MEDICAL AND CARE COMPUNETICS 3
Studies in Health Technology and Informatics This book series was started in 1990 to promote research conducted under the auspices of the EC programmes’ Advanced Informatics in Medicine (AIM) and Biomedical and Health Research (BHR) bioengineering branch. A driving aspect of international health informatics is that telecommunication technology, rehabilitative technology, intelligent home technology and many other components are moving together and form one integrated world of information and communication media. The complete series has been accepted in Medline. Volumes from 2005 onwards are available online. Series Editors: Dr. J.P. Christensen, Prof. G. de Moor, Prof. A. Famili, Prof. A. Hasman, Prof. L. Hunter, Dr. I. Iakovidis, Dr. Z. Kolitsi, Mr. O. Le Dour, Dr. A. Lymberis, Prof. P.F. Niederer, Prof. A. Pedotti, Prof. O. Rienhoff, Prof. F.H. Roger France, Dr. N. Rossing, Prof. N. Saranummi, Dr. E.R. Siegel, Dr. P. Wilson, Prof. E.J.S. Hovenga, Prof. M.A. Musen and Prof. J. Mantas
Volume 121 Recently published in this series Vol. 120. V. Hernández, I. Blanquer, T. Solomonides, V. Breton and Y. Legré (Eds.), Challenges and Opportunities of HealthGrids – Proceedings of Healthgrid 2006 Vol. 119. J.D. Westwood, R.S. Haluck, H.M. Hoffman, G.T. Mogel, R. Phillips, R.A. Robb and K.G. Vosburgh (Eds.), Medicine Meets Virtual Reality 14 – Accelerating Change in Healthcare: Next Medical Toolkit Vol. 118. R.G. Bushko (Ed.), Future of Intelligent and Extelligent Health Environment Vol. 117. C.D. Nugent, P.J. McCullagh, E.T. McAdams and A. Lymberis (Eds.), Personalised Health Management Systems – The Integration of Innovative Sensing, Textile, Information and Communication Technologies Vol. 116. R. Engelbrecht, A. Geissbuhler, C. Lovis and G. Mihalas (Eds.), Connecting Medical Informatics and Bio-Informatics – Proceedings of MIE2005 Vol. 115. N. Saranummi, D. Piggott, D.G. Katehakis, M. Tsiknakis and K. Bernstein (Eds.), Regional Health Economies and ICT Services Vol. 114. L. Bos, S. Laxminarayan and A. Marsh (Eds.), Medical and Care Compunetics 2 Vol. 113. J.S. Suri, C. Yuan, D.L. Wilson and S. Laxminarayan (Eds.), Plaque Imaging: Pixel to Molecular Level Vol. 112. T. Solomonides, R. McClatchey, V. Breton, Y. Legré and S. Nørager (Eds.), From Grid to Healthgrid Vol. 111. J.D. Westwood, R.S. Haluck, H.M. Hoffman, G.T. Mogel, R. Phillips, R.A. Robb and K.G. Vosburgh (Eds.), Medicine Meets Virtual Reality 13
ISSN 0926-9630
Medical and Care Compunetics 3 Edited by
Lodewijk Bos President ICMCC
Laura Roa Escuela Superior de Ingeniería, University of Seville, Spain
Kanagasingam Yogesan Centre of Excellence in e-Medicine Lions Eye Institute, Australia
Brian O’Connell Department of Computer Science, Central Connecticut State University, USA
Andy Marsh VMW Solutions, UK
and
Bernd Blobel eHealth Competence Center, University of Regensburg Medical Center, Germany
Amsterdam • Berlin • Oxford • Tokyo • Washington, DC
© 2006 The authors. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without prior written permission from the publisher. ISBN 1-58603-620-3 Library of Congress Control Number: 2006925767 Publisher IOS Press Nieuwe Hemweg 6B 1013 BG Amsterdam Netherlands fax: +31 20 687 0019 e-mail:
[email protected] Distributor in the UK and Ireland Gazelle Books Services Ltd. White Cross Mills Hightown Lancaster LA1 4XS United Kingdom fax: +44 1524 63232 e-mail:
[email protected]
Distributor in the USA and Canada IOS Press, Inc. 4502 Rachael Manor Drive Fairfax, VA 22032 USA fax: +1 703 323 3668 e-mail:
[email protected]
LEGAL NOTICE The publisher is not responsible for the use which might be made of the following information. PRINTED IN THE NETHERLANDS
v
This page intentionally left blank
vii
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Preface This book accompanies the third annual ICMCC Event. In the 12 months since our previous conference we established the goals of the ICMCC Foundation. To become the leading source for citizen/patient-related information using the latest medical and care compunetics is the first of these goals. ICMCC has been one of the first organizations recognizing the possible thread to patient safety of the information available on the internet. ICMCC also recognizes the problems of professionals to find information on the latest developments in medical and care compunetics in a structured way. These two aspects form the basis for becoming the leading Knowledge Centre on medicine and care. To realize this goal our third annual event covers aspects concerning: • • •
Information supply to patient and professional Electronic health records, its standards, its social implications New developments in medical & care compunetics.
Our third goal is to serve as the central meeting place for exchanging information on all aspects related to medical and care compunetics and for all those concerned. We are therefore pleased to be a platform once again for a number of European Commission (IST) funded projects. And we are proud to be the platform for the EFMI (European Federation for Medical Informatics) Working Groups “Electronic Health Records”, “Security, Safety and Ethics” and “Cards” and we would like to thank Dr. Bernd Blobel and Dr. Peter Pharow for their work to organise this session. On September 29, 2005 our co-founder Prof. Swamy Laxminarayan passed away. We will be forever in his debt for his believe in our organisation and goals and his relentless support. To honour the memory of one of the greatest minds in biomedicine and biotechnology of the twentieth century ICMCC will this year initiate an annual Swamy Laxminarayan lecture. On behalf of the ICMCC Foundation board we wish to thank the IFMBE and the WABT-ICET-UNESCO for accepting us as members and for their support for this conference. We are equally grateful for the endorsement by the IEEE-SSIT. Finally we would like to thank all the authors who have contributed to making the third ICMCC Event into an interesting and challenging conference. Lodewijk Bos Laura Roa Brian O’Connell Kanagasingam Yogesan Andy Marsh Bernd Blobel
viii
Board Lists Council Board Drs Lodewijk Bos, president, The Netherlands Robert von Hinke Kessler (vice-president, treasurer, secretary general), The Netherlands Denis Carroll, (vice-president), Westminster University, UK Dr Andy Marsh (vice-president), VMWSolutions, UK Prof. Brian O’Connell (vice-president), Central Connecticut State University, USA Prof. Kanagasingam Yogesan (vice-president), Centre of Excellence in e-Medicine, Australia
Organizing Committee Event chair Drs Lodewijk Bos, president of ICMCC, The Netherlands Scientific chair Prof. Laura Roa, Biomedical Engineering Program, University of Sevilla, Spain Chair Electronic health records, its standards, its social implications Prof. Brian O’Connell, Central Connecticut State University, USA Co-chair: Bryan Manning, UK Chair Developments in Medical & Care Compunetics Prof. Kanagasingam Yogesan, Director, Centre of Excellence in e-Medicine, Australia
Scientific Advisory Board Prof. Dr Emile Aarts, Philips, Technical University Eindhoven, The Netherlands Dr Hamideh Afsarmanesh, Universiteit van Amsterdam, The Netherlands Prof. Metin Akay, Dartmouth University, USA Prof. Andreas S. Anayiotos, University of Alabama at Birmingham, USA Prof. Hamid R. Arabnia, PhD, The University of Georgia, USA Dr. Rajeev Bali Coventry University, UK Drs Iddo Bante, Centre for Telematics and Information Technology (CTIT)/ Technology Circle Twente (TKT), The Netherlands PD Dr Bernd Blobel, Institute of Biometry and Medical Informatics, Universität Magdeburg, Germany Dr Charles Boucher, University Medical Center Utrecht, The Netherlands Prof. Peter Brett, Aston University, Birmingham, UK Dr Jimmy Chan Tak-shing, Alice Ho Miu Ling Nethersole Hospital, Hong Kong, China
ix
Juan Carlos Chia, Proventis, UK Dr Thierry Chaussalet, University of Westminster, London, UK Dr Malcolm Clarke, Brunel University, UK Dr Ir Adrie Dumay, TNO, The Netherlands Ad Emmen, Genias Benelux, The Netherlands Prof. Ken Foster, University of Pennsylvania, USA Dr Walter Greenleaf, Greenleaf Med. Group, USA Prof. Dr. Dr. h.c. Helmut Hutten, University of Technology Graz, Austria Bob Ireland, Kowa Research Europe, UK Prof. Robert Istepanian, Kingston University, UK Prof. Dr Chris Johnson, SCI, University of Utah, USA Prof. Ida Jovanovic, Children’s Hospital of Belgrade, Serbia and Montenegro Prof. Zoran Jovanovic, University of Belgrade, Serbia and Montenegro Donald W. Kemper, Healthwise, USA Makoto Kikuchi, National Defense Medical College, Japan Prof. Dr Luis G. Kun, National Defense University, USA Prof. Dr Michael Lightner, University of Colorado Boulder, President IEEE, USA Prof. DrSc. Ratko Magjarevic, University of Zagreb, Croatia Prof. Dr Joachim Nagel, University of Stuttgart, President IFMBE, Germany Prof. Raouf Naguib, Coventry University, UK; University of Carleton, Canada Ron Oberleitner, TalkAutism, e-MERGE Medical Marketing, USA Prof. Marimuthu Palaniswami, University of Melbourne Parkville, Australia Prof. Dr Neill Piland, Idaho State University, USA Michael L. Popovich MS SE, STC, Tucson, USA Prof. Dr Ir Hans Reiber, Leiden University Medical Center, The Netherlands Dr George Roussos, SCSIS, Univ. of London, UK Sandip K. Roy, PhD, Novartis Pharmaceuticals, USA Prof. Dr-Ing. Giorgos Sakas, Fraunhofer IGD, Germany Clyde Saldanha, JITH, UK Prof. Dr Niilo Saranummi, VTT Information Technologies, Past-President EAMBES, Finland Prof. Corey Schou, Idaho State University, USA Anna Siromoney PhD, Womens Christian College, India Prof. Dr Peter Sloot, Universiteit van Amsterdam, The Netherlands Prof. Dr Jasjit Suri, Senior Director, R & D., Fischer Imaging Corporation, Denver, USA Basel Solaiman, INSERM-ENST, France Prof. Mihai Tarata, University of Medicine and Pharmacy of Craiova, Romania Dr. Joseph Tritto, World Academy of Biomedical Technologies, UNESCO, France Prof. Dr Bertie Zwetsloot-Schonk, Leiden University Medical Center, The Netherlands
This page intentionally left blank
xi
Contents Preface Lodewijk Bos, Laura Roa, Brian O’Connell, Kanagasingam Yogesan, Andy Marsh and Bernd Blobel Board Lists PARKSERVICE: Home Support and Walking Aid for People with Parkinson’s Disease U. Delprato, R. Greenlaw and M. Cristaldi Assistive Technology – Behaviourally Assisted S. Benton and B. Manning
vii
viii
1 7
Empowering the Impaired Through the Appropriate Use of Information Technology and Internet Ishita Sanyal
15
Telemedicine Odyssey Customised Telemedicine Solution for Rural and Remote Areas in India Jagjit Singh Bhatia and Sagri Sharma
22
A Deployable Framework for Mobile Telemedicine Applications N.A. Ikhu-Omoregbe, C.K. Ayo and S.A. Ehikioya
36
Applications of ePerSpace Service Management Platform in Health Care Kambiz Madani and Mahi Lohi
42
Context-Aware Workflow Management of Mobile Health Applications Alfons Salden and Remco Poortinga
47
Health Inequalities and Emerging Themes in Compunetics M. Chris Gibbons
62
Integrated Multimedia Medical Data Agent in E-Health P. di Giacomo, Fabrizio L. Ricci and Leonardo Bocchi
70
Developing Health Surveillance Networks: An Adaptive Approach Suzanne Tamang, Danny Kopec, Tony McCofie and Karen Levy
74
Using UMLS to Map from a Library to a Clinical Classification: Improving the Functionality of a Digital Library Judas Robinson, Simon de Lusignan, Patty Kostkova and Bruce Madge
86
Methodological Issues for the Information Model of a Knowledge-Based Telehealthcare System for Nephrology (Nefrotel) Manuel Prado, Laura M. Roa and Javier Reina-Tosina
96
xii
HEARTFAID: A Knowledge Based Platform of Services for Supporting Medical-Clinical Management of Heart Failure Within Elderly Population Domenico Conforti, Domenico Costanzo, Francesco Perticone, Gianfranco Parati, Kalina Kawecka-Jaszcz, Andrew Marsh, Christos Biniaris, Manolis Stratakis, Riccardo Fontanelli, Davide Guerri, Ovidio Salvettis, Manolis Tsiknakis, Franco Chiarugi, Dragan Gamberger and Mariaconsuelo Valentini
108
The State of the Art in the Reduction of Medical Errors Danny Kopec, Suzanne Tamang, Karen Levy, Ronald Eckhardt and Gene Shagas
126
e-Care Integration: To Meet the Demographic Challenge Bryan R.M. Manning and Mary McKeon Stosuy
138
Applied Medical & Care Compunetics to Public Health Disease Surveillance and Management: Leveraging External Data Sources – A Key to Public Health Preparedness Michael L. Popovich and Todd Watkins
151
Patient Record Access – The Time Has Come Brian Fisher, Richard Fitton, Charline Poirier and David Stables
162
New Trends in the Virtualization of Hospitals – Tools for Global e-Health Georgi Graschew, Theo A. Roelofs, Stefan Rakowsky, Peter M. Schlag, Paul Heinzlreiter, Dieter Kranzlmüller and Jens Volkert
168
Monitoring the Integration of Hospital Information Systems: How It May Ensure and Improve the Quality of Data Ricardo Cruz-Correia, Pedro Vieira-Marques, Ana Ferreira, Ernesto Oliveira-Palhares, Pedro Costa and Altamiro Costa-Pereira MedIEQ – Quality Labelling of Medical Web Content Using Multilingual Information Extraction Miquel Angel Mayer, Vangelis Karkaletsis, Kostas Stamatakis, Angela Leis, Dagmar Villarroel, Christian Thomeczek, Martin Labský, Fernando López-Ostenero and Timo Honkela Improving Uptake of a Breast Screening Programme: A Knowledge Management Approach for Opportunistic Intervention Vikraman Baskaran, Rajeev K. Bali, Hisbel Arochena, Raouf N.G. Naguib, Margot Wheaton and Matthew Wallis
176
183
191
EHR Standards – A Comparative Study Bernd Blobel and Peter Pharow
198
Developing a Strategic Framework for Healthcare Standards Bryan R.M. Manning
207
Lowering the Barrier to a Decentralized NHIN Using the Open Healthcare Framework Eishay Smith and James H. Kaufman
214
xiii
Knowledge Management and Electronic Care Records: Incorporating Social, Legal and Ethical Issues James Bassinder, Rajeev K. Bali and Raouf Naguib
221
Integrated Electronic Health Records Management System P. di Giacomo, Fabrizio L. Ricci and Leonardo Bocchi
228
Standards for Medical Device Communication: X73 PoC-MDC Miguel Galarraga, Luis Serrano, Ignacio Martínez and Paula de Toledo
242
A Standard Ontology for the Semantic Integration of Components in Healthcare Organizations I. Román, L.M. Roa, G. Madinabeitia and L.J. Reina
257
A Novel Management Database in Obstetrics and Gynaecology to Introduce the Electronic Healthcare Record and Improve the Clinical Audit Process Khaled El Hayes, Conor Harrity and Tahani Abu Zeineh
266
EFMI Session SNOMED-CT: The Advanced Terminology and Coding System for eHealth Kevin Donnelly
279
EHR in the Perspective of Security, Integrity and Ethics Ragnar Nordberg
291
Personal Health – The Future Care Paradigm Thomas Norgall, Bernd Blobel and Peter Pharow
299
Formal Policies for Flexible EHR Security Bernd Blobel and Peter Pharow
307
Citizen Empowerment Using Healthcare and Welfare Cards Paul Cheshire
317
BioHealth – The Need for Security and Identity Management Standards in eHealth Claudia Hildebrand, Peter Pharow, Rolf Engelbrecht, Bernd Blobel, Mario Savastano and Asbjorn Hovsto
327
Formal Design of Electronic Public Health Records Diego M. Lopez and Bernd Blobel
337
Specific Interoperability Problems of Security Infrastructure Services Peter Pharow and Bernd Blobel
349
Sharable EHR Systems in Finland Kari Harno and Pekka Ruotsalainen
364
xiv
Invited Paper Information Therapy: The Strategic Role of Prescribed Information in Disease Self-Management Molly Mettler and Donald W. Kemper
373
Author Index
385
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
1
PARKSERVICE: Home Support and Walking Aid for People with Parkinson’s Disease U. Delpratoa,1, R. Greenlawb, M. Cristaldic a PARKAID Srl, Italy b Oxford Computer Consultants Ltd, UK c IES Srl, Via del Babuino 99, Italy
Abstract. PARKSERVICE is a telemedical application currently being validated in the EU. The objectives are to provide a combination of home clinical and social support for people with Parkinson’s disease with a revolutionary walking aid that uses “visual cues” to enable improved mobility. Early results are presented and the outlook of home telemedicine and visual cueing for people with PD is discussed. Keywords. Telemedicine, Parkinson’s disease, visual cueing
Introduction PARKSERVICE is a new telemedical application combining home-based support for people with Parkinson’s disease (PD) and a PD-specific walking aid which uses a strategy known as visual cueing. PD is estimated to affect 100-180 per 100,000 of the population (with most surveys favoring the higher estimate) and has an annual incidence of 4-20 per 100,000[1],[2]. Taking a population of approximately 450M citizens this implies 450,000-900,000 people with PD (PWP) in the EU. PD is a progressive, incurable neurological disease resulting in depletion of the neurotransmitter dopamine in the brain. Currently all therapy is symptomatic and primarily based on pharmacological enhancement of dopamine levels via the drug levadopa. The three cardinal signs of PD are bradykinesia (decrease in movement), resting tremor (shaking, usually of the extremities of the limbs) and rigidity (muscular stiffness, cramps). As the disease progresses PWP typically suffer from gait abnormalities, falling and periods of complete immobility (akinesia or “freezing”). Additionally there are complications associated with long-term use of levadopa, including daily fluctuations between “on” periods of good symptom control (normal mobility) with “off” periods of poor symptom control (poor mobility) and even dyskinetic periods of exaggerated poorly controlled mobility. Transitions between these phases are primarily 1
Corresponding Author: Uberto Delprato, ParkAid srl, Via del Babuino 99, 00131 Roma, Italy;
[email protected]
2
U. Delprato et al. / PARKSERVICE: Home Support and Walking Aid
associated with the concentration of levadopa in the blood, but can be triggered precipitately by tiredness or stress. Episodes of “freezing” can occur in either “on” or “off” phases, although on-phase freezing is rare and difficult to treat[3]. Freezing is associated with falling and heightened levels of anxiety. Falls are common in PD: two thirds of people with PD fall each year with most eventually becoming fallers [4]. It is well known that some subjects who experience freezing can suddenly and dramatically “break out” of their frozen posture in the presence of particular cues, the nature of which vary with the individual. For example, some PWP who are unable to walk normally can dance to music, walk over obstacles, stripes or up stairs or when emotionally stimulated. (PD literature includes episodes of paralyzed PWP running out of burning buildings) [5]. Enhanced mobility under these conditions is known as paradoxical kinesis. (This is described in more detail below.) Good management of PD requires clinical specialists both for accurate diagnosis and regular follow up. Periodic adjustments of drug regime are normal. Management is complicated because of the difficulty PWP experience getting to clinics, and in fluctuating PD, because the PWP may present few disabling symptoms during an appointment. Additionally there is a European shortage of neurologists [6]. PD is an expensive disease. In the UK the total annual direct cost of care including NHS (National Health Service), social services and private expenditure per patient have been estimated at ~€9,000 (£5,993, 2003) per patient per year [7]. With a total UK population of 60M this implies a total direct cost of PD in the UK of ~€1,000M (2003). The same study estimated total annual direct costs of €6,300 for patients living at home, €23,260 for patients whose time was divided between home and an institution and €29,300 for patients in full-time institutional care. Thus, every year someone with PD can stay at home, rather than take up part-time institutional care, saves (UK, 2003) €14,000/year. The relevant aspects of PD can therefore be summarized as follows: PWP suffer varying and complex symptoms associated both with the disease itself and with the long-term use of levadopa, the primary pharmacological therapy. The effects of PD are particularly profound on mobility (with associated loss of confidence and social exclusion). Some PWP display a startling recovery of mobility in the presence of “cues” such as stripes on the floor. The management of PD is complex and expensive, both in per-patient terms and in total (since PD is a widespread disease). PWP may experience difficulties finding suitable neurologists, traveling to clinics, and describing symptoms whilst there. In many ways, therefore, PWP present an excellent group for telemedicine: the disease is widespread, affects mobility, there is a shortage of neurologists and treatment is expensive. The presence of paradoxical kinesis also presents intriguing possibilities for enhancing mobility (which are described below).
1. Parkservice PARKSERVICE is an application of telemedicine targeted specifically at PWP. The service consists of three parts: PARKLINE, a TV-based communication system for the PWP at home, PARKCLINIC, a complementary system for clinicians and INDIGO, a mobility aid for PWP mediated through PARKLINE.
U. Delprato et al. / PARKSERVICE: Home Support and Walking Aid
3
Firstly, through PARKLINE, a PWP is connected through the Internet to their clinician and to other PWP. The primarily medium of interaction is exchange of offline video which can take place via broadband or dial-up connection. PWP can make short videos of themselves using a web-cam controlled by television remote control (via a multimedia PC). The objective is to provide a simple user experience with pushbutton interface. After taking a video the user can review it, reject it or distribute it to a list of other PARKSERVICE users including their own clinicians. PARKLINE also supports other ways of data exchange: particularly a symptom diary (which is useful for understanding a patient with fluctuating PD) and text messaging (which obviously requires a keyboard). Secondly, since PARKLINE requires special hardware to enable user access PARKCLINIC has been provided for secure clinical access through web browsers. With PARKCLINIC a clinician can view videos uploaded by PWP at home, send text messages to them or upload videos of their own. Thirdly, INDIGO is a new mobility aid which uses video delivered through a pair of glasses to trigger paradoxical kinesis in suitable PWP. Therefore, using PARKSERVICE a PWP at home can video their evolving symptoms of PD and their response to different drug regimes. They can experiment with visual cueing, exchanging video records with their clinicians and other PWP. For those PWP who exhibit paradoxical kinesis a secondary component of PARKSERVICE, INDIGO, can be used to enhance mobility throughout and beyond the home.
2. Telemedicine and PD As long ago as 1993 a pilot study of telemedicine for patients with Parkinson's disease demonstrated the possibility of dependable and valid remote-assessment of these patients. Patients also viewed this technology as enabling access to better health care [8]. This result was confirmed in 2002 in a study which included the adjustment of PD medication via videophone [9]. However, few research initiatives have made an impact on the market. This is unfortunate because PWP represent a particularly appropriate population for telemedicine for the following reasons: x The disease is widespread x Clinical treatment is expensive x There is a shortage of neurologists x Travel is difficult x Assessment by video has been validated x Some PWP react strongly to appropriate video stimulation (paradoxical kinesis). Therefore the opportunity exists to make a cost-effective case for telemedicine beneficial to people with PD.
4
U. Delprato et al. / PARKSERVICE: Home Support and Walking Aid
3. INDIGO and Paradoxical Kinesis An important component of PARKSERVICE is a mobility aid called INDIGO. INDIGO consists of a pair of glasses with integrated visual display and wearable electronics which feed visual cues to the wearer, triggering paradoxical kinesis in suitable PWP. Many people with PD have difficulty initiating and sustaining walking in conditions which would normally present no problems (such as an unobstructed corridor). The degree of these mobility difficulties can vary with the subject, the time of day and the stage of disease but are always accompanied by severe loss in quality of life. Typically when people with PD can only move very slowly or completely freeze (phases called “bradykinesia” and “akinesia” respectively) they feel vulnerable and isolated. Accompanying symptoms include an expressionless “masked” face, a weak voice and bent posture. Social interaction becomes extremely difficult and each year many deaths and injuries occur as people with PD attempt to move whilst in this state. Paradoxically, when visual “obstructions” are placed in their way, a small proportion of people with PD undergo a dramatic release from these symptoms and can suddenly stand up straight, speak strongly and walk normally: an effect called paradoxical kinesis. These “obstructions” can be as simple as pieces of paper set down on the floor and are usually referred to as visual “cues”. The physiological mechanisms of paradoxical kinesis are not understood and until recently there was little opportunity to analyse it or exploit it. However, technology has now evolved to the point where a user, wearing adapted glasses, can see visual cues, such as virtual “pieces of paper” wherever they looked whilst continuing to negotiate the real world, interacting normally with other people. This allows certain people with PD to walk, to talk and to socialise where before they were effectively paralysed.
