The eHealth platform: current situation and future perspectives 23/04/2014 Frank Robben General manager of the eHealth platform Quai de Willebroeck 38 B-1000 Brussels Website eHealth platform Personal website:
Some evolutions in health care more chronic care instead of merely acute care remote care (monitoring, assistance, consultation, diagnosis, operation,...), among others home care multidisciplinary, transmural and integrated care patient-oriented care and patient empowerment rapidly evolving knowledge => need for reliable, coordinated knowledge management and accessibility threat of excessively time-consuming administrative processes a thorough support of health care policy and research requires thorough, integrated and anonymized information cross-border mobility need for cost control 2 23/04/2014
These evolutions require... a collaboration between all actors in health care an efficient and safe electronic communication between all actors in health care high-quality electronic patient files, across specialties care pathways optimized administrative processes a technical and semantic interoperability guarantees concerning – information security – protection of the private sphere – respect for the professional secrecy of health care providers 23/04/2014 3
Overall objectives of the eHealth platform how? – through a well-organized, mutual electronic service and information exchange between all actors in health care – providing the necessary guarantees as regards information security, the protection of the private sphere and professional secrecy which? – optimization of health care quality and continuity – optimization of patient safety – simplification of administrative formalities for all actors in health care – thorough support of the health care policy 23/04/2014 4
eHealth platform In practice The patient consults his doctor Administrative advantages Possibility to register therapeutic relationships and informed consents 5 23/04/2014
Medical advantages eHealth platform In practice Consult laboratory results Look up medical history through the SumEHR Medication schedule Online advice and guidelines Electronic medical referral form Electronic prescriptions 6 23/04/2014
Advantages of a subscription eHealth platform In practice Tarification, billing Create and send certificates Update SumEHR, medication schedule,... Send a report to the EMR owner Registrations 7 23/04/2014
Basic services eHealth platform Network Basic architecture 23/04/2014 Patients, health care providers and health care institutions VASVASVAS Suppliers Users Overall objectives of the eHealth platform Overall objectives of the eHealth platform Health portal Health portal AVS Software health care institution Software health care institution AVS MyCareNet AVS Software health care provider Software health care provider AVS Site NIHDI Site NIHDI AVS VASVASVAS 8
10 missions 1.development of a vision and a strategy with regard to eHealth 2.organization of the collaboration between other government agencies charged with coordinating electronic services 3.acting as a key driver for the necessary changes in order to carry out the vision and the strategy with regard to eHealth 4.establishing the functional and technical norms, standards, specifications and the basic ICT architecture 5.software registration in order to manage electronic patient files 23/04/2014 9
10 missions 6.creation, development and management of a cooperative platform for a safe electronic data exchange with the corresponding basic services 7.to come to an agreement on a task division and on quality standards and to verify if these standards are complied with 8.as an independent trusted third party (TTP), being in charge of the coding and anonymization of personal health data at the benefit of specific agencies as enumerated by law in order to support scientific research and policy 9.promoting and coordinating the development of programs and projects 10.managing and coordinating the ICT aspects of data exchange within the framework of electronic patient files and electronic medical prescriptions 23/04/
10 basic services 23/04/ integrated user and access management 2.orchestration of electronic subprocesses 3.portal environment ( 4.logging management 5.system for end-to-end encryption 6.personal electronic mailbox for each health care provider (eHealthBox) 7.timestamping 8.coding and anonymization 9.consultation of the National Register and of the Crossroads Bank Registers 10.reference directory (metahub) 11
6.1.integrated user and access management: allows to guarantee that only authorized health care providers/ health care institutions have access to personal data to which they are authorized to have access. access rules are defined, among others, by law, by authorizations of the Health Section of the Sectoral Committee (established within the Privacy Commission) each application defines its own accessibility rules when a user authenticates his identity (using the electronic identity card or the token), the generic verification model of the tool is set in motion: it consults the rules established for the application, verifies if the user does indeed meet these rules and provides access or not to the application 10 basic services 23/04/
Integrated user and access management 13 23/04/2014
6.2.orchestration of electronic subprocesses: allows a flexible and harmonious integration of the different processes that are linked to the implementation of several basic services into one and the same application 6.3.portal environment: a web window offering a variety of online services to health care actors in order to help them provide the best possible health care; the portal environment provides all useful information on the services that are offered by the eHealth platform, its tasks, its standards, etc. It contains, among others, the documents users need to configure the right settings in order for them to have access to the available online services 10 basic services 23/04/
