• No results found

Remote EMR Transmission through a Virtual Private Network

N/A
N/A
Protected

Academic year: 2021

Share "Remote EMR Transmission through a Virtual Private Network"

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

Remote EMR Transmission through a Virtual Private

Network

KEH-MINGLU1,*

ANDWEI-MINGCHEN1,2 1

Department of Computer Science and Information Engineering, Asia University, Taiwan 2

Department of Management Information System, Cheng Ching Hospital, Taiwan

ABSTRACT

In this information age, people can quickly go anywhere and at any time by means of rapid transit systems. Therefore, patients have more options to visit as many hospitals as they like and leave their medical records at respective hospitals. Along with the advance of information technologies, patients have higher expectations that hospitals provide a secure medical service. Integration of patient’s medical records in real time is a key to providing the continuity of care.

Patient-center based medical information provides doctors with faster and more accurate diagnosis. Therefore, establishing the same medical information system that provides distance community medical services by transmitting the electronic medical record on-line is needed to reduce the repetitive diagnosis of the patients and increase the quality of medical care.

Generally speaking, there exists two medical information system at large hospitals: hospital information systems (HIS) and picture archiving and communication systems (PACS). Since hospitals have individually developed and employed different information systems, the efforts of integration have become difficult. Therefore, Chen said that if we establish virtual private networks (VPN) based on electronic medical record (EMR) transmission mechanism, it will provide the interactive, distanced, medical information among hospitals (Chen, 2003). The advantages include having a central medical information resource management, no distance restrictions, and efficient medical care between doctors and patients. This will also provide a clear picture for diagnosis and prescription as well as reduce the repetitive waste of medical resources.

The purpose of this research is to study the structure of combining a web-based and VPN based on-line system using the example of a general hospital located in central Taiwan. The advantages of this research include enabling the medical services within the same medical information system to provide on-line medical services which can reach remote areas. Additional topics include the developing structures of medical information, network structures, system structures and process descriptions, security system modeling design and information security valuation in Taiwan.

Key words:hospital information system (HIS), picture archiving and communicating system (PACS), virtual private networks (VPN), electronic medical record (EMR), continuity of care.

1. INTRODUCTION

When it comes to e-healthcare, in brief, it means that there is nothing that a computer cannot do and this is indeed the typical description of current e-healthcare (Warren, 2005).

It is quite amazing when all the data in a hospital are compiled. They include information about the patient, reports of inspection, records of operations and being hospitalized, medical certificates, the system of purchase, stock and faculty, and so on, all of which are not systematic or organized. E-healthcare has been undergoing development for a long time by individual hospitals. However, in spite of several

* Corresponding author. E-mail: klu@asia.edu.tw

(2)

year’sdevelopment,theapplication ofsuch techniquesisstillin itsinitialstagesin many hospitals.

1.1 Promotion of e-Healthcare Based on Need

Due to patients’need and morequalified medicalpersonnel, e-healthcare has been gradually promoted. In the past, the main task of a hospital centered on cure. With medical expertise and knowing how to use proper medicine to treat the disease,adoctor’ssocialstatushas always been high. However, with the change in the social environment, the medical industry is gradually adjusting its step. After the 20th century, it aims to center on patients and to come up with slogans such as “humanized treatment,”“personalized treatment,”“nursing with smile,”and so on. The information technology in medical treatment plays one of great roles in current society.

Simultaneously, there is a trend in medical treatment, i.e., the flourishing development in self-care. In his 1982 book “Megatrends. Ten New Directions Transforming Our Lives,”John Naisbittmentions the change from depending on the help from organizations (medical institutions) to self-help (i.e., an individual is responsible for his/her health). At present, with the help of information technology, the medical institution and self-care can be combined together to make our longevity longer and the quality of life higher. In addition, the needs of both longevity and a high quality life promote e-healthcare.

1.2 Rapid Development of Medical Treatment Caused by Crises

One of the greatest disasters of humanities took place in the 14th century, when a quarter of the population of Europe died from “black death,”which was only one of several plagues that occurred at that time. This has been forgotten by people now. In the 20th century, with medical development, people have become arrogant and complacent. We did not discover something very important until the successive coming of the severe acute respiratory syndrome (SARS) and the avian flu. After experiencing these pandemics, we have realized that in addition to medicine and bio-technology in the war between humans and viruses, information technology has participated in this war. Since then, we have delved into e-healthcare. The orientation of the information center was to solve the problems of management in the hospital and to set up the clinical information system. SARS has changed this idea since the field of the hospital information system (HIS) is to go beyond the medical system in the hospital. It should center on the development of integrated medical treatment and then becomes part of the core of e-healthcare.