Figure 1. INDIGO in use with darkened glasses.
U. Delprato et al. / PARKSERVICE: Home Support and Walking Aid
5
Visual cues do not trigger paradoxical kinesis in all PWP but the number of suitable PWP and the nature of the visual cueing that is most effective is not known. It is believed that PWP in the intermediate stages (II-IV on the Hoehn-Yahr scale of I-V) respond. In earlier work we estimated 15% of this population would benefit from visual cueing but this was not statistically significant. [10] It is therefore expected that PWP will need to experiment with different visual cueing, by downloading selections of video on to their home television. If they find they respond positively the PARKSERVICE consortium will provide an appropriately configured INDIGO. To date, the most popular choice for visual cues has been simply black and white stripes scrolling upwards. [ibid]
4. Market Validation Validation trials of PARKSERVICE will take place in summer 2006 involving several associations of PWP and clinical investigators. Additionally independent clinical trials of INDIGO will take place led by the Institute of Neurology, Lodon. The major areas of investigation are listed below: Drug management by video: the clinical assessment of PWP by video. This has been investigated before – if these results can be confirmed this would be of enormous importance to the market validation of telemedicine for PWP. Social inclusion of PWP: do PWP report a greater feeling of connectedness to their clinicians and other PWP given the ability to make and exchange messages from home, principally by video. Walking aids based on visual cueing: INDIGO, and devices using cueing, have become increasing available in the last few years. However, none has become a mature product. This may be due to a lack of clinical validation of this new device which should be addressed by clinical trials. In addition to these issues, to be addressed this summer, a market analysis has been performed. Recalling that PARKSERVICE is aimed at users who have Parkinson’s disease with targeted symptoms living at home who have or could get Internet access and taking prevalence figures of 100-200 per 100,000 of the general population, adjusting for disease stage, Internet availability, and possible co-morbid conditions such as dementia, we estimate 180,000 to 360,000 potential PARKSERVICE users in EU-25. Interestingly, 60% of the PD telemedicine market lives in UK, France, Germany and Italy. We also examined the trends in the PD market for telemedicine. The patient population will steadily grow, due to the combined effect of the growth in the general population in Europe and of the longer life expectancy of ageing people and PWP in particular, but these demographic effects will be dwarfed over the next few years by the effect of Internet penetration into European households. Considering an unchanged prevalence of PD, we estimate an increase of the population of PWP by 6,000 between 2006 and 2008.
6
U. Delprato et al. / PARKSERVICE: Home Support and Walking Aid
Acknowledgments The PARKSERVICE market validation project receives support from the European Commission’s e-Ten initiative in Information, Society and Media.
References [1]
Dodel RC, Eggert KM, Singer MS, Eichhorn TE, Pogarell O, Oertel WH. “The costs of drug treatment in Parkinson's disease”. Movement Disorders 1998, 13,249-54 [2] D Twelves et al. “Systematic review of incidence studies in Parkinson's Disease.” Movement Disorders 2003 18:19-31 [3] Kompoliti K, Goetz C, Leurgans S et al., “On freezing in Parkinson’s disease: resistance to visual cue walking devices”, Movement Disorders, Vol 15, Issue 2, pp 309-312, 1999 [4] Ashburn A, Stack E, Pickering RM, Ward CD. “A community-dwelling sample of people with Parkinson's disease: characteristics of fallers and non-fallers.” Age & Ageing 2001;30:47-52 [5] James Purdon Martin. The Basal Ganglia and Posture. J.B. Lippincott Company, 1967 [6] The WHO Atlas, 2001 [7] Findley L, Aujla M, et al. “Direct economic impact of Parkinson's disease: A research survey in the United Kingdom”. Movement Disorders18:1139-45, 2003 [8] Hubble JP, Pahwa R, Michalek DK, Thomas C, Koller WC. “Interactive video conferencing: a means of providing interim care to Parkinson's disease patients.” Mov Disord. 1993;8:380–382. [9] Wilson, P., Magee, V.L., Fincher, L., and Ward, C.J. “Videophone medication intervention for Parkinson's disease patients”, Telemedicine Journal and e-Health 10(Suppl 1): S63. [10] The Validation Report of the PARREHA project, IST-1999-12552, 2003
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
7
Assistive Technology – Behaviourally Assisted S. Benton1 and B. Manning 2 Business Psychology Centre, Department of Psychology, University of Westminster Centre for Business Information, Organisation, and Process Management, Westminster Business School, University of Westminster
Abstract. In considering the recurrent problems involved in technology led initiatives within the public sector, this paper seeks to identify change management requirements needed to help avoid these latent pitfalls in the widespread introduction of Assistive Technology. It develops a change process approach based on current clinical psychology techniques used in assessing sources and level of resistance to behavioural change and applies them to managing effective benefits realisation. Keywords. Change management, Assistive Technology, Radar plots, Behavioural Adaptation and Business Psychology
Introduction: Organisational Capacity to Create New Behaviour Sadly the ageing process tends to be accompanied by an ever widening set of ailments and impairments that, without appropriate care support, increasingly limits the quality of life and the maintenance of an independent lifestyle. Its effects are not solely confined to physical health, but extend across the spectrum of psychosocial and socioeconomic areas as well. Moreover as these multivariate problems are frequently interlinked, dealing with them individually within organisationally assigned boundaries almost guarantees poor results and wasted effort. Logically what is needed is a “joinedup” multi-disciplinary, multi-agency approach, which provides effective co-ordination support to frontline staff. The issue this raises is the cross-professional need to understand the benefits that change can bring and that will accrue not only to their patients, but also to the quality of care they deliver. The core of this lies in gaining a better understanding of the interaction and interdependencies between their separate professional processes and its impact on their roles and relationships, shown below in Figure 1.
1 2
[email protected] [email protected]
8
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
Profession A
8xL
2xK
Profession B
6xP
Profession C
3xX [a.1]
2xK
3xQ
3xX [a.2]
[a.3]
[a.4]
Interdependencies
Figure 1 Integrated Care Process Interaction
To augment this process a full deconstruction of the core roles would inform a parallel production of tactical and strategic behavioural programmes able to consolidate best practice, under changing terms, whilst stretching towards changing and new performance targets in a sustainable manner. This could be viewed in terms of an iterative examination and weighting of roles, skills and competence, the primary basis of which is a coherency of competence that connects personal and individual competence to team competence (to maximise tactical delivery) and to organisational processes and professional culture to maximise strategic competence. The Bpsy© model offers a framework for the development of behavioural change programmes based upon an integration of; personal, team and organisational competence, an outline will follow.
1. The Situation: A Challenge for Joined-up Coherency The potential complexity of a single case, even at a high level, is demonstrated in the “radar plot” shown below in Figure 1, in which each of the sixteen main “dimensions” of need is scaled outward from zero at the centre to a maximum of ten on the periphery. The results of a typical initial assessment are combined as an area plot to provide a graphic demonstration of the problem space. The risk of fragmented diagnostic and support actions is ever present given the range of information points taken to profile the medical and personal needs of this patient. This approach helps to emphasise the degree to which current levels of care and human resource are unlikely to increase in step with the predicted escalation in care need.
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
9
Figure 2 Radar Plot of Core Process Needs
This representation helps to highlight three significant problem areas that lie beyond the red level- 6 “danger” band. Whilst the overall health of the patient has not yet entered the “at risk“ zone there are concerns over the level of nutrition, which could be associated with financial problems. However mental health issues that have also contributed probably drive this to worrying levels of social disassociation and possible neglect. Besides providing a readily understandable picture of the overall situation presented it also indicates the likely inter-disciplinary, inter-agency complexities involved and the level of case co-ordination needed to improve the position. In order to achieve the coherency aimed for, a similar behavioural radar plot would be developed against which the four fundamental quadrants shown above could be mapped in terms of underlying behavioural sets. Resolving these issues in practice will hinge on appropriate knowledge of each of the relevant care pathway options, the linking interdependencies between them, and the necessary resources required to delivery quality care. However up to now little or no progress has been made towards achieving this necessary degree of integration. The most likely catalyst to set this underway is the rising spectre of a massive surge in the number of over 65s that is set to double to around 40% of the population of many nations over the next few decades. This is set to be compounded by substantial reductions in the number of available carers as the effects of the lowering in national birthrates begin to hit home.
10
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
Figure 3 Implications of Change
2. Change: Coherence between Technology and Behaviour The immediate effect of a diminishing pool of care professionals on service delivery is bound to focus on finding ways of “working smarter” to meet increasing demand whilst maintaining quality of care. This will inevitable involve seeking ways to optimise multi-disciplinary, multi-agency working through radical process improvement, re-design, and resource substitution. Essentially, within the capacity for integration will be the need for role clarity assigned within each of these processes and the re design of skill and behavioural competence to promote integrated use of existing and evolving technology and existing and evolving competence. In this instance competence is taken to represent those work specific skills necessary to the effective delivery of work targets. This will necessarily require re modeling of organizational practices, professional skill sets and resource planning. Under such conditions new technology may serve to amplify personal and professional disabling behaviour as the adaptation to changing work roles and processes re shape organizational performance and deliverables’ criteria (Bridges, 2003). An illustration of the response to such demands is shown in the s plot in Figure 4. This illustrates the nature of behavioural adjustment to change (in the strictest terms it shows the recovery to loss, (Kubler-Ross, 1991)) in this instance we are concerned to effect organisational change, but all change is personal. The original coping stage, shown on the peak of the right hand quadrant, would represent the current situation, the existing relationship with technology, skill sets and strategic objectives. The opposite peak is the perceived new opportunity for a change in strategic objective and direction as identified by the organisational executive. One observation is that the line of sight is significantly different to those whose responsibilities and roles require the adjustment to change objectives via a purchase on the behavioural here and now. The curve illustrates the disablers associated with personal and organisational change. The lower
11
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
left quadrant highlights some of the behavioural resistance accompanying this change and the lower right quadrant highlights facilitative behaviours, to be acquired.
ce iden Conf Self steem ness ctive E Self ived Effe e Perc Coping
Change: The Transition Curve
Shock Current State
Disruption of thinking, feeling
Future State
Commitment
and behaving!
Denial
Acceptance
Frustration & Confusion
Open
Coping
Hidden
New Ways of Working
Re
Anger & Anxiety
an st si
Testing Adapting, Exploring New Ideas
ce
Resistance Bargaining
& bo Sa
Low
g ta e
Future
Past
OVER TIME Adapted from Gary Austin, circleindigo (2004)
Figure 4 The Transitional Curve: Pathway to Behavioural Adaptation
The relationship between the personal and organisational disablers will be written in the assumptions and expectations embedded within the personal and interpersonal culture, described by Hofstede (1997) as the ‘behavioural software’, that either enhances or reduces individuals’; teams and organizations’ capacity to adapt and utilize new technology and work practices. Frequently, the schism between these two elements is exacerbated by technological change. The future state may show up clearly on the executive radar screen, as opportunities that cannot be missed, however unless the technological and behavioural change programmes are fully integrated and capable of mutual re design the time spent on the downwards slope in Figure 4 will lead to convoluted patterns of denial and resistance with commensurate waste of time and temporary (probably short term funded) resourcing.
3. Sustainability: The Need for Assistive Behaviour In order to achieve a change in behaviour rather than a shift reaction to changing procedural and technological imperatives (which invariably fail to meet new criteria over time) behavioural change programmes should aim to maximize the coherence
12
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
between each level of skill set required, in a manner that weights the programmes capacity to increase the overall capacity to minimize the impact of behavioural disablers. An example of one such programme (the Bpsy© model) is illustrated below, in Figure 5.
Business Psychology Perception & Personal Reality
Team ship
Conflict Resolution
Decision Making
• Behavioural preferences
• Personal behavioural preferences
• Synergistic integration of Types
Competence
• Resolution of differences
• Synergy • Utilisation of different views
• Resolution of differences • Utilisation of different views • Recognition of different skills and behaviours
Behavioural Change Bpsy ©
(Benton, 2001)
Figure 5 Business Psychology Model for Coherent Behavioural Change
4. Business Psychology Model The model asserts that culture and behavioural change programmes need to bolster existing levels of high quality communication between all levels of the organization. The start point to this process is the personal skills and experience profile of the individual. A series of core skills are acquired through the programme, each of which is directed to reduce the impact of known personal and interpersonal change disablers (e.g. the down slope in Figure 4) in the core areas of competence shown above in the five bubbles. Acquisition of one set actively enhances acquisition of the next, laying the foundation for integration and coherence (Benton, 2005). The model applies at the intra individual, inter individual, intra- team, inter-team and organizational levels, each element playing a part in supporting competence at all levels of an organization’s response to behavioural points of resistance (e.g. support the move up the right hand quadrant’s slope). The opportunity to radically re design the delivery of health care protocols will grow under the pressure of immense social and technological drivers, the trajectories of which are already underway. Whilst such a major change can only succeed with the full support and engagement of all the care professions involved, it will also need to substantially refine and redefine its working structures and the roles within them. However it is unlikely
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
13
that this alone will resolve the potentially severe imbalances between demand and reduced levels of available skilled human resources. Any other major reduction in workload input per case is most likely be derived from the use of Assistive Technology, used wherever possible and ethically appropriate to enable further optimization of the care processes by resource substitution. Until now Assistive Technology has rather remained shunted into the quiet corner reserved for the disabled and the elderly impaired which has generally been kept well away from the mainline of health service provision. Its has steadily evolved from the provision of basic stand-alone physical Aids and home Adaptations to cope with living with impairments, to increasingly sophisticated applications of computing, control and communication systems to radically enhance opportunities for independent living. Over the last decade a considerable body of knowledge and expertise has been built up in this arena particularly with considerable EC support through their COST 219 programme. This has led directly to the development of “Smart Homes” and “Smart Community Care concepts that have proven extremely successful in Finland and the Benelux countries, where fairly substantial urban settings have been established. The ever increasing sophistication and complexity of the resulting systems integration is leading into the arena of pervasive or ubiquitous computing where sensors/devices are embedded, sometimes literally within the “woodwork” of the wider environment. As such they meld into their surroundings collecting data without the user's active intervention, either as part of a fully or partially autonomous local control loop, or as input to a remote Care Watch facility As yet the next step to extend the Care Watch approach to a pro-active MultiAgency, Multi-Disciplinary Care Service Co-ordination Service remains to be taken as part of an overall Assistive Technology capability to serve the needs of hard-pressed care professionals and those who depend on them.
Figure 6 Visualising Progress in the Behavioural Change Process
14
S. Benton and B. Manning / Assistive Technology – Behaviourally Assisted
Whilst this is essentially a proven technology, its further development to integrate elements of e-government and e-health into a single support service has a number of legal and political hurdles to overcome. In many ways this partly explains why so far It has been predominately driven from a ‘technology-push’ perspective for sale to patients, particularly as this technology is not seen by most authorities as part a Health Service’s role to use or provide. Probably the biggest stumbling blocks are the issues of privacy linked with that of data protection, which have been allowed to overshadow the whole process. The odd thing is that this is being used to prevent delivery of necessary care in the name of the patient! This is even more surreal, when the answer already exists in medical care, which cannot proceed without a waiver in terms of the Consent Form. This grants rights of physical intervention for specific clinically beneficial purposes, similar rights for controlled intervention of privacy for the same ends are a potential solution.
5. Conclusion The drivers for successful change invariably come down to recognizing and wanting to obtain desirable benefits. These almost inevitably start at the personal level, rising through professional performance in teams upwards to the higher organizational levels. The aim is to harness this motivation to gain commitment to accept and use Assistive Technology not only to respond to increasing demand pressures but also to adopt and use the technology innovatively to re-mould the way care is delivered in future. To avoid costly and technologically top-heavy development programmes stalling, due to a mismatch between behavioural target profiles and performance target outcomes, behavioural counter measures could be developed. These measures would be designed to address the down slope issues outlined above (Figure 4) and the need for building a behavioural capacity that countered the down slope ingredients. Moreover, the capacity could be shaped to accommodate key technological drivers as they impact professional roles, skill sets and performance indicators. Assistive technologies can enhance the quality and efficiency of care if they are embedded within a sustainable culture of change. To achieve sustainability, coherence between personal and organizational competences (a competence is a strategic aim presenting as a tactical behaviour) is required; in short the organization will need assistive behaviour technology.
References [1] [2] [3] [4] [5]
Benton, S. (2005) ‘Every Individual is an Exception to the Rule’. The Association of Project Management Year Book. Bridges.W. (2003) Managing Transitions: Making the Most of Change. Hofstede, G. (1997) Culture and Organisations: Software of the Mind McGraw-Hill. Kubler-Ross.E. (1993) On Death and Dying. Simon & Schuster. Manning. B (1997) Coordinating Care Provision: Toward Sharing Case-Critical Information New Technology in Human Services 13(1&2), (1999).
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
15
Empowering the impaired through the appropriate use of Information Technology and Internet Ishita Sanyal1 Founder Secretary, Turning Point, a rehabilitation center Director Disha, a child guidance center Member of WFSAD (World Fellowship for Schizophrenia and allied disorder) Indian Representative of ISPS (The International Society for Psychological Treatment of Schizophrenias and other Psychoses) Director of NAMI, India, Eastern Region
Abstract Developments in the fields of science and technology have revolutionized Human Life at material level. But in actuality, this progress is only superficial: underneath modern men and women are living in conditions of great mental and emotional stress, even in developed and affluent countries. People from all over the world irrespective of culture and economic background suffer from mental illness and though a number of researches are carried out worldwide but till date it has not been possible to resolve the problem. In today’s world stress is increasing everyday. The individualistic approach towards life; the neonatal family system has increased the burden even further. Without adequate support system of friends and relatives – people are falling prey to mental illness. The insecurities, the inferiority feelings of these persons lead to disruption of communication between the sufferer and the family members and friends. The sufferers prefer to confine themselves within the four walls of their home and remain withdrawn from the whole world. They prefer to stay in touch with their world of fantasy – far away from the world of reality. Disability caused by some of the mental illnesses often remains invisible to the society leading to lack of support system and facilities for them. These unfortunate disabled persons not only need medication and counseling but a thorough rehabilitation programme to bring them back to the main stream of life. The task being not an easy one. According to the research works these persons need some work and income to improve their quality of life. In this scenario where society is adverse towards them, where stigma towards mental illness prevails; where help from friends and community is not available- training them in computer and forming groups through computer was thought to be an ideal option for the solution- a solution to the problems of modern life through modern technology. x It was seen that this insecure disabled persons feel free to experiment with machine more easily than with society and people. x Computer provides them the needed education and information needed for their further developments.
1
Presenters mailing Address-27 Jadavpur East Road, Kolkata-700032, West Bengal, India, Phone Number9830069106/2407 1710, E Mail
[email protected]
16
I. Sanyal / Empowering the Impaired x
Computers provide them facilities to interact with others and form self-help groups. x Computers also enabled them to earn their livelihood. Thus this modern gadget, which is sometimes believed to make a man loner, has been actually acting as the bridge between the persons suffering from mental illness to the society in general. The disabled person also gains confidence and courage as they gain control over the machine. Gaining control over the machine helps them to gain control over their life. The product of Science and technology has been seen to revolutionized Human Life not only in material level but also on personal level- helping the disabled to gain control over their lives.
Introduction The most neglected invisible problem of the society in a developing country like India is the burden of mental problem, its effects and its outcome in the coming years. The World Health Organisation has warned that many countries will be unable to cope with a predicted boom in Mental Illness over the next decade. According to Dr. Gro Brundtland, the head of WHO, “If we don’t deal with Mental Illness, there is a burden not only on Mentally Ill, on their families, their communities, there is an economic burden if we don’t take care of people who need our care and treatment.” In India over 125 million people suffer from Mental Illness. But even then the government had no other option but to allocate funds on physical illness or disabilities like cancer, AIDS or any other problem than on Mental Illness. Lack of economic resources along with lack of professionals in the field has made the scenario even bleaker and worse. In a developing country like India the best possible option is empowering the impaired through right information (psycho education) and formation of self-help groups to meet the current need. Nearly 125 million people in India are in need of mental health services. There are at present 3-4 million patients suffering from Schizophrenia in India. To this are added about 30,000 new cases every year. There are only about 25,000 psychiatric beds and about 3,500 qualified psychiatrists in the country. Some experts have calculated that mental health problems contribute to an even greater reduction in the quality of life in India than tuberculosis or cancer. This is a leading area of the health and disability worldwide while one in four people are affected by mental or neurological disorders at some point of time in their life. In India with limited financial resources, the Government pays more attention to physical problems related to personal health issues. Government and other well-known organisations are more focused on keeping funds for physical disability, cancer, AIDS or any other physiological ailments or problems. The mental problem is an invisible problem and so people cannot feel it or visualize the impact of the problem. Neither can they understand the impact it can create on the individual who is affected and his family members. The society is apprehending them as a burden and not putting efforts to utilize their potentialities or putting adequate efforts to change them again in to a productive member of the society.
I. Sanyal / Empowering the Impaired
17
The problem with illness like Schizophrenia is even more. They remain as burden to the society. They live their whole lives within the four walls of their dark room, remain secluded and accept a sedentary lifestyle where they spend the day and night without doing any effective work. They live their life on the mercy of other family members. It is really difficult for the family members too, to make arrangement for a non-productive family member’s food, clothing, shelter and ever increasing cost of pharmaco-therapy. So these unfortunate victims are sent to homes or government hospitals, which are even worse than jails. No one thinks about their Human rights, their feelings, and their emotions –although their whole problem centers on feelings and emotions. They too start believing that they are not members of this world anymore – they are here by mistake or by chance not by choice. Some of them prefer to commit suicide – some dare not as they are too weak physically and mentally to take a bold step like that. For improvement of the QOL of these persons rehabilitation centers are needed to provide them vocational trainings; to make them capable to start earning, to bring back motivation, to remove their apathy and lack of drive. It is seen that in urban population the most important need for a person suffering from mental illness like schizophrenia is work and economic independence. So a vocational training that will make them productive, a method to reach out more people within limited resources is needed.
1. Challenges One of the biggest stumbling blocks to provide adequate services for the patients is the stigma against schizophrenia. Among the general public, there continues to be an attitude of fear, disgust and a desire to avoid patient suffering from the disease. Even persons from medical profession continue to have the prejudices and think it to be a ‘hopeless incurable medical disease’. In case of other disabilities-they can be perceived by the people and thus receives adequate empathy – but people generally cannot recognize the problems and challenges of persons with mental illness and so their problems remain unnoticed. Facilities, grants from government are also limited due to the same reason. In this background proper utilization of computers as an aid to awareness and psycho education; as a medium to earn money; as a process to communicate with others and form Self Help group is needed. With this framework in mind Computer training was started 8 years back for the controlled group.
2. Aims and Objectives x x x
Reducing the burden of illness by making the sufferers and their family members aware of the problem. Delivering appropriate psycho education for both the groups and learning coping and crisis management strategies. Filling the gap that exists between the intensity and magnitude of the problem and the expertise available.
18
I. Sanyal / Empowering the Impaired
x x x x x x
Reducing the stigma. Affordable treatment opportunities. Low cost centers. Social rehabilitation. Vocational training. Group therapy.
Methodology A control group of 85 persons were given training in computer, made them aware of the problem through psycho education through information from various reliable data sources and Internet. A group of people received only medicine without any scope of (psycho education) getting information, awareness and rehabilitation.
3. Observations in controlled group Awareness – Lack of awareness of the family members and the person concerned often increases the problem. Family members and the person concerned without adequate knowledge used to believe that “once an illness is always an illness” and “there is no way out”. A feeling of hopelessness and helplessness was prevalent amongst the family members. This is used to increase their stress and anxieties, which in turn used to increase their Expressed Emotions (EE). As generally the family members in India are supportive – gaining adequate knowledge and information about the illness through specific reliable websites in Internet instills a ray of hope in them. This also reduces the level of anxiety and stress. This helps them to provide adequate support and motivation to the affected members. Moreover, the information about other families throughout India helped to form selfhelp groups where they feel free to discuss about the problem without shame and discomfort. Effect on the sufferer – the sufferer too developed new hopes; regain the courage to fight back. The stories of recoveries from all over the world give them the needed inspiration and on hand example which often psychiatrist and psychologists fail to provide. Awareness along with vocational trainings and rehabilitation helps them to gain back needed confidence and start their life anew.
