Transcript But de la Plate

The Belgian eHealth
program and its legal
framework
Frank Robben
General manager of the eHealth platform
Quai de Willebroeck 38
B-1000 Brussels
E-mail: [email protected]
Website eHealth platform https://www.ehealth.fgov.be
Personal website: www.frankrobben.be
05/06/2014
Some evolutions in health care
• more chronic care instead of merely acute care
• remote care (monitoring, assistance, consultation, diagnosis,
operation, ...), and home care
• multidisciplinary, transmural and integrated care
• patient-oriented care and patient empowerment
• rapidly evolving knowledge => need for reliable and coordinated
management and access to knowledge
• threat of excessively time-consuming administrative processes
• thorough support of health care policy and research requires
thorough, integrated and anonymized information
• cross-border mobility
• need for cost control
05/06/2014
2
These evolutions require...
• collaboration between all actors in health care
• efficient and safe electronic communication between all actors in
health care
• high-quality electronic patient files, across specialties
• care pathways
• optimised administrative processes
• technical and semantic interoperability
• guarantees concerning
– information security
– privacy protection
– respect for the professional secrecy of health care providers
05/06/2014
3
Creation of the eHealth platform
• parapublic institution created by law of August 21, 2008, published in the
Official Journal of October 13, 2008
• mission
– how?
• through a well-organised, mutual electronic service and information exchange
between all actors in health care
• by providing the necessary guarantees with regard to information security,
privacy protection and professional secrecy
– what?
•
•
•
•
05/06/2014
optimisation of health care quality and continuity
optimisation of patient safety
reduction of administrative burden for all actors in health care
thorough support of health care policy and research
4
Governance
•
Board of Directors consisting of
– 7 representatives of the health care providers and institutions, appointed by the
representatives of the health care providers and institutions within the RIZIV/INAMI
Insurance Committee
– 7 representatives of the sickness funds
– 7 representatives of the public services with competences in health care: FPS Health,
RIZIV/INAMI, FPS Social Security, Federal Health Care Knowledge Centre, Federal
Agency For Medicines and Health Products
– representatives of the Ministers of Health, Social Affairs, Computerization and Budget
– representatives of the Order of Physicians and the Order of Pharmacists and of the
Crossroads Bank for Social Security, with advisory vote
– representatives of the communities and the regions, with advisory vote
– Chairman of the Consultative Committee, with advisory vote
•
Consultative Committee with working groups: representatives of all
relevant stakeholders and experts, chaired by a medical doctor
05/06/2014
5
Sectoral Committee
• established within the Privacy Commission
• 2 sections: Social Security and Health
• the Health Section consists of
–
–
2 members of the Privacy Commission
4 medical doctors appointed by Parliament
• tasks
–
–
–
–
05/06/2014
to provide authorizations for (electronic) exchange of personal health data, in
situations not regulated by law
to determine information security policies with regard to the processing of
personal health data
to give advice and recommendations with regard to information security
related to the processing of personal health data
to handle complaints with regard to the violation of information security
policies during the processing of personal health data
6
Legal assignments
1.
development of a vision and a strategy with regard to eHealth
2.
organisation of collaboration between other government agencies
charged with coordinating electronic services
3.
acting as a key driver for the necessary changes in order to carry out the
vision and strategy with regard to eHealth
4.
establishing the functional and technical norms, standards and
specifications and the basic ICT architecture
5.
registration of software for management of electronic patient files
05/06/2014
7
Legal assignments
6.
creation, development and management of a cooperative platform for
safe electronic data exchange with the corresponding basic services
7.
to agree on task division and quality standards with regard to
information storage, and to verify whether these standards are complied
with
8.
as an independent trusted third party (TTP), being in charge of the
coding and anonymisation of personal health data for the benefit of
specific agencies, as established by law, in order to support scientific
research and policy
9.
promoting and coordinating the development of programs and projects
10. managing and coordinating the ICT aspects of data exchange within the
framework of electronic patient files and electronic medical
prescriptions
05/06/2014
8
Basic architecture
Patients, health care providers
and health care institutions
Health portal
AVS
Software
health care
institution
Site NIHDI
AVS
Overall
objectives of the
eHealth
platform
Software health
care provider
MyCareNet
AVS
AVS
AVS
Users
Basic services
eHealth platform
Network
VAS
Suppliers
05/06/2014
VAS
VAS
VAS
VAS
VAS
9
10 basic services
6.1.
integrated user and access management:
makes it possible to guarantee that only authorised health care providers/
health care institutions have access to personal data to which they are
authorised to have access
• access rules are defined by, among other things, the law and
authorisations issued by the Health Section of the Sectoral Committee
(established within the Privacy Commission)
• each application defines its own access rules
• when a user authenticates his identity (using the electronic identity card
or token), the generic verification model of the tool is set in motion: it
consults the rules established for the application, verifies if the user does
indeed meet these rules and accordingly grants or restricts access to the
application
05/06/2014
10
Integrated user and
access management
Action on application
DECLINED
Policy
Application
(PEP)
User
Action on application
ALLOWED
Application
Action on application
Decision
request
Fetch
Policies
Decision
answer
Policy
Decision (PDP)
Information
Question/
Answer
Information
Question/
Answer
Authorisation
management
Policy
Administration
(PAP)
Policy Information
(PIP)
Policy Information
(PIP)
Policy Repository
Authentic Source
Authentic Source
Administrator
05/06/2014
11
10 basic services
6.2.
orchestration of electronic subprocesses: allows for the flexible and
harmonious integration of the different processes that are linked to
the implementation of several basic services into one, single
application
6.3.
portal environment: a web window offering a variety of online
services to health care actors in order to help them provide the best
possible health care; the portal environment provides all useful
information on the services that are offered by the eHealth platform,
its tasks, its standards, etc.
