The eHealth platform:
current situation and future
perspectives
Frank Robben
General manager of the eHealth platform
Quai de Willebroeck 38
B-1000 Brussels
E-mail: Frank.Robben@ehealth.fgov.be
Website eHealth platform https://www.ehealth.fgov.be
Personal website: www.frankrobben.be
23/04/2014
Some evolutions in health care
• more chronic care instead of merely acute care
• remote care (monitoring, assistance, consultation, diagnosis,
operation, ...), among others home care
• multidisciplinary, transmural and integrated care
• patient-oriented care and patient empowerment
• rapidly evolving knowledge => need for reliable, coordinated
knowledge management and accessibility
• threat of excessively time-consuming administrative processes
• a thorough support of health care policy and research requires
thorough, integrated and anonymized information
• cross-border mobility
• need for cost control
23/04/2014
2
These evolutions require...
• a collaboration between all actors in health care
• an efficient and safe electronic communication between all actors in
health care
• high-quality electronic patient files, across specialties
• care pathways
• optimized administrative processes
• a technical and semantic interoperability
• guarantees concerning
– information security
– protection of the private sphere
– respect for the professional secrecy of health care providers
23/04/2014
3
Overall objectives of the eHealth platform
• how?
– through a well-organized, mutual electronic service and information
exchange between all actors in health care
– providing the necessary guarantees as regards information security, the
protection of the private sphere and professional secrecy
• which?
–
–
–
–
23/04/2014
optimization of health care quality and continuity
optimization of patient safety
simplification of administrative formalities for all actors in health care
thorough support of the health care policy
4
eHealth platform
In practice
The patient consults
his doctor
Through
the
patient’s
eID
Administrative advantages
• Authentication of the patient’s
identity
• Verification of insurability
• GMF ?
Possibility to register therapeutic relationships and informed
consents
23/04/2014
5
eHealth platform
In practice
Look up medical
history through the
SumEHR
Medication
schedule
Consult laboratory
results
23/04/2014
Online advice and
guidelines
Medical
advantages
Electronic
prescriptions
Electronic medical
referral form
6
eHealth platform
In practice
Update SumEHR,
medication
schedule, ...
Tarification,
billing
Create and
send
certificates
Advantages
of a
subscription
Registrations
Send a report to the
EMR owner
23/04/2014
7
Basic architecture
Patients, health care providers
and health care institutions
Health portal
AVS
AVS
AVS
AVS
Overall
objectives of the
eHealth
platform
AVS
AVS
AVS
AVS
Software
health care
institution
AVS
AVS
AVS
AVS
Site NIHDI
AVS
AVS
AVS
AVS
Software health
care provider
MyCareNet
AVS
AVS
AVS
AVS
Users
Basic services
eHealth platform
Network
VAS
Suppliers
23/04/2014
VAS
VAS
VAS
VAS
VAS
8
10 missions
1.
development of a vision and a strategy with regard to eHealth
2.
organization of the collaboration between other government agencies
charged with coordinating electronic services
3.
acting as a key driver for the necessary changes in order to carry out the
vision and the strategy with regard to eHealth
4.
establishing the functional and technical norms, standards, specifications
and the basic ICT architecture
5.
software registration in order to manage electronic patient files
23/04/2014
9
10 missions
6.
creation, development and management of a cooperative platform for a
safe electronic data exchange with the corresponding basic services
7.
to come to an agreement on a task division and on quality standards and
to verify if these standards are complied with
8.
as an independent trusted third party (TTP), being in charge of the
coding and anonymization of personal health data at the benefit of
specific agencies as enumerated by law in order to support scientific
research and policy
9.
promoting and coordinating the development of programs and projects
10. managing and coordinating the ICT aspects of data exchange within the
framework of electronic patient files and electronic medical
prescriptions
23/04/2014
10
10 basic services
1.
2.
3.
4.
5.
6.
7.
8.
9.
integrated user and access management
orchestration of electronic subprocesses
portal environment (https://www.ehealth.fgov.be)
logging management
system for end-to-end encryption
personal electronic mailbox for each health care provider (eHealthBox)
timestamping
coding and anonymization
consultation of the National Register and of the Crossroads Bank
Registers
10. reference directory (metahub)
23/04/2014
11
10 basic services
6.1.
integrated user and access management:
allows to guarantee that only authorized health care providers/ health care
institutions have access to personal data to which they are authorized to
have access.