4. The effect of psycho-education Psycho-education is very important for both the family and the person concerned to get a true understanding of the problem, learning coping strategies, crisis management, handling delusions and hallucinations. India is a vast country and due to lack of adequate funds it is often nearly impossible to carry on psycho-education program to the magnitude that is needed for the mass. Computer and information through different web pages often provide the adequate solution to the problem. People started to learn together, take print outs and get the knowledge required to cope with the situation. Out of 85 controlled group members
I. Sanyal / Empowering the Impaired
19
80 families along with sufferers depend on the information that they receive through Internets and gain confidence and realistic hopes for future.
5. Filling the gap Compared to the magnitude of problem in India the number of professionals available is limited. To fill in the gap, none other than the computer proves to be an effective solution. Through Internet the advice of psychiatrist and psychologist can be taken. Though till now we have not been able to have web-camera but we have been able to keep a link between the controlled group and some renowned psychiatrist and International groups and take their needed help and advice. Reducing the stigma – ‘Person suffering from mental illness are either dangerous or do not possess the intelligence and rationality to talk to them”- is the idea of general public. They want to segregate them, reject them, and remove them from their so-called ‘normal society’. Through Information technology the gap can be reduced. The communities where awareness programmes are made have started to accept them more freely now. Affordable treatment opportunities – For running a rehabilitation center for persons suffering from schizophrenia empathetic people from the community are given appropriate trainings through computers Online psychiatrist and psychologist offering services reduces the cost of treatment sharply. Social rehabilitation – This is the most important need for the people suffering from the disorder. Whenever, any human being suffers from any disease or crisis it’s human to want the support, the comfort of family members, friends and community. This culture still now prevails in India – though there is a breakdown of extended family, due to the impact of Western influence on the Indian society – but till now there is a huge difference between the lifestyle of Indians and that of the western world. Till now people care for their family members; parents support their children till their death and siblings take care have there affected family member. Till now the Rehabilitation centers run by the self-support groups of India are more effective than those run by professionals. In this background where the bondage of love and understanding is important, social rehabilitation of the sufferers is important. Due to stigma, due to hopelessness, due to fear of rejection – the sufferers often try to avoid interacting with the society. This creates a barrier. Computer often acts as an effective tool to remove this barrier. A person feels free and safe to experiment with computer. It creates a criticism free atmosphere where they are learning to control a machine. These persons used to think that that they have lost control of their life and so dare not to control others. Controlling a machine helps them to regain their self-confidence. Computer being a modern gadget they feel proud to learn it. They get the pleasure and confidence that they too can learn something new, something valuable in life. Interaction with other sufferers though Internet gives them a chance to interact with others without being afraid of developing a negative self-image. Being overly sensitive, these persons are often afraid to meet anyone. They often fear that they may create a
20
I. Sanyal / Empowering the Impaired
negative image in the eyes of others. They often want to hide their face or entity in the fear of creating negative image, which is very painful to them. Computer helps them to interact, communicate themselves freely keeping them in disguise. Once they gain back the lost confidence, they feel free to communicate directly with the society. This helps them in social rehabilitation process. Effects of vocational training – Work therapy works wonders in case of people with schizophrenia especially if they earn through it. The economic freedom adds value to their life and the QOL increases. Once they gain back confidence- these persons act as a resource person in vocational training program. After their recovery, they too act as a teacher and give trainings to other victims of mental illness and help in the process of rehabilitation. Group therapy – Group therapy always promotes the feeling ‘that my problem is not unique one’ and that “I too can recover like others”. Information of recovery from sufferers throughout the world – often acts as group therapy session where they can chat and discuss their difficulties and search for a probable solution.
6. Few Facts The world scene of schizophrenia and other mental illness. The two international multi-centric studies organized by the World Health Organisation (W.H.O) namely the international pilot study of schizophrenia (IPSS) initiated in 1965 and determinants of outcome of severe mental disorder (DOSMED) initiated in 1977 have fairly well established that schizophrenia occurs in all parts of the world, both in the developing and industrialized countries [1]. It has also been seen that the prognosis of the disease is better in developing countries [2] like India [3]. Different explanations were given out of which tolerance of odd behaviours by families; support from the joint families and community play a major role. Researchers think that maybe the social support along with lack of awareness and medical model, which tends to prove it as a hopeless disease, is actually the cause for good prognosis. Even then the difficulty in India lies in lack of professionals compared to the magnitude of the problem, lack of funds needed for rehabilitation centers.
7. Conclusion Machines like computers along with necessary information through IT can work wonders in case of disability arising from dreaded disorders like schizophrenia. It has been found through three years of study that computer have a very important role in the life of person with mental illness. Empowering these impaired through the latest gadget often proved to be economically viable project to solve the problem. Disability arising out of mental illness can be handled effectively through computer and Internet.
I. Sanyal / Empowering the Impaired
21
It has been seen that this modern gadget, which is sometimes believed to make a man loner, has been actually acting as the bridge between the persons suffering from mental illness to the society in general. The disabled person also gains confidence and courage as they gain control over the machine. Gaining control over the machine helps them to gain control over their life. The product of Science and technology has been seen to revolutionized Human Life not only in material level but also on personal level- helping the disabled to gain control over their lives. Empowering the impaired through computer and IT has proved to be a needed solution to the most dreaded problem of modern world – disability arising out of mental illness.
References [1] [2] [3]
WHO 1979, Sartorius et al 1986 Jeblensky et al 1992 WHO, 1979, Jeblensky et al 1992 World Mental Health: Problems and priorities in low income countries by Desjarlais, R,Eisenberg, L,Good, 1995 Other used references: American Psychiatric Association (1994) Diagnostic and statistical Manual of Mental Disorders The great universe of Kate: Stress and change and mental disorder in an Indian village by Carstairs , GM and Kapur Social Stress and mental health- A social Psychiatric field study of Calcutta by A. Chakraborty Family Psychoeducation, social skills training and maintenance chemotherapy in the after care treatment of SchizophreniaII. Archieves of general Psychiatry by Hogarty, Ge, Anderson, CM Reiss Final report of the longitudinal study of functional psychosis in an urban community, ICMR, New Delhi by Indian Council of medical research Mental health care in rural India : A study of existing patterns and their implications for future policy by Kapur,RI Incidence of Schizophrenia in an urban community by Rajkumar,S,Padmavati,R, TharaPioneers of Indian Psychiatry by Wig NN The lone rider by Dr. N.C. Surya
22
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Telemedicine Odyssey Customised Telemedicine Solution for Rural and Remote Areas in India Mr. Jagjit Singh BHATIAa, Ms. Sagri SHARMAb Director, Center for Development of Advanced Computing (A Scientific Society under Ministry of Communications & Information Technology Govt. of India) A-34, Industrial Area, Phase VIII, Mohali, Punjab – 160071 Phone: +91-172-2237052-57 Fax: +91-172-2237050/51 Email:
[email protected] Website: http://www.cedtimohali.org b Project Associate, Center for Development of Advanced Computing (A Scientific Society under Ministry of Communications & Information Technology Govt. of India) A-34, Industrial Area, Phase VIII, Mohali, Punjab – 160071 Phone: +91-172-2237052-57 Fax: +91-172-2237050/51 Email:
[email protected] Website: http://www.cedtimohali.org a
Abstract. There is a significant potential for delivering medical services in rural areas of India using Telemedicine methods. However, there is a continuous emphasis on patient privacy, which is usually not a concern in traditional consultation. We at Centre for Development of Advance Computing, Mohali Punjab have developed a customized Telemedicine solution, which overcomes the barrier – technological as well as professional, legal and financial – to Telemedicine. We implement Telemedicine in rural areas as 70% of total population in India is living in villages. We have, as a pilot project, established Telemedicine Technology at six major locations in India. These locations were subsequently connected to nearby districts and primary health centres to make a Telemedicine hub. Currently, our major project is to deploy Telemedicine sites at various locations in the hilly and remote state of Himachal Pradesh. During these developments, we have faced unavoidable hurdles and tried to overcome them with team effort, perseverance and never give up attitude. This paper will shed light on our journey from scratch to what we have achieved till date. Keywords. India, telemedicine, telemedicine implementation, integrated telemedicine application, DICOM, teleradiology, Telepathology, Telecardiology
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
23
1. Introduction Successful telemedicine programs do not happen by fortuity. They are product of watchful planning, levelheaded management, dedicated health care professionals and supporting staff, and a commitment to appropriate funding support capital purchases and on-going operations. There is a need of multiple technologies that blend together to form a seamless system. This challenge can only be achieved by formulation a comprehensive plan that covers the implementation and operation details [2]. Rapid growth of telemedicine in India is because of many reasons. The country is geographically huge with villages located in remote rural areas. The medical facilities are very few to serve the large population that resides in villages. 75% of main healthcare centres in India are located in urban areas, which serve 30% of the population. So, only 25% of health care facilities hosts for 70% of Indians [1]. Interestingly Telemedicine in India is flourished and getting stronger by engineers and technologists and not by physicians. We, at Centre for Development of Advance Computing, have developed a state of the art telemedicine application package that is an outcome of a rigorous team effort and perseverance. We have established telemedicine sites at various locations in India. Our first endeavor was establishing telemedicine sites at All India Institute of Medical Sciences New Delhi, Post Graduate Institute of Medical Education and Research Chandigarh, Post Graduate Institute Lucknow. We expanded it in the second phase to connect three more medical colleges namely, Indira Gandhi Medical College Shimla [4], Medical College Rohtak and Medical College Cuttack. Our second effort was establishing telemedicine sites at different locations in the state of Himachal Pradesh, which is a remote and hilly state of India [5]. 90% people are rural and most of them are tribal people. Medical facilities there are scarce and so establishing telemedicine site in this area is a challenge for our team as well as for the administration of Himachal Pradesh. In this paper, we endeavor to present the various phases of development and the barriers we faced while establishing telemedicine sites at various locations in the state of Himachal Pradesh. 2. Program Objectives A pilot project on ‘Development of Telemedicine Technology and its Implementation’ was approved for implementation by Department of Information Technology, Ministry of Communications and Information Technology [6], Govt. of India and it has been implemented over the ‘Telemedicine Network’ connecting PGIMER Chandigarh, SGPGI Lucknow and AIIMS New Delhi on ISDN lines. The following objectives were kept in mind while developing this pilot project: • •
To establish a telecommunication technology network which can provide a comprehensive range of high-quality health services to rural and remote areas in India. To run and implement successfully the Telemedicine Technology over the Telemedicine Network connecting the three locations at PGI Chandigarh, AIIMS New Delhi, SGPGI Lucknow.
24
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
• • •
To train the Doctors and patients to use the Telemedicine Technologies effectively and optimally with a view to develop their faith and confidence in these technologies. To purchase cost effective hardware needed for transmitting data and images of adequate diagnostic quality. To purchase cost effective hardware needed for transmitting data and images of adequate diagnostic quality.
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
25
Network Diagram National Telemedicine Project
Telemedicine demonstration system. The telemedicine equipment leased for the project included a PC-based computer workstation with required software, an interactive videoconferencing system with multiple cameras, compatible medical peripheral devices (such as an PC based ECG machine, Telepathology Microscope, medical film scanner, electronic stethoscope and a micro camera), and telecommunications equipment. The various systems were linked via a telecommunications network (as shown in the figure above).
3. Objective of the Project The aim of the project is to develop and implement the customized Telemedicine Application for the rural and remote areas of Himachal Pradesh. The application will enable the provision of specialized medical care, services and treatment to the patients in the far flung, remote and inaccessible areas from the specialty hospitals where it is not possible for them to reach there in time.
26
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
The objectives of the project will be as follows: •
• • • • • •
To develop a customized Telemedicine Applications in the rural and remote areas of Himachal Pradesh for providing the specialized medical care and support to the patients at their convenience and at an affordable cost. This will involve connecting the community health centers / primary health centers and block level/district level hospitals in the rural areas to IGMC, Shimla for expert advice. As many as 14 such centers / hospitals are being connected in Phase I and rest in Phase II. The connectivity will be further extended to PGIMER-Chandigarh over the existing telemedicine linkage. To establish seamless connectivity over diverse communication environment in the state. To develop software interfaces with low cost medical diagnostic equipment so as to offer a very low cost telemedicine solution for rural areas. To introduce new software/hardware features in the existing telemedicine technology for developments not covered already. To give boost to the production of low cost medical diagnostic equipments for telemedicine technologies in India. To spread medical education among the medical professionals for their continuous up gradation at a very low cost even to far off places in rural areas. To develop it as a pilot project for subsequent implementation all over India.
4. Telemedicine In Himachal Pradesh Himachal Pradesh is called ‘Dev Bhoomi’ the “Land of Gods” and is known for its calm, peaceful and salubrious climate and is lavishly blessed with excellent scenic location, abundance of natural forests with precious herbs and medicinal plants and snow bound peaks of the Great Himalayas. The project envisages the customized development of “Telemedicine Application” and its subsequent deployment in the rural areas. As many as 24 locations have been identified for deployment of the project. These range from Community/ Primary Centre to Civil / Regional hospitals and IGMC, Shimla. Due to non-availability of connectivity, it has been decided after discussion with BHARAT SANCHAR NIGAM LIMITED [7], 14 centres are to be taken in Phase I and rest of the centers would be covered in the next phase i.e. Phase II. All of them will be connected together. The telemedicine application will comprise the basic tele-radiology, tele-pathology and telecardiology modules. As far as the capital equipment for the project is concerned, the endeavor is to identify the low cost equipment. Each location will be provided with ECG machine, Microscope, Scanner and the required computers and communication equipment. The local populace of Himachal Pradesh is yet to receive even the basic benefits of information technology in the health care sector. Geographically, Himachal Pradesh is a hilly state where the population is living in remote areas in very small groups and most of these areas are not well connected. At many places the approach roads are so narrow that there is no transport available. One good thing about the state is that it has an excellent telecommunications infrastructure established by the Department of Telecommunication [8]. This will serve as an excellent infrastructure for setting up a Health Net using Telemedicine
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
27
Technology. At present, the position of healthcare is also not good. The number of primary health care centres in the State is also less. Besides that, most of the vital medical facilities close to the population are not possible. In rural areas of Himachal there is a high prevalence of untreated curable disease, which remains untreated due to lack of resources. This Telemedicine Application will deliver the specialized healthcare to the patients of under-served rural areas of Himachal Pradesh at very low cost. At present, the position of healthcare in these rural areas is not good. The number of primary health care centres in the State is less and most of the vital medical facilities close to the population are not possible. In rural areas of Himachal there is a high prevalence of untreated curable disease, which remains untreated due to lack of resources. Till now the patients are moved to distant places even in case of emergency. This is because they have no access to preliminary investigation or treatment at Secondary and tertiary level hospitals closer to the places where they live. There is real need to provide them proper health care facilities. It is not possible to open hospitals with all kind of specialties at every place. Not only that big cost is involved, but also expert doctors are neither available in large number none they are ready to work at such small places. At the same time, it is not possible to travel to such places regularly because of time involved but one thing is very clear that they must be provided with some low cost solutions. At present they pay heavily for travel time and for expect and living cost at far away places. So a low cost solution is required for such population, which is very large in the North-East Himachal Pradesh, which can save their time also. Telemedicine technology once implemented at such places, with either junior doctors or paramedical persons deployed at each station, will definitely assist in providing proper treatment to this population, through expert doctors sitting miles away. The population shall be benefited in following ways: • • • • •
Best possible health care facilities shall be available to all of them. They need not to move the patient to specialty hospital at far away places unnecessarily. Since this population earns their livelihood through daily wages. So they will be saving time and hence their income will increase. Since the cost involved in the treatment using telemedicine technology shall definitely be many fold less than the cost now being spend by this population. People of this hill state will definitely get a very good health care facility and that again at very low cost without traveling much distance.
This package has been lab tested on LAN (10/100 Mbps), POTS (Plain Old Telephone System) and ISDN (Integrated Services Digital Network). Telemedicine sessions can be set up using the dial-up for POTS or ISDN. Video conferencing is being conducted on 3x128 kbps lines. So the bandwidth required is 384 kbps. Efforts are in hand to run it on the Broadband Communications being offered by the service providers these days. The Telemedicine application software is based on “Store and Forward” concept and video conferencing over 384 kbps ISDN lines. Store-and-forward technology eliminates the need for parties to be available for consultation at the same time [9]. Experts in different regions at their convenience can review video “clips”. Such technology would allow teleradiologists in different cities, for example, to examine and interpret x-ray films and computerized tomography (CT) and magnetic resonance imaging (MRI) scans any time [10]. Besides being user friendly, it supports a
28
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
comprehensive patient medical record, DICOM image format, video conferencing, standard TWAIN interfaces for web cams, digital cameras and scanners and offers tools for image enhancement as well. For Tele-radiology – This Telemedicine Application supports capturing of images in common formats including DICOM from scanners with transparency adapters and specialized medical film scanners. These images can be simple X-rays, MRI and CT scans, or more advanced computer data fused with real-time video. For Tele-pathology – It supports the transmission of the following pathological reports: Urine, Stool, Haematology and Biochemistry in alphanumeric/textual form in addition to the images in popular formats from video microscopy systems [11]. In case of Tele-cardiology – This package can capture, display and store 12-lead ECG besides transfer of heart sounds and Lung Function Test reports [12]. The connectivity will be seamless over diverse telecommunication media as available in Himachal Pradesh. BHARAT SANCHAR NIGAM LIMITED will be approached to provide the requisite connectivity wherever required. The specific technology fallouts will be as under: • Telemedicine Application for rural areas. • Video Conferencing Software Application. • Telemedicine Standards – DICOM Customization. • Integration Module for third party HIS & Telemedicine Application. • Interfaces for Medical Diagnostic Equipment. • Communication Protocol and Communication Services. • Security Module This will also enable tele-health, tele-diagnosis, tele-consultation and teleeducation. The communication network so developed will be useful for disaster relief and administration during bad weather or natural calamities. Telemedicine setup implementation at various health institutions in Himachal Pradesh will be based on the network that can be classified into the following categories: Phase I: Installation of the identified equipment and to link two medical colleges in the state Integrated Telemedicine workstation at each Medical College connected by a communication link like ordinary telephone lines (i.e. POTS – Plain Old Telephone Service/System) or preferably Integrated Services Digital Network (ISDN). This approach is cost effective and beneficial for relatively smaller healthcare delivery institutions. But the inherent limitation is that we cannot go beyond a certain number of medical peripherals (for the Telemedicine link) in this kind of a setup. Model–B (Client-Server Model) [13] or A local server with relevant number of workstations connected to it in a Local Area Network, this configuration basically takes care of the limitation of Model A. Each specialist can have a workstation that is connected to the server, which in turn communicates to the telemedicine workstation, or a server at the other site. Furthermore, any application of Telemedicine can be practiced over such a telemedicine set-up. Owing to larger volume of hardware, this configuration is somewhat expensive but has an advantage in bigger hospitals where each specialist can have his own dedicated workstation connected to the local server (through local area network).
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
29
PHASE II: Linking with all the identified hospitals PHASE II: Integration with Hospital Information System (HIS) Telemedicine customarily uses two methods to transmit images, data and sound - either “live”, real-time transmission where the consulting professional participates in the examination of the patient while diagnostic information (images and medical records) is collected and transmitted, or "store and forward" transmission, where the consulting professional reviews data asynchronous with its collection. Many programs employ both transmission capabilities, to maximize efficient use of resources appropriate to the medical services being provided. This interactive televideo transmission happens via personal computers and remote monitoring.
Acquire
Store at Telemedicine Consulting Centre
Transfer
Store at Telemedicine Specialty Centre
Opinion
Teleconsultation One type of “Store and Forward” Protocol
Telemedicine is not another technology but a process that focuses on the individual to provide greater access and increased knowledge on healthcare. It empowers the individual to manage his/her own personal health, and integrates information to allow the smooth flow of services and products throughout the healthcare system. Telemedicine will play an increasing role in future healthcare and offers a mechanism for reversing the healthcare pyramid. 5. Requirements for upgrading health care facilities in the state of Himachal Pradesh using telemedicine technology The Communication Net: For proper implementation and for providing acceptable interaction a good bandwidth is key factor. In order to maximize the utilization of the available transmission medium (from land-based fiber optic cable to satellite link) while providing the best quality video and audio, the system should adapt to a wide variety of bandwidths (e.g., from 28 kbps to over 155 Mbps), depending on the clinical application, the available telecommunication channels, and the desired interaction level. For example, teleeducation and basic teleconsultation applications can most often be accomplished at low bit-rates with available compression and processing hardware. However, real-time telemammography consultation and diagnosis applications require higher bit-rates and specialized hardware. The more challenging and difficult the remote consultation and diagnosis, the higher bandwidth the clinical application will require to provide better quality services.
30
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
There are a number of network protocol stacks to choose from when designing a Telemedicine system [14].
Face-to-Face interaction between Doctors and Patients Imagine a surgeon, sitting in a shirt and tie at a computer in an office, assisting another surgeon performing a lung biopsy or heart surgery on a patient in an operating room across the city. While it may sound like a fantasy movie script, the fact is that surgeons have accomplished such a feat. It also saves travel time and expense by linking institutions for meetings. Videoconferencing provides statewide telemedicine consultations with patients and physicians at rural hospitals, clinics, and correctional facilities. People in the corporate, government, and educational markets strategically embrace videoconferencing as the "new face" of "face-to-face" business communication. In fact, many people have found that participating in a videoconferencing meeting is just as effective as meeting face-to-face. Though it can't replace the reverent handshake, a videoconference meeting can be just as informative, interactive, and important as any standard meeting! Video links use cameras attached to your own PC. A standard card and camera uses a single ISDN line in a direct person-to-person link, which is far better than the Internet. The interaction can be very informal, spontaneous, and from wherever you are, and while whatever you are doing. Telemedicine Equipment Availability The advances and convergence of IT and Telecommunication has brought a host of services to our doorstep including Medical care. Telemedicine is set to revolutionize rural health care. Telemedicine is an established delivery method of health care for exchanging medical information across the distances, using Telecommunication technology. It includes the transfer of CT Scan, MRI, Ultrasound images, Pathology
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
31
reports, endoscopic video images and other procedures. It also includes Patient live interviews and examinations, consultation with Medical Specialists, Health Care and Educational activities through Video conferencing. Telemedicine is a multidisciplinary service sector requiring expertise in health care, telecommunications, and information technology sectors. Despite the availability of the required telecommunications infrastructure and computer systems technology and equipment, its importance as a way to upgrade the coverage, timeliness and quality of health care services nationwide, especially for rural and isolated areas, has not been fully recognized. Telemedicine requires transfer of high quality Patient Data, Video and Images to Specialist Doctor through satellite, ISDN, Fiber optic or existing media such as PSTN links for consultations. These images are acquired from Medical Diagnostic equipment, processed, transmitted and shared during consultation. The advanced medical imaging is done with DICOM-3 (Digital Imaging and Communication) protocol standard [15], with improved compression methods to reduce transmission time and cost. Telemedicine system includes: • • • • • • • • •
Imaging Work-station Video conferencing equipment Digital scanner for X-ray/films and reports ECG machine Ultra Sound/Endoscopy equipment Any other diagnostic equipment for telemedicine system Communication Interface Modules Communication network like VSAT, ISDN, PSTN, WAN and LAN Education of nursing and para-medical staff and providing technician training and tele-medicine for the rural population can strengthen trained manpower resources in the rural areas.
