The e Health platform current situation and future

The e. Health platform: current situation and future perspectives Frank Robben General manager of the e. Health platform Quai de Willebroeck 38 B-1000 Brussels E-mail: Frank. Robben@ehealth. fgov. be Website e. Health platform https: //www. ehealth. fgov. be Personal website: www. frankrobben. be 23/04/2014

Some evolutions in health care • more chronic care instead of merely acute care • remote care (monitoring, assistance, consultation, diagnosis, operation, . . . ), among others home care • multidisciplinary, transmural and integrated care • patient-oriented care and patient empowerment • rapidly evolving knowledge => need for reliable, coordinated knowledge management and accessibility • threat of excessively time-consuming administrative processes • a thorough support of health care policy and research requires thorough, integrated anonymized information • cross-border mobility • need for cost control 23/04/2014 2

These evolutions require. . . • a collaboration between all actors in health care • an efficient and safe electronic communication between all actors in health care • high-quality electronic patient files, across specialties • care pathways • optimized administrative processes • a technical and semantic interoperability • guarantees concerning – information security – protection of the private sphere – respect for the professional secrecy of health care providers 23/04/2014 3

Overall objectives of the e. Health platform • how? – through a well-organized, mutual electronic service and information exchange between all actors in health care – providing the necessary guarantees as regards information security, the protection of the private sphere and professional secrecy • which? – – 23/04/2014 optimization of health care quality and continuity optimization of patient safety simplification of administrative formalities for all actors in health care thorough support of the health care policy 4

e. Health platform In practice The patient consults his doctor Through the patient’s e. ID Administrative advantages • Authentication of the patient’s identity • Verification of insurability • GMF ? Possibility to register therapeutic relationships and informed consents 23/04/2014 5

e. Health platform In practice Look up medical history through the Sum. EHR Medication schedule Consult laboratory results 23/04/2014 Online advice and guidelines Medical advantages Electronic prescriptions Electronic medical referral form 6

e. Health platform In practice Update Sum. EHR, medication schedule, . . . Tarification, billing Create and send certificates Advantages of a subscription Registrations Send a report to the EMR owner 23/04/2014 7

Basic architecture Patients, health care providers and health care institutions Health portal AVS AVS Overall objectives of the e. Health platform AVS AVS Software health care institution AVS AVS Site NIHDI AVS AVS Software health care provider My. Care. Net AVS AVS Users Basic services e. Health platform Network VAS Suppliers 23/04/2014 VAS VAS VAS 8

10 missions 1. development of a vision and a strategy with regard to e. Health 2. organization of the collaboration between other government agencies charged with coordinating electronic services 3. acting as a key driver for the necessary changes in order to carry out the vision and the strategy with regard to e. Health 4. establishing the functional and technical specifications and the basic ICT architecture norms, standards, 5. software registration in order to manage electronic patient files 23/04/2014 9

10 missions 6. creation, development and management of a cooperative platform for a safe electronic data exchange with the corresponding basic services 7. to come to an agreement on a task division and on quality standards and to verify if these standards are complied with 8. as an independent trusted third party (TTP), being in charge of the coding and anonymization of personal health data at the benefit of specific agencies as enumerated by law in order to support scientific research and policy 9. promoting and coordinating the development of programs and projects 10. managing and coordinating the ICT aspects of data exchange within the framework of electronic patient files and electronic medical prescriptions 23/04/2014 10

10 basic services 1. 2. 3. 4. 5. 6. 7. 8. 9. integrated user and access management orchestration of electronic subprocesses portal environment (https: //www. ehealth. fgov. be) logging management system for end-to-end encryption personal electronic mailbox for each health care provider (e. Health. Box) timestamping coding and anonymization consultation of the National Register and of the Crossroads Bank Registers 10. reference directory (metahub) 23/04/2014 11

10 basic services 6. 1. integrated user and access management: allows to guarantee that only authorized health care providers/ health care institutions have access to personal data to which they are authorized to have access. • access rules are defined, among others, by law, by authorizations of the Health Section of the Sectoral Committee (established within the Privacy Commission) • each application defines its own accessibility rules • when a user authenticates his identity (using the electronic identity card or the token), the generic verification model of the tool is set in motion: it consults the rules established for the application, verifies if the user does indeed meet these rules and provides access or not to the application 23/04/2014 12