1.3 Discussion on the Origin of Problems

During the gradual development, there are some key factors for us to face. Based on the development of history of healthcare, a variety of information rules exist in the healthcare system in each hospital. For instance, ranging from names of medicines, processes of checks, names of operations, names of diagnoses, codes of diagnosis to real time are different in different hospitals. These differences can lead

(3)

ambiguous codes of diagnosis. Thus, we may expect our government to invite professional medical institutions to participate in the project on standardization of rules in medical systems.

Furthermore, the unification and integration of the information and formulated standard of information exchanges are keys to the construction of e-healthcare systems. Needless to say, when setting up e-healthcare, we should make use of the resources at hand as much as we can. In conclusion, we need to make a formulation and then make it standardized.

2. MOTIVATION

Digitalization directly affects how a hospital is run. For example, the development of the PACS and the digitalization of patient information has improved the accuracy of diagnosis and saved the use of medical resources and manpower. Rapid transmission due to digitalization makes possible unlimited long-distance medical treatment. The influence of digitalization on other systems has also dramatically changed the management in the hospital and the way information is delivered. These systems include those dealing with hospitalization, leaving a hospital, outpatient services, nursing, prescription, inspection, checks, administration, making policies, and electronic official documents. They make contributions to retrieving integrated data quicker and systematically and concurrently benefit medical science research and the development of teaching.

Digitalization promotes the integration of information in hospitals and in institutions that do not belong to medical organizations. For instance, with the promotion of National Health Insurance (NHI) IC cards along with referral systems, medical resources can be shared and the quality of medical care can be improved. Besides, in order to carry out the policy of classified referral and reduce medical waste, the proposed medical information aims to construct integrated medical network by means of technology to provide high quality patients services.

3. METHODOLOGY

3.1 The Structure of Proposed System of Medical Information

The main structure of the proposed system of medical information is illustrated in Figure 1 (Liu, T. K., 2003).

3.2 The Process of Medical Treatment in a Community

As indicated in Figure 2, Huang pointed out that the flowchart shows the operating procedure in healthcare in a community (Huang, 2002).

3.3 System Planning and Its Characteristics

As indicated in Figure 3, the process of the structure of a VPN can be described as follows.

(4)

(1) When going to see a doctor, a patient needs to use the hospital registeration system. In this way, we know that the patient is receiving a medical treatment and the ending of the whole process can be indicated by closing entries.

(2) The patient needs to know his/her information by means of an IC reader and the information is sent to the Internet Data Center (IDC) in the Bureau of National Health Insurance in time to ensure what medical treatment he/she has taken and his/her privilege.

(3) It enables a doctor to enter a timely report of diagnosis.

(4) It provides information about patient information, reports of diseases and inspection, and so on.

(5) Setting up a mainframe on the basis of Microsoft window 2003.

(6) Two modems.

(7) A computer for remote operation.

(8) Two card readers for National Health Insurance (NHI) IC Cards, including the security access module card (SAM Card), healthcare certification authority card (HCA Card) and NHI IC Card (Ho, 2001).

(9) A telephone cord.

(5)

Figure 2. The flowchart showing the operating procedure.

Figure 3.The structure of a VPN.

Cashier Check IC card Clinic 1 firewall IDC 7 5 6 Community Medical Team 2 3 4 HIS server 8 9

(6)

3.4 Operation of Remote Access

The main purpose for a team is to make medical services in a general system deeply rooted in the community. Through the Internet connection, the medical information can be provided and integrated to reduce the limitation on the distance between hospitals in this system.

In order to achieve this goal, first we set up a mainframe for remote access. Besides, by virtues of the connection of modems, the operating system is tested based on Microsoft window 2003. In this system, not only a remote access service but a user ID can be set up, which is also in accordance with the security features in the Layer Two Tunneling Protocol (L2TP). This can be illustrated in the immediately following figures suggested by Liu (Liu, Y. C., 2003).

Figure 4.Start setup.

We also setup theremoteaccessserverand choosethefunction “starting the remote accessserver,”asindicated in thescreen in Figure5.

After setting up the activation, the complete functions will show up, as does the L2TP. Finally the remote assess server (RAS) is activated. This is illustrated in Figure 6.

(7)

Figure 5.Choose the function.

(8)

3.5 Procedure of the Reader for NHI IC Cards

When establishing the NHI IC cards connection, we have to set up the Internet connection ports and the PIN codes. According to RFC1180, there are 65,536 TCP/IP ports available for general connection ports (Socolofsky, & Kale, 1991). Among the first 1,024 ports, we can only use some of them for specific purposes such as Port 21 for FTP use, Port 25 for SMTP e-mail use, Port 80 for HTTP use, and Port 110 for POP3 Post Office Protocol use. There are seven ports including Ports 10100, 10200, 10300, 10400, 10500, 10600, and 10700 for all National Health Insured Hospitals use only. There are two sets of PIN codes. While the HPC PIN codes are input by HNI personnel via card readers, the HCA PIN codes are input via keyboards. The length of a PIN code is six characters and limited to numbers. The procedure of the reader for NHI IC Cards is listed as follows.