Response from doctors at specialty hospital In a Telemedicine setup, there is a need to for a synchronous or asynchronous queryresponse system, i.e., one of the many “store and forward” protocols has to be in use at any point of time. Besides the regular consultations, experts need to be made available on 24x7x365 basis, to handle the emergencies calls from the consulting centers. Supporting Technologies Besides the doctors at the consulting and specialty centers, it is vital to have a good team of technologists who ensure 24x7x365 services for the telemedicine network and medical equipments, to make a telemedicine setup efficient and usable. Willingness of doctors in adapting to a new working style Several subjects expressed the opinion that doctors - particularly specialists - would be the single most influential group affecting the diffusion process. Telemedicine won't have a chance if doctors don't like it - regardless of how supportive hospital
32
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
management or politicians might be. Likewise, if doctors respond to telemedicine in a positive way, its success is assured [16]. Although none of the doctors interviewed acknowledged the factors of discord, like their personal attitudes or interests, they were confident that these factors would play an important role in acceptance and diffusion. In discussing this issue, it is useful to distinguish between two groups: • •
Expertise delivering physicians Expertise receiving physicians
The first group consists primarily of specialists at central hospitals who either have ambulated (and enjoyed supplementary income) or have contributed significantly to hospital income by treating guest patients from neighboring municipalities. By carrying out distant consultations, they experience a reduction in income both for themselves and their hospital. Furthermore, some physicians have shown a negative attitude towards allowing receiving (primarily rural) hospitals to participate (via video conference) in medical meetings, while they are positive towards participating in similar meetings when they themselves are recipients. The specialists interviewed were asked why they were positive towards distant consultations. These expressed an interest in new and exciting technology, as well as emphasizing the advantages for the patient and the health care system in general. The second group - expertise receiving physicians - has to date consisted of physicians at rural hospitals and institutions in the primary health care. Through distant consultations with specialists, these physicians have built up a new degree of competence and thus an increased ability to screen, diagnose and treat patients locally. Our subjects assumed that this would promote acceptance and diffusion of telemedicine. Rural physician access to a wider professional network, as well as accreditation of specialist consultations as part of the continuing education curriculum, was also emphasized as an important incentive. Among the potentially restraining factors for this group's acceptance of telemedicine was the fear of surveillance or control from central experts, as well as concern for diluting their role as general practitioners. The effects of telemedicine on the physician’s work environment were underlined as a factor influencing acceptance and diffusion. Some were concerned with the consequences of working long periods with video or screen based consultations. The importance of organizing the number and type of consultations in order to allow a varied work schedule was emphasized. The effects of telemedicine on the physician's work environment will also interplay with other environmental factors. Physicians working in environments characterized by overload and stress will most likely perceive implementation of telemedicine as an additional burden. This, coupled with telemedicine's replacement of ambulatory services (i.e. "fleeing the drudge of the hospital ward") as well as a possible fall in income, will doubtlessly muster resistance if not outright sabotage - towards implementation of telemedicine. Development of reasonable incentives as well as measures for integrating telemedicine into the work environment will be important concerns.
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
33
General social and political factors The ongoing public concern and debate about the "crisis" in the health sector creates a readiness to assess newer and more radical measures in helping solve some of the structural and economic problems in the health care sector. The majority of subjects in our study reflected this attitude towards telemedicine. A simple, practical demonstration of telemedicine is often enough to give lay persons perspectives of how this technology can help attain important values and goals in society; equal access to generalist and specialist health care, more quality health care per rupee. The restraining factors most frequently mentioned were related to mechanisms regulating the roles and responsibilities between the different levels of public health administration. These mechanisms, often described as rigid and complex, are constantly under public assessment and debate. In most cases, telemedicine is used between institutions administered at different levels or between, for example, municipalities in different regions. Among the problems that arise in this interaction is the issue of economic compensation tied to the health care services themselves (travel, consultation fees, etc.) as well as the issue of dividing the burden of investments in telemedicine systems - an issue which is complicated by a strong trend towards decentralized goal management. Restraining • • •
Rigidity and complexity of mechanisms regulating national, municipal and local activities Decentralized goal management of investments and measures which are in the interest of all parties Exaggerated focus on technology rather than goals
Facilitating • • •
Social/political values and demands for: a) Equal health care to all citizens b) More health per rupee Trends towards cross-sector collaboration Public debate on changes in traditional hospital structure Restraining
Centralization and decentralization The Indian society in general - the health care sector included - highly values the maintenance of decentralized public services. Thus, measures, which facilitate decentralization, are viewed as positive while those involving centralization of services are considered necessary evils forced upon health care by lack of resources and demands for rationalization.
34
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
Several subjects were concerned that telemedicine would reduce pressure for recruiting physicians in rural areas; while others were convinced that telemedicine would increase the attraction of rural positions and thus support recruitment.
6. Conclusion This project demonstrated convincingly that telemedicine can be established within a rural environment and can be widely embraced by medical practitioners and patients. Telemedicine was adopted quickly and used frequently in several medical specialty areas. Telemedicine consultations were effective substitutes for in-person consultations in some specialties, particularly psychiatry. Telemedicine also improved some indicators of the quality of care available for patients, including the time between referral and actual consultation, the availability of different medical specialists, and access to doctors with more experience in treating patients. Savings from averted trips to nearby medical facilities are more modest. A simple video teleconferencing system with a close-up camera is adequate for many telemedicine consultations (for dermatology, for example). The demonstration showed that telemedicine could play an important role in a quality correctional health care delivery system. The costs and benefits of telemedicine will vary with the type and nature of requirements. The costs of telemedicine equipment are continuing to decline due to advances in technology, so the costs of telemedicine consultations should also continue to drop. The telemedicine solution in the state of Himachal Pradesh is one of the rare applications developed in India. This development can be classified as a hybrid model of telemedicine that uses store and forward as well as real time concept. Initial interactions with users of our application reinforce our thoughts of a simple and userfriendly telemedicine technology (that further motivated us to develop a web based telemedicine application, which is in the pipeline) for vast application of this solution of IT in healthcare in India.
References [1] S.P. Sood, “ India telemedicine venture seeks to improve care, increase access,” Telemedicine Today, pp. 25-26, Oct./Nov. 2002. [2] E-learning Resource Manual. American College of Physicians, Annual Session 2003. [3] http://trc.telemed.org/news.html accessed on 20.02.06 [4] http://www.igmcshimla.org [5] http://himachal.nic.in [6] http://www.mit.gov.in [7] http://www.bsnl.co.in [8] http://www.hp.bsnl.co.in [9] Deodhar J. Telemedicine by email – Experience in neonatal care at a primary care facility in rural India. J Telemed Telecare 2002; 8:20-1 [10] Engelmann U, Schroter A, Schwab M, Meinzer H. reality and perspectives in teleradiology: a personal view based on personal experiences. Int J Med Inf 2001; 64:449-59
J.S. Bhatia and S. Sharma / Telemedicine Odyssey Customised Telemedicine Solution
35
[11] Wells CA and C Sowter. Telepathology: A diagnostic Tool for the Millennium? Journal of Pathology 200; 191:1-7 [12] Shanit D, Cheg A, Greenbaum RA. Telecardiology: supporting the decision making process in general practice. J Telemed Telecare 1996; 2:7-23 [13] http://www.wales.nhs.uk/telemedicine [14] http://icsl.ee.washington.edu/projects/gsp9/spie95/seahawk/ [15] http://www.dicomanalyser.co.uk/html/introduction.htm [16] Paul LD, Assessing Technological Barriers to Telemedicine: Technology- Management Implications. IEEE Vol. 46, No. 3, August 1999.
36
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
A Deployable Framework for Mobile Telemedicine Applications N.A. Ikhu-Omoregbe1, C.K. Ayo and S.A. Ehikioya Department of Computer and Information Sciences, Covenant University, Ota, Nigeria Abstract. In recent years, the shortage of medical specialists and access to medical information has necessitated a growing interest for cost effective and efficient telemedicine tools for healthcare delivery. Mobile telemedicine applications are aimed at meeting the mobility requirements of patients and doctors by integrating wireless communications for different health care services and education. Although, telemedicine holds great promises in enhancing health care delivery in rural area and developing countries, only a few applications exist because of poor frameworks for their deployments. This paper, aims at providing a deployable framework for Mobile Telemedicine Applications for Tropical Diseases (MTATD). MTATD presented here, provides access to a telemedicine unit via hand held devices over a PSTN/GSM and the Internet for a collaborative health care delivery and education between patients and care providers. Keywords. Deployable, Framework, Health care, Telemedicine, Mobile
Introduction Telemedicine aims at providing expert-based health care and medical information to rural or understaffed remote sites and to provide advanced emergency care through modern telecommunication and information technologies. Telemedicine holds great promise to enhance healthcare delivery in rural areas and developing countries by allowing a physician or other healthcare specialists examine a patient while linked by video or other means to an expert consultant at a distant medical center [1]. Radiologists and other specialists can review medical images transmitted over telephone lines or the Internet. Similarly, a Pathologist in a developed world can review biopsies done in a hospital in a rural or developing country near real-time [1]. The rapid advances in digital and communication technologies have now made other media, particularly images and sound amenable to computer-based storage, manipulation, and transmission [2,3]. Medical diagnosis and management could be achieved with the use of textual descriptions and still images [4] over fax, telephone or email but most times, these do not provide sufficient information for correct diagnosis and prognosis by the experts during a telemedicine session [5]. Traditional telemedicine applications are associated with the use of expensive and bulky telecommunications infrastructures with substantial bandwidth of 128kbps or greater [6]. Significant researches exist in literatures demonstrating different clinical areas of telemedicine applications such as the use of Public Switch Telephone Network (PSTN), and the use of Integrated Services Digital Network (ISDN) for the transmis1
corresponding author
[email protected]
N.A. Ikhu-Omoregbe et al. / A Deployable Framework for Mobile Telemedicine Applications
37
sion of medical data and video images during telemedicine session. Many of these applications are still being deployed on fixed stations and thus do not meet the mobility requirements of patients and doctors who could be mobile [7]. In health care patients are the major player and they are mobile, applications deployed for them should be without mobility constraints. The design and deployment of a telemedicine application, like any other application, assumes a systems engineering approach. Requirements engineering is highly significant in this process, since getting the requirements wrong would lead to a poor and unacceptable product. Requirements engineering therefore, provides the appropriate frameworks, and ensures that the proffered solutions are correct, complete, concise and unambiguously specified to guarantee an acceptable product [5]. Wireless and mobile technologies are currently having powerful impacts on the way different health care providers offer services to their patients [7]. Cellular digital networks, handheld devices such as PDAs and mobile phones are being used to extend the deployment and maneuverability of health care applications and content. The remaining part of the paper is divided as follows: In section 2, we look at Telemedicine Applications and their Requirements. In section 3 we present the Architecture and a Deployment Infrastructure for MTATD, in section 4, we provide a prototype and a discussion of core functionalities in section 5. We conclude in section 6 with a brief summary. 1. Mobile Telemedicine Applications And Their Requirements Mobile telemedicine is an emerging area, integrating wireless communication for different telemedicine applications. The emerging mobile and networking technologies such as 3G/4G, are fast opening new opportunities and introducing greater innovations to health care delivery [8]. Some benefits [9,10] offered by mobile telemedicine system using mobile network include amongst other: • • • • • • •
cost effective utilization of limited health care resources access to enhanced services, especially where cost and distances would have been constraints. allowance for patients to remain in their normal environment and maintain a normal lifestyle minimizes travel cost and risk for patients or physicians early diagnosis, intervention, and treatment in certain events provides for the mobility needs of the patients or physicians quicker turn around time for consultations
The communications infrastructures for handling the multimedia requirements for telemedicine applications are largely dependent on the type of telemedicine being addressed. Types of telemedicine include: teleconsultation, telediagnosis, tele-education, telementoring and Telemonitoring [1,6,7]. a)
Teleconsultation: This involves the interactive sharing of images and other medical information in which the primary diagnosis is made by the doctor at the location of the patient. Generally, a teleconsultation is between a family practice expert located at a local medical center and the relevant specialist or subspecialties located in a remote medical center whose “second opinion” is required to confirm a diagnosis by the local expert [1].
38
N.A. Ikhu-Omoregbe et al. / A Deployable Framework for Mobile Telemedicine Applications
b)
c)
d)
e)
Telediagnosis: This is a most prominent application of telemedicine. It entails the sharing of images and medical information in which the primary diagnosis is made by an expert at a location remote from the patient [1]. Tele-education: This involves the provision of educational materials over a telecommunication network [1]. In telemedicine, it entails the dissemination of medical information, research and laboratory findings and results. In implementing Mobile Telemedicine Application for Tropical Diseases, patient can have access to relevant medical information for better living through teleeducation. Telementoring: This is similar to Tele-education. It is an education technique that involves real-time guidance of a less experienced practitioner through a procedure for which he or she has limited experience [6]. For example, guiding a less experienced physician during a surgical process in a local hospital by a more experienced surgeon at any another part of the world via telecommunications infrastructures. Telemonitoring: Results from recent finding have shown that the number of patients receiving monitored treatment from home is on the increase [7]. Some patients prefer to remain within the comfort of their homes and to cut down hospitalization cost while their health conditions are being managed and monitored from a remote location via mobile infrastructures. This is possible by connecting camera or other medical devices (e.g. pulse oximetry) to personal digital assistance (PDA) or mobile phone such as Nokia 9000 which can relay information collected from patients to the healthcare provider via wireless network. Telemonitoring is suitable for different emergency health care scenarios such as monitory of an elderly, suffering from diabetes. With the right infrastructures in place, healthcare provider can continuously monitor a patient’s physiological data regardless of the patient’s location provided he is within the mobile coverage [11].
1.1. Telemedicine for Tropical Diseases Numerous diseases such as malaria, cholera, yellow fever etc are prevalent in Africa with common symptoms. Malaria (a protozoan disease caused in human by four species of genus plasmodium) is the most widely spread amongst them. Malaria is characterized by extreme exhaustion, high fever, sweating, vomiting, pains and anemia. From statistics, it is African leading course of under-five mortality (20%) and constitutes 10% of the overall diseases in Africa. 30-50% of inpatients admission and 50% of outpatients visit in some areas such as Nigeria where more the 90 people per square kilometer are likely to be infected with the disease [12-14]. Nigeria and other developing nations of the world could embrace the opportunities offered by the emerging mobile technology to address malaria and other health issues. Nigeria has the fastest growing mobile coverage in Africa with teledensity of 15 as at the end of the year, 2005 [15]. The architecture proposed in this paper, utilizes the enabling mobile network infrastructures in the country for the deployment of MTATD. 2. Architecture We propose a client/server architecture separated by a mobile network. The system consists of three main modules called Patient Unit, a Physician Unit and the Physi-
N.A. Ikhu-Omoregbe et al. / A Deployable Framework for Mobile Telemedicine Applications
39
cian/Server Support Unit. The patient unit, usually handheld device with capabilities to integrate medical devices uses the GSM mobile telephone or PSTN links It accepts and transmits clinical information such as; Heart Rate, None-Invasive Blood Pressure, Invasive blood Pressure, Temperature, Respiration etc to the Physician Support Unit depending on his complaints and the requirements for his/her diagnosis.
Fig. 3.1. MTATD Architecture and Deployment Infrastructure.
The Physician’s unit enables him/her to receive, view and interpret the data from the patient’s unit for possible diagnosis and therapy. The Physician Support Unit is supported by a database component to record relevant encounter and store relevant data for diagnosis and other clinical and administrative use. When further test or consultation is required, the patient is asked to visit a participating local health care center or hospital for adequate care. 3. Prototype of MTATD Prototyping is considered a cure for the problems of understanding during requirements capturing [16]. We present a prototype of the core functionality to demonstrate executed versions of our requirement model. The Client application was developed with Wireless Markup Language. The Server application was developed in java language because of its independent platform and security features and provides access to MS SQL 2000 Server. The database is equipped with graphical users interface to enhance its usability and shown in Fig. 4.1. The server receives patients’ electronic records via an API that returns diagnosis and treatments information in the form of XML document. The prototype application has been tested with openwave v7 simulator, which emulates the Wireless Application Protocol, gateway on a (3-tier) client-server architecture separated by a mobile network. The prototype has been tested on the covenant university Intranet in preparations for further stress testing and deployment at the Covenant University Health Center, Nigeria.
40
N.A. Ikhu-Omoregbe et al. / A Deployable Framework for Mobile Telemedicine Applications
Fig. 4.1. User’s Interfaces and Services in MTATD.
4. Discussion on MTATD MTATD allows effective and efficient use of medical resources available at medical centers to support the medical practitioners. The application could be interfaced with a camera having the capabilities to connect various medical instruments, e.g. Otoscope, ophthalmoscope, sigmoidoscope, or any form which are necessary for viewing procedures performed at a remote site and facilitates consultations with the a medical center [17,18,19]. Doctors at one side may view, discuss cases, interview patient, and interact effectively with him to improve the quality of patient care via the WAP infrastructure. The MTATD is capable of transmitting clinical information from the client device to the server. MTATD proposed in this paper could have a call center using IP-based Customer Relationship Management (CRM), which connects patients by telephone, 24/7/365 to the health information they seek. When a patient in need of medical services dials into the system she will have access to front desk information or an option of being connected to a medical specialist. If the caller (patient) selects a nurse for example, the nurse works through the patient’s symptoms and recommends appropriate course of action [20] with the help of the telemedicine support unit which uses fuzzy logic and neural networks principles to arrive at conclusion. The function of the nurse is usurped by the system [21]. MTATD incorporates an Automated Speech-Controlled Customer Care Service system (ASR CCS) proposed in [21] to minimize Human-to-Human (H2H) interaction being replaced with Human-to-System (H2S) model to reduce response time [22]. MTATD has self-starting capabilities, which enables it to initiate dialogue with patients by mailing diagnosis and therapies through SMS (or via email) to patients who had earlier made complaints and could not have a consultation session with a specialist. In instances where a doctor’s or laboratory visit becomes very necessary such as when a patient is infected with P.facliciparum malaria (where it is advisable to hospitalize and treat the patient as a medical emergency to prevent complexities) [20,22], the system books an appointment with the specialist in a participating health care center and reports to the patient when she can see the physician while automatically transferring the patient’s record to the contacted specialist’s attention.
N.A. Ikhu-Omoregbe et al. / A Deployable Framework for Mobile Telemedicine Applications
41
5. Conclusion The accessibility of prompt and cost effective medical services and educations could lead to life savings for rural dwellers and the inhabitants of the developing nations; Particularly, for the areas that are categorized as death zone by WHO, for lack of adequate manpower and facilities. MTATD as described in this paper will go a long way in improving health care delivery by enabling patients with handheld devices book appointments and receive other medical services at their convenience. Furthermore, it will reduce the cost-implication of deploying telemedicine applications in least developed countries and developing nations of the world, where there is a high shortage of medical personnel and information. Finally, as more Nigerians and Africans get connected to mobile services, the framework thus provided could act as a specification document for developing and deploying applications to address endemic diseases such as, HIV/AIDS, cholera, etc. across the world. References [1] Zach S.,Telemedicine Overview and Summary, Ministry of Communications, Tel-Aviv, Israel, IEEE, 1996. [2] Roy R, Interactive Media, Springer-Verlag, 1995. [3] HongJiang Zhang, Where are the “Killer-Apps” for video content analysis and retrieval technologies, HP Labs [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]
(Panel Statement of Purpose): VLBV 98 Panel 4: Applications: University of Illinois at Champaign/Urbana, Oct 8-9, 1998. Hamish S. F. Fraser, Darius J, Peter Szolovits, Libby Levinson, TeleMedMail: Software to Facilitate Store and Forward Telemedicine in Developing Countries, MIT Laboratory for Computer Science, March 2003. Roger S. Pressman, Software engineering A Practitioners approach, McGraw-Hill, International Edition, 2001. Rosser JC, Jr, et al, Use of mobile low-bandwidth telemedical technique for extreme telemedicine applications, www.ncbi.nlm.nih.gov Robert Istepanian, Integrated mobile telemedial systems: current status and future prospect, www.hoise. com/vmu/99/articles/vmw/RI-VM-07-99-1.html . Aura Ganz et al, Advanced Mobile Technologies for Health Care Applications, Journal of Mobile Multimedia, Vol. 1, No. 4, 2006, Rinton Press. Yuechun Chu and Aura Ganz, Mobile Telemedicine Systems Using 3G Wireless Networks, Wireles Technology, 2005. Benefits of Implementing Telemedicine in Nigeria, http://www.sftehin.org Robert S. H. Isetpanian, The newly emerging concept of next generation wireless and mobile telemedicine systems, IT IS-ITAB’99 Conference, Amsterdam. http://www.afro.who.int/malaria http://who.int/topic/malaria www.africaguide.com/health.htm www.ncc.gov.ng M. Christel, K. Kang, Issues in Requirements Elicitation, Technical Report, CMU/SEI-92-TR-012, http://www.sei.cmu.edu/publication. David L. Paul, Keri E. Pearlson and Reuben R. McDaniel, Jr., Assessing Technological Barriers to Telemedicine: Technology-Management Implications, IEEE Transaction on Management, 1999. Health, Telehealth: A Review of Contact North's "Emerging Technologies" Contact North’s 2003, Emerging Technologies Conference, Valhalla Inn, Thunder Bay February 25-27, 2003. Another Kind of Tele-Home: Medical Care Centers: Telemedicine Today: http://www.telemedcinetoday. com/articles/anothertelehome.shtml Kugean C., Krishnam S.M., Chutatape O, Swaminathan S., Srinivasan N. and Wang P., Design of a Mobile Telemedicine System with Wireless LAN, IEEE, 2002. Atayero, A.A., Olugbara, O.O., Ayo, C.K., Ikhu-Omoregbe, N.A., Design, Development, and Deployment of an Automated Speech-Controlled Customer Care Service System, Proceedings GSPx 2004 - "The International Embedded Solutions Event", Santa Clara, CA, September 27-30, 2004. Ikhu-Omoregbe, N.A., Atayero, A.A., Ayo, C.K., Olugbara, O.O., Design, and Deployment of Hybrid Telemedicine Applications SPIE-2005 Proceedings, pp. 191-196, Internet Image VI, San Jose, CA, January 16-20, 2005.
42
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Applications of ePerSpace Service Management Platform in Health Care Kambiz MADANI, Mahi LOHI University of Westminster, United Kingdom
Abstract. The ePerSpace project has created a distributed service management platform with wide ranging applications at home and globally anywhere else outside home. The project has created an open and trusted home platform where home devices can seamlessly work together providing personalised services, provisioning content adaptation, and managing a variety of services via a residential gateway. Using the personalisation information the system can recognise and form specific user communities towards which specific services such as health care can be directed. This paper presents the main concept and components of the ePerSpace Service Management and discusses its potential in health care applications. Keywords. Distributed Service Management, Service Architecture for Health Care
1. Project Summary ePerSpace [1] is an EC-funded Integrated Project (IP) under the European Framework 6 Program (FP6), consisting of a research consortium of 20 partners from telecom operators, broadcasters, manufacturers, academia & SMEs. The main objective of the ePerSpace project is to provide a networked audiovisual system with wide ranging applications at home and virtually anywhere, by enabling innovative valueadded services. It is envisaged that the ePerSpace open architecture will increase the range of novel services and the speed of developing them, by re-using well-defined system components and their interfaces.
2. ePerSpace Architecture The ePerSpace business model is based on the Open Services Gateway initiative (OSGi) technology that resides on the Residential Gateway (RG) at home, and provides access to remote services from inside the Home Area Network (HAN). The ePerSpace distributed service management architecture [2-4] (Figure 1) has been designed as a hybrid system, in which there are a number of Global Service Managers (GSeM), interfacing with each other. Each individual Global Service Manager is controlled by a System Operator (SO), and interfaces with a large number of value-added Service Providers (SP). Each individual Global Service Manager also interfaces to & controls a large number of Local Service Managers (LSeM), which reside at user homes on the Residential Gateway.
K. Madani and M. Lohi / Applications of ePerSpace Service Management Platform
43
Figure 1. The ePerSpace service management architecture
The System Operator manages the user access to a variety of registered services by using the Global Service Manager. The operators have to sign agreements to regulate their cooperation with the service providers, including for accounting and billing. The users have to subscribe to at least one operator, in order to gain access to any available services in the network. The users access the Global Service Manager through a web interface. The user can access the Global Service Manager through the access and transport networks, as well as the devices community inside the HAN using the RG.
3. Service Provisioning Figure 2 shows the ePerSpace conceptual architecture for service provisioning. The user can be either ‘at home’ or ‘elsewhere’ as shown. Any service/content provider can offer their services via broadband connection to the Residential Gateway (RG). The RG acts as the single point of entry of all services entering the home area network. The Local Service Manager residing on the RG is based on OSGi standard and is installed on the residential gateway. The OSGi framework manages the OSGi system bundles. The local service management platform includes storage system for users data and local services’ bundles, and has components for local content adaptation and local personalisation. The LSeM connects the customers, who are in the Home Are Network to the outside world (i.e. to GSeMs, content and service providers, etc.). The LSeM is installed on the Residential Gateway, and closely collaborates at one hand with the OSGI framework and at the other hand with the Local Content Manager, the Local Profile Manager and the Local Service Continuity module.
44
K. Madani and M. Lohi / Applications of ePerSpace Service Management Platform
Figure 2. The ePerSpace architecture for service provisioning
The LSeM enables RG to manage and control community of devices at home using a device manager. Examples of grouping of the home devices to form a ‘device community’ are: Computing devices: laptop, PC, PDA, etc. Communication devices: telephone, fax, intercom etc. Entertainment devices: TV, radio, DVD player, STB etc. White goods: fridge, washing machine, dish washer, etc.
4. Personalisation of Services in ePerSpace The Service Providers can personalise their services in ePerSpace as shown in Figure 3. Each service has a Service Profile that can be matched to individual user profiles, in order to provide personalised services which fits closely to the user requirements. Service Profile is an XML schema document which contains relevant service dependent information in order to use the service.The User Profile is defined by the user, but some parameters can be automatically selected base on historical data related to the user requirements which are stored locally at the user premises. The personalisation engine has a global and a local component residing on GSeM and LSeM respectively. Using the personalisation engine, the service providers can target a specific user or group of users to advertise their services. The users subscribe to services that closely meet their requirements. The service providers can further monitor user habits over time, to offer other personalised services as required.