Integrated user and access management 23/04/2014 13

10 basic services 6. 2. orchestration of electronic subprocesses: allows a flexible and harmonious integration of the different processes that are linked to the implementation of several basic services into one and the same application 6. 3. portal environment: a web window offering a variety of online services to health care actors in order to help them provide the best possible health care; the portal environment provides all useful information on the services that are offered by the e. Health platform, its tasks, its standards, etc. It contains, among others, the documents users need to configure the right settings in order for them to have access to the available online services 23/04/2014 14

10 basic services 6. 4. logging management: management of a register of access to the data management system: all read, write and delete accesses are registered and have probative value in case of a complaint 6. 5. system for end-to-end encryption: transfer of complete and unmodified data from one point to another by making them indecipherable (encryption) provided that these data have not been decrypted with a key Two methods: • In the case of a known recipient: use of an asymmetric encryption system (2 keys) • In the case of an unknown recipient: use of symmetric encryption (the information is encrypted and stored outside the e. Health platform; the decryption key can only be obtained through the e. Health platform) 23/04/2014 15

Encryption known recipient 2 Sends public key Identification certificate Connector or other software to generate key pair Web service Register key 3 e. Health platform Authenticates sender Identification certificate 1 Internet Health care actor person or entity 4 Stores public key 2 Stores private key in a secure way 23/04/2014 Public keys repository 16

1 Asks for public key Encrypts message Internet ge ssa ol me toc nd ro Se y p An 4 Web service Ask public key Identification certificate Message originator Identification certificate Encryption known recipient e. Health platform 2. Authenticates sender 3 Sends public key Identification certificate Message recipient 5 Decrypts message 23/04/2014 Stored private key Public keys repository 17

Encryption unknown recipient ic ubl hp wit 1 ted user f ryp key Enc key o ric t me ym S 2 sends key 1 asks for key Enc Key Management / Depot ryp te key d with of u p ser ublic Sym 2 me tric key 5 receives key 4 justifies right to obtain key User 1 Originator User 2 Recipient 4 justifies right to obtain message Enc ryp 3 sends encrypted message ted ser Me with of U ssa p key Me ge ublic 5 receives message ssa blic dep k pu ge ot ey o ith 2 enc sym f h w ed wit me rypt ed ypt t r tric ed w ryp y Enc key ith enc ric ke Messages age et ess ymm M s Depot Message encrypted with symmetric key 23/04/2014 18

10 basic services 6. 6. timestamping: makes it possible to assign a date that is accurate to the second to a health care document and allows, in this way, to ensure the validity of its content throughout time by appending an e. Health signature 6. 7. coding and anonymization makes it possible to hide the identity of individuals behind a code so that the useful data of these individuals can be used without infringement of their privacy + makes data anonymization possible by replacing their detailed characteristics with generalized characteristics. These encoded or anonymized data preserve their usefulness, but don’t allow the direct or indirect identification of the person 23/04/2014 19

Application of timestamping: the electronic prescription in hospitals 1 Prescription A Prescription B 5 Electronic signature 2 Hashcode A 3 Timestamp bag 6 23/04/2014 Hashcode B 6 4 Electronic timestamping Archive 20

10 basic services 6. 8. consultation of the National Register and of the Crossroads Bank Registers: authorized health care actors access the National Register and the Crossroads Bank Registers under strict conditions 6. 9. e. Health. Box: a secured electronic mailbox for the exchange of medical data 6. 10. reference directory: indicates which types of data are stored by which health care actors for which patients with the consent of the concerned patients 23/04/2014 21

Value-added services 64 value-added services in production > 40 value-added services under study examples of value-added services: • registration in and consultation of – the Cancer registry – the registry of hip and knee prostheses (Orthopride) – the registries of care provided for heart implants (Qermid) – the shared electronic arthritis file, including electronic processes for the reimbursement of anti-TNF medication (Safe) 23/04/2014 22

