1. A vision on electronic cooperation in the Belgian health care sector, based on the experience in the social sector, and the role of the Be-Health platform Frank Robben General manager Crossroads Bank for Social Security CEO Smals Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.beFrank.Robben@ksz.fgov.be Website CBSS: www.ksz.fgov.bewww.ksz.fgov.be Personal website: www.law.kuleuven.ac.be/icri/frobbenwww.law.kuleuven.ac.be/icri/frobben

2. 2 Frank Robben Structure of the presentation existing electronic cooperation in the social sector –the problem –the solution –basic principles –advantages towards an electronic cooperation in the health care sector, based on the experience of the social sector –objectives –useful building blocks –Be-Health platform

3. 3 Frank Robben Actors in the Belgian social sector about 2,000 public and private institutions at several levels (federal, regional, local) dealing with –collection of social security contributions –delivery of social security benefits child benefits unemployment benefits benefits in case of incapacity for work re-imbursement of health care costs holiday pay old age pensions guaranteed minimum income –delivery of supplementary social benefits –delivery of supplementary benefits based on the social security status of a person

4. 4 Frank Robben The problem a lack of well coordinated service delivery processes and of a lack of well coordinated information management led to –a huge avoidable administrative burden and related costs for the companies the citizens the actors in the social sector –service delivery that didn’t meet the expectations of the companies and the citizens –suboptimal effectiveness of the social protection –higher possibilities of fraud –suboptimal support of the social policy

5. 5 Frank Robben Expectations of citizens and companies integrated services –attuned to their concrete situation, and personalized when possible –delivered at the occasion of events that occur during their life cycle (birth, going to school, starting to work, move, illness, retirement, decease, starting up a company, …) –across government levels, public services and private bodies attuned to their own processes with minimal costs and minimal administrative burden if possible, granted automatically well performing and user-friendly reliable, secure and permanently available accessible via a channel chosen by the user (direct contact, phone, electronic devices, …) sufficient privacy protection

6. 6 Frank Robben The solution a network between all 2,000 social sector actors with a secure connection to the internet, the federal MAN, regional extranets, extranets between local authorities and the Belgian interbanking network a unique identification key –for every citizen, electronically readable from an electronic social security card and an electronic identity card –for every company 190 electronic services for mutual information exchange amongst actors in the social sector, defined after process optimization –nearly all direct or indirect (via citizens or companies) paper-based information exchange between actors in the social sector has been abolished –in 2006 511 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges

7. 7 Frank Robben Social security card name Christian name date of birth sex social security number period of validity of the card card number sickness fund sickness fund registration number insurance period insurance status social exemption status other data to be added in the future, if useful key 1 key 2

8. 8 Frank Robben Electronic identity card

9. 9 Frank Robben RSZ RIZIV Employer Employees Sickness funds Control Contribution certificate health care sector – present situation

10. 10 Frank Robben RIZIV Control CBSS RSZ Employer Employees Sickness funds Contribution certificate health care sector – present situation

11. 11 Frank Robben Derived rights in tax affairs a number of people are entitled to an increased refund of the costs for medical care moreover, a number of municipalities and provinces grant these persons reductions or even exemptions of the taxes

12. 12 Frank Robben Sickness fund Derived rights in tax affairs - past situation

13. 13 Frank Robben CBSS sickness funds network Derived rights in tax affairs - present situation

14. 14 Frank Robben The solution 41 electronic services for employers, either based on the electronic exchange of structured messages or via an integrated portal site –50 social security declaration forms for employers have been abolished –in the remaining 30 (electronic) declaration forms the number of headings has on average been reduced to a third of the previous number –declarations are limited to 3 events immediate declaration of recruitment and discharge (only electronically) quarterly declaration of salary and working time (only electronically) occurence of a social risk (electronically or on paper) –in 2006 17.9 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application –according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of more than 1 billion € a year for the companies

15. 15 Frank Robben Work force register Data- base Special work force register Individual document Students contract Inspection Employment contract Simplification On line consultation NOSS Work force register Start/end of an employment relationship

16. 16 Frank Robben Quarterly declaration salary & working time NOSS ONP ONVA Employer old age pension holiday pay ONEM INAMI ONAFTS FAT FMP Simplification Activity 3 Activity 2 Activity 1 one electronic declaration CBSS

