• No results found

How To Create A Germanian Ehr System

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Create A Germanian Ehr System"

Copied!
30
0
0

Loading.... (view fulltext now)

Download now ( 30 Page )

Full text

(1)

Health Record Architecture(s) in Germany

Motivation and Architecture Overview

Dr. Jörg Caumanns, Fraunhofer-Institut FOKUS Berlin

(2)

Agenda

The „Philosophy“ of the German eCR+PHR paradigm

The Patient in Control: The German PHR platform
(3)

The EHR/PHR Success Story ??

Google.health -> leaving the German/European market

Microsoft HealthVault -> almost invisible in Germany

ICW LifeSensor -> suspended

CGM Life (Vita-X) -> re-launch, low market visibility

Siemens Assignio -> to be suspended?

regional EHR networks -> dependend on public funding, few in real operation

regional EHR networks -> dependend on public funding, few in real operation

NHS in England -> suspended

Dutch EHR system -> suspended

Czech EHR system -> suspended

German telematics infrastructure -> 7+ years late, reduced functionality

Many other governmental EHR/PHR activities delayed due to privacy/security issues,
(4)

The Balance is the Challenge

Privacy

Security

Usability

Flow Integration

Functionality

Value of Benefit

(5)

The „One fits All“ PHR/EHR Compromise

Physicians actively accessing patients‘ data (e.g. query-retrieve-pattern)

– Who is in control?

– Who is responsible?

Privacy enforcement by Access Control

– Patient as the „bad guy“ who

– Patient as the „bad guy“ who

imposes constraints

– Access Management vs. Usability

Static Configuration (Permissions, Identities, Roles, …)

– On-Demand Use?

(6)

Immediate access -> database Data processing -> database (OLTP) Async. Communication -> eMail Bilateral Data Exchange -> eMail

Long term storage -> archive

Data analysis -> data warehouse (OLAP) Sync. Communication -> phone, chat Multilateral Data Sharing -> FTP, etc.

Different Requirements <=> Different Solutions

Bilateral Data Exchange -> eMail Machine Processing -> XML Publishing Data -> Web Site, Wiki, …

Multilateral Data Sharing -> FTP, etc. Display to Human -> PDF

Cooperation -> Project Place etc.

Why do eHealth architects always asume that a single

health record architecture could serve all needs?

(7)

Privacy

Patient in Control

Closed User Group

Consent

Functionality

Spontanous Need

Active Treatment

Usability

Interaction

Data Integration

(8)

Privacy

Patient in Control

Closed User Group

Consent

Functionality

Spontanous Need

Active Treatment

Usability

Interaction

Data Integration

(9)

No Compromises

Personal Record acc. § 291a SGB V

– Citizen interacting with her physicians

– Citizen owns data and has full power

of control

– MoH R&D Project as incubator for a future national solution

Patient in Control

Spontanous Need Interaction

Closed User Group

Active Treatment Data Integration

Electronic Case Record (ECR/EFA)

– Members of the care team sharing data

related to a single medical case

– Patient consents to the care team

– Virtual integration of physicians‘ data within regional healthcare networks

(10)

Personal Health Record acc.

§

291a SGB V

(11)

Asynchronous Interaction Patterns

– Physician->Citizen: Could you please provide me with your medication plan?

– Citizen->Physician: Here you are.

– Citizen->Physician: Could you please provide me with last weeks lab results?

– Physician->Citizen: I’ve updated your nutrition plan. Here it is.

– Citizen->Physician: Here are last weeks blood glucose values.

Modular Patterns:

• Physican requests Data from Citizen

• Phyician provides Data to Citizen

• Citizen requests Data from Physician

• Citizen provides Data to Physician

(12)

Synchronous Interaction Patterns

– Physician->Citizen: I would like to register this new medication with your medication plan.

– Citizen->Physician: Could you

please just register this X-Ray with my PHR?

– Citizen->Physician: Yes, that test has already been done. The report is available with my PHR.

– Physician->Citizen: The test shows that you have a cat allergy. Would you like me to set up an allergy passport within your PHR?

Modular Patterns:

• Physican requests data (together with

a patient token); PHR provides data

• Physican provides data (together with

(13)

Integration Platform

Vaccination Record …

Medication Plan

Semantic Interoperability Framework Interaction

Online Database …

USB Device

Security Modules (Authorization, …)

Communication and Storage Abstraction Layer

Adapter Adapter Adapter

Interaction Patterns

(14)

Semantic Signifiers

The PHR is just a semantics-agnostic platform! Medical use cases are served by

applications (e.g. medication plan, allergy passport, patient diary, ….) which are implemented on top of this platform.