(1) The reader can scan three kinds of IC cards, including SAM cards, HCA cards and NHI IC cards.

(2) When turning on the reader, the data in the SAM card located in the reader will be confirmed through the Internet connection with the mainframe of the IDC in the Bureau of National Health Insurance, and then all the ports such as Ports 10100, 10200, 10300, 10400, 10500, 10600, and 10700 will be unlocked and ready for the firewall.

(3) Reboot the Reader. Firstly assure both the NHI IC card and the HCA card is removed. Secondly restart the reader to conduct confirmation tests.

(4) Insert the HCA card. The PIN code of an HCA card can only be entered via a key board at most three times. If you enter the wrong code three or more consecutive times, the card may be locked permanently.

(5) Insert the NHI IC card. The data read by the reader and all the data required to be confirmed in the inner module in the reader cannot be shown or delivered in text. We can have the information encrypted by means of Triple DES. Furthermore, when the information is uploaded, it should be attached to a digital signature to ensure its uniqueness.

3.6 Integration of the System of Wireless Communication

The popular and common Dialer Box, which is provided by Chunghwa Telecom,isaswitchboard exclusively on aconsumer’sscreen.Itcostslessforthe consumer to use a cell phone by means of this box since the cost of a cable and the construction expenses can be saved. Thus, it can not only save lots of phone bill expenses but reduce the cost of maintenance.

3.7 Medical Information Security

The coming of the E-era, has a great influence on the structure and the system of medical treatment. That is, we need to develop a system to set up a secure environment for medical treatment on the Internet to ensure the integrity and

(9)

the quality of medical treatment and makes patient information digitalized.

The intra-network in the hospitals possesses four main systems, including general processing of affairs, the management of administration, the medical imaging equipment, and the communication system. The systems benefit one another and they need a secure network with more integrity, for instance, like the following.

(1) The security of network transmission: We may seal the transmission of

data in emails and ensure the security of data transmission. In Section 3.5, when establishing the NHI IC card connections, we discussed the PIN codes. There are two sets of PIN codes. While the HPC PIN codes are input by HNI personnel via card readers, the HCA PIN codes are input via keyboards. We suggest increasing the length of a PIN code from six to a higher limit. Also, we suggest increasing the frequency of changes of the PIN codes from once per two years to once per six months.

(2) Backups and restore: There should be backups for important network

facilities, software, data, and battery in the systems of medical treatment. Furthermore, the systems of medical treatment should be able to be restored in a short time and it would be better if there were backups for the information of medical treatment in other institutions.

(3) The ability to prevent viruses: A virus in the computer leads to a great

disruption in daily affairs in hospitals so it is important to use anti-virus protection.

(4) The examination on network security:It is necessary to use the Network

Security Scanner to scan the information system to ensure that the intra-network is working in the best state.

(5) The ability of defense:The best way to avoid the infection of viruses is to

use a strong firewall, which not only offers protection to the network but also limits the people who can log in. Thus, a firewall is quite important for the medical industry, which requires high confidentiality of stratum-based information and a center for classified patient safety. By drawing on the testing technique, we can assess the network validly and record failure in the network to ensure information security in the network.

To ensure the security of the network, we usually take strict precautions against people who are not faculty but ignore the fact that the faculty in the hospital may be the ones who destroy the security. Hence, we need to provide the faculty with a variety of courses on information security. Additionally, setting up a monitor system in the intra-network is vital. We should be able to examine all the data transmission from the subnet and analyze the data to identify the source of invasion. The monitor system can signal immediately, and give the alarm and then be disconnected. Concurrently, we should add definitions and principles to the firewall to adjust the firewall, which is able to prevent the hacker from destroying the data further.

(10)

4. CONCLUSION

The development of information processing in medical treatment cannot be compared with the developments in modern information technology. This is because medical treatment is based on extending human longevity by means of information technology.

The research aims to eliminate the distance between different districts by virtue of electronic patient information. There are three specific features proposed in this paper, including setting up the mutual trust in the hospitals in the same system, reducing the invasion and destruction on the information system, and using the same operating system.

It is suggested that the operating system in each hospital is different and the goal of development of this system is different as well. It needs some conditions to integrate the differences. That is, in addition to facilities offered by excellent manufacturers, the improvement in information techniques in the hospital also play a great role.

The investment on the information of medical treatment can be countless. Electronic patient information is the information asset of a hospital. However, there is much room for it to be improved, such as the way of data transmission, data security, how to save the data, and so on.