• access rules are defined, among others, by law, by authorizations of the
Health Section of the Sectoral Committee (established within the Privacy
Commission)
• each application defines its own accessibility rules
• when a user authenticates his identity (using the electronic identity card
or the token), the generic verification model of the tool is set in motion: it
consults the rules established for the application, verifies if the user does
indeed meet these rules and provides access or not to the application
23/04/2014
12
Integrated user and
access management
Action on application
DECLINED
Policy
Application
(PEP)
User
Action on application
ALLOWED
Application
Action on application
Decision
request
Fetch
Policies
Decision
answer
Policy
Decision (PDP)
Information
Question/
Answer
Information
Question/
Answer
Authorisation
management
Policy
Administration
(PAP)
Policy Information
(PIP)
Policy Information
(PIP)
Policy Repository
Authentic Source
Authentic Source
Administrator
23/04/2014
13
10 basic services
6.2.
orchestration of electronic subprocesses: allows a flexible and
harmonious integration of the different processes that are linked to
the implementation of several basic services into one and the same
application
6.3.
portal environment: a web window offering a variety of online
services to health care actors in order to help them provide the best
possible health care; the portal environment provides all useful
information on the services that are offered by the eHealth platform,
its tasks, its standards, etc.
It contains, among others, the documents users need to configure the
right settings in order for them to have access to the available online
services
23/04/2014
14
10 basic services
6.4.
logging management: management of a register of access to the data
management system: all read, write and delete accesses are
registered and have probative value in case of a complaint
6.5.
system for end-to-end encryption: transfer of complete and
unmodified data from one point to another by making them
indecipherable (encryption) provided that these data have not been
decrypted with a key
Two methods:
• In the case of a known recipient: use of an asymmetric encryption system
(2 keys)
• In the case of an unknown recipient: use of symmetric encryption
(the information is encrypted and stored outside the eHealth
platform; the decryption key can only be obtained through the
eHealth platform)
23/04/2014
15
Internet
Encryption known recipient
1
2
Sends
public key
Identification
certificate
Connector or
other software to
generate key pair
Web service
Register key
eHealth platform
3
Authenticates sender
Identification
certificate
Health care actor
person or entity
4
Stores
public key
2
Stores private key
in a secure way
23/04/2014
Public keys
repository
16
1
Asks for public
key
Web service
Ask public key
Internet
Identification
certificate
Message originator
Identification
certificate
Encryption known recipient
eHealth platform
2
.
Authenticates
sender
3
4
Sends
public key
Encrypts
message
Identification
certificate
Message recipient
5
Decrypts message
23/04/2014
Stored
private
key
Public keys
repository
17
Encryption unknown recipient
Key
Management
/ Depot
2 sends key
5 receives key
1 asks for key
4 justifies right to
obtain key
User 1
Originator
User 2
Recipient
4 justifies right to
obtain message
3 sends encrypted message
5 receives message
Messages
Depot
Message encrypted with
symmetric key
23/04/2014
18
10 basic services
6.6.
timestamping:
makes it possible to assign a date that is accurate to the second to a
health care document and allows, in this way, to ensure the validity of
its content throughout time by appending an eHealth signature
6.7.
coding and anonymization
makes it possible to hide the identity of individuals behind a code so
that the useful data of these individuals can be used without
infringement of their privacy + makes data anonymization possible by
replacing their detailed characteristics with generalized
characteristics. These encoded or anonymized data preserve their
usefulness, but don’t allow the direct or indirect identification of the
person
23/04/2014
19
Application of timestamping:
the electronic prescription in hospitals
1
Prescription A
Prescription B
5
Electronic
signature
2
Hashcode A
Hashcode B
3
6
Timestamp bag
6
23/04/2014
Archive
4
Electronic
timestamping
Archive
20
10 basic services
6.8.
consultation of the National Register and of the Crossroads Bank
Registers:
authorized health care actors access the National Register and the
Crossroads Bank Registers under strict conditions
6.9.
eHealthBox:
a secured electronic mailbox for the exchange of medical data
6.10.