It contains, among other things, the documents users need to
configure the right settings in order for them to have access to the
available online services
05/06/2014
12
10 basic services
6.4.
logging management: management of a register of access to the
information management system: all read, write and delete accesses
are registered and have probative value in case of a complaint
6.5.
system for end-to-end encryption: transfer of complete and
unmodified data from one point to another by making them
indecipherable (encryption), provided that these data have not been
decrypted with a key
Two methods:
• in the case of a known recipient: use of an asymmetric encryption
system (2 keys)
• in the case of an unknown recipient: use of symmetric encryption
(the information is encrypted and stored outside the eHealth
platform; the decryption key can only be obtained through the
eHealth platform)
05/06/2014
13
10 basic services
6.6.
timestamping: makes it possible to assign a time and date, accurate
to the second, to a health care document and thereby makes it
possible to permanently ensure the validity of its content by
appending an eHealth signature
6.7.
coding and anonymization: makes it possible
• to hide the identity of individuals behind a code, so that the useful
data of these individuals can be used without infringing on their
privacy
• to anonymize data by replacing patients’ detailed characteristics
with generalised characteristics. These encoded or anonymized
data preserve their usefulness, but without allowing the direct or
indirect identification of the person
05/06/2014
14
10 basic services
6.8.
consultation of the National Register and Crossroads Bank
Registers:
authorised health care actors access the National Register and the
Crossroads Bank Registers under strict conditions
6.9.
eHealthBox:
a secured electronic mailbox for the exchange of medical data
6.10.
reference directory:
indicates which types of data are stored, by which health care actors
and for which patients, with the consent of said patients
05/06/2014
15
Other legal provisions
• permission/obligation to use a unique patient identification number
• probative value of electronic information exchange via the eHealth
platform
–
–
–
–
authentication
timestamp
integrity
technically readable
• organisation of information security and of the duty of professional
secrecy within the eHealth platform
• possibility to impose, via a royal decree, electronic communication of data
between public institutions and the eHealth platform
• financing of the eHealth platform
05/06/2014
16
Guarantees while using
eHealth platform
• improved legal certainty
– basic services supporting information security and privacy protection such as
• user and access management
• end-to-end encryption
• logging
meet the legal requirements
– basic services supporting probative value such as
• time stamping
• returns of receipt
meet the legal requirements
– the validated authentic sources used by the basic services are reliable
05/06/2014
17
Guarantees while using
eHealth platform
• legal certainty is guaranteed by
– the law establishing the eHealth platform
– specific regulation elaborated under coordination of the eHealth platform (e.g.
related to electronic care prescriptions)
– previous authorizations and permanent supervision by the Sectoral Committee
– permanent supervision by the Board of Directors composed of representatives
of the stakeholders
• legal certainty about the legitimacy of electronic exchange of personal
data can be obtained via a previous authorization of the Sectoral
Committee
• service level agreements guarantee
– the availability of the services
– the performance of the services
05/06/2014
18
eHealth platform
In practice
The patient consults
his doctor
Administrative advantages
Patient's
eID
• Authentication of the patient’s
identity
• Verification of insurability
• GMF ?
Possibility to register therapeutic relationships and informed
consent
05/06/2014
19
eHealth platform
In practice
Look up medical
history through the
SumEHR
Medication
schedule
Laboratory results
05/06/2014
Online advice and
guidelines
Medical
advantages
Electronic
prescriptions
Electronic medical
referral form
20
eHealth platform
In practice
Update SumEHR,
medication
schedule, ...
Tarification,
billing
Create and
send
certificates
Administrative
advantages
Registrations
Send a report to the
GMF owner
05/06/2014
21
Value-added services
65 value-added services in production
 40 value-added services under study
Some examples of value-added services:
•
•
•
•
•
•
•
•
registration in and consultation of the Cancer registry, the registry of hip and knee
prostheses (Orthopride), the registries of care provided for heart implants (Qermid), the
shared electronic arthritis file, including electronic processes for the reimbursement of antiTNF medication (Safe)
PROCARE RX allows radiologists to upload and send anonymous X-rays and information to
experts for review or a second opinion
reports on MUG interventions
Resident Assessment Instrument (BelRAI)
electronic medical card for people without documents (eCarmed)
consultation of living wills regarding euthanasia
electronic registration and consultation of the medical evaluation of disabled people
electronic birth registration – eBirth
05/06/2014
22
Cornerstone:
Multidisciplinary data sharing
1.