K. Madani and M. Lohi / Applications of ePerSpace Service Management Platform
45
Figure 3. Personalisation of services
5. Applications in Health Care The ePerSpace Service Management platform provides the ideal infrastructure for health care applications. a) For health care at home the Residential Gateway can be regarded as the virtual caretaker. The Local Service manager residing in the Residential Gateway enables the management of all the patient’s monitoring devices at home automatically or remotely by the Care Provider. The monitoring data is stored locally and remains secure and confidential. The data can be transmitted to a health care clinic or hospital under authorisation by the local manager. The system can also provide audio-visual sessions between the patient & the doctors or nurses as required. The health care professionals can develop specialised OSGi service bundles, which can then be downloaded onto the Residential Gateway. Using the local service manager at home, a variety of operations such as the monitoring of patients measurements, and administration of taking regular drugs can be performed remotely. b) In the case of patients being elsewhere (i.e. not at home), the seamless nature of eperSpace services that are interoperable globally, allows the same operations to be performed as if the patient were at home. Using a wireless terminal, the patient is connected to the Residential Gateway at home & therefore will access the Local Service Manager, and all the local data. The health care services therefore ‘follow’ the patient seamlessly wherever he/she goes. This extends the idea of ‘health care at home’ to be then universally available for highly mobile patients who are using the ePerSpace Service Management platform. c) From the Health Care provider’s point of view, the system can use the unique personalisation features that exist in the ePerSpace system, to tailor & optimise the health care services according to the individual patient’s requirements. The
46
K. Madani and M. Lohi / Applications of ePerSpace Service Management Platform
content adaptation feature adapts the audiovisual content so that many different devices can use and display this content at home or on the move. d) In addition, the system identifies and recognises various community of users, such as those with special needs or disease, allowing the health care professionals to target and advertise these communities for specific services, hence increasing the chance of selling their services to patients who really need them, and reducing the spam from those who don’t.
6. Conclusions This paper described the ePerSpace service management platform, designed & implemented within an EC-funded Framework VI (FP6) research project. The platform has global & local service management components, and provides novel personalisation & content adaptation for generic services. By analysing profiles of both the users & the user devices, the system provides personalised service continuity and content adaptation on any user device, anywhere at home or elsewhere. In conclusion, the ePerSpace system provides an ideal platform for health care applications. This paper described some potential applications for health care at home and on the move.
References [1] [2] [3] [4]
ePerSpace: Towards the era of personal services at home and everywhere, EC FP6 Research Contract no.: FP6-506 775. www.ist-eperspace.org. ePerSpace Deliverable D6.2: Specification of EPS Services and EPS Service Management Architecture, EC FP6 Research Contract no.: FP6-506 775, Sep 2004. K. Madani, “ePerSpace Service Management Architecture”, ePerSpace Workshop, Net-atHome 2004 Conference, Nice-France, 30 November 2004. Y. Zetuny, G. Kecskemeti, G. Terstyansky, K. Madani, “Service Management Architecture in ePerSpace”, Eurescom Summit 2005, Heidelberg – Germany, 27 April 2005.
Acknowledgement This document is based on the work carried out in the EU-sponsored collaborative research Integrated Project ePerSpace www.ist-eperspace.org Nevertheless, only the authors are responsible for the views expressed here.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
47
Context-Aware Workflow Management of Mobile Health Applications Alfons Salden a, 1 and Remco Poortinga a a
Telematica Instituut, The Netherlands
Abstract. We propose a medical application management architecture that allows medical (IT) experts readily designing, developing and deploying context-aware mobile health (m-health) applications or services. In particular, we elaborate on how our application workflow management architecture enables chaining, coordinating, composing, and adapting context-sensitive medical application components such that critical Quality of Service (QoS) and Quality of Context (QoC) requirements typical for m-health applications or services can be met. This functional architectural support requires learning modules for distilling application-critical selection of attention and anticipation models. These models will help medical experts constructing and adjusting on-the-fly m-health application workflows and workflow strategies. We illustrate our context-aware workflow management paradigm for a m-health data delivery problem, in which optimal communication network configurations have to be determined. Keywords. Workflow management, context awareness, m-health
Introduction Amongst others our aim is providing a framework to medical (IT) architects and developers that allows them to design and implement architectures that can tackle simultaneously run-time and design-time application management problems existing in future pervasive communication and computing environments. In this respect adequate context-aware application workflow management is indispensable to attentively and proactively handle rising application context, life-cycle and workflow management issues. We propose and illustrate a novel application workflow management (AWM) paradigm that can handle such issues. Applications need to be more than merely adaptable to organizational and technological facts and policies. Adaptable applications or services need sophisticated application or service management given changes in security, safety, availability, performance, scalability and sustainability demands of customers. This is true in particular in a medical domain, in which networks of professional caregivers, relatives, and systems are very complex, and continuously change. The question arises how medical practices can be sustained or even improved, while organizations, information, 1
Corresponding Author: Alfons Salden, Telematica Instituut, P.O. Box 589, 7500 AN Enschede, The Netherlands; E-mail:
[email protected]
48
A. Salden and R. Poortinga / Context-Aware Workflow Management
communication and computing systems and their inter-working alter so frequently and so considerably. For example: work items of a nurse or doctor often change over time and so do the medical systems they use for offering care to their patients. Furthermore, the medical practices change themselves: lining up professional caregivers and relatives for monitoring and treatment of ambulant epileptic patients requires additional advanced support systems with the advent of wireless applications and services. Such remote medical care expects support by not only a medical workflow system that merely executes batch jobs, but also a workflow management system. Latter management system should balance medical quality, e.g. security, and performance issues, against costs not only during an operational phase when an application or service has to be adapted to a particular context (according to a fixed medical protocol), but also during a transition phase when inter-working among professional caregivers, relatives and systems alter (medical protocols change). It does so by supporting creation, adaptation, or termination of workflow systems or instances thereof: it allows manual or automated updating of workflows as well as workflow strategies given the above-mentioned types of changes. Unfortunately, workflow systems and workflow management systems are often confused in the health care domain [1]. Medical practitioners usually interact with a workflow system, not being aware that a workflow management system is used to design and implement it. Such a management system allows flexible adaptation of a workflow system to a (new) medical context, and easy monitoring, maintaining, and transformation if organizational and technological changes demand so. In short, a workflow management system allows a medical expert to create, execute, monitor, and edit a workflow system, workflows and workflow strategies. It allows also workflow management customization to reflect (changing) clinical needs, personal preferences, and organizational requirements. The Workflow Management Coalition2 and the Global Grid Forum (GGF)3 are two initiatives that deliver already quite some of the above-mentioned needed application management support. The Workflow Management Coalition specifies a framework for workflow systems, identifying their characteristics, functions and interfaces; standardizes interface between process and modeling tools and work flow engine(s); standardizes Application Programming Interfaces (APIs) for client applications to request the workflow engine to control the progress of processes, activities and work-items; standardizes APIs to allow the workflow engine to invoke a variety of applications, through common agent software; defines workflow interoperability models and the corresponding standards to support interworking; and defines monitoring and control functions. Therewith (medical) organizations can already significantly standardize their workflow management services. Unfortunately, up to now the solutions developed by the Workflow Management Coalition only provide basic workflow management facilities for quite static applications or services offered by providers. The Global Grid Forum (GGF) specifies an Open Grid Services Architecture (OGSA). On the one hand, this Open Grid Services Architecture (OGSA) may facilitate application or service component processing, distribution and coordination. On the other hand, it may help application or service component data communication and storage across heterogeneous, geographically dispersed environments. Therewith 2 3
http://www.wfmc.org/ http://www.gridforum.org/
A. Salden and R. Poortinga / Context-Aware Workflow Management
49
(medical) organizations can optimally use, share, and align their autonomic agents (artificial or human) for delivering health care services whenever large or critical workloads arise. Thereto, workflow management solutions, like Globus [2], already provide support for job check pointing, job migration, portability, matchmaking of resource requests and offers, ranking of resource requests and offers, and job recovery and reporting. Last but not least, OGSA will also provide the glue between the physical and logical resource layer, the middleware layers, manageable dynamic Web services, and grid services and applications consistent with Service-Oriented Architectures (SOAs). However, current AWM solutions did not foresee that facilities are needed for application-specific dynamic adaptation of workflow management strategies and workflows at design- and run-time. This certainly holds for future m-health and office applications running on top of an ambient intelligent and pervasive computing environment. AWM is especially crucial when adaptive application and service components have to be amalgamated in an ad-hoc setting to context-aware m-health applications or services. Concurrent Constraint Transaction Logics (CCTL) [3] may be employed to dynamically compose components to such applications or services at run-time. In particular, CCTL may ensure then that workflow (pre-) scheduling process satisfies application or service-specific temporal ordering and resource allocation constraints. Constructing CCTL for AWM purposes requires a lot of handcrafting: eventcondition-action rules have to be manually specified. But viable and sustainable context-aware mobile application or service composition continuously needs real-time empirical modeling of the characteristics and the performance of dynamic network resources delivering such an application or service, and their management. Therefore, next generation AWM systems have to be able to interpret application context; to distil and to assess application workflow management models on the basis of a history of application contexts including information about the performance of the applied application workflow management possibly indicated by customers; to store, to update, to select and to delegate instances of those models in terms of e.g. CCTL; and to provide a problem solving environment to medical (IT) experts by which they manually or automatically can design, test, validate and deploy novel new workflows and workflow strategies. Our application workflow management paradigm just envisions providing such functional architectural support. The paper is organized as follows. In section 1, we present a futuristic m-health application management scenario that clearly demonstrates the need for sophisticated application workflow management support. In section 2, we propose an application management architecture that enables adapting m-health application or services to the various types of context changes foreseen in the scenario. In section 3, we focus on learning and selecting context-aware application workflow management models at runtime. In section 4, we show how application workflow management at design-time can tackle m-health data delivery problems especially when communication network characteristics or technologies alter. We conclude with section 5 wrapping up and spending some thought to future work applying our application workflow management paradigm to the m-health domain.
50
A. Salden and R. Poortinga / Context-Aware Workflow Management
1. A motivating m-health scenario We foresee a scenario in which context-aware, attentive, and proactive workflow management system support will be critical for optimally aligning and adapting mhealth applications or services to the contexts of patients, health-care professionals, and caregivers. The next scenario illustrates in particular the virtues of Application Workflow Management (AWM).
Dr. Salva manages Mr. H. Voorbij’s epilepsy Mr. H. Voorbij has been temporarily hospitalized in the Amsterdam Medical Centre (AMC). Dr. Salva diagnosed Mr. H. Voorbij to suffer from epilepsy, and concluded that Mr. H. Voorbij needs both tele-monitoring and tele-treatment of his seizures by means of the so-called ‘EpiResolver’. This mobile system can monitor and control the seizures of Mr H. Voorbij on behalf of Dr. Salva. By means of the ‘Sustained-E-Health Application Management System’ Dr. Salva sets up and adjusts a patient-specific ‘EpiResolver’ protocol for monitoring and treating Mr.Voorbij’s epileptic seizures. The ‘EpiResolver’ and the ‘Sustained-EHealth Application Management System’ will see to it that those workflows are executed. Dr. Salva does not need to bother about changes in e.g. the communication network infrastructure supporting the ‘EpiResolver’ and the ‘Sustained-E-Health Application Management System’. This allows Dr. Salva to focus on Mr. Voorbij’s medication, i.e. user service management. Today Dr. Salva will hand-over the ‘EpiResolver’ to Mr. H. Voorbij. The ‘EpiResolver’ consists of a mobile unit with various communication network interfaces, a body-area network of ECG, EEG, and movement sensors, and a Nervus Vagus Stimulator to counteract seizures. Dr. Salva inserts the medical protocol on both the ‘Sustained-E-Health Application Management System’ and the ‘EpiResolver’. Dr. Salva is not interested in the precise mobile communication network capabilities of relatives of Mr. H. Voorbij. Nevertheless, he wants to be sure that such capabilities are sufficient for timely notification of his relatives, so they can provide Mr. H. Voorbij the necessary medical-social care when needed. Furthermore, Dr. Salva does not want to figure out whether the Monitoring and Treatment Model can run on the ‘EpiResolver’. The ‘Sustained-E-Health Application Management System’ should notify him if it is not the case, and should preferably recommend in advance a list of models that can run on the EpiResolver. Thus a medical IT expert has to create most of the application management support needed by Dr. Salva.
2. Application Management Architecture An Application Management Architecture (AMA) should be able to decide when, which, and how adaptive application components should be selected, composed, parameterized, and executed, based on application specific contexts and applicationdomain specific service policies or protocols. Management process frameworks can provide a generic, hierarchical classification and identification of management
A. Salden and R. Poortinga / Context-Aware Workflow Management
51
concerns for such purposes. However, these frameworks are just conceptual models of network and service infrastructures. They do neither empirically model nor ground AMA since they do not address the design-time and run-time performance issues of real-time applications or services. Therefore, we functionally decompose our AMA on the basis of a mathematical physical and logical framework underlying ambient intelligent environments [4]; this framework can be used in sustaining e-business collaboration (see Figure 1). Medical Expert
Application Workflow Management
Application Context Management
Application Lifecycle Management
Generic and Domain-Specific Network and Service Architecture
Figure 1. Application Management Architecture (AMA)
On the basis of a requirements analysis [5] and our framework, AMA breaks down into: x
4
Application Context Management (ACM) that stores, indexes, and distributes relevant generic and domain-specific application context. Application context does not only relate to the physical state of the patient (which is domain specific context), but also involves, among others, the location, presence, and availability of patient, health professionals, and caregivers (where location, presence, and availability are generic in nature). The combination of such context with the mhealth application and other services makes such data and information domain specific. Other generic context that may be used is related to storage, computing, and communication network resources, like (wireless or fixed) communication network connectivity between BAN and care centre. Again, such context information in itself is generic; it is the combination that makes it domain specific. As an example: context information related to the offered QoS or QoC by a network and checking whether the delivered qualities are inline with a Service Level Agreement (SLA) or Context Level Agreements (CLAs) is generic 4 . However, the SLAs and the CLAs that a medical application uses are domainspecific. Application contexts may in addition involve the update, extension, or introduction of medical protocols whenever the organization and the level of telecare and treatment improve. This is certainly true for technological advances
SLAs and CLAs are negotiated between the client (user, super-scheduler, or broker) and the scheduler of a context-aware service provider, and may be re-negotiated at runtime. Both they are bilateral agreements between a service or context provider and service or context consumer. They form natural representations of parts of contracts concerning individual services. For example, they can include acceptable start and end time bounds and a simple description of resource requirements.
52
x
x
A. Salden and R. Poortinga / Context-Aware Workflow Management
allowing remote personal care and treatment. The medical protocol is then personalized for each individual patient. Such a protocol can explicitly state how to process EEG, control body functions, and when to alert caregivers, e.g. when a typical seizure of the patient is due. Moreover, such a protocol can specify how to adapt the personal medical tele-care and treatment application if, over time, the health situation of a patient alters. Application Workflow Management (AWM) that (re)-allocates work over health care professionals, relatives, patients, and medical systems as effectively and efficiently as possible, based on past, present and future application contexts. Workflow management problems are quite hot topics in grid computing at a generic service and network infrastructural level [6]. In grid computing workflow management strategies are mainly based on, and steered by, dynamic resource characteristics like load and throughput. Grid computing provides many solutions to existing dynamic storage, communication, and computing network load problems. However, the problem of anticipating undesirable application contexts and that of attentive selection of suitable strategies of application workflow management is still unresolved for Grid computing. For example, assume that, via the domain-specific and generic network infrastructure, application management becomes aware of a probable backbone communication network outage. It can send an alarm to both the health care centre and to the patient. Subsequently, the anticipatory components may proactively help manage the application components by recommending new workflow schemes to the attentive selection component. If the battery power on the device is high enough then the attentive selection component may opt to ‘migrate’ the processing of ECG data from the back-end server at the health-care centre to the mobile device of the patient. It is quite clear that these attention and anticipation problems need domain-specific insights, as the adaptation of the application components requires knowledge about domainspecific application context criticalities, such as QoS and QoC; both at the patient as well as at the health care professional side [5]. Application Life-Cycle Management (ALCM) that looks after the creation, deployment, monitoring, adaptation, provisioning, and termination of the adaptive application components, like GUIs for the different professional caregivers, and seizure predicting applications for patients with different types of epilepsy. These components implement parts of business processes and are monitored and controlled by ALCM. Besides this ALCM also manages (and executes) workflow systems, based on domain-specific context information. These workflow systems, which are sets of complex distributed systems, can be separated from ALCM, but are not because the availability and proper performance of such execution engines may require very domain specific policies.
AWM serves adaptation of application components and/or the chaining of application components. An expert system can realize AWM with contexts as input and (adjusted) workflows for adaptive application components as output. An EventCondition-Action (ECA) rule system, obeying certain SLAs and CLAs, can in turn trigger or execute the context-dependent workflows. However, AWM is subject to scientific and technological advancements made and higher performance requirements imposed. Scientific insights and technological innovations force a responsible party, like Dr. Salva or a medical IT expert, to modify, restructure, and reorganize the overall (medical) protocol.
A. Salden and R. Poortinga / Context-Aware Workflow Management
53
Thereto, neither Dr. Salva nor a medical IT expert need to continuously adapt AWM schemes for switching workflow strategies or adjusting workflows; they could use those schemes that are distilled upon e.g. reinforcement learning and stored in a repository. But both Dr. Salva and a medical (IT) expert have still to check whether the schemes handle properly amongst others the following issues: x x x x x x
When, or why, should delegation be triggered? Who, or what, should trigger delegation? What should be delegated? To whom, or to what, should work be delegated? Within which time frames should delegated work be scheduled and accomplished? How to account for policies stipulated in contracts like SLAs and CLAs before and during delegation?
Application management in our m-health scenario involves distributed multimodal sensor, control, and actuator networks for monitoring, treating, and providing care to a patient. As the characteristics, like availability and delays, of such networks change during operation, Runtime Medical Workflow Management (RMWM) should be automated as much as possible. Furthermore, if novel types of networks with other performance characteristics have to be introduced in the m-health domain, then a medical IT expert must at design-time have an interface to manually perform Medical Protocol Development (MPD) at his disposal (see Figure 2). Of course, such technical work should not hamper nor overrule medical protocols inserted by Dr. Salva: they merely should support such protocols or only change technical related medical protocols on behalf of Dr. Salva – medical (IT) professionals should stay in control. In the following sections we elaborate on both RMWM and MPD.
GUI
Medical Protocol Development
Runtime Medical Workflow Management
AWM
Application Context Management
Context Access Service
Application (Lifecycle) Management
Application Connectivity Management
ECA Controller
Generic Awareness Services
Figure 2. AWM covering RMWM and MPD.
54
A. Salden and R. Poortinga / Context-Aware Workflow Management
3. Runtime Medical Workflow Management The RMWM functional architecture depicted in Figure 3 is based on the functional architecture for contextual personalization of mobile multimodal applications and services developed in the MobiLife project [7]. Most of its components, i.e. Interpreter, Selector, Delegator and Repository, are involved in the execution of the right workflows management models based on the current application contexts. A separate Learner component is introduced to distill optimized RMWM models given changes in the historical application context data, including data about the performance of RMWM actions.
Context
Interpreter
Selector
Learner
Generic Awareness Servic es
Delegator
Repository
Medical Protocol D evelopment
Figure 3. RMWM architecture.
Figure 4 shows the main interactions between the different components in RMWM, ACM, and the Generic AWARENESS Services (GAS) [5].
Interpreter
ACM
Learner
Repository
Selector
Delegator
GAS
Context interpret Context getRelevantData Context getRelevantData
selectedWorkflows
getHistory
getWorkflows
execute
learn update
ACM
action
RMWM
GAS
Figure 4. Flow from ACM through RMWM to GAS.
In the following paragraphs the RMWM component functions and responsibilities are further detailed. In particular, the Selector is elaborated on, because it will embed and embody both the attentive and anticipatory functionalities. Latter functionalities use context-aware application workflow management metrics that depend on QoC and QoS measures of enabling networks. Finding such metrics we consider critical in optimizing m-health application or service provisioning at either run- or design-time.
A. Salden and R. Poortinga / Context-Aware Workflow Management
55
3.1. Interpreter The Interpreter relates and processes different bits and pieces of application context data coming from ACM in order to obtain one consistent RMWM view. It performs fairly simple operations in order to arrive at semantically meaningful application context information for workflow management purposes. E.g., the Interpreter resolves issues such as the whereabouts of caregivers or professionals, and who is available in the vicinity of patient ‘Mr. H. Voorbij’, who is currently ‘sporting in the park; ‘having a seizure’; ‘having low network connectivity’; ‘having mobile device with low battery power’. The Interpreter stores this context information as part of an RMWM view into a history database management system for the Learner, and pushes the current view – if needed – to the Selector. The Interpreter retrieves RMWM specific interpretation schemes from the Repository in order to ground the application context data. Most of the individual operations needed to retain the desired application context information, such as the whereabouts of caregivers and professionals and their distance from ‘Mr. H. Voorbij’, are carried out by GAS. However, solely the Interpreter knows how to make sense of application context data for RMWM; GAS is not responsible for this and stays unknowledgeable, unless the hospital decides to outsource such patient database management system functions to Trusted Third Parties (TTPs). 3.2. Selector The Selector selects the appropriate workflow and workflow strategies from the Repository based on the current application context interpretation provided by the Interpreter. The application context specific rules for selection are also stored in the repository, and can be modified. The information about the selected workflows is passed by the Selector to the Delegator for further processing and execution. The Selector uses so-called context-aware RMWM metrics to decide which RMWM strategies to follow or to adjust, and consecutively which workflows or workflow adjustments ALCM has to launch or to adapt on behalf of the Selector. The RMWM strategies in particular concern how to attend to, and anticipate, application context changes. In turn they concern how to proactively adapt or adjust themselves or the workflows given such context changes. Thus there are RMWM metrics for workflows as well as for strategies. The context-aware RMWM metrics for workflows relate to metrics based on QoC and QoS dimensions of the (enabling) service provisioning chains or networks [8]. They can be expressed in terms of (perceived) QoC and QoS levels relative to those levels specified in application-specific SLAs and CLAs, respectively, thereby providing selection schemes for workflows. The context-aware RMWM metrics for strategies relate to performance metrics for workflow strategies, given certain classes of dynamic application specific context changes. Interpreting the application context data and learning how to rank the effectiveness and efficiency of such strategies in an application context specific manner provides selection schemes for workflow strategies. Thus these selection schemes retrieve relevant data (facts and rules) from the Repository for adjusting or following new context specific workflow strategies, and request the Delegator to fetch (adjusted or adapted) workflows from the Repository in line with the application context (changes). In order to make this more explicit we
56
A. Salden and R. Poortinga / Context-Aware Workflow Management
define in the following paragraphs suitable metrics and selection schemes for both workflows and workflow strategies. 3.2.1. Metrics QoC models for context-aware application or service provisioning can provide computational models for context-ware RMWM workflow and workflow strategy selection schemes. As a basis for a context-aware RMWM metric we take a cost measure : on the space of workflows W and workflow strategies W S o W ' . Examples of such cost measures are Quality of Context (QoC) dimensions, like availability, freshness and service costs – they have a direct impact on the perceived QoS of a context-aware m-health application or service. The context-aware RMWM metric thus can serve as a slot machine taking workflows and workflow strategies on dynamic network topologies as inputs and producing a related cost as output. In general, however, Quality of Context (QoC) dimensions are incommensurable they cannot be physically compared – and compete even during RMWM. If e.g. availability for a specific network configuration delivering an m-health application or service is maximal, then the freshness for this configuration may be suboptimal or even minimal. Assuming that Quality of Context (QoC) dimensions : i are independent and are assigned m-health application-critical weights wi we readily construe context-aware AWM metrics : :
:( q )
¦ w : (q ) 2 i
2 i
with
S q W or W o W'
(1)
i
Note that we construct the metrics such that minimal metric output for q implies minimal cost for each of the QoC dimensions, and therewith optimal context-aware mhealth service provisioning. Note that Eq. (1) is also applicable in context-aware delegating tasks over human resources [9]. Of course, Eq. (1) may be given extensive accounts after empirically modeling processes like those involved in RMWM. The interested reader we refer to [4] for an in-depth exposition on these matters. 3.2.2. Selection schemes Selection schemes for optimal RMWM workflows and workflow strategies can come about by applying SLA-CLA specific relative metrics:
U : (q)
:(q ) :(q ) SLA / CLA
(2)
Such relative metrics in Eq. (2) induce hierarchies on the space of workflow strategies and workflows. On the basis of these hierarchies the Selector has to:
A. Salden and R. Poortinga / Context-Aware Workflow Management
x
57
Retrieve the physical locations and lifetimes of all resources and thus compositions of resources that momentarily can meet the SLA-CLA specific constraints:
U : (q) >0,1@
(3)
x
Monitor at run-time whether those resources provided still satisfy the SLACLA specific constraints in Eq. (3).
x
Determine, select, and adjust (at run-time) the ensemble of resources that will guarantee the SLA-CLA specific constraints in Eq. (3) to be met not only currently but also in the application-specific critical near future.