Value-added services • PROCARE RX allowing radiologists to upload and send anonymous X-rays and information to experts for review or a second opinion • management of on-call GP and dentist shifts (Medega) • reports on MUG interventions • electronic communication to the owner of a global medical file (GMF) of the reports drawn up by on-call GPs • Resident Assessment Instrument (Bel. RAI) • electronic consultation of health insurance coverage of patients by nurses (nurse groups) 23/04/2014 23

Value-added services • SARAI care portal of the Antwerp Hospital Network ('Ziekenhuisnetwerk Antwerpen'-ZNA) in support of – the collaboration between GPs, specialists and health care teams within the health care programs of the NIHDI (diabetes and renal insufficiency) – the contribution of GPs to the multidisciplinary oncology consultation • electronic forwarding of third party invoice by nurses (nurse groups) to health insurance funds • quality indicator for hospitals (QI dataserver) • emergency services data registration of 2 participating hospitals (UREG) • electronic medical card for people without documents (e. Carmed) 23/04/2014 24

Value-added services • platform for data exchange between the Flemish Agency for Care and Health and the services recognized by the Agency (VESTA) • support of the electronic care prescription in 108 hospitals (77 % of the hospitals) • consultation of living wills regarding euthanasia • electronic registration and consultation of the medical evaluation of disabled people in the information system (Medic-e) of the FPS Social Security • online registration system for private facilities within the sector of special youth care in Flanders • electronic birth registration – e. Birth 23/04/2014 25

Cornerstone: Multidisciplinary data sharing 1. data transmission – snapshot of the data – sender chooses recipient – sender is responsible for sending the data only to recipients who are entitled to have access to these data 2. data sharing – evolutive data – the source does not know in advance who will consult the data (e. g. on-call GP) – a need to clarify which people are entitled to have access to the data 23/04/2014 26

Data transfer: e. Health. Box: • sending of messages to "actors in health care" – based on • • • the national Register number the NIHDI number the CBE number – through web application or integrated in the medical file – with (or without) encryption based on e. Health certificates/ e. Health keys – other functionalities • • • receipt, publication and reading confirmation reply & forward consultation of multiple mailboxes priority level auto delete – an average of 1, 6 million messages sent per month to the e. Health. Box (multiple recipients) – an average of 2, 4 million messages downloaded per month through the e. Health. Box 23/04/2014 27

Multidisciplinary data sharing 1. data from hospitals – sharing of documents between hospitals and doctors – the “hubs and metahub system” 2. extramural data – sharing of structured data between first-line health care providers and other extramural health care providers – the “extramural vaults” 3. coupled and interoperable – standards – informed consent – therapeutic relationship/ health care relationship 23/04/2014 28

Hubs & Metahub system: Creation of the "hubs" 5 hubs 3 technical implementations 98 % of the Belgian hospitals (have signed the 2012 protocol) 23/04/2014 29

Hub–metahub: as is 23/04/2014 30

Hub–metahub: to be 3. Fetch data from hub A 1: W her 2: I e ca nh nw 4: All data available ub e fin Aa dd nd A ata? C 3: F etc hd ata fro mh ub C B 23/04/2014 C 31

Extramural data 1/2 • supporting the development of data exchange platforms for all sorts of extramural health care providers (GPs, dentists, pharmacists, physiotherapists, home nurses, dietitians, psychologists, . . . ) – in cooperation with the Communities (First-line health care conference in Flanders, the Intermed initiative in Wallonia) – for the disclosure of data via the hub/metahub system between local information systems of extramural health care providers and between these systems and the information systems of health care/welfare organizations – for the interaction with an extramural vault that needs to be developed – by reusing the basic services of the e. Health platform and by making use of several achievements of the developed data sharing platform between hospitals and GPs/doctors 23/04/2014 32

Extramural data 2/2 A Inter. Med C B 23/04/2014 33

Data sharing • Each actor keeps his own file up to date. • However, he can decide to share parts of the file with other actors • Examples: • • SUMEHR • parameters • journal • 23/04/2014 medication schedule … 34