17. 17 Frank Robben Declaration of social risks types of social risks –child allowances –incapacity for work ((labour) accident, (occupational) disease, …) –unemployment –old age pension 3 possible moments of declaration –start of the social risk –recurrence or continuation of the social risk –end of the social risk structure of the declaration –identification data –if necessary, salary and working time data not yet declared via a quarterly declaration (mini-declaration) –specific data concerning the social risk

18. 18 Frank Robben The solution electronic services for citizens –maximal automatic granting of services based on electronic information exchange between actors in the social sector –4 electronic services via an integrated portal 2 services to apply for social benefits 2 services for consultation of social benefits –about 30 new electronic services are foreseen an integrated portal site containing –electronic transactions for citizens and employers –information about the entire social security system –harmonized instructions and information model relating to all electronic transactions –a personal page for each citizen and each company an integrated multimodal contact centre supported by a customer relationship management tool

19. 19 Frank Robben The solution coordination by the Crossroads Bank for Social Security –board of directors consists of representatives of the companies, the citizens and the actors in the social sector –mission definition of the vision and the strategy on E-government in the social sector and of the common principles related to information management definition, implementation and management of an interoperability framework secure messaging of several types of information (structured data, documents, images, metadata, …) with business logic and orchestration support coordination of business process reengineering stimulation of service oriented applications management of a reference directory for –preventive control on the legitimacy of the information exchange –organisation of the routing of information –automatic communication of changes of information

20. 20 Frank Robben The solution reference directory –directory of available services/information which information/services are available at any institution depending on the capacity in which a person/company is registered at each institution –directory of authorized users and applications list of users and applications definition of authentication means and rules definition of authorization profiles: which kind of information/service can be accessed, in what situation and for what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service –directory of data subjects which persons/companies have personal files in which institutions for which periods of time, and in which capacity they are registered –subscription table which users/applications want to automatically receive what services in which situations for which persons/companies in which capacity

21. 21 Frank Robben Towards a network of service integrators Internet Extranet region or commmunity Extranet region or commmunity FEDMAN Services repository FPS ASS Services repository Extranet social sector ASS RPS Services repository VPN, Publi- link, VERA, … City Province Municipality Services repository Service integrator (FEDICT) Service integrator (CBSS) Service integrator (Corve, Easi-Wal, …)

22. 22 Frank Robben Basic principles information modelling unique collection of re-use of information management of information electronic exchange of information protection of information

23. 23 Frank Robben Information modelling information is being modelled in such a way that the model fits in as closely as possible with the real world information modelling takes as much account as possible of anticipated use of information the information model can be flexibly extended or adapted when the real world or the use of the information changes

24. 24 Frank Robben Unique collection and re-use of information information is only collected for well-defined purposes and is targeted to meet the requirements of these purposes all information is collected once, from as near to the authentic source as possible information is collected according to the information model and following uniform guidelines with the possibility of quality control by the supplier before the transmission of the information the collected information is validated once according to established task sharing criteria, by the institution that is most entitled to it or by the institution which has the greatest interest in correctly validating it it is then shared and re-used by authorized users

25. 25 Frank Robben Management of information a task sharing model is established indicating which institution stores which information as an authentic source, manages the information and maintains it at the disposal of the authorized users information is stored according to the information model information can be flexibly assembled according to ever changing legal concepts every institution has to report probable errors of information to the institution that is designated to validate the information

26. 26 Frank Robben Management of information every institution that has to validate information according to the agreed task sharing model, has to examine the reported probable errors, to correct them when necessary and to communicate the correct information to every known interested institution information is only retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance

27. 27 Frank Robben Electronic exchange of information once collected and validated, information is stored, managed and exchanged electronically to avoid transcribing and re-entering it manually electronic information exchange can be initiated by –the institution that disposes of information –the institution that needs information –the institution that manages the interoperability framework (CBSS as service integrator) electronic information exchanges take place on the base of a functional and technical interoperability framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange

28. 28 Frank Robben Electronic exchange of information available information is used for –the automatic granting of benefits –prefilling when collecting information –information delivery to the interested parties