This way the Selector ensures that workflows and workflow strategies have relative metric output values in accordance with SLAs and CLAs. Note that the Selector then does not need to search for those workflows and workflow strategies that minimize all individual costs. Such optimization problems may be conflicting; they require settlement between the stakeholders about which application-critical weights to adopt in the SLA-CLA specific relative metrics in Eq. (2). In this respect the Learner can act as a mediating agent trying to resolve conflicts. 3.3. Repository The repository stores interpretation schemes used by the Interpreter, selection schemes, workflow strategies, and workflows used by the Selector, and workflows used by the Delegator. A medical IT expert can upload new interpretation and selection schemes, workflow strategies and workflows via a Medical Protocol Development interface. In particular, such an expert develops novel SLA-CLA specific relative metrics. However, the interpretation and selection schemes, and workflow strategies and workflows in the Repository may be modified or adjusted by the Learner. 3.4. Learner The components described in the previous sections are together able to execute the required schemes, workflow strategies and workflows based on application context. However, they are still rather static in nature and do not evolve over time to adjust to structurally and functionally changing application contexts. In order to adapt RMWM to such changes, the Learner distills prediction models for when, where, why, and whom or what to do in order to arrange adjustments of adaptations of Interpreters, Selectors, Repositories, Delegators, and Learners themselves. RMWM can be viewed as a process, comprised of sub processes: the learner process is one such process. The learner process is responsible for distilling RMWM models. In particular, the Learner distills optimal context sensitive RMWM model instances that are workflow strategies and workflows adjustment and adaptation schemes. Besides these instances the Learner propagates also instances of the anticipatory and selection of attention mechanisms found to be useful to the Repository. This way the Selector can retrieve workflow strategies from the Repository for e.g. attending current application contexts, and anticipating future application contexts.
58
A. Salden and R. Poortinga / Context-Aware Workflow Management
Similarly, the Learner pushes optimal application-context specific workflows to the Repository, where they are later retrieved by the Selector and/or Delegator components. A further exposition on how the Learner acquires RMWM models is out of the scope of this paper; the interested reader is kindly referred to [4] for empirical modeling the Learner process, i.e. how to derive and to rank RMWM model instances. 3.5. Delegator The Delegator is responsible for distributing the selected workflow strategies and workflows over the available network resources including RMWM components. Based on the information from the Selector, the appropriate workflow strategies and workflows are retrieved from the repository. Next, the Delegator performs all the operations necessary to trigger other GAS components. For a sequence diagram of a possible interaction between RMWM, ALCM and GAS see Figure 5. In this case the Delegator uses ALCM to discover an ECAcontroller in order to execute parts of the workflows.
Repository
Selector
Delegator
ALCM
ECA-controller
selectedWorkflows
getWorkflows
process discover(ECA-controller)
ruleset 1 ruleset 2
RMWM
ALCM
GAS
Figure 5. RMWM interaction with ALCM and GAS.
4. Medical Protocol Development Analogously, MPD can be tackled by distilling optimal design metrics. Such metrics can be based on fitness, utility, and sustainability measures [4]. They can qualify and quantify the soundness, effectiveness, usability, scalability and sustainability of AWM architectures [10]. In the sequel we illustrate when and how we could make use of such a MPD environment. Freshness and availability play critical roles during selection phases of network resources for context-aware m-health application and service provisioning [8]. Freshness depends on the latencies in networks, while availability depends on their Mean Time Between Failures and their Mean Time To Repairs. These Quality of Context (QoC) dimensions refer to characteristics of storage, computing, and
59
A. Salden and R. Poortinga / Context-Aware Workflow Management
communication networks, and those of applications and service components living on top of these networks. The Selector has to choose amongst alternative communication network configurations the ‘best’ ones by means of SLA-CLA specific relative metrics Eq. (2). As an example, in Figure 6 a Front_End may select either Bluetooth or ZigBee links for transferring vital sign data from a Front_End to a Mobile Base Unit (MBU). The MBU in turn may select 802.11, GPRS, or UMTS communication links to transfer the data to the Back-End system. One can distinguish 6 possible configurations of links that can be used to transfer the vital sign data. Freshness and availability have different application-critical SLA-CLA specific relative metrics Eq. (2), which the Selector adopts to rank and to choose amongst the different alternatives of communication network configurations for transferring the vital sign data.
S1
802.11
BlueTooth
S2
FrontEnd
Sn
GPRS
MBU
BackEnd
ZigBee UMTS
Patient’s Body Area Network (BAN)
HealthCare Portal
Figure 6. Selection of optimal communication paths for vital sign data delivery.
These application-critical weights in those metric may change due to advances in network communication means. In such a case a medical (IT)-expert should be able to manually specify new weights such that RMWM can rapidly bootstrap the application context changes and self-organize its subcomponents accordingly (see Figure 7). Similarly, the introduction of a new medical protocol for detecting epileptic seizures may require manual adjustments of RMWM by a medical IT expert.
MPD
Healthcare professional
Repository
ACM
ECA controller
ALCM
Deploy getWorkflow workflow subscribe(ECArule1) subscribe(ECArule2) subscribe(ECArule#) discover etc instantiate etc
AWM
GAS
ACM
ALCM
Figure 7. Medical expert adjusting medical protocols i.e. are workflows or workflow strategies.
60
A. Salden and R. Poortinga / Context-Aware Workflow Management
5. Conclusions and Future Work Context-aware application workflow management is indispensable to overcome future complexity issues arising in the m-health application and service provisioning domain. Our architecture together with our mathematical physics and logical framework not only support the patient, but also other stakeholders in medical value networks, e.g. physicians and insurance companies. They provide support for empirical modeling, implementing and sustaining m-health applications or services, such that those complexity issues can be effectively tackled. Empirical network modeling is a must in order to meet the future m-health application management requirements. Logging, processing and interpreting application contexts and assessing the performance of m-health application workflow management architectures and their realizations in a pervasive communication and computing environment are really necessary. Distilling the right network performance metrics [11] for application workflow management of potential context flow graphs or networks [8] is another requirement. Our aim is to apply our mathematical physics framework for natural anticipation and selection of attention [4], such that we can ground, learn and retrieve those metrics. Another field, in which we intend to apply our application workflow management paradigm, is that of tele-care for elderly persons with dementia and their caregivers. Currently we-centric, context-sensitive service bundles are amalgamated in the FRUX Health Care pilot using a so-called dynamic interactive social chart for dementia care [12]. This chart covers various heath-care domain specific, ICT, individual user and organizational aspects, and is expressed in terms of a domain-specific ontology [13]. Although service dependencies are looked after very well, sensible means for sorting and learning how to compose service bundles on the basis of non-functional service aspects, like costs or trusts, are still unavailable. In an upcoming paper, we will show how our paradigm, when taking advantage of e.g. service cost and service reputation aspects indicated by users with respect to context flow graphs or networks, generates on the one hand the right application workflow management metrics, and on the other hand the appropriate context-sensitive we-centric service bundles for tele-care. References [1] [2] [3] [4] [5]
[6] [7]
W. Andrew and R. Bruegel, Workflow Management and the CPR, Advance for Health Information Executives, 6, (2003), 49-58. I. Foster and C. Kesselman, Globus: A meta-computing infrastructure toolkit, International Journal on Supercomputer Applications, 11, (1997), 115-128. P. Senkul, M. Kifer, I.H. Toroslu, A Logical Framework for Scheduling Workflows Under Resource Allocation Constraints, Proceedings of the 28th Very Large Data Bases (VLDB) Conference, Hong Kong, China, (2002), 694-705. A. Salden and M. Kempen, Sustainable Cybernetics Systems – Backbones of Ambient Intelligent Environments, P. Remagnino, G.L. Foresti and T. Ellis (Eds.), Ambient Intelligence, Springer, 2004. A. Salden and R. Poortinga, D4.8: Medical Application Management - Context-Aware Workflow Management is a Must, FREEBAND Communication, AWARENESS, Enschede, The Netherlands, December 2005. J. Nabrzyski, J.M. Schopf, J. Weglarz, (Eds), Grid Resource Management, Kluwer Publishing, 2003. A. Salden, R. Poortinga, M. Bouzid, J. Picault, O. Droegehorn, M. Sutterer, R. Kernchen, C. Räck, M. Radziszewski and P. Nurmi, Contextual Personalization of a Mobile Multimodal Application, Proceedings of the 2005 International Conference on Internet Computing, Monte Carlo Resort, Las Vegas, Nevada, USA, (2005), 294-300.
A. Salden and R. Poortinga / Context-Aware Workflow Management
[8] [9] [10] [11] [12]
[13]
61
I. Widya, B.-J. van Beijnum and A. Salden, QoC Computational Models for a Sensor-based Context Provisioning Service, submitted to IEEE Int. Conf. on Service Computing 2006. B. Kiepuszewski, A. ter Hofstede and W. van der Aalst, Fundamentals of Control Flow in Workflows, Acta Informatica, 39, (2003), 143-209. M. Marzolla, Simulation-Based Performance Modeling of UML Software Architectures, PhD Thesis, Dipartimento di Informatica, Università Ca' Foscari di Venezia, 2004. N. Gunther; The Practical Performance Analyst, Lincoln, Nebraska: iUniverse.com Inc, 2000. R.M. Dröes, F.J.M. Meiland, S. Doruff , I. Varodi, H. Akkermans, Z. Baida, E. Faber, T. Haaker, F. Moelaert, V. Kartseva and Y.H. Tan, A dynamic interactive social chart in dementia care, Medical and Care Compunetics 2, 114, Studies in Health Technology and Informatics, IOS Press, (2005), 210220. Z. Baida, J. Gordijn, H. Sæle, H. Akkermans and A.Z. Morch, An Ontological Approach for Eliciting and Understanding Needs in e-Services, Proceedings of The 17th International Conference on Advanced Information Systems Engineering, 3520 Lecture Notes in Computer Science, (2005), Porto, Portugal, 400-414.
Acknowledgement This work was carried out as part of the Freeband Awareness project (http://awareness.freeband.nl). Freeband is sponsored by the Dutch government under contract BSIK 03025.
62
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Health Inequalities and Emerging Themes in Compunetics M. Chris Gibbons, MD, MPH Associate Director, Johns Hopkins Urban Health Institute Johns Hopkins Medical Institutions1
ABSTRACT Inequalities in health have been documented for hundreds of years. The causes of these inequalities are complex and related to social, medical, environmental, class, healthcare system and behavioral determinants. Currently governments and healthcare systems are struggling to effectively reduce these differences. In addition, the number of individuals with chronic diseases is rapidly growing, particularly in developed nations. Most of the care needed for effective management of these chronic diseases is performed outside of the hospital setting by non-physicians. However the world’s healthcare systems are primarily oriented toward acute, hospital based emergency care and therefore currently largely unable to effectively and consistently provide high quality care to every person.
Recent developments in the computer industry have led to major advances in scientific research capabilities and in like manner will, in the future, likely enable significant advances in the field of compunetics. By enabling the instantaneous capture and utilization of large amounts of diverse data, IT will facilitate a population level orientation in compunetics in addition to the current focus on individual patient applications. Similarly the development of behavioral compunetics or a focus innovative uses of technology to influence health behaviors of patients and physicians are on the verge of occurring. In so doing, these and other advances in compunetincs may significantly increase our ability to provide high quality community oriented care, improve the health of individuals and populations and thereby help reduce health inequalities. Keywords Health inequalities, Computers, Behavior, Chronic disease
1. Inequalities have been well documented Inequalities in health have been documented in Europe at least since the late 17th century when mortality differentials were demonstrated among different occupational classes then living in Geneva [1]. About the same time in Britain, infant mortality gaps were noted between infants born to mothers living in urban London and those born to mothers living in the surrounding countryside [1]. By the eighteenth century several reports from church records and various government documents provide evidence of significantly longer life expectancy among the ruling classes in comparison to the general population in Vienna, Berlin and Britain [1]. 1
111 Market Place, Suite 850, Baltimore, MD, 21202, [410] 895-1104 – v, [410] 895-1111 - fax
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
63
The agricultural and industrial revolutions which began in the 18th century only served to heighten these problems as large segments of land became fenced off private farmland, no longer available to many people who previously had been subsisting on them. Soon many of these rural individuals and their families became destitute and fled to the cities in search of needed food and employment. At the same time significant expansion of the factories in the industrial centers and innovations in the automobile industry created a demand for a large number of factory workers willing to live in the city [1].The resulting mass movement of individuals from rural to urban areas was at first embraced by many, but soon led to urban slums where large numbers of people lived and worked in health damaging circumstances where the conditions were ideal for the rapid spread of disease and disability [1]. These events led to several legislative and policy initiatives such as the British Public Health Act of 1848 and later the creation of State Boards Health in Britain, Germany, France and the US [2]. These efforts were designed to improve the quality of drinking water, inspection of food, reduction in pollution, improve the management of sewage and improve housing conditions for the working classes [2]. Although significant improvements in longevity and adult mortality did occur after the implementation of these legislative initiatives, problems in many other areas such as infant mortality continued until the 20th century [1]. Evidence on social inequalities and of inadequate access to health care in Britain led to the assessment in the mid-1970s that health inequalities in England was the cause of a general slipping behind some other countries in health improvement [3]. In 1980, Sir Douglas Black published a report entitled The Report of the Research Working Group on Inequalities in Health. This report, authorized by the British Government, studied and attempted to explain trends in inequalities in health and to suggest policy solutions to address these problems [3]. A follow up report chaired by Sir Donald Acheson in 1997, detailed the persistence of health inequalities in Britain despite almost 2 decades of policy and legislative action [3] .
2. The causes of Inequalities are complex and interrelated While evidence continues to mount documenting the fact that between socially disadvantaged and affluent populations, males and females, and people from different ethnic groups’, health inequalities continue to exist and in some cases grow, broad consensus does not yet exist as to the fundamental causes of these inequalities. Clearly health inequalities affect people at all stages of life and across different geographic areas. In part, this reflects the multiple problems of material disadvantage facing some communities. Unfortunately these differences appear to begin at conception and continue throughout life and seem to have an inter-generational predilection among high risk groups [1]. According to Acheson, the weight of the scientific evidence favors a socioeconomic model of health and health inequalities rather than a medical model [3]. This model depicts medical care as an important element of a much broader set of factors that affect health outcomes. These include age, sex and personal behavior but also include social and community influences, living and working conditions, food supplies and access to essential goods and services including medical care. Finally, there are the economic, cultural and environmental conditions prevalent in given society as a whole that may significantly impact health outcomes [3]. The findings of
64
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
this report led Acheson to conclude that the major determinants of health status in populations go far beyond factors related to healthcare and include poverty, education, employment, housing conditions, mobility/transportation, Food/nutrition, Age, ethnicity and gender. This early conceptual work has laid the foundation for a significant amount of scientific inquiry attempting to elucidate the cause or causes of health inequalities. Although considerable debate continues to exist, it is clear that the causes of health inequalities are multifactorial, interrelated and complex. Several large reports from both European and American authors provide convincing evidence that health inequalities are related to social, economic and environmental factors as well as ethnicity, access and utilization of medical care among the poor and non-poor. Using examples from social and medical sciences of USA, Britain, Japan and Eastern Europe, Richard Wilkinson asserted that neither genetics, behavioral risk factors or healthcare factors fully explain inequalities, rather the evidence suggests a social and economic explanation [4-7].
3. Contemporary Healthcare In both the US and UK growing proportions of the population are living with chronic diseases. Approximately sixty percent of UK citizens and 50% of US citizens report having at least one chronic disease [8;9]. These numbers are expected to only grow in the near future. Fragmented healthcare delivery systems and significant proportions of individuals with multiple comorbid conditions contribute directly to both poor quality care, unnecessary medical errors and poor patient outcomes [8;9]. In addition, the healthcare systems of both countries have historically been oriented toward acute episodic inpatient treatment, and as such, have only limited ability in their current configurations, to respond adequately to these growing concerns. Contemporary healthcare systems have been characterized by some as anachronistic and built on a 19th century notion of acute threats to health that need rapid response to achieve resolution [8]. Indeed, even the World Health Organization suggests that healthcare systems worldwide are struggling to meet the needs of populations suffering from chronic diseases [8]. In a now classic paper entitled “Inequality in Quality”, Fiscella posits that healthcare quality and inequalities [disparities] in healthcare are in fact related to each other. He further contends that national efforts to eliminate inequalities and those to improve the quality of contemporary medical care represent two inseparable components of high-quality healthcare for all citizens [10]
4. Emerging themes in compunetics Unlike any other time in history, health professionals recognize that a significant portion of their activities involve the management of information. As such, information technology has become central to health communication, research and practice [11]. To date, drug databases may be searched in seconds for potential drug interactions, electrocardiograms are analyzed via computers and patients vital signs are constantly monitored in the intensive care units and operating rooms by computers [11]. Advanced decision support and telemedical tools, electronic health records, electronic
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
65
patient records, computerized physician order entry systems, remote sensing, early detection and advanced warning systems are being developed that promise to significantly impact medical care in ways that are currently only imaginable [11]. Even the fields of Medical Informatics, Bioinformatics, eHealth and Compunetics themselves have all undergone rapid evolution and expansion over the past few years. While this unprecedented evolution in the information sciences is indeed exciting and offers significant potential for improvements in healthcare in the future, among developed nations, it is the changing nature of health and medical practice itself that is the most revolutionary. This shift from acute, inpatient treatment to chronic, community based, guided self care and health risk management will demand unique advances from the information technologies. Effective chronic care, unlike acute treatment oriented care, is a much more collaborative process between patients and providers. It involves a much larger reliance on provider directed self care and community based health risk management, disease management, care coordination, and care facilitation. Much of this community based care will be provided by non-physician family members friends and associates [8;9]. In a similar fashion, effectively addressing inequalities will require innovative collaborative approaches that address patient factors, provider factors, healthcare system factors and relevant environmental factors [1;3;4] While the magnitude of quality and inequality problems combined with the relative failure of past efforts to improve these inequalities represent daunting challenges, recent and impending advances in information technology and compunetics offer significant opportunities for improvement the provision of high quality medical care and the reduction in inequalities [12]. If governments and healthcare systems are to reap the maximum potential the field of compunetics has to offer, more work will need to be done in several key areas. The first emerging theme in both medical care and compunetics is development of a robust population perspective in addition to the more traditional medical model of individualized medicine. Historically the population perspective has largely occupied the domain of Public Health, while individualized health issues belonged to medical care [11]. Even today, some have suggested that the intersection of population health and informatics be characterized as Public Health Informatics and remain a distinct entity from clinical or medical informatics [11]. Given the general preponderance of practitioners trained in the medical model and the relative paucity of those formally trained in a population perspective, this thinking is understandable. In fact, in the past, this distinction may have even made sense given the dichotomization of these fields particularly in the US. However, the impending shifts in the very nature of medical care away from individualized care to that of care that not only predominately occurs in communities, but also recognizes the neighborhood and community contributions to health outcomes that exist beyond individual and genetic factors. While genetic factors exert substantial influence on the risk of developing disease and or disability among individuals, most people with increased risk do not actually become ill until one or more environmental, cultural or socially determined behavioral factors come into play. Indeed, very few diseases are caused solely, entirely and only by heritable genetic factors. Obviously then, the number of potential factors existing in the environment that may be important in the ultimate genesis of disease is potentially huge. In addition, synergistic or cooperative interactions among agents with biophysiologic processes may produce effects vastly different from effects that may be exerted by each agent alone. Given this reality, compunetics and other informational and computational
66
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
technologies may offer the only hope of harnessing this vast array of information and using it to understand disease as it exists in populations, and to design the most effective interventions to address the health challenge people face every day, in their communities. New computer based, internet based and internet enabled eHealth solutions may soon permit the real time integrative utilization of vast amounts of behavioral, biological and community level information, in ways not previously possible. Integrative Behavioral algorithms and decision support tools for scientists and clinicians could facilitate the analysis and interpretation of population and individual level data to enable the development of “community [population] arrays” or community-wide risk profiles, which in turn could form the foundation of a new “populomics”. This population level risk characterization could potentially go beyond the limitations of typical surveillance and geographic analyses yielding insights distinctly different from risk stratification based on current methodologies and individual risk factors [12]. Finally, achieving health improvements in whole populations will necessitate interventions that may be distinctly different than strategies employed in the clinic or doctor’s office. This is in part true because many people in a given population may never see the healthcare provider. Thus future healthcare systems that remain dominated by an inpatient based, single patient-provider model, can be reasonably expected to achieve only marginal results at the population level, despite providing high quality care to those individuals able to access this traditional system. The second emerging in the field in Compunetics is that of compunetic supports or facilitators of behavior change [Behavioral Compunetics]. As with the population perspective, behavior change is likely the implicit objective of many working in the field. However much of the current compunetics work appears to either originate from an individualized medical model or be oblivious to the wealth theoretic, experimental and practical scientific knowledge gained regarding individual and population level health behavior change. The existence of health inequalities and it relationship to social factors and ethnic or lower class populations only serves to highlight the importance of this premise. For example, weather or not the public will buy into the notion of compunetic, eHealth or computer based health technologies is still largely unknown. In addition, it appears that for the most part, developers may largely be hoping that high quality advertising, existing health needs or the provision of high quality health information will itself help create significant demand for these products and the patient outcomes they would potentially facilitate. While there may be some truth to this idea, with regards to improving health inequalities operating under this assumption may in terms of return on investment, prove faulty in a best case scenario or catastrophic in a worst case scenario. Knowledge derived from the behavioral sciences will likely provide unique insights that ultimately prove critical to achieving sustained behavior change and to the uptake of computer based technologies, especially among certain populations. For example, while the provision of high quality health information is requisite for informed decision making by both providers and patients, evidence from the behavioral sciences strongly suggests that information alone is insufficient to motivate significant behavior change in many patients, particularly over the long term [13-16]. Behavioral Sciences knowledge can also aid the understanding and addressing of health inequalities. Take for example the case of inequalities among individuals of African descent. In the US various sociocultural factors, including culturally oriented diets and body appearance norms, are being recognized as being contributors to the problems of observed inequalities in obesity, hypertension and diabetes rates [17]. The
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
67
belief that health outcomes are ordained of God and therefore cannot be changed, also referred to as fatalism, has been documented as a cultural factor among AfricanAmericans. [18] It has been noted that this belief as well as culturally determined attitudes and beliefs [myths] may impact decision making among African-American patients and contribute to hypertensive inequalities [19]. African-American men incorrectly described being healthy as being symptom free and as a result, self adjusted their medication usage depending on the existence of “symptoms”. In addition these men considered buying antihypertensive medications a luxury, because of their high cost. They also think that seeking help for hypertension is a sign of weakness or laziness [20]. These attitudes and beliefs may in part also be responsible for the finding of suboptimal medication adherence and inadequate self monitoring of blood pressure among African-Americans [21] Finally, evidence indicates as many as 50% of newly diagnoses hypertensive discontinue use of prescribed meds within one year of diagnosis and up to 50% of the remaining patients do not take their medications as prescribed [22] .Issues of poor medication adherence and inadequate self monitoring of blood pressure are problems in the entire hypertensive population and are especially problematic among African-American patients in the US [20;22-24] Developing remote sensors of blood pressure or glucose levels or any other physiological parameter is one promising approach to early detection of problems that may not be affected by ethnic background. However, given that administration of medical regimens via noninvasive wearable compunetic systems will not be possible for some time to come, interventions to address medication taking behaviors that would work in tandem with remote sensing compunetic devices offer a reasonable approach. Here the following insights from the behavioral literature may provide useful developmental information. The theory of Reasoned Action is a theory of health behaviorism that attempts to explain how individuals make decisions regarding a given behavior. This particular theory appears to best explain health behaviorism among US African-Americans and posits that the most important determinant of behavior is behavioral intent. The two fundamental drivers of behavioral intent are attitude toward performing a given behavior and subjective norms associated with the behavior. Finally attitude is determined by an individuals beliefs regarding a behavior while subjective norms are determined by an individuals perception of whether important referent individuals approve or disapprove of performing the behavior [13]. Among African-American populations, the opinions of referent individuals [those in the personal social networks] from the target population may be considered of equal or greater importance than the outside “expert”. This is in part due to the fact that a significant level of mistrust exists between many African-Americans and the healthcare system. This mistrust impacts the level of African-American compliance with and adherence to medical regimens [2530]. As such, mistrust, misperceptions and myths impede medication compliance among African-American patients. Finally, the finding that medication or disease treatment seeking behaviors are considered a sign of weakness or laziness, may hinder the acceptance of compunetic health applications among this population.