reference directory:
indicates which types of data are stored by which health care actors
for which patients with the consent of the concerned patients
23/04/2014
21
Value-added services
64 value-added services in production
> 40 value-added services under study
examples of value-added services:
• registration in and consultation of
– the Cancer registry
– the registry of hip and knee prostheses (Orthopride)
– the registries of care provided for heart implants (Qermid)
– the shared electronic arthritis file, including electronic processes for the
reimbursement of anti-TNF medication (Safe)
23/04/2014
22
Value-added services
• PROCARE RX allowing radiologists to upload and send anonymous X-rays
and information to experts for review or a second opinion
• management of on-call GP and dentist shifts (Medega)
• reports on MUG interventions
• electronic communication to the owner of a global medical file (GMF) of
the reports drawn up by on-call GPs
• Resident Assessment Instrument (BelRAI)
• electronic consultation of health insurance coverage of patients by nurses
(nurse groups)
23/04/2014
23
Value-added services
• SARAI care portal of the Antwerp Hospital Network ('Ziekenhuisnetwerk
Antwerpen'-ZNA) in support of
– the collaboration between GPs, specialists and health care teams within the
health care programs of the NIHDI (diabetes and renal insufficiency)
– the contribution of GPs to the multidisciplinary oncology consultation
• electronic forwarding of third party invoice by nurses (nurse groups) to
health insurance funds
• quality indicator for hospitals (QI dataserver)
• emergency services data registration of 2 participating hospitals (UREG)
• electronic medical card for people without documents (eCarmed)
23/04/2014
24
Value-added services
• platform for data exchange between the Flemish Agency for Care and
Health and the services recognized by the Agency (VESTA)
• support of the electronic care prescription in 108 hospitals (77 % of the
hospitals)
• consultation of living wills regarding euthanasia
• electronic registration and consultation of the medical evaluation of
disabled people in the information system (Medic-e) of the FPS Social
Security
• online registration system for private facilities within the sector of special
youth care in Flanders
• electronic birth registration – eBirth
23/04/2014
25
Cornerstone:
Multidisciplinary data sharing
1.
data transmission
– snapshot of the data
– sender chooses recipient
– sender is responsible for sending the data only to recipients who are entitled
to have access to these data
2.
data sharing
– evolutive data
– the source does not know in advance who will consult the data (e.g. on-call
GP)
– a need to clarify which people are entitled to have access to the data
23/04/2014
26
Data transfer:
eHealthBox:
• sending of messages to "actors in health care"
– based on
•
•
•
the national Register number
the NIHDI number
the CBE number
– through web application or integrated in the medical file
– with (or without) encryption based on eHealth certificates/ eHealth keys
– other functionalities
•
•
•
•
•
receipt, publication and reading confirmation
reply & forward
consultation of multiple mailboxes
priority level
auto delete
– an average of 1,6 million messages sent per month to the eHealthBox (multiple
recipients)
– an average of 2,4 million messages downloaded per month through the eHealthBox
23/04/2014
27
Multidisciplinary data sharing
1. data from hospitals
– sharing of documents between hospitals and doctors
– the “hubs and metahub system”
2. extramural data
– sharing of structured data between first-line health care providers and other
extramural health care providers
– the “extramural vaults”
3. coupled and interoperable
– standards
– informed consent
– therapeutic relationship/ health care relationship
23/04/2014
28
Hubs & Metahub system:
Creation of the "hubs"
5 hubs
3 technical implementations
98 % of the Belgian hospitals
(have signed the 2012
protocol)
23/04/2014
29
Hub–metahub: as is
23/04/2014
30
Hub–metahub: to be
3. Fetch data from hub A
A
4:
All data
available
C
B
23/04/2014
31
Extramural data 1/2
• supporting the development of data exchange platforms for all sorts of
extramural health care providers (GPs, dentists, pharmacists,
physiotherapists, home nurses, dietitians, psychologists, ...)
– in cooperation with the Communities (First-line health care conference in
Flanders, the Intermed initiative in Wallonia)
– for the disclosure of data via the hub/metahub system between local
information systems of extramural health care providers and between these
systems and the information systems of health care/welfare organizations
– for the interaction with an extramural vault that needs to be developed
– by reusing the basic services of the eHealth platform and by making use of
several achievements of the developed data sharing platform between
hospitals and GPs/doctors
23/04/2014
32
Extramural data 2/2
A
InterMed
C
B
23/04/2014
33
Data sharing
• Each actor keeps his own file
up to date.
• However, he can decide to
share parts of the file with
other actors
• Examples:
23/04/2014
•
medication schedule
•
SUMEHR
•
parameters
•
journal
•
…
34
Governance
Archiving
Management
Vault data
Authentication
...