29. 29 Frank Robben Protection of information security, integrity and confidentiality of government information is ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies personal information is only used for purposes compatible with the purposes of the collection of the information personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements the access authorization to personal information is granted by an independent institution, designated by Parliament, after having checked whether the access conditions are met the access authorizations are public

30. 30 Frank Robben Protection of information every actual electronic exchange of personal information is preventively checked on compliance with the existing access authorizations by an independent institution managing the interoperability framework every actual electronic exchange of personal information is logged, to be able to trace possible abuse afterwards every time information is used to take a decision, the information used is communicated to the person concerned together with the decision every person has right to access and correct his/her own personal data

31. 31 Frank Robben Advantages gains in efficiency –in terms of cost: services are delivered at a lower total cost due to a unique information collection using a common information model and administrative instructions a lesser need to re-encoding of information by stimulating electronic information exchange a drastic reduction of the number of contacts between actors in the social sector on the one hand and companies or citizens on the other functional task sharing concerning information management, information validation and application development –in terms of quantity: more services are delivered services are available at any time, from anywhere and from several devices services are delivered in an integrated way according to the logic of the customer –in terms of speed: the services are delivered in less time benefits can be allocated quicker because information is available faster waiting and travel time is reduced companies and citizens can directly interact with the competent actors in the social sector with real time feedback

32. 32 Frank Robben Advantages gains in effectiveness: better social protection –in terms of quality: same services at same total cost in same time, but to a higher quality standard –in terms of type of services: new types of services, e.g. push system: automated granting of benefits active search of non-take-up using datawarehousing techniques controlled management of own personal information personalized simulation environments better support of social policy more efficient combating of fraud

33. 33 Frank Robben Critical success factors common vision on electronic service delivery amongst all actors support of and access to policymakers at the highest level trust of all stakeholders electronic service delivery as a structural reform process –process re-engineering within and across actors –back-office integration for unique information collection, re-use of information and automatic granting of services –integrated and personalized front-office service delivery focus on more efficient and effective service delivery, and on cost control

34. 34 Frank Robben Critical success factors appropriate balance between efficiency on the one hand and privacy and security on the other respect for legal allocation of competences between actors co-operation between all actors concerned based on distribution of tasks rather than centralization of tasks quick wins combined with long term vision technical and semantic interoperability legal framework adaptability to an ever changing societal and legal environment creation of an institution that stimulates and co-ordinates

35. 35 Frank Robben Critical success factors need for radical cultural change within government, e.g. –from hierarchy to participation and team work –meeting the needs of the customer, not the government –empowering rather than serving –rewarding entrepreneurship within government –ex post evaluation on output, not ex ante control of every input

36. 36 Frank Robben United Nations Public Service Award

37. 37 Frank Robben Structure of the presentation existing electronic cooperation in the social sector –the problem –the solution –basic principles –advantages towards an electronic cooperation in the health care sector, based on the experience of the social sector –objectives –useful building blocks –Be-Health platform

38. 38 Frank Robben Objectives to optimize the quality and the continuity of the health care delivery system and the patient’s safety to avoid unnecessary bureaucracy for the health care providers quality support of the health care policy through a well organized electronic information exchange between all parties associated with the health care delivery system with the necessary guarantees for the information security and the protection of the privacy

39. 39 Frank Robben Useful building blocks general use of a patient identification number minimal content of health care files that can be communicated electronically permanent availability and accessibility of the minimal electronically communicable content of health care files standardized content, format and methods for the exchange of electronic care prescriptions sectoral committee of the Commission for the protection of privacy (CPP) user and access management

40. 40 Frank Robben Useful building blocks secured platform for the electronic exchange of information about patients, provided care and the results of the provided care, and for the exchange of electronic care prescriptions between all parties associated with the health care delivery system –network –basic services –exchange standards –access channels for the users –independent organization for the management of the exchange platform appropriate legal framework

41. 41 Frank Robben Patient identification number either social security identification number (SSIN) or identification number irreversibly derived from the social security identification number by means of an algorithm available with each health care provider, that will be specified for instance by the Security study group of the Commission for Telematics Standards in relation to the Health Sector –either unique for each patient and used by all health care providers and institutions –or unique for each patient and used by one health care provider / institution with a possibility of conversion between patient identification numbers of the different health care providers / institutions by the independent organization that manages the exchange platform (see hereafter)