6.4.logging management: management of a register of access to the data management system: all read, write and delete accesses are registered and have probative value in case of a complaint 6.5.system for end-to-end encryption: transfer of complete and unmodified data from one point to another by making them indecipherable (encryption) provided that these data have not been decrypted with a key Two methods: In the case of a known recipient: use of an asymmetric encryption system (2 keys) In the case of an unknown recipient: use of symmetric encryption (the information is encrypted and stored outside the eHealth platform; the decryption key can only be obtained through the eHealth platform) 10 basic services 23/04/
Encryption known recipient eHealth platform Health care actor person or entity Internet Identification certificate Identification certificate Web service Register key Connector or other software to generate key pair Sends public key Stores private key in a secure way Public keys repository Authenticates sender Stores public key /04/2014
Identification certificate Encryption known recipient Internet eHealth platform Public keys repository Authenticates sender Sends public key Message originator Identification certificate Asks for public key Encrypts message 4 1 Message recipient Decrypts message 5 Stored private key Identification certificate Web service Ask public key Send message Any protocol 17 23/04/2014
Encryption unknown recipient User 2 Recipient User 1 Originator Key Management / Depot Messages Depot 1 asks for key 2 sends key Symmetric key Encrypted with public key of user 1 3 sends encrypted message Message encrypted with symmetric key Encrypted with public key of Message depot Message encrypted with symmetric key 4 justifies right to obtain key 4 justifies right to obtain message Symmetric key Encrypted with public key of user 2 5 receives key 5 receives message Message encrypted with symmetric key Encrypted with public key of User /04/2014
6.6.timestamping: makes it possible to assign a date that is accurate to the second to a health care document and allows, in this way, to ensure the validity of its content throughout time by appending an eHealth signature 6.7.coding and anonymization makes it possible to hide the identity of individuals behind a code so that the useful data of these individuals can be used without infringement of their privacy + makes data anonymization possible by replacing their detailed characteristics with generalized characteristics. These encoded or anonymized data preserve their usefulness, but don’t allow the direct or indirect identification of the person 10 basic services 23/04/
Application of timestamping: the electronic prescription in hospitals Prescription A 1 Hashcode A 2 Prescription B Hashcode B Timestamp bag Electronic timestamping 4 Electronic signature 5 Archive /04/2014
6.8.consultation of the National Register and of the Crossroads Bank Registers: authorized health care actors access the National Register and the Crossroads Bank Registers under strict conditions 6.9.eHealthBox: a secured electronic mailbox for the exchange of medical data 6.10.reference directory: indicates which types of data are stored by which health care actors for which patients with the consent of the concerned patients 10 basic services 23/04/
Value-added services 64 value-added services in production > 40 value-added services under study examples of value-added services: registration in and consultation of – the Cancer registry – the registry of hip and knee prostheses (Orthopride) – the registries of care provided for heart implants (Qermid) – the shared electronic arthritis file, including electronic processes for the reimbursement of anti-TNF medication (Safe) 23/04/
Value-added services PROCARE RX allowing radiologists to upload and send anonymous X-rays and information to experts for review or a second opinion management of on-call GP and dentist shifts (Medega) reports on MUG interventions electronic communication to the owner of a global medical file (GMF) of the reports drawn up by on-call GPs Resident Assessment Instrument (BelRAI) electronic consultation of health insurance coverage of patients by nurses (nurse groups) 23/04/
Value-added services SARAI care portal of the Antwerp Hospital Network ('Ziekenhuisnetwerk Antwerpen'-ZNA) in support of – the collaboration between GPs, specialists and health care teams within the health care programs of the NIHDI (diabetes and renal insufficiency) – the contribution of GPs to the multidisciplinary oncology consultation electronic forwarding of third party invoice by nurses (nurse groups) to health insurance funds quality indicator for hospitals (QI dataserver) emergency services data registration of 2 participating hospitals (UREG) electronic medical card for people without documents (eCarmed) 23/04/
Value-added services platform for data exchange between the Flemish Agency for Care and Health and the services recognized by the Agency (VESTA) support of the electronic care prescription in 108 hospitals (77 % of the hospitals) consultation of living wills regarding euthanasia electronic registration and consultation of the medical evaluation of disabled people in the information system (Medic-e) of the FPS Social Security online registration system for private facilities within the sector of special youth care in Flanders electronic birth registration – eBirth 23/04/
Cornerstone: Multidisciplinary data sharing 1.data transmission – snapshot of the data – sender chooses recipient – sender is responsible for sending the data only to recipients who are entitled to have access to these data 2.data sharing – evolutive data – the source does not know in advance who will consult the data (e.g. on-call GP) – a need to clarify which people are entitled to have access to the data 23/04/
Data transfer: eHealthBox: sending of messages to "actors in health care" – based on the national Register number the NIHDI number the CBE number – through web application or integrated in the medical file – with (or without) encryption based on eHealth certificates/ eHealth keys – other functionalities receipt, publication and reading confirmation reply & forward consultation of multiple mailboxes priority level auto delete – an average of 1,6 million messages sent per month to the eHealthBox (multiple recipients) – an average of 2,4 million messages downloaded per month through the eHealthBox 23/04/
