outside the eHealth platform; the decryption key can only be obtained through the eHealth platform)
10 basic services
13/05/2014 15
Encryption for a known recipient
eHealth platformHealth care actorperson or entity
Inte
rnet
Iden
tifica
tion
certi
ficat
e
Iden
tifica
tion
certi
ficat
e
Web serviceRegister key
Connector or other software togenerate key pair
Sendspublic key
Stores private keyin a secure way
Public keysrepository
1
2
2
Authenticates sender
Storespublic key
3
4
1613/05/2014
Iden
tifica
tion
certi
ficat
e
Encryption for a known recipient
Internet
eHealth platform
Public keysrepository
Authenticates sender
Sendspublic key
2.
3
Message originator
Iden
tifica
tion
certi
ficat
e
Asks for public key
Encryptsmessage
4
1
Message recipient
Decrypts message5 Stored
privatekey
Identificationcertificate
Web serviceAsk public key
Send message
Any protocol
1713/05/2014
Encryption for an unknown recipient
User 2Recipient
User 1Originator
Key Management
/ Depot
MessagesDepot
1 asks for key
2 sends keySymmetric key
Encrypted with public
key of user 1
3 sends encrypted message
Message encrypted with
symmetric key
Encrypted with public key of
Message depot
Message encrypted withsymmetric key
4 justifies right toobtain key
4 justifies right toobtain message
Symmetric key
Encrypted with public
key of user 2
5 receives key
5 receives message
Message encrypted with
symmetric keyEncrypted with public key of User
2
1813/05/2014
6.6. timestamping: makes it possible to assign a time and date, accurate to the second, to a health care document and thereby makes it possible to permanently ensure the validity of its content by appending an eHealth signature
6.7. coding and anonymisation: makes it possible to hide the identity of individuals behind a code, so that the useful data of these individuals can be used without infringing on their privacy + makes data anonymisation possible by replacing patients’ detailed characteristics with generalised characteristics. These encoded or anonymised data preserve their usefulness, but without allowing the direct or indirect identification of the person
10 basic services
13/05/2014 19
Trusted Third Party (TTP)
Use Case :
A university wants to study the impact of a medical treatment on patientsby crossing medical informations from multiple sources (hospitals, cancerregistry, insurance, …)
Most of these medical information is confidential and highly sensitive
Warranty must be provided that privacy, professional secrecy and patient rights are not violated when medical data are communicated
13/05/2014 20
Trusted Third Party (TTP)
Solution :
eHealth platform assumes the role of « trusted third party » (go-between organization) between instances identified by the law
eHealth, by coding patient ID’s such as SSIN (Social Security Inscription Number), ensures that a patient cannot be identified directly or indirectly and thus that privacy, medical secret and patient rights are well respected
this role is executed under the supervision of a Sectoral Committee
13/05/2014 21
In practice
eHealth platform doesn’t perform consolidation or small cell risk analysis > this role must be assigned to a Data Manager
13/05/2014 22
Data Source 1
eHealth(coding/coupling)
Investigator
Data Source 2
1. ID-MD1
Data Manager(consolidation)
3. IDcoded-MD1-MD2
2. ID-MD2
4. IDcoded-consolidatedMD
By this way •only eHealth platform can relate patientID’s with the code and separation between data sources and researchers is guaranteed•reidentification of a patient can thus only be performed via eHealth platform•medical data (=MD) must normally be encrypted by the source > by this way eHealth platform has only access to the patientID •n most cases, this process can be automated by using the eHealthBox
Researcher
Useful links
all information concerning eHealth platform TTP service is available at the eHealth portal
https://www.ehealth.fgov.be/fr/support/services-de-base/codage-et-anonymisation (FR)
https://www.ehealth.fgov.be/nl/support/basisdiensten/codering-en-anonimisering (NL)
information requests can be submitted by mail at the address: [email protected]
13/05/2014 23
Application of timestamping:electronic prescriptions in hospitals
Prescription A1
Hashcode A2
Prescription B
Hashcode B
Timestamp bagElectronic
timestamping
4
Electronicsignature
5
Archive6
Archive63
2413/05/2014
6.8. consultation of the National Register and Crossroads Bank Registers:
authorised health care actors access the National Register and the Crossroads Bank Registers under strict conditions
6.9. eHealthBox: a secured electronic mailbox for the exchange of medical data
6.10. reference directory: indicates which types of data are stored, by which health care
actors and for which patients, with the consent of said patients
10 basic services
13/05/2014 25
Value-added services
65 value-added services in production> 40 value-added services under study
examples of value-added services:• registration in and consultation of
