But de la Plate-forme eHealth
Download
Report
Transcript But de la Plate-forme eHealth
eHealth:
Belgian approach with
specific attention to
research support
Frank Robben
General manager of the eHealth platform
Quai de Willebroeck 38
B-1000 Brussels
E-mail: [email protected]
Website eHealth platform https://www.ehealth.fgov.be
Personal website: www.frankrobben.be
27/05/2014
Overview
• overview of the eHealth platform
• multidisciplinary data sharing and value-added
services in the pharmaceutical sector
• privacy legislation - processing of health data
for research purposes
27/05/2014
2
Overall objectives of the
eHealth platform
• how?
– through a well-organised, mutual electronic service and information
exchange between all actors in health care
– by providing the necessary guarantees with regard to information security,
privacy protection and professional secrecy
• what?
–
–
–
–
27/05/2014
optimisation of health care quality and continuity
optimisation of patient safety
reduction of administrative burden for all actors in health care
thorough support of health care policy and research
3
eHealth platform
In practice
The patient consults
his doctor
Administrative advantages
Patient's
eID
• Authentication of the patient’s
identity
• Verification of insurability
• GMF ?
Possibility to register therapeutic relationships and informed
consent
27/05/2014
4
eHealth platform
In practice
Look up medical
history through the
SumEHR
Medication
schedule
Laboratory results
27/05/2014
Online advice and
guidelines
Medical
advantages
Electronic
prescriptions
Electronic medical
referral form
5
eHealth platform
In practice
Update SumEHR,
medication
schedule, ...
Tarification,
billing
Create and
send
certificates
Administrative
advantages
Registrations
Send a report to the
GMF owner
27/05/2014
6
Basic architecture
Patients, health care providers
and health care institutions
Health portal
AVS
AVS
AVS
AVS
Overall
objectives of the
eHealth
platform
AVS
AVS
AVS
AVS
Software
health care
institution
AVS
AVS
AVS
AVS
Site NIHDI
AVS
AVS
AVS
AVS
Software health
care provider
MyCareNet
AVS
AVS
AVS
AVS
Users
Basic services
eHealth platform
Network
VAS
Suppliers
27/05/2014
VAS
VAS
VAS
VAS
VAS
7
10 missions
1.
development of a vision and a strategy with regard to eHealth
2.
organisation of collaboration between other government agencies
charged with coordinating electronic services
3.
acting as a key driver for the necessary changes in order to carry out the
vision and strategy with regard to eHealth
4.
establishing the functional and technical norms, standards and
specifications and the basic ICT architecture
5.
registration of software for management of electronic patient files
27/05/2014
8
10 missions
6.
creation, development and management of a cooperative platform for
safe electronic data exchange with the corresponding basic services
7.
to agree on task division and quality standards with regard to
information storage, and to verify whether these standards are complied
with
8.
as an independent trusted third party (TTP), being in charge of the
coding and anonymisation of personal health data for the benefit of
specific agencies, as established by law, in order to support scientific
research and policy
9.
promoting and coordinating the development of programs and projects
10. managing and coordinating the ICT aspects of data exchange within the
framework of electronic patient files and electronic medical
prescriptions
27/05/2014
9
10 basic services
1.
2.
3.
4.
5.
6.
7.
8.
9.
integrated user and access management
orchestration of electronic subprocesses
portal environment (https://www.ehealth.fgov.be)
logging management
system for end-to-end encryption
personal electronic mailbox for each health care provider (eHealthBox)
timestamping
coding and anonymisation
consultation of the National Register and of the Crossroads Bank
Registers
10. reference directory (metahub)
27/05/2014
10
Value-added services
65 value-added services in production
40 value-added services under study
Some general examples of value-added services :
•
•
•
•
•
•
•
•
registration in and consultation of the Cancer registry, the registry of hip and knee
prostheses (Orthopride), the registries of care provided for heart implants (Qermid), the
shared electronic arthritis file, including electronic processes for the reimbursement of antiTNF medication (Safe)
PROCARE RX allows radiologists to upload and send anonymous X-rays and information to
experts for review or a second opinion
reports on MUG interventions
Resident Assessment Instrument (BelRAI)
electronic medical card for people without documents (eCarmed)
consultation of living wills regarding euthanasia
electronic registration and consultation of the medical evaluation of disabled people
electronic birth registration – eBirth
27/05/2014
11
Cornerstone:
Multidisciplinary data sharing
1.
data transmission
– snapshot of the data
– sender chooses recipient
– sender is responsible for sending the data only to recipients who are entitled
to have access to these data
2.