Multidisciplinary data sharing 1.data from hospitals – sharing of documents between hospitals and doctors – the “hubs and metahub system” 2.extramural data – sharing of structured data between first-line health care providers and other extramural health care providers – the “extramural vaults” 3.coupled and interoperable – standards – informed consent – therapeutic relationship/ health care relationship 23/04/
Hubs & Metahub system: Creation of the "hubs" 5 hubs 3 technical implementations 98 % of the Belgian hospitals (have signed the 2012 protocol) 23/04/
Hub–metahub: as is 30 23/04/2014
Hub–metahub: to be A C B 1: Where can we find data? 3. Fetch data from hub A 3: Fetch data from hub C 4: All data available 2: In hub A and C 31 23/04/2014
Extramural data 1/2 supporting the development of data exchange platforms for all sorts of extramural health care providers (GPs, dentists, pharmacists, physiotherapists, home nurses, dietitians, psychologists,...) – in cooperation with the Communities (First-line health care conference in Flanders, the Intermed initiative in Wallonia) – for the disclosure of data via the hub/metahub system between local information systems of extramural health care providers and between these systems and the information systems of health care/welfare organizations – for the interaction with an extramural vault that needs to be developed – by reusing the basic services of the eHealth platform and by making use of several achievements of the developed data sharing platform between hospitals and GPs/doctors 23/04/
Extramural data 2/2 A C B Inter- Med 33 23/04/2014
Data sharing Each actor keeps his own file up to date. However, he can decide to share parts of the file with other actors Examples: medication schedule SUMEHR parameters journal … 34 23/04/2014
Access for health care providers having a "health care relationship" depending on their role No access for IT administrators, hoster,.. eHealth platform authorities without the active cooperation of the owner of the 2 nd key Vault Governance Archiving Management Vault data Authentication...Authorization Data quality Encryption Decryption Authentication Vault connector Treshold decryptie Trusted 3rd party Vault core 35 23/04/2014
Informed consent & therapeutic relationship content of informed consent – for registration in the Reference directory (as required by the eHealth law) – for the electronic exchange of health data between health care providers within the framework of patient health care, as far as the following conditions are met: approval by the Sectoral Committee requirement of therapeutic relationship only relevant data the patient decides, in consultation with the health care provider, which data will be shared exclusion of health care providers by name is possible a posteriori verification of the granted access revocation of the consent at any given time is possible 23/04/
registration of the informed consent – patient is informed about the system – specific procedure approved by the Management Committee and the Sectoral Committee – the consent can be registered through eHealth consent either by the concerned person himself either by a doctor, a pharmacist, a hospital or a health insurance fund – ligne/ehealthconsent therapeutic relationship – only health care providers who have a therapeutic relationship with the patient (1) can access the information they need to perform their task (2) (1) proof of therapeutic relationship determines to which patient the health care provider has access (2) role determines to which type of data the health care provider has access Informed consent & therapeutic relationship 37 23/04/2014
eHealthConsent 38 23/04/2014
eHealthConsent 39 23/04/2014
eHealthConsent 23/04/
eHealthConsent 23/04/
Health care computerization Plan / Overview at the end of 2012, organization of a Round table regarding the development of the health care computerization participation of about 300 people from the sector a tangible action plan for eHealth has been established for five years - Roadmap the action program is based on 5 pillars: – to develop data exchange by health care providers on the basis of a joint architecture – to increase patient involvement and patient knowledge on eHealth – to develop a reference terminology – to achieve administrative simplification and efficiency – to implement a flexible and transparent governance structure in which all competent authorities and stakeholders are involved this action plan constitutes a clear framework for 20 concrete and measurable objectives for the next five years. 23/04/
Roadmap ( each owner of an GMF manages an electronic file regarding the concerned patient, updates the relevant data in a SUMEHR and shares them through Vitalink/Intermed each hospital disposes of a structured electronic patient file hospital documents are shared and generalized through the hub/metahub system intramural and extramural laboratory results and reports in medical imaging are shared through the hub/metahub system or through Vitalink/Intermed 23/04/
Roadmap ( data concerning the delivered medicines and the medication schedule are electronically shared – shared pharmaceutical file as an authentic source for the delivered medicines – Vitalink and Intermed as authentic sources for the medication schedule the electronic medicine prescription in the ambulatory sector is generalized and extended to other prescriptions (physiotherapy, nursing, laboratory researches, medical imaging) per health care profession the minimum content of an electronic patient file is defined 23/04/
Roadmap ( generalized usage of the eHealthBox traceability of medical devices elaboration of a national terminology policy extension of the hub/metahub system to psychiatric hospitals and rest homes evolution of BelRAI as an evaluation tool social debate about the modularity or not of access rights to patient data patient organizes the access to his data adaptation of the regulation and financing as incentives for ICT usage 23/04/
Roadmap ( inclusion of eHealth in the training of health care providers implementation of MyCarenet services (electronic billing of third-party payer, electronic consultation of insurability, electronic exchange between the hospital and the health insurance fund in case of a hospitalization,...) inventory and consolidation of registers action plan for a further administrative simplification monitoring and execution of the action plan 23/04/
THANK YOU!