Governance Archiving Management Vault data Authentication . . . Authorization Vault core Vault Access for health care providers • having a "health care relationship" Trusted 3 rd party • depending on their role 2 Treshold decryptie 1. No access for • IT administrators, hoster, . . • e. Health platform • authorities without the active cooperation of the owner of the 2 nd key Vault connector Data quality 23/04/2014 Encryption Decryption Authentication 35

Informed consent & therapeutic relationship • content of informed consent – for registration in the Reference directory (as required by the e. Health law) – for the electronic exchange of health data between health care providers within the framework of patient health care, as far as the following conditions are met: approval by the Sectoral Committee requirement of therapeutic relationship only relevant data the patient decides, in consultation with the health care provider, which data will be shared • exclusion of health care providers by name is possible • a posteriori verification of the granted access • revocation of the consent at any given time is possible • • 23/04/2014 36

Informed consent & therapeutic relationship • registration of the informed consent – patient is informed about the system – specific procedure approved by the Management Committee and the Sectoral Committee – the consent can be registered through e. Health consent • either by the concerned person himself • either by a doctor, a pharmacist, a hospital or a health insurance fund – https: //www. ehealth. fgov. be/fr/prestataires-de-soins/services-enligne/ehealthconsent • therapeutic relationship – only health care providers who have a therapeutic relationship with the patient (1) can access the information they need to perform their task (2) • (1) proof of therapeutic relationship determines to which patient the health care provider has access • (2) role determines to which type of data the health care provider has access 23/04/2014 37

e. Health. Consent 23/04/2014 38

e. Health. Consent 23/04/2014 39

e. Health. Consent 23/04/2014 40

e. Health. Consent 23/04/2014 41

Health care computerization Plan 2013 -2018 / Overview • at the end of 2012, organization of a Round table regarding the development of the health care computerization • participation of about 300 people from the sector • a tangible action plan for e. Health has been established for five years - Roadmap • the action program is based on 5 pillars: – – – • to develop data exchange by health care providers on the basis of a joint architecture to increase patient involvement and patient knowledge on e. Health to develop a reference terminology to achieve administrative simplification and efficiency to implement a flexible and transparent governance structure in which all competent authorities and stakeholders are involved this action plan constitutes a clear framework for 20 concrete and measurable objectives for the next five years. 23/04/2014 42

Roadmap 2013 -2018 (www. rtreh. be) • each owner of an GMF manages an electronic file regarding the concerned patient, updates the relevant data in a SUMEHR and shares them through Vitalink/Intermed • each hospital disposes of a structured electronic patient file • hospital documents are shared and generalized through the hub/metahub system • intramural and extramural laboratory results and reports in medical imaging are shared through the hub/metahub system or through Vitalink/Intermed 23/04/2014 43

Roadmap 2013 -2018 (www. rtreh. be) • data concerning the delivered medicines and the medication schedule are electronically shared – shared pharmaceutical file as an authentic source for the delivered medicines – Vitalink and Intermed as authentic sources for the medication schedule • the electronic medicine prescription in the ambulatory sector is generalized and extended to other prescriptions (physiotherapy, nursing, laboratory researches, medical imaging) • per health care profession the minimum content of an electronic patient file is defined 23/04/2014 44

Roadmap 2013 -2018 (www. rtreh. be) • generalized usage of the e. Health. Box • traceability of medical devices • elaboration of a national terminology policy • extension of the hub/metahub system to psychiatric hospitals and rest homes • evolution of Bel. RAI as an evaluation tool • social debate about the modularity or not of access rights to patient data • patient organizes the access to his data • adaptation of the regulation and financing as incentives for ICT usage 23/04/2014 45

Roadmap 2013 -2018 (www. rtreh. be) • inclusion of e. Health in the training of health care providers • implementation of My. Carenet services (electronic billing of third-party payer, electronic consultation of insurability, electronic exchange between the hospital and the health insurance fund in case of a hospitalization, . . . ) • inventory and consolidation of registers • action plan for a further administrative simplification • monitoring and execution of the action plan 23/04/2014 46

THANK YOU! Questions? Frank. Robben@ehealth. fgov. be @Fr. Robben https: //www. ehealth. fgov. be http: //www. ksz. fgov. be/ http: //www. frankrobben. be