data sharing
– evolutive data
– the source does not know in advance who will consult the data (e.g. on-call
GP)
– necessity of clarifying which people are entitled to have access to the data
27/05/2014
12
Data transfer:
eHealthBox:
• sending of messages to "actors in health care"
– based on
•
•
•
national Register number
NIHDI number
CBE number
– through web application or integrated into the medical file
– with (or without) encryption based on eHealth certificates/ eHealth keys
– other functionalities
•
•
•
•
•
receipt, publication and reading confirmation
reply & forward
check multiple mailboxes
priority level
auto delete
– an average of 2.4 million messages sent per month to the eHealthBox (multiple
recipients)
– an average of 2.2 million messages downloaded per month through the eHealthBox
27/05/2014
13
eHealthBox: currently
27/05/2014
14
eHealthBox: in future
27/05/2014
15
Multidisciplinary data sharing
1. data from hospitals
– sharing of documents between hospitals and doctors
– “hubs and metahub system”
2. extramural data
– sharing of structured data between first-line health care providers and other
extramural health care providers
– “extramural vaults”
– shared pharmaceutical file
3. coupled and interoperable
– standards
– informed consent
– therapeutic relationship/ health care relationship
27/05/2014
16
Hubs & Metahub system:
Creation of the "hubs"
5 hubs
3 technical implementations
98 % of Belgian hospitals (have
signed the 2012 protocol)
27/05/2014
17
Hub-metahub: currently
27/05/2014
18
Hub-metahub: in future
3. Retrieve data from hub A
A
4:
All data
available
C
B
27/05/2014
19
Extramural data 1/2
• supporting the development of data exchange platforms for all sorts of
extramural health care providers (GPs, dentists, pharmacists,
physiotherapists, home nurses, dietitians, psychologists, ...)
– in cooperation with Communities (first-line health care conference in Flanders,
the Intermed initiative in Wallonia)
– for the disclosure of data via the hub/metahub system between local
information systems of extramural health care providers and between these
systems and the information systems of health care/welfare organizations
– for the interaction with extramural vaults awaiting development
– by reusing the basic services of the eHealth platform and by making use of
several achievements of the developed data sharing platform between
hospitals and GPs/doctors
27/05/2014
20
Extramural data 2/2
A
InterMed
C
B
27/05/2014
21
Data sharing
• Each actor keeps their own
file up to date
• However, they can decide to
share parts of the file with
other actors
• Examples:
27/05/2014
•
medication schedule
•
SUMEHR
•
parameters
•
journal
•
…
22
Governance
Archiving
Management
Vault data
Authentication
...
Authorisation
Vault core
Vault
Access for health care providers
• having a "health care relationship"
Trusted
3rd party
• depending on their role
2
Treshold
decryptie
1
.
No access for
• IT administrators, hoster,..
• eHealth platform
• authorities
without the active cooperation
of the owner of the 2nd key
Vault connector
Data
quality
27/05/2014
Encryption
Decryption
Authentication
23
Shared pharmaceutical file
27/05/2014
24
Informed consent
& therapeutic relationship
• content of informed consent
– for registration in the reference directory (as required by the eHealth law)
– for the electronic exchange of health data between health care providers
within the framework of patient health care, as long as the following
conditions are met:
•
•
•
•
approval by the Sectoral Committee
therapeutic relationship required
only relevant data
the patient decides, in consultation with the health care provider, which data will be
shared
• health care providers may be excluded by name
• possibility of a posteriori verification of the granted access
• consent may be revoked at any given time
27/05/2014
25
Informed consent
& therapeutic relationship
• registration of informed consent
– patient is informed about the system
– specific procedure approved by the Board of Directors and the Sectoral
Committee
– consent can be registered through eHealth consent
• either by the concerned person themselves
• or by a doctor, a pharmacist, a hospital or a health insurance fund
– https://www.ehealth.fgov.be/fr/prestataires-de-soins/services-enligne/ehealthconsent
• therapeutic relationship
– only health care providers who have a therapeutic relationship with the
patient (1) can access the information they need to perform their task (2)
• (1) proof of therapeutic relationship determines which patient the health care
provider has access to
• (2) role determines which type of data the health care provider has access to
27/05/2014
26
Value-added services
• some specific examples of value-added services in the pharmaceutical
sector :
– simplification of Chapter IV requests: optimized electronic processes to obtain
access to reimbursement of certain healthcare costs: complex programme with
several stakeholders
– system for electronic prescriptions for pharmaceutical products
27/05/2014
27
Chapter IV requests: former paper flow
Prescriber
A couple
of days
Pharmacy
A couple of
days
Sickness fund
medical advisor
27/05/2014
After many days
28
Chapter IV requests: currently
Prescriber
A few
seconds
Pharmacy
A few seconds
A few seconds
Sickness fund
medical advisor
27/05/2014
29
