Difference between revisions of "Journal:Emerging and established trends to support secure health information exchange"

Full article title	Emerging and established trends to support secure health information exchange
Journal	Frontiers in Digital Health
Author(s)	Spanakis, Emmanouil G.; Sfakianakis, Stelios; Bonomi, Silvia; Ciccotelli, Claudio; Magalini, Sabina; Sakkalis, Vangelis
Author affiliation(s)	Foundation for Research and Technology, Sapienza Università di Roma, Fondazione Policlinico Universitario Agostino Gemelli
Primary contact	Email: spanakis at ics dot forth dot gr
Editors	Pattichis, Constantinos S.
Year published	2021
Volume and issue	3
Article #	636082
DOI	10.3389/fdgth.2021.636082
ISSN	2673-253X
Distribution license	Creative Commons Attribution 4.0 International
Website	https://www.frontiersin.org/articles/10.3389/fdgth.2021.636082/full
Download	https://www.frontiersin.org/articles/10.3389/fdgth.2021.636082/pdf (PDF)

Revision as of 23:37, 4 June 2021

This article should be considered a work in progress and incomplete. Consider this article incomplete until this notice is removed.

Abstract

This work aims to provide information, guidelines, established practices and standards, and an extensive evaluation on new and promising technologies for the implementation of a secure information sharing platform for health-related data. We focus strictly on the technical aspects and specifically on the sharing of health information, studying innovative techniques for secure information sharing within the healthcare domain, and we describe our solution and evaluate the use of blockchain methodologically for integrating within our implementation. To do so, we analyze health information sharing within the concept of the PANACEA project, which facilitates the design, implementation, and deployment of a relevant platform. The research presented in this paper provides evidence and argumentation toward advanced and novel implementation strategies for a state-of-the-art information sharing environment; a description of high-level requirements for the national and cross-border transfer of data between different healthcare organizations; technologies to support the secure interconnectivity and trust between information technology (IT) systems participating in a data-sharing “community”; standards, guidelines, and interoperability specifications for implementing a common understanding and integration in the sharing of clinical information; and the use of cloud computing and prospectively more advanced technologies such as blockchain. The technologies described and the possible implementation approaches are presented in the design of an innovative secure information sharing platform in the healthcare domain.

Introduction

Information technology (IT) has long been identified as a cornerstone for efficient, cost-saving, timely, and reliable healthcare delivery.^[1]^[2] The availability of healthcare information and patient records in digital form facilitates the persistence and posterity of valuable information and greatly supports the decision-making process, and even the extraction of new knowledge at both the individual and population levels. In our previous work, we have emphasized the current state of the art about cybersecurity in the healthcare domain, with emphasis on current threats and methodologies.^[3] Paraphrasing the famous words of John Donne, “no IT system is an island, entire of itself.” Today, in a highly connected world where geographic boundaries have been largely eliminated and people can freely move between cities, states, countries, or continents, the requirement for two different information management systems to exchange a person's clinical data or medical history becomes vital and persistent. Sharing health information (e.g., via health information exchange [HIE]) through electronic means greatly improves the cost, quality, and patient experience of healthcare delivery.

To better secure the IT system's potential for interconnectivity and cooperation with other systems, the use of interoperable technologies and standards is needed. Depending on the extent and scope of the envisaged shared information spaces, there may be different levels of interoperability. Figure 1 shows a proposed “maturity” model for interoperability in eHealth.^[4] The model consists of five levels that, incrementally, describe a more mature version of an interoperable infrastructure, starting from Level 1 for non-connected eHealth applications; Level 2 where a single eHealth application is directly linked to another application for simple data exchange^[5]; Level 3 for distributed systems that agree on protocols used, data formats, message exchange patterns, etc.^[6]; Level 4, where eHealth applications from different suppliers that serve a common goal are linked but the applications do not need to have common objectives^[7]; and finally, at the “universal” Level 5, where diverse eHealth applications connect to an open, interoperable infrastructure possibly spanning multiple countries.^[8]^[9]

Figure 1. A maturity model for interoperability in eHealth, adapted from Van Velsen et al. 2016^[4].

Interoperability and data sharing in the healthcare domain is additionally challenging due to the multiplicity of the stakeholders, that is, the entities that operate (or are involved in any way) in this domain and which will be affected by any “disruption” or reform of the system. Some of the most important stakeholders or actors are therefore the following:

the patients who are actually treated or, in general, are the recipients of the health services;
the medical professionals (physicians and medical personnel) to provide the medical care;
the healthcare organizations (HCOs) (healthcare providers) as represented by their board of directors, who actually administer the health delivery from a business perspective;
the insurance companies that provide health coverage plans;
the pharmaceutical companies that produce and market medications to be prescribed by physicians for the treatment of patients; and
the governments and other regulatory parties who control, coordinate, and set the rules, rights, and obligations of any involved party.

