Implementation of a secure and interoperable generic e-Health infrastructure for shared electronic health records based on IHE integration profiles.

INTRODUCTION: The ubiquitous availability of medical or care data for authorized clinicians and nurses is expected to increase quality while reducing costs in the health care sector. The standardized, distributed provision of medical or care data is capable to support the vision of patient centered shared electronic health records (SEHRs). A main contribution to cross-institutional data exchange is provided by Integrating the Healthcare Enterprise (IHE). However, holistic implementations of IHE based eHealth infrastructures for SEHRs are currently rare and security and privacy regulations are not fully covered by existing IHE Integration Profiles. This work aims to point out our experiences and lessons learned from five years of development and the implementation of IHE compliant products. METHODS: Cross-Enterprise Document Sharing (XDS) describes the base components for exchanging medical or care data. A unique patient Identification is described by the Patient Identifier Cross-referencing (PIX) and the Patient Demographics Query (PDQ) Integration Profile. All interactions are logged in an "Audit Record Repository" deployed once per Affinity Domain and defined in the Audit Trail and Node Authentication (ATNA) Integration Profile. RESULTS: Based on the IHE Integration Profile XDS and other Integration Profiles high-level components for eHealth infrastructures and applications, supporting a holistic, secure concept and, based on these concepts, software products for a technical cooperative care infrastructure, has been developed. The products are practically evaluated in a project for setting up an IHE XDS Affinity Domain in the Austrian district of Tyrol and a number of lessons have been learned.

Meeting EHR security requirements: SeAAS approach.

In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

Austrian Hemophilia Registry: design, development and set of variables.

Patient registries are databases essential for identifying and tracking individuals with a particular disease and for collecting epidemiological information. The data obtained are necessary for quality control and quality assurance in treatment and for studying the impact of new developments on prevention, diagnosis and treatment. The Austrian Hemophilia Registry is a joint initiative between Austrian hemophilia treaters, represented by the Austrian Hemophilia Society's scientific advisory board, and the Austrian Hemophilia Society (OHG). The registry's main objective is to record information on patients with hemophilia, such as severity of disease, types of treatment and general health status. The registry also aims to improve the planning of supply of factor concentrates and to provide an instrument for early detection of side effects, such as an increase in inhibitor development or certain infections. The registry consists of three parts: the first contains basic information on quality control, the second contains extended data for quality control collected annually, and the third, "study part", covers scientific data and is also updated annually. For the latter, written informed consent of each patient is a prerequisite. Data are stored centrally on a server of an independent, public institution (University for Health Sciences, Medical Informatics and Technology: UMIT). The server is situated in a data-processing center with sophisticated security measures including physical control of access. Participating institutions comprise the main hemophilia care centers in Austria. Statistical analysis is carried out on anonymized data only. The project was financed by a public-private partnership with financial resources provided by the Austrian Ministry of Health (BMGFJ) and the pharmaceutical industry. The entire project, which is planned to be long term, will be monitored, evaluated and adjusted by the scientific advisory board accordingly.

IHE based interoperability - benefits and challenges.

INTRODUCTION: Optimized workflows and communication between institutions involved in a patient's treatment process can lead to improved quality and efficiency in the healthcare sector. Electronic Health Records (EHRs) provide a patient-centered access to clinical data across institutional boundaries supporting the above mentioned aspects. Interoperability is regarded as vital success factor. However a clear definition of interoperability does not exist. The aim of this work is to define and to assess interoperability criteria as required for EHRs. METHODS: The definition and assessment of interoperability criteria is supported by the analysis of existing literature and personal experience as well as by discussions with several domain experts. RESULTS: Criteria for interoperability addresses the following aspects: Interfaces, Semantics, Legal and organizational aspects and Security. The Integrating the Healthcare Enterprises initiative (IHE) profiles make a major contribution to these aspects, but they also arise new problems. Flexibility for adoption to different organizational/regional or other specific conditions is missing. Regional or national initiatives should get a possibility to realize their specific needs within the boundaries of IHE profiles. Security so far is an optional element which is one of IHE greatest omissions. An integrated security approach seems to be preferable. DISCUSSION: Irrespective of the so far practical significance of the IHE profiles it appears to be of great importance, that the profiles are constantly checked against practical experiences and are continuously adapted.

End-to-end security in telemedical networks--a practical guideline.