68
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
5. Discussion A systematic focus on behavioral compunetics and employing a population level developmental perspective may prove highly beneficial to overcoming several significant health challenges. As this paper details, several trends, including health inequalities and an increasing need for chronic disease oriented medical care systems portend significant challenges for our current healthcare systems. While the challenges are real, so to are the possibilities and opportunities for compunetic researchers, developers and practitioners to make a difference. Indeed, given the current a projected future need for healthcare systems that can manage large amounts of individual and population level data, and the potential new ways compunetic interventions may enable this data to be utilized particularly in the realms of health inequalities and chronic disease care, it becomes increasingly difficult to envision how we might make significant progress in health inequalities without the involvement of compunetic technologies and strategies.
6. Conclusions Compunetic researchers and developers can play an important and unique role in addressing these problems by collaboratively working with behavioral scientists and public health practitioners to reap the benefits of Behavioral Compunetics and help build the field of Populomics to improve health outcomes in individuals and effectively address health inequalities among populations.
7. Reference List [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
Health Inequalities; Decennial Supplement. Drever F, Whitehead M, editors. Series DS No.15. 1997. London, England, London Stationery Office. Ref Type: Report Amick BC, Levine S, Tarlov AR, Walsh DC. Society and Health. New York: Oxford University Press, 1995. Acheson D. Independant Inquiry into Inequalities in Health. 1998. The Stationery Office. Ref Type: Report Smedley BD, Stith AY, Nelson AR. Unequal Treatment; Confronting Racial and Ethnic Disparities in Healthcare. Washington, DC: National Academies Press, 2003. Marmot MG, Rose G, Shipley M, Hamilton PJ. Employment grade and coronary heart disease in British civil servants. J Epidemiol Community Health 1978; 32[4]:244-249. Marmot M, Ryff CD, Bumpass LL, Shipley M, Marks NF. Social inequalities in health: next questions and converging evidence. Soc Sci Med 1997; 44[6]:901-910. Wilkinson RG. Unhealthy Societies: The Afflictions of Inequalities. New York: Routledge, 1996. Chronic Disease management: A Compendium of Information. 2004. London, England, UK Department of Health. Ref Type: Report IOM Committee on Quality of Healthcare in America. Crossing the quality chasm: a new health system for the 21st century. Washington, DC: National Academy Press, 2001. Fiscella K, Franks P, Gold MR, Clancy CM. Inequality in quality: addressing socioeconomic, racial, and ethnic disparities in health care. JAMA 2000; 283[19]:2579-2584. Medical Informatics. 2 ed. New York, NY: Springer, 2001. Gibbons MC. A historical overview of health disparities and the potential of eHealth solutions. J Med Internet Res 2005; 7[5]:e50. Health Education and Health Behavior: Theory, Research and Practice. 2nd ed. Sanfransisco, CA: JoseBass, 1997.
M.C. Gibbons / Health Inequalities and Emerging Themes in Compunetics
69
[14] Carleton RA, Lasater TM, Assaf AR, Feldman HA, McKinlay S. The Pawtucket Heart Health Program: community changes in cardiovascular risk factors and projected disease risk. Am J Public Health 1995; 85[6]:777-785. [15] Farquhar JW, Fortmann SP, Flora JA, Taylor CB, Haskell WL, Williams PT et al. Effects of communitywide education on cardiovascular disease risk factors. The Stanford Five-City Project. JAMA 1990; 264[3]:359-365. [16] Luepker RV, Murray DM, Jacobs DR, Jr., Mittelmark MB, Bracht N, Carlaw R et al. Community education for cardiovascular disease prevention: risk factor changes in the Minnesota Heart Health Program. Am J Public Health 1994; 84[9]:1383-1393. [17] Watkins LO. Perspectives on coronary heart disease in African Americans. Rev Cardiovasc Med 2004; 5 Suppl 3:S3-13. [18] Kressin NR, Petersen LA. Racial differences in the use of invasive cardiovascular procedures: review of the literature and prescription for future research. Ann Intern Med 2001; 135[5]:352-366. [19] Ferguson JA, Weinberger M, Westmoreland GR, Mamlin LA, Segar DS, Greene JY et al. Racial disparity in cardiac decision making: results from patient focus groups. Arch Intern Med 1998; 158[13]:1450-1453. [20] Rose L, Kim M, Dennison C, Hill M. The context of adherance for african-americans with high blood pressure. Journal of Advanced Nursing 2000; 32[3]:587-594. [21] Chobanian AV, Bakris GL, Black HR, Cushman WC, Green LA, Izzo JL, Jr. et al. The Seventh Report of the Joint National Committee on Prevention, Detection, Evaluation, and Treatment of High Blood Pressure: the JNC 7 report. JAMA 2003; 289[19]:2560-2572. [22] Friday GH. Antihypertensive medication compliance in African-American stroke patients: behavioral epidemiology and interventions. Neuroepidemiology 1999; 18[5]:223-230. [23] Hill M, Bone L, Kim M, Miller D, Dennison C, Levine D. Barriers to hypertension care and control in young urban black men. American Journal of Hypertension 1999; 12:951-958. [24] Artinian NT, Washington OG, Templin TN. Effects of home telemonitoring and community-based monitoring on blood pressure control in urban African Americans: a pilot study. Heart Lung 2001; 30[3]:191-199. [25] Rosenthal EL. The final report of the national community health advisor study. 1998. Baltimore, MD, Annie E. Casey Foundation. Ref Type: Report [26] Earp JA, Viadro CI, Vincus AA, Altpeter M, Flax V, Mayne L et al. Lay health advisors: a strategy for getting the word out about breast cancer. Health Educ Behav 1997; 24[4]:432-451. [27] Bone LR, Mamon J, Levine DM, Walrath JM, Nanda J, Gurley HT et al. Emergency department detection and follow-up of high blood pressure: use and effectiveness of community health workers. Am J Emerg Med 1989; 7[1]:16-20. [28] Hill MN, Bone LR, Hilton SC, Roary MC, Kelen GD, Levine DM. A clinical trial to improve high blood pressure care in young urban black men: recruitment, follow-up, and outcomes. Am J Hypertens 1999; 12[6]:548-554. [29] Hill MN, Han HR, Dennison CR, Kim MT, Roary MC, Blumenthal RS et al. Hypertension care and control in underserved urban African American men: behavioral and physiologic outcomes at 36 months. Am J Hypertens 2003; 16[11 Pt 1]:906-913. [30] Campbell MK, Bernhardt JM, Waldmiller M, Jackson B, Potenziani D, Weathers B et al. Varying the message source in computer-tailored nutrition education. Patient Educ Couns 1999; 36[2]:157-169.
70
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Integrated Multimedia Medical Data Agent in E-Health P. Di Giacomo 1, Fabrizio L. Ricci 2 and Leonardo Bocchi 3 University “La Sapienza” of Rome – Center for Biomedical Research 2 National Council of Research – Rome (Italy) 3 University of Florence (Italy)
[email protected]
1
Abstract. E-Health is producing a great impact in the field of information distribution of the health services to the intra-hospital and the public. Previous researches have addressed the development of system architectures in the aim of integrating the distributed and heterogeneous medical information systems. The easing of difficulties in the sharing and management of medical data and the timely accessibility to these data is a critical need for health care providers. We have proposed a client-server agent that allows a portal to the every permitted Information System of the Hospital that consists of PACS, RIS and HIS via the Intranet and the Internet. Our proposed agent enables remote access into the usually closed information system of the hospital and a server that indexes all the medical data which allows for in-depth and complex search queries for data retrieval. Keywords. System interoperability; XML; XSLT; Multimedia Database; E-Health
Introduction E-Health can be viewed as an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered or enhanced through the Internet and related technologies, as described in ([1]). The main improvements the E-Health raises are the improving care efficiencies between General practitioner’s (GP), hospitals, and the patients by increasing the quality of clinical communication. There are often inconsistency and timeliness of communication between the GP and the hospital or within the hospitals departments regarding the patient’s medical records that can lead to the quality of care. Currently, there is increase in demand for remote access and interoperability to the information systems of the hospitals (ISH) that mainly consists of following systems. The objectives of this paper are to address the problems of system interoperability that goes beyond just the information systems connectivity but allow components to share and distribute medical data efficiently internally or externally from the hospital environment.
P. di Giacomo et al. / Integrated Multimedia Medical Data Agent in E-Health
71
1. Methods and Results 1.1. Method Previous research on information systems used in hospital tends to divide in two categories: PACS (Picture Archiving and Communication Systems) development and the integration of the information system. Researches in PACS have lead to successful implementations and results, studies mainly concerned with information distribution and new methods in data representations. The potential for PACS to communicate with outside network of the hospital environment is desirable and possible with the rapid advancement in Information Technology. Secondly, the system integration has been focused on addressing the structure and development of the integrated system architecture as described in ([2]). These concepts of integration, even though successful seldom have low barriers to adoption due to shear size in complexities of reengineering. In this study, we present a client -server system consisting of web enabled data browser to communicate to a server that consolidates the HIS. The client-server architecture is defined as follows. The server is connected to the various information systems and receives input from these systems that is parsed and stored in the database. The client then queries to this server, extracting the required information. In this study, we present a client -server system consisting of web enabled data browser to communicate to a server that consolidates the HIS. The client-server architecture is defined as follows. The server is connected to the various information systems and receives input from these systems that is parsed and stored in the database. The client then queries to this server, extracting the required information. The technology used for this system was considered with data representation and multimedia support being the highest priority. The JAVA development tools of J2EE (enterprise edition) and the use of Cloudscape database for the development of the server and the J2SDK standard edition for web-based/stand-alone client application has lead to the development of a system fulfilling the above conditions. This system concentrates on efficient data indexing and retrieval through the use of both internal and external network while minimizing integration requirements and maintaining the operations of the existing ISH. The function of each one of the components of the proposed portal system and the implementation details is described in the following sections.
Figure 1. The overall system architecture
72
P. di Giacomo et al. / Integrated Multimedia Medical Data Agent in E-Health
1.2. Server Application: Multimedia Medical Data Agent (MMDA) MMDA is an agent to the ISH that requires integration with the hospital departments IS to archive interoperability. It acts as a broker, performing an integration service on behalf of all the system components, and as a client-server for web-based medical data browser (MD-Browser) application. In other words, the MMDA consolidates the ISH by indexing all the data used in the ISH. The indexing is performed by the use of the “information shelling” parsing method. Upon receiving of the input data, the input is parsed and then stored in the MMDA database server. Once the data is indexed, a request to the MMDA for certain data will connect to the PACS, RIS and HIS to retrieve the data if necessary. The ability of the MMDA to be accessed by the web-based application MDBrowser has many significant advantages; distant communication and system independence being some of the benefits. However the main benefit that is introduced by this concept is the ability to establish a connection to the data of the ISH that are usually only available within the hospital environment. This can be viewed as an external portal to the hospital information systems including the PACS, HIS and the RIS. 1.3. Information Shelling The method of “information shelling” is for the representation of medical data. This uses the concept of metadata, it’s definition defined according to IEEE Mass Storage System and Technology Committee’s ([3]), which enables intelligent, efficient access and management of data. The metadata for medical data must be proposed on an indepth understanding and requirement criteria’s for the intended audience usage. Hence in the case of medical data, it should be applied for search, retrieval and storage, medical data security, and data integrity. Metadata is used as an information header for all the medical data. Once the header is created, the actual data is abandoned with keeping only the information that can be used to retrieve the original data for the purpose of indexing to be stored in MMDA server. The shell is implemented using XML document to express medical data in a structured and manipulative format that is both human readable and optimized for machine interpretation. 1.4. Client Application: Medical Data Browser (MD-Browser) The client in this client-server system is the use of web-based MD-Browser. This is an image viewing and patient record display application that supports the two most popular Web browsers (Internet Explorer and Netscape Navigator). MD-Browser has the ability to search the MMDA server using SQL and/or predefined query, which in term execute the retrieval of the data by the MMDA from the various information systems. The MMDA and MD-Browser can be seen as a kind of intermediate solution between the current semi-integrated status of the ISH and the fully integrated ISH of the near future. This is archived by the method of indexing that integrates the IHS and allows retrieval of the data from both the internal and external environment.
P. di Giacomo et al. / Integrated Multimedia Medical Data Agent in E-Health
73
2. Conclusions The design of client-server system that utilizes the web technology and data management for communication and system interoperability to the IHS has been presented in this paper. The use of MMDA and MD-Browser can resolve the closed access to the hospital information systems for the benefits of GP and patients. It also allows for enhanced search and retrieval of medical. The potential that is introduced by this system are the ability of remote access to the usually closed ISH; web-enabled medical data browser; and the indexing of the medical data of the ISH that can be efficiently searched and retrieved.
References [1] Eysenbach, G. (2001): What is E-Health; Editorial of Journal of Medical Internet Research 3(2):e20. [2] Jonher, M., Muller, A., Reinshagen, M., Bauer, S. and Kstler, H.A. (2000): A stepwise Approach Towards a Hospital-Wide Electronic Patient Record Archiving System; IEEE, Computers in Cardiology 27:287-290. [3] Curtus, K., Foster, P.W. and Stentiford, F. (1999): Metadata – The Key to Content Management Service. Proceedings of the 3rd IEEE META-DATA Conference. [4] D. Feng, W. C. Siu & H. Zhang, Editors: “Multimedia Information Retrieval and Management – Technological Fundamentals and Applications”, (467 pages) Springer-Verlag, Germany, January 2003. [5] D. Feng, Guest Editor: “Special Issue on Multimedia Data Storage and Management”, International Journal of Images and Graphics, Vol. 3, No 1, Jan 2003, World Scientific. [6] D. Feng, Guest Editor: "Multimedia Information Technology in Biomedicine", IEEE Transactions on Information Technology, June Issue, 2000. [7] F. Long, H. Zhang & D. Feng, “Chapter 1 - Fundamental of Content-Based Image Retrieval”, pp.1-26, in “Multimedia Information Retrieval and Management – Technological Fundamentals and Applications”, Edited by David Dagan Feng, W. C. Siu & Hongjing Zhang, Springer-Verlag, Germany, January 2003. [8] C. Xu, D. Feng, and Q. Tian, “Chapter 5 - Content-Based Retrieval for Digital Audio and Music”, pp.96-120, in “Multimedia Information Retrieval and Management – Technological Fundamentals and Applications”, Edited by David Dagan Feng, W. C. Siu & Hongjing Zhang, Springer-Verlag, Germany, January 2003. [9] W. Cai, D. Feng, and R. Fulton, “Chapter 17 - Content-Based Retrieval for Medical Data”, pp.365-384, in “Multimedia Information Retrieval and Management – Technological Fundamentals and Applications”, Edited by David Dagan Feng, W. C. Siu & Hongjing Zhang, Springer-Verlag, Germany, January 2003.
74
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Developing Health Surveillance Networks: An Adaptive Approach a
a ,b
a
Suzanne TAMANG , Danny KOPEC , Tony MCCOFIE , Karen LEVY a The Graduate Center, The City University of New York b Brooklyn College, The City University of New York
b
Abstract. The research literature on public health information and communication networks shows enormous promise and tremendous obstacles. There is a great deal of evidence to suggest that when electronic health information systems are widely employed, and clinical information is easily shared, trained individuals can track and monitor health status, and avert acute events that can potentially effect an individual or a population. However, the research literature also leaves unresolved important questions about effectiveness vs. efficacy: that is, whether health information sharing can achieve compliance on a large scale, particularly across social, political, economic and geographic boundaries. For this reason, we propose adaptive health care information networks to collect, process and disseminate health information and reduce medical errors. This research assesses existing electronic health monitoring initiatives in the United States and worldwide, discusses their progress and limitations. We identify how health care information networks could be improved by the application of innovative theories and technologies, such as complex adaptive theory, expert systems, and grid technology. Keywords. Health information systems, health surveillance, complex adaptive theory, medical errors, expert systems, grid technology
Introduction Networks have the property of being both ubiquitous and absent. That is, they may be everywhere in general, but in a literal sense it is hard to point at the Internet. This is a reminder of how networks exist topologically and some suggest networks must be increasingly understood as simultaneously technical and political in nature [1]. Ideally, as applied to health care, we view the future of the network model as one that is not ridged, but flexible, and can adapt to manage the health of the population on a regular basis and watch for disease outbreaks. Communication networks have already revolutionized information communications of the 21st century. The first major paradigm shift is the rapid expansion of Internet communications. The second is the diversification of access methods, as represented by cellular phones and developments in high-speed access technologies. It is now common to hear of clinicians’ using smaller, high-performance notebooks. Health specialists, especially ones working in the field, are helping to drive the expansion of mobile data communications in the health care industry. This creates a new setting in which to uncover new principles and materials to shift health information technology to address modern issues and no longer restricts patient treatment to fixed locations. Ideally, modern technologies should be appropriate for a
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
75
global framework that can address key issues including: health system complexity, quality of care, health disparities, urbanization, emerging infectious diseases and bioterrorism.
1. The Chaos Theory View of Health Care Perrow’s [2] framework for complexity notes that systems that are interactively complex (various components that tend to behave in nonlinear ways) and coupled (lacking spatial, temporal, or other patterns of buffering) will fail. Tan et al. [3] have analyzed how the parts of networks connect and interact to achieve outcomes, and through their research, have identified factors and challenges to consider when designing future-oriented health care networks. Their work discusses a chaos theory view of health care systems. This view divides the causes of chaos into internal and external origin. Each origin is further subdivided into a human or individual level, an organizational level and a system level. Table 1 indicates that when either etiology, internal or external, surpass the static stage, the potential for error increases.
Etiology Internal Causes of Health Systems Chaos
External Causes of Health Systems Chaos
Static Stage
Edge of Chaos
Human
An ICU patient is stable after open heart surgery
The patient’s saturation is slowly dropping
Organization
A routine clinical team meeting
The emergency room is at maximum capacity due to unplanned operations
System
Nurses at the ICU ward are at night monitoring Members of a community are performing their daily tasks
Alert indicates that the patient’s saturation levels are declining There is an explosion in an office building, the cause is unknown
Public health officials routinely remind seniors to get a flu shot
For an unknown reason, several seniors in one building die after exhibiting flulike symptoms
Human
Organization
Chaos Stage Suddenly, by an unidentifiable cause, the patient’s blood pressure drops and the patient slips into unconsciousness. An accident occurs, involving a school bus and a number of critically injured children are routed to the hospital, unaware of the lack of capacity The power for the oxygen unit goes down. Manual respiration begins. A natural disaster has physically confined a large city where inadequate shelter and resources are available. A nationwide influenza breaks out a few years later
76
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
System
Flu vaccine production is on schedule
Public health officials announce the plans to vaccinate millions of people would be disrupted because of vaccine contamination
The shortage of the vaccine has resulted in pandemic flu. Also, the hording of prescription medication has caused looting of pharmacies and other related types of civil unrest.
Table 1. Chaos Theory View of Health Care Systems (Adapted from Tan et al. [3])
Ideally, a health information framework should support and facilitate interventions to shift and maintain the complexity towards the static stage. In addition, it is very important that health care information systems are created with checks and balances to prevent system induced chaos. It is a bitter irony when a machine designed with the intent to help, hinders. Conceptually, a global health information system should provide efficient access patient information, comprehensive surveillance, expert systems to facilitate decision-making and computational power. Information networks can be used to manage health care complexity. The adaptive system theory identifies the following concepts that should be incorporated when developing future-oriented information and communication networks [3]: x x x x x
x
Accept uncertainty, the best way to deal with turbulence is to attempt to understand it, not control it. Health care information networks should gradually redirect natural flow Health care systems are unpredictable; take the time to research existing systems at the process level. This can help identify the small changes that have the most overall benefit Feedback loops improve performance. These should be direct, rapid, specific, and constructive, indicating both good and bad performance and implemented at all times. Standardization with flexibility maintains care quality in static stage, but should be avoided for rare processes. Quicker response time with backup redundancy at the edge of chaos. The time at which relevant patient information is retrieved and reported is crucial to the reduction of medical errors [4,5]. In addition, shortened cycle time can be increasingly important at the edge of chaos. Intelligent and effective leadership is essential in the chaos stage. Someone must be in charge, and if the feedback loops are absent, they must be put back into place.
2. Obstacles to Clinical Information Sharing To achieve the goal of global information sharing, there must exist smaller, localized units, which contribute to a distributed framework. The lack of a nationalized healthcare provider may be the most limiting factor when implementing health
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
77
information systems in the Unites States. In 2002, Joel C. White, a member of the Subcommittee on Health, House Committee on Ways and Means, described the current state of health IT, “The multitude of healthcare information systems currently available are discrete and do not communicate with one another. In addition, vast bodies of medical knowledge and data do not exist in an electronic format that is usable by a decision support system”. In general, health information systems in hospitals and other established practices cannot monitor patient results, analyze them according to best practices, or provide the necessary information to clinicians who are providing their care. In Canada, it has been widely recognized that one of the keys to service improvement in national health care lies in the integration of medical information systems. However, even with a central provider, the system is fragmented into autonomous units and there are many heterogeneous data sources that currently exist. Although the Canadian government points out the benefits of medical information integration, disagreement exists on how such integration can be achieved. Similar to the U.S., it is not unusual for supermarkets to have more advanced information infrastructures than hospitals [6]. Movement towards electronic versus paper-based medical information is even more limited in some countries. In many economically poor countries, there are few if any governmental health care personnel assigned to large geographical areas where much of the population may live. This gives rise to serious concerns when designing comprehensive health care monitoring systems as to how needed data will be collected and entered into computerized databases for use in determining global heath care needs and issues. Even simple factors such as the absence of electricity in remote areas act as serious impediments to the collection of vital data for analysis. Information sharing initiatives should do their best to ensure network participation is inexpensive, accessible, and flexible.
3. A Model for Information Sharing: International Collaboratory Based on Virtual Patient Records Many suggest the first step towards comprehensive information architecture is the electronic medical record. For example, establishing a global network of distributed patient records may facilitate the surveillance of infectious diseases. Currently there are several initiatives to build new information architecture that will enhance and extend the quality of health care worldwide [7]. Internationally accepted standards currently exist for the exchange of financial information, and health information could move across networks just as easily, based on international standards that provide the appropriate privacy and security. A number of organizations seek to standardize object interfaces for health care applications at a global level. This includes the Object Management Group (OMG), a not-for-profit consortium of 700 software vendors, developers and users, the European Committee for Standardization (CEN), the United Nations rules for Electronic Data Interchange For Administration Commerce and Transport (UN/EDIFACT), the Joint Working Group for a Common Data Model, JWG-CDM, Health Level 7 (HL7), American Society for Testing and Materials (ASTM), the Computerized Patient Record Institute (ASTM), and others [7]. Only some of these approaches are object-oriented.
78
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
3.1. The HL7 Standard for Clinical Document Architecture In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed by the US government. This directive specifically requires that various technical, physical and administrative security measures be combined to protect the privacy, integrity, and availability of patients’ clinical records. Health care monitoring systems using EMRs as essential units, will find it is very important that they are semantically normalized with relevant clinical data. HL7 Version 3 is a standard that specifically deals with the creation of semantically interoperable health information [8]. HL7 is an ANSI-accredited Standard Developing organization (SDO) whose major function has been the development of standards for clinical and administrative health care data. These standards have been increasingly adopted in many countries [6]. Early HL7 standards focused on the fine-grained message structures for cross-organizational integration of medical information systems. In this latest version, HL7 has developed a more course-grained, documented-oriented information standard, called the Common Document Architecture (CDA) [9]. CDA is a document markup mechanism that defines the structure and semantics of clinical documents (such as discharge summaries and progress notes). The HL7 Reference Information Model (RIM) is composed of a set of standards, CDA is one of them. In this format, clinical care is administered on the basis of clinical decisions made from essential pieces of patient information, such as demographics, diagnoses, laboratory results, medications, allergies and other adverse-event history [10].
4. Integrating Public Health Information and Surveillance Systems When we consider a model to integrate public health information into disease or symptom surveillance systems we are faced with several challenges: fragmentation of the health care system, the burden of collecting and reporting medical data, and the information gaps that exist among the system’s constituents [11]. In the United States, the general focus has been improvements at the state and federal level. These initiatives have focused on developing EMRs, supporting the development of data standards to increase health information system interoperability, patient safety, reducing medical errors and paying for performance. Although, it is easer for the government to use a state/federal approach, many health systems, and their described needs are better expressed in less discrete regions, which may even overlap or readily change and may not be accurately represented with this approach. Organizations and individuals that may use public health data derive theories and intervention strategies from an understanding of the basic epidemiologic variables of place, time, person and vector. Identified in the Centers for Disease Control (CDC) report, Integrating Public Health Information and Surveillance Systems, are several categories for which collected health data can prove useful for the management of the health care system and the monitoring of patients [11]: 1. 2. 3.