42. 42 Frank Robben Patient identification number encoding or anonymization of information when the identification of the patient through the patient identification number is no longer necessary on the occasion of the Royal Decree on the Cancer register, the CPP has already given a positive advice with regard to the method for the irreversible derivation of a patient identification number from the social security identification number

43. 43 Frank Robben Minimal communicable content health care file agreements on the minimal content of a health care file that can be communicated electronically –information about the patient –information on the provided care –information on the results of the provided care no monopoly or recognition of software products but incentives for health care providers / institutions to keep electronic health care files with minimal communicable content and to make them permanently electronically available for authorized persons

44. 44 Frank Robben Accessibility health care file minimal communicable content of health care files must be electronically available and accessible at all times for the authorized persons –either with the health care provider himself –or with a subcontractor chosen by the health care provider health care institution cooperation between health care providers independent institution that manages the exchange platform … with the necessary back-up services

45. 45 Frank Robben Electronic care prescriptions standardized content and electronic format of the different types of care prescriptions methods for the creation of electronic care prescriptions with a minimum of bureaucracy methods for the electronic exchange of care prescriptions guaranteed free choice of the care provider by the patient incentives for care providers / institutions to create and exchange electronic care prescriptions

46. 46 Frank Robben Sectoral committee composed of –representatives of the CPP –independent experts in social security and health care appointed by the Chamber of Deputies tasks –to give authorizations for the (electronic) exchange of personal social data and personal health data in cases not regulated by the law –to determine the organization and policies with regard to information security for the processing of personal social data and personal health data –to give advices and recommendations with regard to information security for the processing of personal social data and personal health data –to investigate complaints on violation of the information security during the processing of personal social data and personal health data

47. 47 Frank Robben User and access management guarantee that only authorized health care providers / institutions get access to the personal information they are authorized to according to the law or to the authorizations granted by the Sectoral committee concerning patients whose personal information they need for the health care providing process

48. 48 Frank Robben User and access management authentication of the identity of the health care provider, for instance through his electronic identity card on-line verification of the status of the health care provider through an electronic consultation of the authentic data base(s) of the health care providers on-line verification of the mandates of the user to act on behalf of a health care provider / institution through the electronic consultation of the authentic data base(s) containing the mandates

49. 49 Frank Robben User and access management authentication of the patient’s identity through his electronic identity card or his SIS card, except –if a fixed care relation between the health care provider / institution and the patient has been registered (see hereafter, reference directory) –in cases of emergency management of access authorizations with following specifications –which health care provider / institution / application –with which status –can have access in which situation –to which type of data –concerning which patients –and regarding which period

50. 50 Frank Robben Reference directory content –mentions for each patient, identified through his patient identification number, the places where a specific type of electronic information is available about the patient, the provided care and the results of the provided care –on the one hand, table with fixed care relations between health care providers and their patients, the nature of the relation, the begin date and end date of the relation –on the other hand, a table with the places where without a fixed care relation there is electronic information available about the different patients, possibly through a stepped system (general reference directory refers to specific reference directories for each group of health care providers or each health care institution) –no personal information !!!

51. 51 Frank Robben Reference directory functions –preventive control on the legitimacy of the access to the information regarding a patient –routing of information requests to the places where the information about the patient is available –possibility of an automatic communication of information to certain care providers

52. 52 Frank Robben User and access management access authorizations are provided by the Sectoral committee, unless they result from a law conformity of a concrete access request with the access authorizations is preventively validated by the independent institution that manages the exchange platform all accesses are subject to an electronic logging on the user level so that the legitimacy of the access can be verified afterwards (only who-what-when, no content) access to the loggings is strictly protected

53. 53 Frank Robben Network and exchange standards use of the existing network infrastructure (internet, social security extranet, FedMAN,...) with end-to-end encryption of the information (concept of virtual private networks (VPN)) exchange based as much as possible on structured electronic messages from application to application exchange based as much as possible on open standards or at least open specifications orchestration of the data exchange by the independent organization that manages the exchange platform

