Classifying, Sharing and Exchanging Healthcare Data
CSE
5810
Kingsley Udeh
Computer Science & Engineering Department
The University of Connecticut
371 Fairfield Road, Box U-255
Storrs, CT 06269-2155
kingsley.udeh@uconn.edu
IntroOH-1
Outline
o
CSE
5810
o
o
Introduction
 Background
Healthcare Data Classification
 Information Classification
 Information Flow Policies
 Access Control Models
Healthcare Data Sharing and Exchanging
 Standards
 Interoperability frameworks/Infrastrustures
 Fast Healthcare Interoperability Resources(FHIR)
 Health Record Banks(HRBs)
o
o
Case Study on Healthcare Systems Interoperability
Conclusion
IntroOH-2
Introduction
CSE
5810

There is an ongoing gradual transfer from paper-based
to electronic-based organization of information

Therefore data concerning people’s private lives are
vulnerable to unauthorized access
IntroOH-3
Introduction
CSE
5810
Problems/Challenges
The consequence is the problem of privacy
management due to the gab between the ease of access
to one’s personal details and the human desire to
control this access



Consistently obtaining timely electronic medical
records from all providers in a cost effective manner

People tend to keep their personal details confidential
especially their health conditions
IntroOH-4
Introduction

CSE
5810
Background
 Biomedical Informatics(BMI)
Information and its usage associated with the research
and practice of medicine. Interdisciplinary fields
interacting between people, information and
technology.
IntroOH-5
Introduction - Background
Informatics
Management and processing of data from multiple
sources through classification, collection, storage,
analysis, and dissemination

CSE
5810
Focus:
Clinical Informatics : tracking all information for
patient and his care – Medical Records + Personal
Health Records(PHRs) from hospitals/clinics,
medical offices, insurance/reimbursements etc. via
Health Information Technology(HIT) system, such
as Electronic Health Records(EHR)
IntroOH-6
Introduction - Background

CSE
5810
An architecture for integrating data from multiple
systems - EHR
Multi-Source Data Integration Architecture (Source: Courtesy of Columbia University Medical
Center)
IntroOH-7
Healthcare Data Classification
Information Classification
The process of separating information into distinct
categories or levels by which different controls,
policies and requirements apply

CSE
5810


Information Creation = Classification Label
Designation.
Goal: Information is protected, stored and managed
appropriately.
Motivation:
Military Security Structure
IntroOH-8
Healthcare Data Classification
Any piece of information can be in five different
classifications:
CSE
5810





Unclassified
Restricted
Confidential
Secret
Top Secret
unclassified documents can be made available to the
public and top secret information are shared with few
individuals.
IntroOH-9
Healthcare Data Classification - Security
Information Flow Policies
Denning and his colleagues performed the basic
research in Lattice Based Access Control models in
the 1970s concerned with confidentiality
Denning concept of “Information Flow Policy”:
A triple consisting of <SC, →, ⊕>

CSE
5810
o
o
o
SC is set of security classes
→ ⊆ SC x SC is a binary can-flow relation on SC
⊕: SC x SC → SC is a binary class-combining or
join operator on SC
(A,B) ∈ → means information can flow from the
security class of A to the security class of B
IntroOH-10
Healthcare Data Classification - Security
Example of an information flow policy
CSE
5810
Information may flow from one security class label to
another security class label based on a given
information flow policy.

A ⊕ B = C is equivalent to ⊕ (A, B) = C
Thus,

A ⊕ B = C tells us that objects that contain
information from security classes A and B should be
labeled with the security class C.
IntroOH-11
Healthcare Data Classification - Security
Illustration of information flow policies
CSE
5810
No information flow is allowed from one security
class to a different security class.
Trivial form of information flow policy

SC = [Ai…An]; for i = 1 … n, we have Ai → Ai
and Ai ⊕ Ai = Ai

SC = [Ai…An]; for i, j = 1 … n, i ≠ j we have Ai
cannot – flow to Aj
and Ai ⊕ Aj is undefined
IntroOH-12
Healthcare Data Classification - Security
CSE
5810
Illustration of information flow policies
Information may flow from all security classes except
from High to Low
Nontrivial form of information flow policy
High-low policy – Binary can-flow relation:
 SC = [H, L], and → = [(H, H), (L, L), (L, H)]
H →H, L → L, L → H, and H cannot-flow L
The can-flow relation is directed upward
High-low policy -The join operator
 H⊕H = H, L ⊕ H = H, H ⊕ L = H, L ⊕ L = L.
IntroOH-13
Healthcare Data Classification - Security
Information flow policies formed a Lattice based on
Denning’s Assumptions
CSE
5810




The set of SC is finite: set of SC must be finite
→ is a partial order on SC: reflexive(A → A);
transitive(if A → B, B → A, then A → C) – indirect
flow of information implies direct flow of information,
but not in all cases; antisymmetric(if A → B and B
→A, then A = B)
SC has a lower bound with respect to →: L → A if L
is a publicly available information
Join operator is totally defined for every pair of SC:
information can be combined from any two or more
SC and get a label. Ai ⊕ Aj = H for i ≠ j
for i = 1…n, it’s also possible to have L → Ai
IntroOH-14
Healthcare Data Classification - Security
CSE
5810
Information may flow from all security classes but
from High to Low
Hasse diagrams for certain information flow policies
IntroOH-15
Healthcare Data Classification - Security