All these actors could have an influence in the design of a data sharing system and can also set important—and conflicting in some cases—requirements. For example:

Patients would like to have their medical record shared, but only after their approval and only with specific authorized personnel in specific circumstances.
An HCO can be extremely cautious about sharing the data of their patients with another organization because they are concerned by the security and availability of their systems.
Governments of E.U. member states can impose strict laws about the transfer of their citizens in cross-border healthcare treatment scenarios.
Medical professionals require fast and effortless access to a patient's medical history in emergency situations, which cannot be the case if time-consuming authorization processes are the norm.

Given these and similar requirements, and even though the objective is to design a technical solution for the sharing of clinical data, it is imperative that all these constraints and requirements are considered and addressed in a satisfying manner.

From a strictly technical point of view, the sharing platform may need to be interoperable with a large number and diverse set of IT systems, each with their own protocols, data formats, etc. Some of the most important systems that manage patient-related data, and could be used as data sources for information sharing, include electronic health records (EHRs), personal health records (PHRs), laboratory information systems (LISs), and picture archiving and communication systems (PACS). EHRs are patient-centered systems that store and manage clinical information, such as a patient's medical history, diagnoses, medications, immunization dates, allergies, radiology images, and lab and test results. They are managed by authorized personnel, usually in the context of a single HCO, although they can span beyond that. PHRs are electronic applications that are used by people managing their own health information in a private and confidential environment. They are simpler systems than EHRs, and in some cases, they can be connected (temporarily or otherwise) to more enterprise-level HCO systems (e.g., EHRs or other hospital information systems). An LIS is used inside hospitals and clinics to record, manage, and store data for clinical laboratories in a patient-centric way (e.g., sending laboratory test orders to lab instruments, tracking those orders, and then recording the results in a searchable database). And PACS are systems used in a clinical setting for the storage and convenient access to medical images from multiple modalities (source machine types). Digital Imaging and Communications in Medicine (DICOM) is the standard format and suite of protocols for the storage and transfer of images from PACS services. Of course, in a health ecosystem there may be additional systems, for example, for the management of insurance claims and for clinidal diagnoses (e.g., clinical decision support systems [CDSSs]).

In the general context, information sharing involves more than one party (healthcare providers, organizations, etc.,) that need to cooperate and agree on the way the exchange of information happens, and what the rules and policies are that govern it. Interoperability involves many different aspects, such as legislation and guidelines, contracts, and agreements between exchanging parties, governance and maintenance, shareable workflows, standardized data elements, semantic and syntactic choices, applications, technical infrastructure, and safety and privacy issues. The Refined eHealth European Interoperability Framework (EIF) is a set of recommendations that specify the standards, protocols, procedures, and policies that when deployed can improve the interoperability of eHealth applications within the E.U. and across its member states by providing specific recommendations for all these aspects.^[10] Figure 2 depicts how these aspects can be represented in interoperability “levels” that permit two different organizations to communicate.

Figure 2. Alignment of interoperability levels between two communicating organizations.

References

↑ U.S. Congress, Office of Technology Assessment (September 1995). "Bringing Health Care Online: The Role of Information Technologies" (PDF). U.S. Government Printing Office. https://ota.fas.org/reports/9507.pdf.
↑ Kolodner, R.M.; Cohn, S.P.; Freidman, C.P. (2008). "Health Information Technology: Strategic Initiatives, Real Progress". Health Affairs 27 (Supp. 1): w391–5. doi:10.1377/hlthaff.27.5.w391.
↑ Spanakis, E.G.; Bonomi, S.; Sfakianakis, S. (2020). "Cyber-attacks and threats for healthcare - A multi-layer thread analysis". Proceedings of the 42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society: 5705–08. doi:10.1109/EMBC44109.2020.9176698. PMID 33019270.
↑ ^4.0 ^4.1 Van Velsen, L.; Hermens, H.; d'Hollosy, O.-N. (2016). "A maturity model for interoperability in eHealth". Proceedings of the IEEE 18th International Conference on e-Health Networking, Applications and Services: 1–6. doi:10.1109/HealthCom.2016.7749533.
↑ Chronaki, C.E.; Chiarugi, F.; Mavrogiannaki, E. et al. (2003). "An eHealth platform for instant interaction among health professionals". Proceedings of the Computers in Cardiology 2003: 101–4. doi:10.1109/CIC.2003.1291100.
↑ Spanakis, M; Lelis, P.; Chiarugi, F. et al. (2005). "R&D Challenges in Developing an Ambient Intelligence eHealth Platform". IFMBE Proceedings 11 (1): 1727–983. http://139.91.210.27/CBML/PROCEEDINGS/2005_EMBEC/Embec%202005/Abstracts/Abstract791.html.
↑ Tsiknakis, M.; Spanakis, M. (2010). "Adoption of innovative eHealth services in prehospital emergency management: A case study". Proceedings of the 10th IEEE International Conference on Information Technology and Applications in Biomedicine: 1–5. doi:10.1109/ITAB.2010.5687752.
↑ Spanakis, E.G.; Psaraki, M.; Sakkalis, V. (2018). "Congestive Heart Failure Risk Assessment Monitoring through Internet of things and mobile Personal Health Systems". Proceedings of the 40th Annual International Conference of the IEEE Engineering in Medicine and Biology Society: 2925-28. doi:10.1109/EMBC.2018.8513024. PMID 30441013.
↑ Spanakis, M.; Sfakianakas, S.; Sakkalis, V. et al. (2019). "PharmActa: Empowering Patients to Avoid Clinical Significant Drug⁻Herb Interactions". Medicines 6 (1): 26. doi:10.3390/medicines6010026. PMC PMC6473432. PMID 30781500. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6473432.
↑ "eHealth Network: Refined eHealth European Interoperability Framework" (PDF). European Union. 23 November 2015. pp. 24. https://ec.europa.eu/health/sites/default/files/ehealth/docs/ev_20151123_co03_en.pdf.