54. 54 Frank Robben Access channels for the users several devices –PC and laptop –PDA –cell phone –… maximal integrated access to the information regardless of the information source with at least one free and generally accessible application for the integrated access to the information

55. 55 Frank Robben Independent management organization preferably one management organization, administered by –various types of health care providers / institutions –health insurance funds as representatives of the patients –public institutions responsible for the organization of the health care (insurance) tasks –to develop and manage the secure exchange platform: choice of the infrastructure, definition of standards and specifications,... –to offer access channels for the users –to organize an operational system of user and access management –to manage the reference directory

56. 56 Frank Robben Independent management organization tasks –to coordinate the development of processes for the electronic data exchange between the users of the exchange platform –to orchestrate the electronic information exchange between the users of the exchange platform –possibly, to convert the patient identification numbers between health care providers / institutions –proactive policy to avoid illegitimate access to personal information, e.g. through preventive control of the legitimacy of the access to personal information keeping and analyzing loggings of the exchange of personal information (only who-what-when) –helpdesk

57. 57 Frank Robben Appropriate legal framework possibility or obligation to use patient identification number method for determining the minimal electronically communicable content of health care files incentives and gradual obligation of permanent electronic availability of the minimal electronically communicable content of the health care file and the electronic exchange of care prescriptions obligation to update the reference directory probative value of electronic prescriptions and electronic data exchanges

58. 58 Frank Robben Appropriate legal framework creation of the organization for the management of the secure exchange platform and decision on the composition and the missions of the management organization creation of Sectoral committee within the CPP and decision on the composition and competences

59. 59 Frank Robben Critical success factors cooperation between all parties concerned by the health care delivery system, based on a division of tasks rather than a centralization of tasks trust of all stakeholders in the preservation of the necessary autonomy and the security of the system firstly the development of the exchange platform and the creation of the necessary institutions (management organization for exchange platform, Sectoral committee,...) and then further elaboration of processes between these institutions quick wins in combination with a long term vision legal framework

60. 60 Frank Robben Be-Health platform Patients and care providers Platform with basic services Be- Health VASVASVAS Suppliers Users Portal BeHealth Portal BeHealth PortaHealth SVA AVS Portal RIZIV Portal RIZIV SVA AVS MyCareNet SVA AVS Portal SS Portal SS SVA AVS FPS-SS SVA AVS VASVASVAS

61. 61 Frank Robben Be-Health platform basic service –a service that has been developed and made available by Be- Health and that can be used by the supplier of an added value service added value service (AVS) –a service put at the disposal of the patients and/or the health care providers –the entity that develops and offers an added value service can use the basic services offered by Be-Health for this purpose validated authentic source (VAS) –a database containing information used by Be-Health –the administrator of the database is responsible for the availability and (the organization of) the quality of the information made available

62. 62 Frank Robben Available basic services network, based on existing infrastructure (internet, carenet, social security extranet, FedMAN,...) portal environment (https://www.behealth.be), includinghttps://www.behealth.be –a content management system –a search engine personal electronic mailbox for each care provider integrated user and access management logging management

63. 63 Frank Robben Portal

64. 64 Frank Robben Portal

65. 65 Frank Robben User and access management authentication of the identity: according to the required security level –electronic identity card –user number, password and citizen token –user number and password verification of statuses and mandates : access to validated authentic sources authorization to use an added value service: management by service supplier elaborated on the basis of a generic policy enforcement model

66. 66 Frank Robben Policy Enforcement Model User Policy Enforcement (PEP) Application Policy Decision (PDP) Action on application Decision request Decision reply Action on application PERMITTED Policy Information (PIP) Information request/ reply Policy Administration (PAP) Policy retrieval Authentic source Policy Information (PIP) Information request/ reply Policy repository Action on application DENIED Manager Policy management Authentic source

67. 67 Frank Robben Policy Enforcement Point (PEP) intercepts the request for authorization with all available information about the user, the requested action, the resources and the environment passes on the request for authorization to the Policy Decision Point (PDP) and extracts a decision regarding authorization grants access to the application and provides relevant credentials User Policy Enforcement (PEP) Application Policy Decision(PDP) Action on application Decision request Decision reply Action on application PERMITTED Action on application DENIED