data transmission
– snapshot of the data
– sender chooses recipient
– sender is responsible for sending the data only to recipients who are entitled
to have access to these data
2.
data sharing
– evolutive data
– the source does not know in advance who will consult the data (e.g. on-call
GP)
– necessity of clarifying which people are entitled to have access to the data
05/06/2014
23
Data transfer:
eHealthBox:
• sending of messages to "actors in health care"
– based on
•
•
•
national Register number
NIHDI number
CBE number
– through web application or integrated into the medical file
– with (or without) encryption based on eHealth certificates/ eHealth keys
– other functionalities
•
•
•
•
•
receipt, publication and reading confirmation
reply & forward
check multiple mailboxes
priority level
auto delete
– an average of 2.4 million messages sent per month to the eHealthBox (multiple
recipients)
– an average of 2.2 million messages downloaded per month through the eHealthBox
05/06/2014
24
Multidisciplinary data sharing
1. data from hospitals
– sharing of documents between hospitals and doctors
– “hubs and metahub system”
2. extramural data
– sharing of structured data between first-line health care providers and other
extramural health care providers
– “extramural vaults”
3. coupled and interoperable
– standards
– informed consent
– therapeutic relationship/ health care relationship
05/06/2014
25
Hubs & Metahub system:
Creation of the "hubs"
5 hubs
3 technical implementations
98 % of Belgian hospitals (have
signed the 2012 protocol)
05/06/2014
26
Hub-metahub: currently
05/06/2014
27
Hub-metahub: in future
3. Retrieve data from hub A
A
4:
All data
available
C
B
05/06/2014
28
Extramural data 1/2
• supporting the development of data exchange platforms for all sorts of
extramural health care providers (GPs, dentists, pharmacists,
physiotherapists, home nurses, dietitians, psychologists, ...)
– in cooperation with Communities (first-line health care conference in Flanders,
the Intermed initiative in Wallonia)
– for the disclosure of data via the hub/metahub system between local
information systems of extramural health care providers and between these
systems and the information systems of health care/welfare organizations
– for the interaction with extramural vaults awaiting development
– by reusing the basic services of the eHealth platform and by making use of
several achievements of the developed data sharing platform between
hospitals and GPs/doctors
05/06/2014
29
Extramural data 2/2
A
InterMed
C
B
05/06/2014
30
Data sharing
• Each actor keeps their own
file up to date
• However, they can decide to
share parts of the file with
other actors
• Examples:
05/06/2014
•
medication schedule
•
SUMEHR
•
parameters
•
journal
•
…
31
Governance
Archiving
Management
Vault data
Authentication
...
Authorisation
Vault core
Vault
Access for health care providers
• having a "health care relationship"
Trusted
3rd party
• depending on their role
2
Treshold
decryptie
1
.
No access for
• IT administrators, hoster,..
• eHealth platform
• authorities
without the active cooperation
of the owner of the 2nd key
Vault connector
Data
quality
05/06/2014
Encryption
Decryption
Authentication
32
Informed consent
& therapeutic relationship
• content of informed consent
– for registration in the reference directory (as required by the eHealth law)
– for the electronic exchange of health data between health care providers
within the framework of patient health care, as long as the following
conditions are met:
•
•
•
•
approval by the Sectoral Committee
therapeutic relationship required
only relevant data
the patient decides, in consultation with the health care provider, which data will be
shared
• health care providers may be excluded by name
• possibility of a posteriori verification of the granted access
• consent may be revoked at any given time
05/06/2014
33
Informed consent
& therapeutic relationship
• registration of informed consent
– patient is informed about the system
– specific procedure approved by the Board of Directors and the Sectoral
Committee
– consent can be registered through eHealth consent
• either by the concerned person themselves
• or by a doctor, a pharmacist, a hospital or a health insurance fund
– https://www.ehealth.fgov.be/fr/prestataires-de-soins/services-enligne/ehealthconsent
• therapeutic relationship
– only health care providers who have a therapeutic relationship with the
patient (1) can access the information they need to perform their task (2)
• (1) proof of therapeutic relationship determines which patient the health care
provider has access to
• (2) role determines which type of data the health care provider has access to
05/06/2014
34
Health care computerization
Plan 2013-2018 / Overview
•
at the end of 2012, organization of a Round table regarding the development of
health care computerisation
•
participation of about 300 people from the sector
•
tangible, 5-year action plan for eHealth established – Roadmap
•
the action plan is based on 5 pillars:
–
–
–
–
–
•
to develop data exchange by health care providers on the basis of a joint architecture
to increase patient awareness of eHealth
to develop a reference terminology
to achieve administrative simplification and efficiency
to implement a flexible and transparent governance structure in which all competent
authorities and stakeholders are involved
this action plan constitutes a clear framework for 20 concrete and measurable
objectives for the next five years
05/06/2014
35
THANK YOU!
Questions?
[email protected]
@FrRobben
https://www.ehealth.fgov.be
http://www.ksz.fgov.be/
http://www.frankrobben.be