The improvement is made to offer timely consultation and records. The method provided in the present study can serve as a reference for other hospitals to build up a dependable network of medical treatment in a community.

REFERENCES

Chen, S. W. (2003).A Study of the Electronic Patient Record Information Sharing Effect Analysis, Unpublished master's thesis, Department of Industrial Engineering, Chung Yuan Christian University, Taiwan.

Ho, R. T. (2001). A Remote Bio-signal Monitor and Electronic Medical Record System, Department of Mechanical Engineering, Unpublished master's thesis, National Chung Cheng University, Taiwan.

Huang, H. H. (2002). Health Information Service Architecture for Inter-Hospital Information Management, Unpublished master's thesis, Department of Information Management, Chang Gung University, Taiwan.

Liu, T. K. (2003). Design and Implementation of Security Technologies for an Electronic Health Records Sharing System, Unpublished master's thesis, Department of Computer Science and Information Engineering, Tunghai University, Taiwan.

Liu, Y. C. (2003). Designing of Medical Information Exchange Platform for Referral Service, Unpublished master's thesis, Department of Information Management, Chang Gung University, Taiwan.

(11)

Socolofsky, T., & Kale, C. (1991).Request for Comment: 1180, A TCP/IP Tutorial. Spider Systems Limited, Jan. 1991, 1-28.

Warren, S., Lebak, J., Yao, J., Creekmore, J., Milenkovic A., & Jovanov, E. (2005, September). Interoperability and Security in Wireless Body Area Network Infrastructures, IEEE-EMBS 2005.The 27th Annual International Conference of the IEEE Engineering in Medicine and Biology Society, Shanghai, China, 3837-3840.

Keh-Ming Lu received his B.S. degree in control

engineering from National Chiao Tung University in 1971, an M.S. degree in electrical engineering and system science from Michigan State University, E. Lansing, Michigan in 1974, and a D.Sc. degree in system sciences and mathematics from Washington university in St. Louis, Missouri in 1977. After receiving his doctoral degree, he has worked as Senior Section Head for Singer Link Simulation Corp. and Westinghouse Electric Corp. for more than 12 years. From 1986 to 1991 he was the President of ISC Systems, Inc. He has also worked as VP of Operation, ENDIVA Software, Inc. and the Senior Program Director in Hughes Network Systems, Inc. for 11 years.

Dr. Lu joined the faculty of Asia University (AU) in Taiwan in August 2003 and has been a Professor in the Department of Computer Science and Information Engineering since then. At AU, Professor Lu has been the Head of the Department of Computer Science and Information Engineering from 2003 through 2006. Since August 2006, he has been the AU Director of Center for International Academic Exchange.

Professor Lu has received a Distinguished Teaching Award from Asia University in 2007.

Professor Lu's major research interests include wireless communication, satellite communication, tessellation, paper building blocks, project management, information copyright and security protection. So far he has published more than 40 academic papers, including 10 journal papers and 4 textbooks. Dr. Lu is a senior member of IEEE.

(12)

Wei-Ming Chen received his B.S. degree in computer science from Nan Kai Institute of Technology, Nantou, Taiwan in 1992, and an M.S. degree in computer and information science from Asia University, Wu-Feng, Taichung, Taiwan in 2006.

Mr. Chen has served at Cheng Ching Hospital in Wu-Feng, Taichung, Taiwan as a chief of Department of Management Information System since 1999. His current research interests include picture archiving and communicating techniques for Hospital Information System.

References

Related documents

Bing Crosby and David Bowie recorded the most popular version of the Little Drummer Boy as a duet with Peace on Earth, for Bing Crosby’s Television Christmas special in 1977..

Conversely, 43.7% of all respondents who misused prescription drugs met criteria for alcohol dependence, problem gambling, and (or) had used illicit drugs in the past year..

unlimited number of antigens, but there are a limited number of B cells. Antibody diversity is due to recombination events that occur during B cell maturation. Plasma cells

Hyslop and Tshering’s paper An overview of some epistemic categories in Dzongkha offers an account of selected evidential constructions in Dzongkha, a southern Tibetan variety

FDA’s commitment to meeting these new and improved review time goals will expedite the review process and help ensure patients have access to innovative medical

Next, Park Lake argues that the circuit court erred by holding that excessive water/sewer usage fees it paid from 2005-2009 were not recoverable as damages under a breach of

Begin the Submittal: When you are ready to submit a RADIUS 4.0 permit application or emission statement file and you have configured your DEP Online Workspace page

(Political liberalism differs from ‘comprehensive liberalism’ by, inter alia, being ‘freestanding’ vis-à-vis citizens’ different worldviews.) Citizens can be