Notes

This presentation is faithful to the original, with only a few minor changes to presentation, though grammar and word usage was substantially updated for improved readability. In some cases important information was missing from the references, and that information was added.

[CongressBringing95-1] U.S. Congress, Office of Technology Assessment (September 1995). "Bringing Health Care Online: The Role of Information Technologies" (PDF). U.S. Government Printing Office. https://ota.fas.org/reports/9507.pdf.

[KolodnerHealth08-2] Kolodner, R.M.; Cohn, S.P.; Freidman, C.P. (2008). "Health Information Technology: Strategic Initiatives, Real Progress". Health Affairs 27 (Supp. 1): w391–5. doi:10.1377/hlthaff.27.5.w391.

[SpanakisCyber20-3] Spanakis, E.G.; Bonomi, S.; Sfakianakis, S. (2020). "Cyber-attacks and threats for healthcare - A multi-layer thread analysis". Proceedings of the 42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society: 5705–08. doi:10.1109/EMBC44109.2020.9176698. PMID 33019270.

[VanVelsenAMaturity16-4] 4.0 ^4.1 Van Velsen, L.; Hermens, H.; d'Hollosy, O.-N. (2016). "A maturity model for interoperability in eHealth". Proceedings of the IEEE 18th International Conference on e-Health Networking, Applications and Services: 1–6. doi:10.1109/HealthCom.2016.7749533.

[ChronakiAneHealth03-5] Chronaki, C.E.; Chiarugi, F.; Mavrogiannaki, E. et al. (2003). "An eHealth platform for instant interaction among health professionals". Proceedings of the Computers in Cardiology 2003: 101–4. doi:10.1109/CIC.2003.1291100.

[SpanakisR.26D05-6] Spanakis, M; Lelis, P.; Chiarugi, F. et al. (2005). "R&D Challenges in Developing an Ambient Intelligence eHealth Platform". IFMBE Proceedings 11 (1): 1727–983. http://139.91.210.27/CBML/PROCEEDINGS/2005_EMBEC/Embec%202005/Abstracts/Abstract791.html.

[TsiknakisAdopt10-7] Tsiknakis, M.; Spanakis, M. (2010). "Adoption of innovative eHealth services in prehospital emergency management: A case study". Proceedings of the 10th IEEE International Conference on Information Technology and Applications in Biomedicine: 1–5. doi:10.1109/ITAB.2010.5687752.

[SpanakisCongest18-8] Spanakis, E.G.; Psaraki, M.; Sakkalis, V. (2018). "Congestive Heart Failure Risk Assessment Monitoring through Internet of things and mobile Personal Health Systems". Proceedings of the 40th Annual International Conference of the IEEE Engineering in Medicine and Biology Society: 2925-28. doi:10.1109/EMBC.2018.8513024. PMID 30441013.

[SpanakisPharm19-9] Spanakis, M.; Sfakianakas, S.; Sakkalis, V. et al. (2019). "PharmActa: Empowering Patients to Avoid Clinical Significant Drug⁻Herb Interactions". Medicines 6 (1): 26. doi:10.3390/medicines6010026. PMC PMC6473432. PMID 30781500. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6473432.