68. 68 Frank Robben Policy Decision Point (PDP) based on the request for authorization received, retrieves the appropriate authorization policy from the Policy Administration Point(s) (PAP) evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP) takes the authorization decision (permit/deny/not applicable) and sends it to the PEP Policy Enforcement (PEP) Policy Decision(PDP) Decision request Decision reply Policy Information (PIP) Vraag / Antwoord Policy Administration (PAP) Policy retrieval Policy Information (PIP) Information Request / Reply Informatie

69. 69 Frank Robben Policy Administration Point (PAP) environment to store and manage authorization policies by authorised person(s) appointed by the application managers puts authorization policies at the disposal of the PDP PDP PAP Policy retrieval Manager Authorization management Policy repository

70. 70 Frank Robben Policy Information Point (PIP) puts information at the disposal of the PDP in order to evaluate authorization policies (authentic sources with characteristics, mandates, etc.) PDP PIP1 Information Request / Reply Authentic source PIP2 Authentic source Information Request / Reply

71. 71 Frank Robben APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER PAP ‘’Kephas’’ Role Mapper DB PDP Role Provider PIP Attribute Provider Role Provider DB UMAF PIP Attribute Provider DB XYZ WebApp XYZ APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER WebApp XYZ PIP Attribute Provider PAP ‘’Kephas’’ Role Mapper DB PDP Role Provider Role Provider DB Management VAS PIP Attribute Provider DB XYZ PIP Attribute Provider DB Gerechts- deurwaar- ders PIP Attribute Provider DB Mandaten Be-Health APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER PAP ‘’Kephas’’ Provider DB Mandaten Social sector (CBSS) Non social FPS (Fedict) Management VAS DB XYZ Architecture

72. 72 Frank Robben Validated authentic sources register of health care providers –administrator: FPS Public Health –contains information about the diploma and the specialization of a health care provider identified through his social security identification number (SSIN) database with recognitions of the National Institute for Sickness and Invalidity Insurance (RIZIV) –administrator : RIZIV –contains information about the RIZIV recognition of health care providers identified through their SSIN database with persons authorized to act on behalf of a health care institution –administrator : NOSS (division user management for companies) –contains information about which persons, identified through their SSIN, are authorized to use which applications on behalf of a health care institution

73. 73 Frank Robben Principle of “circles of trust" aim –to avoid unnecessary centralization –to avoid unnecessary threats to the protection of the privacy –to avoid multiple similar controls and registration of loggings method: division of tasks between the entities associated with the electronic service, including clear agreements on –who is in charge of which authentications, verifications and controls by which means and who is responsible for this –how the results of the authentications, verifications and controls can be safely exchanged electronically between the entities concerned –who keeps which loggings –how to ensure that in case of an investigation, on one’s own initiative or in response to a complaint, a complete tracing can be realized in order to know which natural person has used which service or transaction concerning which citizen or company, when, through which channel and for which purposes

74. 74 Frank Robben Examples of added value services third party billing Medic-e input in cancer register Medattest support of electronic care prescription in hospitals electronic registration of birth

75. 75 Frank Robben Third party billing supplier: National College of Sickness Funds users: nurses, their groupings and representatives functionality: send the third party billings electronically to the sickness funds basic services used –identification and authentication of the identity of the user (eID or user number-password-citizen token) –verification of the status of nurse with RIZIV recognition –verification of the mandate –electronic mailbox (publication of documents) –logging

76. 76 Frank Robben Medic-e supplier: FPS Social Security users: medical doctors who evaluate medical handicapped persons functionality: enter the evaluation of handicapped persons electronically into the information system of the FPS Social Security basic services used –identification and authentication of the identity of the user (eID or user number-password-citizen token) –verification of the status of medical doctor with RIZIV recognition –electronic mailbox (publication of documents) –logging

77. 77 Frank Robben Input in cancer register supplier: Cancer Register users: oncologists in health care institutions and labs functionality: electronic input of information into the cancer register and access to the registered information basic services used –identification and authentication of the identity of the user (eID) –verification of the status of medical doctor with RIZIV recognition –electronic mailbox (publication of documents) –logging