The interconnection of medical networks in different healthcare institutions will be constantly increasing over the next few years, which will require concepts for securing medical data during transfer, since transmitting patient related data via potentially insecure public networks is considered a violation of data privacy. The aim of our work was to develop a model-based approach towards end-to-end security which is defined as continuous security from point of origin to point of destination in a communication process. We show that end-to-end security must be seen as a holistic security concept, which comprises the following three major parts: authentication and access control, transport security, as well as system security. For integration into existing security infrastructures abuse case models were used, which extend UML use cases, by elements necessary to describe abusive interactions. Abuse case models can be constructed for each part mentioned above, allowing for potential security risks in communication from point of origin to point of destination to be identified and counteractive measures to be directly derived from the abuse case models. The model-based approach is a guideline to continuous risk assessment and improvement of end-to-end security in medical networks. Validity and relevance to practice will be systematically evaluated using close-to-reality test networks as well as in production environments.

Medical Data GRIDs as approach towards secure cross enterprise document sharing (based on IHE XDS).

Quality and efficiency of health care services is expected to be improved by the electronic processing and trans-institutional availability of medical data. A prototype architecture based on the IHE-XDS profile is currently being developed. Due to legal and organizational requirements specific adaptations to the IHE-XDS profile have been made. In this work the services of the health@net reference architecture are described in details, which have been developed with focus on compliance to both, the IHE-XDS profile and the legal situation in Austria. We expect to gain knowledge about the development of a shared electronic health record using Medical Data Grids as an Open Source reference implementation and how proprietary Hospital Information systems can be integrated in this environment.

E-health approach to link-up actors in the health care system of Austria.

"Electronic health services are important" the EU commission stated in the E-Health action plan. By these means access to health care can be improved and the quality and effect of the offered medical services can be increased. By introducing the e-card in Austria, an overall link-up of nearly all health service providers of the external sector (e.g. family doctors) was achieved. In 2005 the Austrian E-Health Initiative (EHI) of the Austrian Federal Ministry for Health and Women mapped out a strategy to organise the development of the health system towards an integrated patient-centred. Hereby the electronic health record (EHR) plays a decisive role. The aim of this study is to analyse requirements for a virtual, cross-institutional and patient-centred electronic health record from the point of view of the exemplary main actors (Doctor and Patient), to define conditions, and then to evaluate the thus derived, specific concept of implementation. Aside from the two main actors regarding medical acts, namely the institution treating a patient (e.g. doctor, paramedic or nurse) and the patient receiving treatment, a row of other actors could be identified. Group assessment techniques with representatives of these actors resulted in an overview of required functions of an EHR. As a proof-of-concept an information system architecture conformable to the IHE XDS architecture for cross enterprise document sharing is currently being constructed and evaluated in the course of a pilot-project. If the core architecture fulfils the expectations, then a further extension to other hospitals and resident doctors, and subsequently also to the other actors of the health system, is planned. Since both legal and socio-technical requirements are presently not yet entirely met, and since there are also deficits from a methodical viewpoint, a complete implementation and widespread introduction will be a long term goal.

From a paper-based transmission of discharge summaries to electronic communication in health care regions.

OBJECTIVES: In Austria, the general practitioner (GP) is the first point of contact for persons with health problems. Depending on the severity of the person's medical condition, a GP may refer her or him to a secondary care hospital consultant, who reports findings back to the GP in form of a paper-based discharge letter. Researchers report that paper-based communication of medical documents between different health care providers is insufficient in quality, error prone and too slow in many cases. Our aim was to develop and to realise a strategy for a stepwise replacement of the paper-based transmission of medical documents with a distributed, shared medical record. METHODS: In the first step of a three-steps strategy for development of a consistent, comprehensive and secure regional health care network, an electronic communication of discharge letters and diagnostic results between existing information systems of different health care providers in Tyrol, Austria, has been established: in the form of cryptographically signed S/MIME e-mail messages and, additionally, via a secure web portal system. In two further steps, an extension of the system by a bi-directional communication and by improvements of the web portal system is planned, leading to a comprehensive electronic patient record for shared care. RESULTS: After realisation of step 1, in October 2004, about 3500 electronic discharge letters were sent out from the Innsbruck University Hospital (IUH), which represents about 8% of the total number of discharge letters of the IUH. In addition, a lot of feedback was received and legal, organisational, financial and methodical difficulties were overcome. DISCUSSION: The stepwise approach to replace paper-based with electronic communication in the first step was helpful, since knowledge has been gained and cooperations were formed. For the realisation of a distributed, shared medical record (steps 2 and 3), it will not be sufficient only to replace paper-based transmission of medical documents with electronic communication technologies, but in the further steps, organisational changes will become necessary. As well, legal ambiguities must be resolved before a distributed medical record for cooperative care, used by several institutions as well as by patients, could be established.