Lattice – Based Access Control Models
CSE
5810
Abstraction of concepts: users/subjects and objects
Subjects – programs in execution
Objects – files/directories, etc.
Access Rights of a subject s, to an object : D = [s, o],
authorization of s to perform operation on o
Discretionary Access Control Model
The owner of the object has complete discretion
regarding access to the owned object by other
subjects

Limitation: no constraint in copying information from one object to another.
IntroOH-16
Healthcare Data Classification - Security
Bell LaPadula Access Control(BLP) Model
Key idea: enforce Discretionary Access Control with
Mandatory Access Controls to enforce information flow
policies

CSE
5810
BLP is expressed in terms of security labels attached
to objects/subjects: security classification/clearance
Properties of BLP Access Control Model: Simple & Star

s can read o only if λ(s) ≥ λ(o) or λ(o) → λ(s)

s can write o only if λ(s) ≤ λ(o) or λ(s) → λ(o)

A user labeled secret who wishes to write an unclassified
object must log in as an unclassified subject. Thus,
λ(s) = λ(o) : subjects ‘cannot write up’, but their levels
IntroOH-17
Healthcare Data Sharing and Exchanging

CSE
5810
Ability to share data within and across organizations
requires some standards + infrastructures
XML
A user driven open standard for exchanging data


We focus on:
 Health Level Seven(HL-7) V3 Standard
Coding technology that is used to interpret data from
one system to the other referring to the top level
seven of Open System Interconnect(OSI)
communication
Standardization enables interoperability of healthcare
system
IntroOH-18
Healthcare Data Sharing and Exchanging
CSE
5810



Three aspects of interoperability:
Technical: Moving data from one system to another
Semantic: Both systems understand the data
Process: Enabling business processes in both systems
to work together
Adapted from Introduction to HL7 Flash Tour
IntroOH-19
Healthcare Data Sharing and Exchanging
Limitations of standards in systems integration:
CSE
5810



Conflicting systems interpretation
Complex nature of ever changing information domain
of a healthcare enterprise
Expensive, site specific interface development
IntroOH-20
Healthcare Data Sharing and Exchanging

Integrating the Healthcare Enterprise(IHE)
CSE
5810
A Framework for Information Sharing used for the
implementation of standards
 It fills the gap between standards and systems
integration
 It leverages DICOM(Digital Imaging and
Communication in Medicine) and HL-7 standards to
address specific clinical needs in support of optimal
patient care
Benefits:
 Better communication among systems
 Easier implementation
 Effective use of information by care providers

IntroOH-21
Healthcare Data Sharing and Exchanging
CSE
5810
IHE Process Workflow
Adapted from Engaging HIT Stakeholders in a Proven Process
IntroOH-22
Healthcare Data Sharing and Exchanging
Fast Healthcare Interoperability Resources(FHIR)
A set of modular components called resources
Exchanging resources between systems through
RESTful APIs/messages/documents – HL7 approach
Formats: XML, JSON. Exchange is done using
HTTP(Security: SSL/Oauth
 FHIR Interoperability Model
Regardless of paradigms, the contents are same

CSE
5810
o
o
o
o
FHIR resources:
 Admin(patient, practitioner, organization)
 Clinical concept(allergy, family history)
 Infrastructure(document, message, profile)
Architectural Option :FHIR as an interface engine
IntroOH-23
Healthcare Data Sharing and Exchanging
Health Record Banks(HRBs)
A mechanism for assuring the availability of
comprehensive electronic patient information in
communities
Creating a single unified record for each patient in the
Public Health Organization(PHO) repository via
Health Information Exchange(HIE) efforts

CSE
5810


Benefits of HRBs in the context of interoperability:
o
Availability of comprehensive medical information for
every individual
IntroOH-24
Case Study on Healthcare System Interoperability
CSE
5810
Proposed Solution to Interoperability Problem in the
Healthcare Domain: Generic Information
Exchange(GIE) System
 Provides means for interconnection and
interoperation of wide variety of applications.
 It necessitates the sharing and exchange of data
related to clinical, administrative, research, etc

Implemented on complex healthcare information
system to provide foundational services

Based on HL7 for exchange, management and
integration of health data to generate EHR

Adopted XML to serve as a messaging syntax
IntroOH-25
Case Study on Healthcare System Interoperability

Generate EHR
CSE
5810
IntroOH-26
Case Study on Healthcare System Interoperability
Parsed Stored Data in EHR
Exchanging EHR data as an XML document –
message generation, transport and receiving processes

CSE
5810
IntroOH-27
Case Study on Healthcare System Interoperability
CSE
5810
GIE system is implemented to provide access to
interoperable EHR
Result:
The GIE system generates EHR related to a patient that
contains his medical, routine examinations and findings.
The EHR can be shared among healthcare providers
IntroOH-28
Conclusion
CSE
5810

Interoperability can be successful when there is
some level of coordination and communication in
the exchange of the healthcare information among
the healthcare providers with authentication and
authorization

HIE effort is to fundamentally make data to be
universally accessed, integrated, and understood
while also being protected
IntroOH-29