78. 78 Frank Robben Medattest supplier: RIZIV users: medical doctors, dentists, kinesthesiologists, nurses, speech therapists, orthopedists, health care institutions and their mandataries functionality: on-line order of care prescription formulars basic services used : –identification and authentication of the identity of the user (eID or user number-password-citizen token) –verification of the status of users –verification of the mandate –logging

79. 79 Frank Robben Electronic care prescription in health care institutions analysis of required functionalities –functionalities before a prescription can be processed authentication of the identity of the person who writes the prescription verification of the status of the person who writes the prescription system to ensure that the prescription cannot be modified unnoticeably after applying the methods to guarantee the integrity and the electronic time stamping authentication of the identity, verification of the status of the person who has written the prescription, guaranteeing the integrity and electronic date for each individual prescription the time necessary for authenticating the identity, verifying the status and guaranteeing the integrity must not exceed ¼ of a second per prescription a person that writes prescriptions must be able to switch between prescription places without overhead local validation that the prescription has not been modified after applying the methods to guarantee the integrity and the electronic time stamping

80. 80 Frank Robben Electronic care prescription in health care institutions analysis of required functionalities –functionalities during the processing of the prescription the electronic time stamping must be requested immediately after applying the method to guarantee the integrity and must be placed within 30 seconds after the request –organizational requirements velocity of replacing an authentication tool when useless traceability of who has done which processing at which moment for the creation of a prescription (must be kept during a certain period) traceability of the content and of the exact date and time of each request and processing of a request to revoke an authentication tool –point of special interest avoid that care institutions have to work with different systems for the authentication of the identity, the verification of the status, the guarantee of the integrity of documents, electronic time stamping, … for different types of processes

81. 81 Frank Robben Electronic care prescription in health care institutions possible solution –the authentication of the identity and the verification of the status are performed on the local level using at least a user-id, a password [and something one possesses], on condition that each person that writes prescriptions signs a document that stipulates that he is responsible for everything that is authenticated in terms of identity and status through his user id, his password [and the possessed element] –the prescriptions are hashed –the hashing results (not the content of the prescription itself !) receive an electronic time stamp from Be-Health –clear organizational rules concerning the management of user- id’s, passwords [and the possessed elements], based on the results of Elodis, are incorporated in an royal decree in implementation of article 21 of the royal decree n° 78 –a regulation is being elaborated that indicates under which conditions postscriptions are possible

82. 82 Frank Robben Legal framework for the creation of Be-Health article 4 of the Law of 27 December 2006 including several provisions “Within the Federal Public Service Public Health, Food Safety and Environment, a public service in charge of the management of the electronic service platform for the exchange of health care data is created, named “Be-Health”, with a separate management as referred to in article 140 of the Government Account Acts, coordinated on 17 July 1991. The King determines, after a decree deliberated in the Council of Ministers, the missions and further rules for the management and the working of this public service with a separate management”.

83. 83 Frank Robben Proposition of mission the elaboration of and the supervision of the compliance with a vision and a strategy for the supply of electronic services in the health care sector, in close consultation with the various public and private actors of this sector the elaboration of and the supervision of the compliance with the necessary norms, standards and basic architecture for an efficient use of ICT to support this strategy the elaboration, as part as a common strategy, of basic services for the potential support of the actors in the public health sector, e.g. –an interoperability framework for secure electronic data exchange –the necessary basic services to support this electronic data exchange, like a system of user and access management, a system for the organization and logging of electronic data exchanges or a system for the electronic access to data the management of the cooperation with other public entities in charge of the coordination of electronic services

84. 84 Frank Robben Composition of the Management Committee representatives of health care providers and health care institutions representatives of sickness funds representatives of the public institutions concerned –National Institute for Health and Invalidity Insurance –FPS Public Health, Food Safety and Environment –Federal Knowledge Centre for Public Health and the Federal Agency for Medicine –Crossroads Bank for Social Security and FPS ICT

85. 85 Frank Robben More information website Crossroads Bank for Social Security –http://www.ksz.fgov.behttp://www.ksz.fgov.be portal Be-Health –https://www.behealth.behttps://www.behealth.be personal website Frank Robben –http://www.law.kuleuven.ac.be/icri/frobbenhttp://www.law.kuleuven.ac.be/icri/frobben

86. Th@nk you ! Any questions ?