– cancer registry
– registry of hip and knee prostheses (Orthopride)
– registries of care provided for heart implants (Qermid)
– shared electronic arthritis file, including electronic processes for the reimbursement of anti-TNF medication (Safe)
13/05/2014 26
Value-added services
• PROCARE RX allows radiologists to upload and send anonymous X-rays and information to experts for review or a second opinion
• management of on-call GP and dentist shifts (Medega)
• reports on MUG interventions
• electronic communication to the owner of a global medical file (GMF) of the reports drawn up by on-call GPs
• Resident Assessment Instrument (BelRAI)
• electronic consultation of patients' health insurance coverage by nurses
13/05/2014 27
Value-added services
• SARAI care portal of the Antwerp Hospital Network ('Ziekenhuisnetwerk Antwerpen'-ZNA) in support of
– collaboration between GPs, specialists and health care teams within the NIHDI health care programs (diabetes and renal insufficiency)
– the contribution of GPs to the multidisciplinary oncology consultation
• electronic forwarding of third party invoices by nurses (nurse groups) to health insurance funds
• quality indicator for hospitals (QI dataserver)
• registration of the emergency services data of 2 participating hospitals
• electronic medical card for people without documents (eCarmed)
13/05/2014 28
Value-added services
• platform for data exchange between the Flemish Agency for Care and Health and the services recognised by the Agency (VESTA)
• support of the electronic care prescription in 108 hospitals (77 % of hospitals)
• consultation of living wills regarding euthanasia
• electronic registration and consultation of the medical evaluation of disabled people in the FPS Social Security information system (Medic-e)
• online registration system for private facilities within the sector of special youth care in Flanders
• electronic birth registration – eBirth
13/05/2014 29
Cornerstone: Multidisciplinary data sharing
1. data transmission
– snapshot of the data
– sender chooses recipient
– sender is responsible for sending the data only to recipients who are entitled to have access to these data
2. data sharing
– evolutive data
– the source does not know in advance who will consult the data (e.g. on-call GP)
– necessity of clarifying which people are entitled to have access to the data
13/05/2014 30
Data transfer: eHealthBox:
• sending of messages to "actors in health care"– based on
• national Register number• NIHDI number• CBE number
– through web application or integrated into the medical file– with (or without) encryption based on eHealth certificates/ eHealth keys– other functionalities
• receipt, publication and reading confirmation• reply & forward• check multiple mailboxes• priority level• auto delete
– an average of 1.6 million messages sent per month to the eHealthBox (multiple recipients)
– an average of 2.4 million messages downloaded per month through the eHealthBox
13/05/2014 31
Multidisciplinary data sharing
1. data from hospitals
– sharing of documents between hospitals and doctors– “hubs and metahub system”
2. extramural data
– sharing of structured data between first-line health care providers and other extramural health care providers
– “extramural vaults”
3. coupled and interoperable
– standards– informed consent– therapeutic relationship/ health care relationship
13/05/2014 32
Hubs & Metahub system: Creation of the "hubs"
5 hubs
3 technical implementations
98 % of Belgian hospitals (have signed the 2012 protocol)
13/05/2014 33
Hub-metahub: currently
3413/05/2014
Hub-metahub: in future
A
CB
1: Where can we find data?
3. Retrieve data from hub A
3: Retrieve data from hub C
4:All data available
2: In hub A and C
3513/05/2014
Extramural data 1/2
• supporting the development of data exchange platforms for all sorts of extramural health care providers (GPs, dentists, pharmacists, physiotherapists, home nurses, dietitians, psychologists, ...)
– in cooperation with Communities (first-line health care conference in Flanders, the Intermed initiative in Wallonia)
– for the disclosure of data via the hub/metahub system between local information systems of extramural health care providers and between these systems and the information systems of health care/welfare organizations
– for the interaction with extramural vaults awaiting development
– by reusing the basic services of the eHealth platform and by making use of several achievements of the developed data sharing platform between hospitals and GPs/doctors
13/05/2014 36
Extramural data 2/2
A
C
B
Inter-Med
3713/05/2014
Data sharing
• Each actor keeps their own file up to date
• However, they can decide to share parts of the file with other actors
• Examples:
• medication schedule
• SUMEHR
• parameters
• journal
• …
3813/05/2014
Access for health care providers
• having a "health care relationship"
• depending on their role
No access for
• IT administrators, hoster,..