[EUeHealth15-10] "eHealth Network: Refined eHealth European Interoperability Framework" (PDF). European Union. 23 November 2015. pp. 24. https://ec.europa.eu/health/sites/default/files/ehealth/docs/ev_20151123_co03_en.pdf.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

@@ Line 45: / Line 45: @@
 |}
 |}
+Interoperability and [[data sharing]] in the healthcare domain is additionally challenging due to the multiplicity of the stakeholders, that is, the entities that operate (or are involved in any way) in this domain and which will be affected by any “disruption” or reform of the system. Some of the most important stakeholders or actors are therefore the following:
+* the patients who are actually treated or, in general, are the recipients of the health services;
+* the medical professionals (physicians and medical personnel) to provide the medical care;
+* the healthcare organizations (HCOs) (healthcare providers) as represented by their board of directors, who actually administer the health delivery from a business perspective;
+* the insurance companies that provide health coverage plans;
+* the pharmaceutical companies that produce and market medications to be prescribed by physicians for the treatment of patients; and
+* the governments and other regulatory parties who control, coordinate, and set the rules, rights, and obligations of any involved party.
+All these actors could have an influence in the design of a data sharing system and can also set important—and conflicting in some cases—requirements. For example:
+* Patients would like to have their medical record shared, but only after their approval and only with specific authorized personnel in specific circumstances.
+* An HCO can be extremely cautious about sharing the data of their patients with another organization because they are concerned by the security and availability of their systems.
+* Governments of E.U. member states can impose strict laws about the transfer of their citizens in cross-border healthcare treatment scenarios.
+* Medical professionals require fast and effortless access to a patient's medical history in emergency situations, which cannot be the case if time-consuming authorization processes are the norm.
+Given these and similar requirements, and even though the objective is to design a technical solution for the sharing of clinical data, it is imperative that all these constraints and requirements are considered and addressed in a satisfying manner.
+From a strictly technical point of view, the sharing platform may need to be interoperable with a large number and diverse set of IT systems, each with their own protocols, data formats, etc. Some of the most important systems that manage patient-related data, and could be used as data sources for information sharing, include [[electronic health record]]s (EHRs), [[personal health record]]s (PHRs), [[laboratory information system]]s (LISs), and [[picture archiving and communication system]]s (PACS). EHRs are patient-centered systems that store and manage clinical information, such as a patient's medical history, diagnoses, medications, immunization dates, allergies, radiology images, and lab and test results. They are managed by authorized personnel, usually in the context of a single HCO, although they can span beyond that. PHRs are electronic applications that are used by people managing their own health information in a private and confidential environment. They are simpler systems than EHRs, and in some cases, they can be connected (temporarily or otherwise) to more enterprise-level HCO systems (e.g., EHRs or other [[hospital information system]]s). An LIS is used inside hospitals and clinics to record, manage, and store data for [[Clinical laboratory|clinical laboratories]] in a patient-centric way (e.g., sending laboratory test orders to lab instruments, tracking those orders, and then recording the results in a searchable database). And PACS are systems used in a clinical setting for the storage and convenient access to medical images from multiple modalities (source machine types). Digital Imaging and Communications in Medicine ([[DICOM]]) is the standard format and suite of protocols for the storage and transfer of images from PACS services. Of course, in a health ecosystem there may be additional systems, for example, for the management of insurance claims and for clinidal diagnoses (e.g., [[clinical decision support system]]s [CDSSs]).
+In the general context, information sharing involves more than one party (healthcare providers, organizations, etc.,) that need to cooperate and agree on the way the exchange of information happens, and what the rules and policies are that govern it. Interoperability involves many different aspects, such as legislation and guidelines, contracts, and agreements between exchanging parties, governance and maintenance, shareable workflows, standardized data elements, semantic and syntactic choices, applications, technical infrastructure, and safety and privacy issues. The Refined eHealth European Interoperability Framework (EIF) is a set of recommendations that specify the standards, protocols, procedures, and policies that when deployed can improve the interoperability of eHealth applications within the E.U. and across its member states by providing specific recommendations for all these aspects.<ref name="EUeHealth15">{{cite web |url=https://ec.europa.eu/health/sites/default/files/ehealth/docs/ev_20151123_co03_en.pdf |format=PDF |title=eHealth Network: Refined eHealth European Interoperability Framework |publisher=European Union |pages=24 |date=23 November 2015}}</ref> Figure 2 depicts how these aspects can be represented in interoperability “levels” that permit two different organizations to communicate.
+[[File:Fig2 Spanakis FrontDigHlth2021 3.jpg|800px]]
+{{clear}}
+{|
+ | STYLE="vertical-align:top;"|
+{| border="0" cellpadding="5" cellspacing="0" width="800px"
+ |-
+  | style="background-color:white; padding-left:10px; padding-right:10px;"|<blockquote>'''Figure 2.''' Alignment of interoperability levels between two communicating organizations.</blockquote>
+ |-
+|}
+|}
 ==References==

Difference between revisions of "Journal:Emerging and established trends to support secure health information exchange"

Revision as of 23:37, 4 June 2021

Contents

Abstract

Introduction

References

Notes

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

Popular publications

Print/export