Security Infrastructure and National Patient Summary Mats Hagner. Project Manager Carelink AB

Carelink A national association in Sweden, promoting eHealth Currently owned by the county councils and local authorities. Development Manage and coordinate national projects to develop common solutions – ICT support for health and social care System maintenance Maintain and further develop functionality and quality in already existing common ICT solutions.

Basic services for Information Provision BIP ”An important current development is the removal of individual functions from a large number of e-Health solutions and the development of general or national common solutions.” National Strategy for eHealth

Vision A unified way to handle patient data with full information security within and between organisations.

Rules and regulations Legislation –New Patient Data Act Regulations –National Board on Health and welfare (Socialstyrelsen) –Data Inspection Board Patient data –Each health care principal is responsible for controlling access to patient data

Prerequisites Securely identified user –eID + HealthCare Certificate Need for patient data Engagement in care activity Consent Log –follow up

Current security solutions Care professional Users in every system Heavy administration Non dynamic

Tools Service Oriented Architecture SOA Service (consumer) Service (provider) Request Response Message Information exchange between separated services in a standardized, secure and controlled manner.

BIP –Web services Authentication Access control - ABAC Consent …… –Based on OASIS-standards as XACML, SAML –Builds on national security solution (SITHS) –Specified in national ”standard” –Developed in cooperation with IT-industry –First official version of the technical specifications ready in june 2007

ABAC - Attribute Based Access Control Apply rules Control Actor (Healthcare professional) Resource (Patient data) Actor attributes Resource attributes Rules Patient ID Organization Medical speciality Date ID Organization Medical speciality Date

Example of rule for patient data access Rule-ID=1 Actor Profession=Orthopedist Organizational unit=Division 3 Classification=Orthopaedia Activity Read Write Resource Organizational unit=Division 3 Classification=Orthopaedia Criteria Valid=  Decision by Unit manager NN

Access Control Authentication IT-service Client Log Log in Organizational boundaries Ticket ID Attributes

Local access decisions e-Health application BIP County Council A County Council B Private Care prov. Patient data transfer BIP e-Health application BIP e-Health application

BIP – Summary Service Oriented Architecture Strong authentication – PKI Attribute Based Access Control – ABAC Procurement process starts in june 2007 Planning to start implementation 3Q 2008

Swedish National Patient Summary A summary of important patient information – warning, medication, lab tests etc. Viewing only – no updating. Integrated into care applications or used via separate client

Basic conditions Decentralized health-care and decision rights Highly diversified IT systems High level of computer literacy 21 county councils/regions run hospitals and primary care 290 local authorities provide at home services and ”special accommodations” Large number of private care companies Early adapters of electronic medical records Limited coordination resulting in a highly diversified IT landscape with solitaire systems, many brands and limited ability to communicate Almost all hospitals, primary care units and home care units fully digitalized User computer literacy is high Big sunk investment in electronic medical record

Why a National Patient Summary? Patients Regional use Increased mobility between regions and nations Exchange between county councils and municipalities. Highly demanded from municipalities. Enhanced efficiency and healthcare quality Healthcare guarantees Healthcare clusters Increased wish to manage own healthcare and care processes Increased Internet literacy Enhanced healthcare security Improved decision support and processes Reduced admin and testing costs Improved clinical outcomes Need for interoperability and access to patient data

Design considerations Constraints Legal restrictions to transfer patient data across organizational borders Need for scalability and performance Minimize changes in existing systems Coordinate with other national initiatives A federated and distributed model Data remains at the source Local data repositorites on the network rim Existing local clinical systems and standards remain largely intact Less legal and no ownership issues High scalability and performance No single point of failure Fast implementation

Based on industrial solution Utilization of thoroughly tested components Established base of existing reference installations Adapt to information model, security infrastructure and legislation Established methods and tools for implementation Prime contractor with clear service deliverables Prime contractor with strong balance sheet and R&D strengths Competence redundancy Adherence to industrial standards Based on industrial solution Reduced costs Reduced risk – won’t become test bed for new technology Improved stability Continuous improvements with reduced R&D costs Faster and simpler implementation Enable us to focus on using the solution to improve quality and clinical results

Key success factors Build and develop for the healthcare profession Don’t reinvent the wheel – look for what you can copy/buy from your neighbor and upcoming EU standards Coordinate with other national initiatives such as security infrastructure, information model etc. Develop step-wise rather than go for a big bang – there is a lot of learning on the way