Application semantics are encapsulated as “semantic signifiers”.

– Concept map of the application

– Information models (incl. schemas and schematrons) of the application objects

– Information models (incl. schemas and schematrons) of the application objects

– Behavior wrt. create, read, update of application objects

E.g. providing a new medication plan makes this the current medication

plan. Requests are always on the current medication plan only.

Each interaction is bound to a specific semantic signifier!

Two special semantic signifiers:
(15)

Electronic Case Records (ECR) / elektronische Fallakte (EFA)

(16)

Essentials

ECR is an initiative which is driven and sponsored by German hospitals

The objective is to provide a data sharing plattform for regional care networks

– Hospitals as data providers and service providers

– Self-Organization (no central services but PKI)

– Conformant to German Privacy Regulations

– Adaptable to disease/contract-specific care scenarios

– Adaptable to disease/contract-specific care scenarios

Status

– Specifications have been published in 2008

– 10+ pilot projects in different regions

– 2 fully operational networks (Munich, Aachen)

– Product support from industry (Siemens, iSoft, ISPro, CrossCheck)

(17)

ECR Logical Model

Scenario: Someone is ill and subject to co-operative treatment

The kinds of relevant data and the scope of the treatment can be defined

purpose specific data collection

co-operating physicians and organizations need access to all data which is

relevant for the patient’s treatment

patient gives consent to this (NO fine grained permissions needed!)

An ECR medical case corresponds to a co-operative treatment

Each medical case is made up from folders and administrative cases (which are

folders, too)

An ECR administrative case corresponds to an inpatient visit that is part of the

treatment -> automated linkage of visits and ECR folders

Medical data is registered within folders

(18)

ECR as a Federated System

A u the nt Auth entis ierun g Authe ntis ieru ng e n tis ie ru n g A u to ri s ie ru n g
(19)

ECR Security Architecture (Overview)

Identity Provider ECR Admission Token Service ECR Record Registry Authenticate Users / Assign Attributes Create Admission Codes Discover Patient’s Records Enforce Access Policies ECR Document Registry ECR Access Token Service Assign Access Policies ECR Document Registry ECR Policy Token Service Obtain Access Policies Id e n ti R e ID lic y PatientID RecordID Identity Assertion Admission Assertion Access Assertion ECR Document Repository IDM Policy Assertion tit y / A ttr ib u te s Admission Lists R ec ord Id en tifier Acc ess Pol icy ID Policy Registry A c c e s s P o li

Admission Code RecordID PolicyID PolicyID Access Policy UserID Attribute

RecordID Metadata SecretHash

(20)

ECR Assertion Chaining

Identity Provider

Admission Token Service

produces produces co n su m e s su m e s identit y assertion admission assertion access assertion efe re n ce re fe re n ce patient Access Token Service

Policy Service produces produces co n s co n su m e s su m e s access assertion

policy assert ion refe

re n ce re consent w ho? w hat?

(21)

ECR Building Blocks

Hospital acting as ECR Provider

ECR Consumer

„ECR in a Box“ Deployment: Full

encapsulation of ECR Security

(22)
(23)

Create Record

Close Record

Merge Records

Split Records

Update Metadata

Align Purpose

Register Consent

Update Patient Demographics

Update Patient ID

Add Care Team Member

Remove Care Team Member

Update Care Team Member ID

Update Care Team Member Role

Register Document

Record Management: Logical Operations

Register Consent

Deprecate Consent

Register Episode/Visit

De-Register Episode

Update Episode Metadata

….

Register Document

De-Register Document

Update Document Metadata

– incl. diagnosis-specific Metadata

Dedicated service interface per management operation?

(24)

ECR R-MIM

The full ECR Information Modell can be implemented as an CDA compliant R-MIM

New ECR instances can be set up by sending a respective CDA to the ECR Box

– E.g. using a standard doctor’s letter “Dear ECR Box….”

The current status (content) of an ECR instance can be exported as a set of interlinked CDA documents

CDA documents

A ECR instance can be managed by adding/deleting/updating sections and entries

within the respective CDA document

– E.g. updating the purpose is done by updating the respective entry within the CDA’s diagnosis section

Diagnosis specific extensions can be implemented and managed by simply adding
(25)

ECR R-MIM

Header

Patient

Initiator

eCR Provider

eCR Object

Contract Docs.