Authorization
Vault core
Vault
Access for health care providers
• having a "health care relationship"
Trusted
3rd party
• depending on their role
2
Treshold
decryptie
1
.
No access for
• IT administrators, hoster,..
• eHealth platform
• authorities
without the active cooperation
of the owner of the 2 nd key
Vault connector
Data
quality
23/04/2014
Encryption
Decryption
Authentication
35
Informed consent
& therapeutic relationship
• content of informed consent
– for registration in the Reference directory (as required by the eHealth law)
– for the electronic exchange of health data between health care providers
within the framework of patient health care, as far as the following conditions
are met:
•
•
•
•
approval by the Sectoral Committee
requirement of therapeutic relationship
only relevant data
the patient decides, in consultation with the health care provider, which data will be
shared
• exclusion of health care providers by name is possible
• a posteriori verification of the granted access
• revocation of the consent at any given time is possible
23/04/2014
36
Informed consent
& therapeutic relationship
• registration of the informed consent
– patient is informed about the system
– specific procedure approved by the Management Committee and the Sectoral
Committee
– the consent can be registered through eHealth consent
• either by the concerned person himself
• either by a doctor, a pharmacist, a hospital or a health insurance fund
– https://www.ehealth.fgov.be/fr/prestataires-de-soins/services-enligne/ehealthconsent
• therapeutic relationship
– only health care providers who have a therapeutic relationship with the
patient (1) can access the information they need to perform their task (2)
• (1) proof of therapeutic relationship determines to which patient the health care
provider has access
• (2) role determines to which type of data the health care provider has access
23/04/2014
37
eHealthConsent
23/04/2014
38
eHealthConsent
23/04/2014
39
eHealthConsent
23/04/2014
40
eHealthConsent
23/04/2014
41
Health care computerization
Plan 2013-2018 / Overview
•
at the end of 2012, organization of a Round table regarding the development of
the health care computerization
•
participation of about 300 people from the sector
•
a tangible action plan for eHealth has been established for five years - Roadmap
•
the action program is based on 5 pillars:
–
–
–
–
–
•
to develop data exchange by health care providers on the basis of a joint architecture
to increase patient involvement and patient knowledge on eHealth
to develop a reference terminology
to achieve administrative simplification and efficiency
to implement a flexible and transparent governance structure in which all competent
authorities and stakeholders are involved
this action plan constitutes a clear framework for 20 concrete and measurable
objectives for the next five years.
23/04/2014
42
Roadmap 2013-2018
(www.rtreh.be)
• each owner of an GMF manages an electronic file regarding the concerned
patient, updates the relevant data in a SUMEHR and shares them through
Vitalink/Intermed
• each hospital disposes of a structured electronic patient file
• hospital documents are shared and generalized through the hub/metahub
system
• intramural and extramural laboratory results and reports in medical
imaging are shared through the hub/metahub system or through
Vitalink/Intermed
23/04/2014
43
Roadmap 2013-2018
(www.rtreh.be)
• data concerning the delivered medicines and the medication schedule are
electronically shared
– shared pharmaceutical file as an authentic source for the delivered medicines
– Vitalink and Intermed as authentic sources for the medication schedule
• the electronic medicine prescription in the ambulatory sector is
generalized and extended to other prescriptions (physiotherapy, nursing,
laboratory researches, medical imaging)
• per health care profession the minimum content of an electronic patient
file is defined
23/04/2014
44
Roadmap 2013-2018
(www.rtreh.be)
• generalized usage of the eHealthBox
• traceability of medical devices
• elaboration of a national terminology policy
• extension of the hub/metahub system to psychiatric hospitals and rest
homes
• evolution of BelRAI as an evaluation tool
• social debate about the modularity or not of access rights to patient data
• patient organizes the access to his data
• adaptation of the regulation and financing as incentives for ICT usage
23/04/2014
45
Roadmap 2013-2018
(www.rtreh.be)
• inclusion of eHealth in the training of health care providers
• implementation of MyCarenet services (electronic billing of third-party
payer, electronic consultation of insurability, electronic exchange between
the hospital and the health insurance fund in case of a hospitalization, ...)
• inventory and consolidation of registers
• action plan for a further administrative simplification
• monitoring and execution of the action plan
23/04/2014
46
THANK YOU!
Questions?
Frank.Robben@ehealth.fgov.be
@FrRobben
https://www.ehealth.fgov.be
http://www.ksz.fgov.be/
http://www.frankrobben.be