Recip-E: currently
27/05/2014
30
Recip-E: in future
Recip-e Module
Doctor
Software
Recip-e
Central System
eHealth platform
Paper
prescription
Recip-E
Patient Portal
eHealth platform
Recip-e Module
MyCareNet
services
Pharmacist
Software
Paper
prescription
eHealth platform
27/05/2014
31
Privacy Legislation
• European Directive 95/46/EC of the European Parliament and of the
Council of 24 October 1995 on the protection of individuals with regard to
the processing of personal data and on the free movement of such data
• Transposition in Belgium :
– Act of 8 December 1992 on the protection of privacy in relation to the
processing of personal data (hereafter 'Privacy Act')
– Royal Decree of 13 February 2001 implementing the Act of 1992 on the
protection of privacy in relation to the processing of personal data
27/05/2014
32
Processing of health data for
research purposes
•
27/05/2014
qualitative support of health care policy and health care research can
only be based on authentic sources complying with quality and
availability requirements
33
Processing of health data for
research purposes
Article 8 Directive / Article 7 Privacy Act :
• prohibition to process health-related data
• exceptions:
– explicit (written) consent of the data subject
– exemptions of substantial public interest laid down by national law or decision
of supervisory authority and subject to provision of suitable safeguards:
• necessary for the promotion and protection of public health, including medical
screening of the population
• obligation by or by virtue of a law, decree or ordinance for reasons of important
public interest
• necessary for scientific research
27/05/2014
34
Further processing of health data for
research purposes
• proportionality
• cascade: anonymous data, encoded personal data, non-encoded personal
data
– encoding can be carried out by:
• controller (of initial processing) or processor appointed by him
• independent intermediary organization (compulsory in case data are obtained from
multiple controllers)
• transparency - duty to inform - consent
– non-encoded personal (health) data:
• in principle
– duty to inform with regard to data source
– explicit consent (opt in) necessary
• except for:
– impossibility or disproportionate effort
– data disclosed by data subject
27/05/2014
35
Further processing of health data for
research purposes
• transparency - duty to inform - consent
– encoded personal (health) data
• in principle:
– duty to inform with regard to data source
– right to object (opt out)
• except for:
– impossibility or disproportionate effort
– intermediary organization in charge of encoding is administrative government in charge
of encoding by law
• coding and anonymization (basic service of the eHealth platform)
– makes it possible to hide the identity of individuals behind a code, so that the
useful data of these individuals can be used without infringing on their privacy
– makes it possible to anonymize data by replacing patients’ detailed
characteristics with generalised characteristics. These encoded or anonymised
data preserve their usefulness, but without allowing the direct or indirect
identification of the person
27/05/2014
36
Trusted Third Party (TTP)
• Use Case :
A university wants to study the impact of a medical treatment on patients by
crossing medical informations from multiple sources (hospitals, cancer registry,
insurance, …)
Most of these medical information is confidential and highly sensitive
Warranty must be provided that privacy, professional secrecy and patient rights are not
violated when medical data are communicated
27/05/2014
37
Trusted Third Party (TTP)
• Solution :
– eHealth platform assumes the role of « trusted third party » (go-between
organization) between instances identified by the law
– eHealth platform, by coding patient ID’s such as SSIN (Social Security
Inscription Number), ensures that a patient cannot be identified directly or
indirectly and thus that privacy, medical secret and patient rights are well
respected
– this role is executed under the supervision of a Sectoral Committee
27/05/2014
38
In practice
Data
Source 1
Data
Source 2
By this way
•
1. ID-MD1
2. ID-MD2
eHealth
(coding/coupling)
3. IDcoded-MD1-MD2
eHealth platform
doesn’t perform
consolidation or small
cell risk analysis > this
role must be assigned
to a Data Manager
•
•
Data Manager
(consolidation)
4. IDcoded-consolidatedMD
•
only eHealth platform can relate
patientID’s with the code and
separation between data sources
and researchers is guaranteed
reidentification of a patient can
thus only be performed via
eHealth platform
medical data (=MD) must normally
be encrypted by the source > by
this way eHealth platform has only
access to the patientID
in most cases, this process can be
automated by using the
eHealthBox
Investigator
Researcher
27/05/2014
39
Useful links
• all information concerning eHealth platform TTP service is available at the
eHealth portal
https://www.ehealth.fgov.be/fr/support/services-de-base/codage-et-anonymisation (FR)
https://www.ehealth.fgov.be/nl/support/basisdiensten/codering-en-anonimisering (NL)
• information requests can be submitted by mail at the address:
[email protected]
27/05/2014
40
THANK YOU!
Questions?
[email protected]
@FrRobben
https://www.ehealth.fgov.be
http://www.ksz.fgov.be/
http://www.frankrobben.be
27/05/2014