Roles

Care Providers

Body

Contract Docs. Purpose HCP Visits Diagnosis

eCR-V

eCR-specific sections (optional) CAVE Docs.
(26)

ECR Visit (Folder) R-MIM

eCR-V

Header

Patient

Care Giver

eCR Object

Diagnosis

Inpatient Visit

eCR-V

Body

Admission Diagnosis Medical Documents Diagnosis eCR-specific sections (optional) Contract Docs.
(27)

Nesting of Standards

IHE PCC PHR Update

ECR R-MIM (Subset of CDA R-MIM)

P

ro

vi

d

e

r

In

te

rf

a

ce

C

D

A

P

ro

ce

sso

r

E

C

R

S

e

rvi

ce

s

OMG/HL7 RLUS

SOAP

HTTPS

(28)

Example: Registration of a Document with an ECR

<ecr:InitializeRLUSECRBoxRequest> <!-- eCR Document --> <cda:ClinicalDocument> ... </cda:ClinicalDocument> <RLUStypes:RLUSInitializeRequestSrcStruct> <RLUStypes:RLUSsemantic-signifierName> ecr-document </RLUStypes:RLUSsemantic-signifierName> <RLUStypes:SecurityContext>...</RLUStypes:SecurityContext> <RLUStypes:SecurityContext>...</RLUStypes:SecurityContext> <RLUStypes:InitializeContext> <!—visit identifier --> <cda:encompassingEncounter>

<cda:code code="INP„ codeSystem="1.2.276.0.76.3.1.81.81.5.4" /> <cda:id root="..." extension="..."/>

<cda:effectiveTime NullFlavor="UNK" /> </cda:encompassingEncounter>

</RLUStypes:InitializeContext>

(29)

ECR Box (Plug & Play Deployment)

Crosscheck Networks

Frans Halslaan nr 9

5143 GJ Waalwijk

(30)

Conclusion

EHR/PHR is just a platform

– Multiple, simple and easy-to-use platforms vs. making compromises on usability, functionality and privacy

– Access control means must be integrated with the logical architecture

The 1st challenge is on extensibility and adaptability

– Disease specific care networks, Quality management, reporting procedures, …

– Disease specific care networks, Quality management, reporting procedures, …

– Semantics-aware domain/application models as basis for access operations (e.g.

query for current medication)

– Application-specific adaptation of CRUD behavior

The 2nd challenge is on EHR/PHR administration and operation

– The deeper the EHR is integrated with hospital IT the more management

References

Download now ( PDF - 30 Page - 813.76 KB )

Related documents

Implications of Negative Network Effect in the Security Software Market

We show that a monopoly security software market has lower cover- age, higher price, and higher revenue compared to a traditional monopoly market (without the negative network

Models and Methods of Production Management

Benchmarking is not a business strategy; it is a management “tool” which improves work, being at the same time the most effective way of achieving goals – of one’s own,

41,300. Funding Broken Down over Academic Years (Aug-July): Aug 08 July 09 Aug 09 July 10 11,300 30,000

following the framework developed by the University of Nottingham. We have looked carefully at Phase 1 of JISC’s work on relationship management, and we are convinced that applied

Intelligent Knowledge Beyond Data Mining: Influences of Habitual Domains

The creation of intelligent knowledge from rough knowledge during second-order data mining is a complex process; this article focuses on the influence of

Sub: Selection for the post of CHAIRMAN, INDIAN OIL CORPORATION LIMITED(IOCL) in schedule 'A' of the CPSE

a) An applicant has to give an undertaking as a part of the application that he/she will join the post, if selected. If an applicant does not give such undertaking, the

EUROCONTROL Training 2015 EUROCONTROL

FMP REFRESHER TRAINING This provides an easy-to-access repository of available Network Operations related online web-based training packages suitable for Flow Management Position

Evaluation of Natural Language Processing Techniques for Sentiment Analysis on Tweets Bachelor Thesis von Dang, Thanh Tung October 2012

The simple classifier is an approach for 3-classes problem on the English data sets, in which the class (positive, negative, neutral) for each tweet is determined by calculating

Appendix B REFERENCES

Preliminary Problem Identification and Conceptual Alternatives Analysis Report Sutter Butte Flood Control Agency Feather River West Levee Evaluation Thermalito Afterbay