• eHealth platform
• authorities
without the active cooperation of the owner of the 2nd key
VaultGovernance Archiving Management
Vault data
Authentication ... Authorisation
Data quality
EncryptionDecryption Authentication
Vault connector
Treshold decryptieTrus
ted
3rd
part
y
2 1.
Vaul
t cor
e
3913/05/2014
Informed consent & therapeutic relationship
• content of informed consent
– for registration in the reference directory (as required by the eHealth law)– for the electronic exchange of health data between health care providers
within the framework of patient health care, as long as the following conditions are met:
• approval by the Sectoral Committee• therapeutic relationship required• only relevant data• the patient decides, in consultation with the health care provider, which data will be
shared • health care providers may be excluded by name • possibility of a posteriori verification of the granted access • consent may be revoked at any given time
13/05/2014 40
• registration of informed consent– patient is informed about the system– specific procedure approved by the Board of Directors and the Sectoral
Committee– consent can be registered through eHealth consent
• either by the concerned person themselves• or by a doctor, a pharmacist, a hospital or a health insurance fund
– https://www.ehealth.fgov.be/fr/prestataires-de-soins/services-en-ligne/ehealthconsent
• therapeutic relationship– only health care providers who have a therapeutic relationship with the
patient (1) can access the information they need to perform their task (2)• (1) proof of therapeutic relationship determines which patient the health care
provider has access to • (2) role determines which type of data the health care provider has access to
Informed consent & therapeutic relationship
4113/05/2014
eHealthConsent
4213/05/2014
eHealthConsent
4313/05/2014
eHealthConsent
13/05/2014 44
eHealthConsent
13/05/2014 45
Health care computerizationPlan 2013-2018 / Overview
• at the end of 2012, organization of a Round table regarding the development of health care computerisation
• participation of about 300 people from the sector
• tangible, 5-year action plan for eHealth established – Roadmap
• the action plan is based on 5 pillars: – to develop data exchange by health care providers on the basis of a joint architecture – to increase patient awareness of eHealth– to develop a reference terminology – to achieve administrative simplification and efficiency – to implement a flexible and transparent governance structure in which all competent
authorities and stakeholders are involved
• this action plan constitutes a clear framework for 20 concrete and measurable objectives for the next five years
13/05/2014 46
Roadmap 2013-2018 (www.rtreh.be)
• each owner of a GMF manages an electronic file regarding the concerned patient, updates the relevant data in a SumEHR and shares them through Vitalink/Intermed
• each hospital has a structured electronic patient file
• hospital documents are shared and generalised through the hub/metahub system
• intramural and extramural laboratory results and reports of medical imaging are shared through the hub/metahub system or through Vitalink/Intermed
13/05/2014 47
Roadmap 2013-2018 (www.rtreh.be)
• data concerning delivered medicines and medication schedules are shared electronically
– shared pharmaceutical file as an authentic source for delivered medicines
– Vitalink and Intermed as authentic sources for medication schedules
• electronic medicine prescriptions in the ambulatory sector are generalised and extended to other prescriptions (physiotherapy, nursing, laboratory research, medical imaging)
• for each health care profession, minimum content of an electronic patient file is defined
13/05/2014 48
Roadmap 2013-2018 (www.rtreh.be)
• generalised usage of the eHealthBox
• traceability of medical devices
• elaboration of a national terminology policy
• extension of the hub/metahub system to psychiatric hospitals and rest homes
• evolution of BelRAI as an evaluation tool
• social debate on whether or not access rights to patient data should be modularised
• patients organise access to their data
• adaptation of regulation and financing as incentives for ICT usage
13/05/2014 49
Roadmap 2013-2018 (www.rtreh.be)
• inclusion of eHealth in the training of health care providers
• implementation of MyCarenet services (electronic billing of third-party payers, electronic consultation of insurability, electronic exchange between hospitals and health insurance funds in the event of hospitalisation, ...)
• inventory and consolidation of registers
• action plan for further administrative simplification
• monitoring and execution of the action plan
13/05/2014 50
THANK YOU !
Any questions ?
@FrRobben
https://www.ehealth.fgov.behttp://www.ksz.fgov.be/http://www.frankrobben.be
13/05/2014