Reports on health events affecting individuals Vital statistics on the entire population Information on the health status, risk behaviors, and experiences of populations 4. Information on the potential exposure to environmental agents
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
79
5. 6.
Information on existing public heath programs Information useful to public health but obtained by organizations not directly included in public health practice 7. Information on the health care system and the impact of the health care system on health. These guidelines suggest the information architecture for public health should be scalable, efficient, adaptable, comprehensive and easily accessible, with many views, security levels, and functions.
5. Disease Surveillance A National Information System devoted to the surveillance of communicable diseases based on computer networking was developed in France, in 1984. This system assumed electronic surveillance and control of communicable diseases require the following steps [12]: 1. 2. 3.
Timely collection of relevant and appropriate epidemiological data Timely and meaningful statistical and mathematical analysis of data Rapid dissemination of the results to all who need to know (including decision makers, health care providers, public health officials, and the general public)
It was determined that computer networking was useful to accomplish these three tasks because it connects stakeholders, even when geographically isolated, and makes available these resources [12]: 1. 2. 3.
Large epidemiologic databases Powerful data management capability and highly specialized software Communication facilities (e.g. email and message boards) that allow ready interaction between the diversified components of the system.
Although the concepts still hold, and current disease surveillance systems incorporate these requirements, recent designs have integrated more sophisticated facilities for communication and data analysis. For example artificial intelligence techniques such as Bayesian inference and pattern recognition algorithms have been applied to identify potential anomalies. 5.1. National Disease Surveillance: United States The CDC and local health departments have recognized the importance of state and local disease and symptom surveillance systems. These have been noted as increasing the ability and efficiency to respond to a disease outbreak [13]. Previously, most state health departments received case-reports by mail and then entered the data into an automated system, which could take place weeks after an event. In addition, it is estimated, depending on the disease, only 10-85% of cases were reported and more than 100 different systems were used to transmit the data to the CDC [13]. Progress has been made since the initial funding to improve state and local surveillance was received (2000) through secure Internet-based data entry and electronic laboratory
80
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
results (ELR) reporting. This federal-level framework is provided by the National Electronic Disease Surveillance System (NEDSS), which is part of the broader Public Health Information (PHIN) initiative. Improvements have been made, but local, state and national public health officials should still continue to improve the timeliness and completeness of disease surveillance. As of April 2005, a total of 27 state health departments and two municipal health departments (New York City and Los Angeles) were entering at least some notifiable disease data by using a secure, Internet-based system [13]. With a little over half of the states submitting electronic, Internet-based data, wide-scale compliance has not been achieved. In addition, to our knowledge, there is no sufficiently established symptom surveillance system for civilians being implemented on the federal level. Syndromic surveillance systems have been employed in New York City [14]. The system is based on information collected from emergency departments in NYC hospitals. In its first year of operation, the NYC health department was able to identify increases in gastrointestinal viruses for all ages, and the arrival of epidemic influenza. The system was also able to detect single-day spatial signals suggestive of illness clusters [14]. However, none of these anomalies were identified as an outbreak. 5.2. Syndromic Surveillance: England and Wales A commitment to improve surveillance for health protection has been made in the United Kingdom [15]. Syndromic surveillance systems have been proposed to serve an early warning to detect outbreaks of infectious diseases and chemical or biological poisoning, including those by deliberate release. Data derived from the National Health Service (NHS) Direct, initially designed for the clinical telephonic assessment of common conditions presented in the community, in England and Wales, was used for the surveillance of 10 syndromes, and the purpose of the system was expanded to provide an early warning for the potential deliberate release of harmful chemical and biological agents [15]. Outbreaks are detected a computerized clinical decision support system, which contains approximately 200 clinical algorithms, each with a series of questions related to symptoms. In 2005, the system was evaluated and the NHS Direct syndrome surveillance system was determined to be timely, representative, useful and acceptable with low marginal costs, but wilt borderline flexibility and limited portability [15]. In addition, it has the potential to detect high-risk, large-scale events, but in its current state it is less likely to detect smaller, localized outbreak. 5.3. Process and Conceptual Modeling: CRISTAL-EIS The general logical model for Epidemiological Information System (EIS) proposed by the CRISTAL-EIS project was developed at CERN, Geneva. It was designed to facilitate the bi-directional information flow between laboratories and clinical care centers in a global, consistent, reliable and timely manner. This process model describes an EIS as a distributed system that integrates different forms of data, which can evolve over time in a wide geographic area, which raises the need for flexible, reliable, and responsive system to handle diverse and large volumes of data [16]. The data model underlying the system is open and self-describing in nature and could be easily extended. The technology is easily portable and can be adapted to other domains
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
81
such as cancer, diabetes, tuberculosis, and other areas. Currently, this prototype is being evaluated.
6. Future Directions Modern computational approaches to complex adaptive systems, such as health care, requires stakeholders to access a comprehensive mix of high-end computing, networks, sensors, data and visualization technologies. Globally, health care has lagged behind other industries in adopting information technology, but in the future health care quality depends on the efficient access to health care information and wide-scale compliance using interoperable systems. Advantages of using a grid approach to connect stakeholders and develop health care networks include: response time, throughput, availability, security and/or co-allocation of multiple resource types to meet complex user demands [19]. The future of grid technology, and its underlying points, aligns with the requirements to effectively manage adaptive health care networks and improve overall quality. 6.1. Grids and Distributed Computing Grid technology is ideal to address today’s complex problems that require interdisciplinary collaboration. Moving beyond large-scale parallel clusters and supercomputers lays this emerging field. The grid architecture allows users distributed access not only to computer resources, but also to high-speed networks, information repositories and archives, and experimental and observational devices [17]. This could be valuable to health specialists, especially those working in the field. In addition, they can provide access to a host of tools, such as expert systems and alarm users of triggering events. The grid computing paradigm may have the potential to integrate medical information systems, and somehow solve, the problems presented by many heterogeneous data sources [6]. Foster and Kesselman describe a computational grid as a hardware and software infrastructure that provides dependable, pervasive, and inexpensive access to high-end computational capabilities [18]. A grid coordinates resources that are not subject to centralized control, uses standard, open, generalpurpose protocols and interfaces, and allows constituents resources to be coordinated, delivering various qualities of service. Advantages of using a grid approach include: response time, throughput, availability, security and/or co-allocation of multiple resource types to meet complex user demands [19]. The future of grid technology, and its underlying points, aligns with the requirements of adaptive networks. Considering the autonomous nature of many populations, the geography that divide us, and the more abstract barriers theses networks must surpass, we have a noble goal for the future of information sharing and health information networks.
7. Global Health Surveillance Network: Incorporating Expert Systems Incorporating expert systems into a health information framework can prove valuable decision-making support. Several of the systems, such as the one in production in
82
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
England and Wales, use artificial intelligence to support expert level reasoning. However, there are ethical and legal considerations that need to be considered when applying artificial intelligence techniques for medicine. The emerging public health cyberinfrastructure will have to establish governing bodies, to set rules and recommendations. To examine what benefit distributed expert systems may add to a distributed information sharing architecture, we can historically examine the contributions of previous expert systems research. There are many notable expert systems that may be relevant to the future of disease monitoring and surveillance. That can be modified or directly incorporated into a distributed architecture. 7.1. MYCIN MYCIN was developed by Shortliffe and Associates at Stanford University to aid physicians in diagnosis, and to recommend treatment of patients with certain infectious blood diseases caused by bacteremia, meningitis, and cystitis. The system diagnoses the cause of the infection and recommends appropriate drug treatment according to procedures followed by physicians experienced in infectious disease therapy. Despite significant advances made in expert systems research with its development and implementation, MYCIN was never actually used in practice. This was not due to any inherent weaknesses in its performance (in tests it outperformed members of the Stanford medical school), but it had to do with the ethical and legal issues related to the use of computers in medicine; if the program gave the wrong diagnosis, who would be held accountable? MYCIN, implemented in LISP, is a rule-based system employing a backward chaining control scheme. MYCIN has approximately 500 rules and is primarily a goal-driven system, using the basic backward chaining reasoning strategy to identify the nature of an infection. MYCIN’s knowledge base is represented as a set of IF-THEN rules with certainty factors. Although MYCIN had a pioneering influence on developments in knowledge engineering and expert systems’ research, it also had a number of problems, which were later remedied in more sophisticated architectures [20,21]. 7.2. The Reportable Diseases System The Reportable Diseases System was developed in 1995, and monitors culture data from a hospital's laboratory system. The system automatically generates a Reportable Diseases form including all relevant patient and clinical data when a culture representing a “reportable” infection is detected. The languages/shells used to develop and implement this system include: CLIPS, Sybase ISQL scripts, Bourne shell scripts [22]. 7.3. GermWatcher/GermAlert In an initiative to monitor nosocomial infections the GermWatcher/GermAlert family of expert systems was developed. These are designed to support infection control specialists in detecting, tracking and investigating infections in hospitalized patients. The system includes a rule-base modeled on local hospital infection control guidelines and the CDC National Nosocomial Infection Surveillance System (NISS) culture-based definitions for nosocomial infections. The languages/shells used to develop and
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
83
implement this system include: generalized expert system shell (the GermWatcher Engine), CLIPS, Sybase ISQL scripts, Bourne shell scripts. 7.4. TherapyEdge Developed for web-enabled monitoring and chronic disease treatment, TherapyEdge is generally used for HIV management. The system utilizes an engine and a knowledge base to assess a patient’s current status and generate patient-specific, optimized treatment alternatives for a clinician to review and comparison. In this way, the system can be used to generate comprehensive, individualized treatment plans for patients. TherapyEdge is available to subscribers via the Internet [22]. 7.5. SahmAlert In 1985, Sahm Alert was developed to assist microbiology laboratories with identifying organisms that have unusual patterns of antibiotic resistance. Using a rule-base consisting of criteria developed by local epidemiologists, SahmAlert scans the culture data, identifying which cultures contain organisms with patterns of unusual antibiotic resistance. The languages/shells used to develop and implement this system include: CLIPS, Sybase ISQL scripts, Bourne shell scripts [22]. 7.6. GIDEON GIDEON is a regularly maintained commercial product that can be used by clinicians and scientists and GIDEON online is updated on a weekly basis. The system generates a Bayesian ranked differential diagnosis based on signs, symptoms, laboratory tests, country of origin, and incubation period and can be used for diagnostic support and simulation of all infectious diseases in all countries. A Bayesian matrix processes user input and compatible diagnoses are presented in order of probability, with interactive ‘suggestions’ for additional discriminative examinations [22].
8. Conclusions Surveying public health requires a concern for a wide spectrum of health issues including: the identification of vulnerable populations, infectious diseases, chronic conditions, reproductive outcomes, environmental health, occupationally related health events, medical errors and injuries. These health issues may require the allocation of provisions such as prophylaxis measures, educational services, inspection of suspect locations, and control of outbreaks. For all of these activities the accessibility of both geographic and health status information should be efficient, and accurate to best support decision-making. However, the global health care system is complex, and composed of an enormous number of interacting parts, which exchange resources from the environment in which they operate. Complex adaptive system theory explores the core fundamentals of the human care process and the interacting components, which consists of an array of stakeholders with different immediate goals. In a modern system this may include: patients, clinicians, clinics, vendors, insurers, governments,
84
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
hospitals, pharmacies, HMOs, laboratories, and others. In the 21st century, these components cross countries and impact each other like never before. If governing organizations cannot securely, accurately, and efficiently collect and share clinical data about epidemiological patterns and health care quality, then they are not taking accountability for the public’s well-being. It is imperative that communication and standards are open, secure, flexible, low-cost and accessible to any provider or individual that can benefit form the use of health information. Currently, we have many of the tools, but few of the solutions. It is the role of policy makers to spearhead international collaboratives, composed of all the stakeholders, including patient advocacy organizations. Current, and future health information initiatives should encourage inter-disciplinary collaboration, and find a feasible and consensual means to implement the strategic vision of interoperable clinical information sharing systems whose demands and not fixed, but dynamic and for the most part, unpredictable. We believe, with the appropriate system architecture and software tools, the day can soon come, by adopting similar international standards for health care information, when all types of electronic medical information can efficiently and securely cross international borders.
References [1] A.Galloway, E. Thacker, Networks, control, and life-forms, SIGGROUP Bulletin, Vol.25, No.2, 2003 [2] Perrow, Normal Accidents: Living with High-Risk Technologies, Basic Books, NY, 1984 [3] J. Tan, H.J. Wen, N. Awad, Health care and service delivery systems as complex adaptive systems, Communications of the ACM, Vol.48, No.5, May 2005 [4] J.M. Corrigan, M.S. Donaldson, L.T. Kohn, T. McKay, K.C. Pike, for the Committee on Quality of Health Care in America. To Err is Human: Building a Safer Health System. Washington, D.C, National Academy Press, 2000
[5] D. Kopec, G. Shagas, M. Kabir, D. Reinharth, J. Castiglione, Errors in Medical Practice: Identification, Classification and Steps Towards Reduction, Proceedings of the ICMCC, June 2-4, The Hague, The Netherlands, 2004 [6] I. Bilykh, Y. Bychkov, D. Dahlem, J.H. Jahnke, G. McCallum, C. Orby, A. Onabajo, C. Kuzeimsky, Can GRID services provide answere to the challenges of national health information sharing? Proceedings of the 2003 conference of the Centre for Advanced Studies on Collaborative Research, October 6-9, 2003, Toronto, Ontario, Canada [7] G.G. Kilman, D.W. Forslund, An international collaboratory based on virtual patient records, Communications of the ACM, Vol.40, No.8, pp. 111-117, 1997 [8] T.M. Jones, C.N. Mead, The Architecture of sharing, Healthcare Informatics, November 2005 [9] R.H. Dolin, L. Alschuler, S. Boyer, C. Beebe, F.M. Behlen, P.V. Biron and A. Shabo (Shvo), Model Formulation: HL7 Document Architecture, Journal of the American Medical Association, Vol.13, pp.30-39, 2006 [10] E.H. Shortliffe. The Evolution of Electronic Medical Records, Academic Medicine , Vol.74, No.4, pp. 414-419, 1999
S. Tamang et al. / Developing Health Surveillance Networks: An Adaptive Approach
85
[11] Integrating Public Health Information and Surveillance Systems. The CDC/ATSDR Steering Committee on Public Health Information and Surveillance System Development, Spring 1995. [12] A.J. Valleron, P.H. Garnerin, Computer networking as a tool for public health surveillance: the French experiment, Proceedings of the 1992 International Symposium of Public Health Surveillance – transcript [13] Progress in improving state and local disease surveillance – Unites States, 20002005, Morbidity and Mortality Weekly Report, August 26, 2005 [14] R. Heffernan, Syndrome surveillance in public health practice, New York City, Emerging Infectious Diseases, May 2004. [15] A. Doroshenko, Evaluation of sydromic surveillance based on National Health Service direct derived data – England and Whales, Morbidity and Mortality Weekly Report. August 25, 2005. [16] T. Solomonides, M. Odeh, R. McClatchey, J. Carrico, J. Almeida, process and Conceptual Modelling of an Epidemiological Information System, Process Modeling Workshop, Bristol, 2003. [17] G. Allen, K. Davis, K.N. Dolkas et al., Enabling applications on the grid: A Grid Lab overview, International Journal of High Performance Computing Applications: Special issue on Grid Computing: Infrastructure and Applications, Vol.17, No.4, pp. 449-466, 2003 [18] I. Foster and C. Kesselmen, The Grid: Blueprint for a New Computing Infrastructure, San Francisco, Morgan Kauffman, 1999. [19] I. Foster The Grid: a new infrastructure for 21st century science, Physics Today, Vol.55, No.2, pp.42-47, 2002 [20] MYCIN: A Quick Case Study, Retrieved August 12, 2005 from: http://www.cee.hw.ac.uk/~alison/ai3notes/section2_5_5.html [21] D. Waterman, A Guide to Expert Systems, Addison-Wesley, Reading, Massachusetts, 1986 [22] Open Clinical Knowledge for Medical Care, Retrieved March 1, 2006 from: http://www.openclinical.org
86
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Using UMLS to map from a Library to a Clinical Classification: Improving the Functionality of a Digital Library Judas ROBINSON a,1, Simon DE LUSIGNAN a, Patty KOSTKOVA b and Bruce MADGE c a St. George’s, University of London, Cranmer Terrace, London, SW17 0RE b City eHealth Research Ctr., Inst. of Health Science, City Univ., London, EC1V 0HB c British Medical Assoc. Library, BMA House, Tavistock Square, London WC1H 9JP
Abstract. The Metathesaurus of the Unified Medical Language System (UMLS) offers the possibility of mapping between various medical vocuabularies. The Primary Care Electronic Library (PCEL) contains a database of over six thousand Medical Subject Headings (MeSH terms) describing the resources of the electronic library. We were interested to know if it was possible to map from MeSH to the Systemized Nomenclature of Medicine Clinical Terms (SNOMED CT). Such a mapping would aid healthcare professionals to retrieve relevant data from our digital library as it would enable links between clinical systems and indexed material. Keywords. Unified Medical Language System; Libraries, Digital; Medical Subject Headings; Systemized Nomenclature of Medicine
Introduction There are a range of coding and classification systems used in medicine and they were designed for different purposes. The International Classification of Diseases (ICD), published by the World Health Organisation (WHO), “… has become the international standard diagnostic classification for all general epidemiological and many health management purposes. These include the analysis of the general health situation of population groups and monitoring of the incidence and prevalence of diseases and other health problems in relation to other variables such as the characteristics and circumstances of the individuals affected.” [1] It is not intended for indexing distinct clinical entities. SNOMED CT was developed with the electronic patient record in mind, and aims to support the electronic communication of information between different clinical applications. [2] At the outset of computerization in general practice, coding systems were developed whose aim it was to compress as much data into as little disk space as possible. An example of such a coding system is OXMIS [3]. Librarians have separate requirements form epidemiologists and clinicians, and medical classifications such as Medical Subject Headings (MeSH) have evolved to suit their 1
Judas Robinson, Primary Care Informatics, Division of Community Health Sciences, St George’s – University of London, London SW17 0RE
[email protected]
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
87
needs. With this breadth of requirements, there is unlikely ever to be a single classification system within medicine to suit all requirements. The fact that differing terminologies will continue to exist side by side, emphasizes the importance of mapping from one terminology to another where possible. The Unified Medical Language System (UMLS) offers the ability to map between various medical vocabularies [4]. It consists of the Metathesaurus, the Semantic Network and the Specialist Lexicon. Much work has been done on the conceptual similarity metrics in the framework of UMLS and inconsistencies between the relationships in the Metathesaurus and the Semantic Network of the UMLS have been demonstrated [5,6]. However, the task of mapping between source vocabularies using the UMLS is a relatively straightforward one and need not necessarily involve itself in these complexities. The Medical Subject Headings (MeSH) thesaurus is a controlled vocabulary produced by the National Library of Medicine (NLM) and used for indexing, cataloging, and searching biomedical and health-related information and documents [7]. We used 2005 MeSH in ASCII format, available to download from the NLM [8]. This contains approximately 24 000 MeSH descriptors and contains unique ids linking it to the Metathesaurus of UMLS. The MeSH vocabulary covers a broad range of topics, aiming to classify any type of medical literature, and is, as a consequence of its relatively small number of terms, not overly specific. SNOMED CT was developed jointly by the NHS and the College of American Pathologists (CAP) [9,10]. It is a comprehensive clinical terminology constructed by the combination of SNOMED RT and the United Kingdom's Clinical Terms Version 3 (Read Codes). SNOMED CT is set to become of great importance in the United Kingdom as it will be used by all computer systems in the NHS with the aim of simplifying the process of communication between healthcare professionals [6]. The NLM, through agreement with the CAP, have a perpetual license for the core SNOMED CT, and the terminology is distributed as part of the UMLS Metathesaurs. We used the 2005AB release of the UMLS Metathesaurus containing over 300 000 SNOMED CT concepts [11]. Each resource of the Primary Care Electronic Library (PCEL) is indexed with between one and fifteen MeSH terms [12]. We carried out the following research to demonstrate if it was possible to map the existing MeSH classification to SNOMED CT concepts and present these in a browsable form online.
1. Method The computing resources for this research were split between a Solaris internet server, a Linux database server on which UMLS was loaded and a Windows XP development platform running Apache and PHP. The internet server and the development platform both used standard technologies. The database server specifications were as follows: Dell PowerEdge 2750; 2GB RAM; 5 x 72GB disks setup as RAID 5; 2 x Xenon 2.3Ghz processors; running Rehdat 9 and MySQL version 4.1.14-standard. We obtained MeSH 2005 in ASCII format from the National Library of Medicine [8]. The text file was parsed using regular expression available in PHP [13] to produce a database of MeSH Headings (MH), Unique Identifiers (UI) and MeSH Tree Numbers (MN). The UMLS on DVD is available from the National Library of Medicine [4]. Loading the DVD generates MySQL load scripts for the contents of the Metathesaurus.
88
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
Installing the load scripts for the basic version of the Metathesaurus plus SNOMED CT took approximately sixteen hours and required in the region of 20GB of hard disk space. Running the load scripts to populate and index the database took a similar amount of time and required a further 50GB of disk space. The abbreviations used in the methods section of this paper are explained in Table 1. Table 1. Abbreviations
ABBREVIATION MN UI MH CUI AUI PTR
VOCABULARY MeSH MeSH MeSH UMLS UMLS UMLS
EXPLANATION MeSH Tree Number Unique Identifier MeSH Heading Concept Unique Identifier Atom Unique Identifier Path to Top or Root
STR HUI SAB
UMLS Our own UMLS
String or Text Label Hierarchical Unique Identifier Source Abbreviation
Resources were categorised according to MeSH terms, initially by a qualified librarian and later by members of the PCEL team under supervision of Library Staff at St. George’s, University of London. Resources were marked with an individual MN, and the polyhierarchical nature of MeSH was maintained by mapping each individual MN to other MNs with the same UI in the MeSH hierarchy. For example, the MeSH term “Medical Inofrmatics” appears in two places in the “Information Science” MeSH heading. Mapping all the entries from one to another maintained the structure of the hierarchy. The following steps were performed in order to create a subset of UMLS data concerning SNOMED CT in order to produce a browsable hierarchy. The SNOMED CT hierarchy was extracted from the "Computable" Hierarchies table (MRHIER) of the UMLS Metathesaurus. The MRHIER table contains an Atom Unique Identifier (AUI) and a Path to the Top or Root of the hierarchical context (PTR). The PTR is a string composed of AUI separated by periods, each AUI representing a node in the SNOMED CT hierarchy. The Concept Names and Sources table (MRCONSO) of the Metathesaurus contains a String or text label (STR) for each SNOMED CT AUI. When querying the MRHIER and MRCONSO tables it was important to limit results to those having a Source Abbreviation (SAB) equal to ‘SNOMEDCT’. The UMLS Metathesaurus database was queried to select the PTR, AUI and STR from MRHIER and MRCONSO of all the SNOMED CT records found in the MRHIER table. The PTR and the AUI were concatenated to produce a Hierarchical Unique Identifier (HUI) locating the given record in the SNOMED CT hierarchy. The HUI and STR for each record were entered into a prepared table (SNOMEDCT) in another database. It is important to note that the AUI is 8 characters in length, and with periods, the HUI can exceed 255 characters. This is of note as the VARCHAR data type of MySQL is limited to 255 characters, and to ensure that no loss of data occurred the TEXT data type was used for the HUI column in the SNOMEDCT table. The SNOMEDCT table contained over 6 000 000 records which were grouped into over 300 000 concepts on the basis on the last AUI in the HUI. It took approximately two hours to generate the
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
89
SNOMEDCT table using PHP to query the database server. Using the SNOMEDCT table, when given the HUI of a node in the SNOMED CT hierarchy, the parent of the given node can be found by removing one AUI from the HUI. Similarly the children of a given node can be found by searching the database for entries whose HUI is exactly that of the given node’s HUI plus one AUI. It was an objective of this research to present a browsable form of the SNOMED CT directory online, and part of this objective is that the sum of the execution times for all of the queries on an internet page is less than two seconds. When querying the table SNOMEDCT (described above) for the children of given SNOMED CT node, the code executed may be as follows:
The query looks for the given node’s HUI plus a period and any 8 characters. This code executes in under two seconds when the HUI is composed of more than 6 AUIs, but takes up to five minutes to execute when there are fewer AUIs and many more possible matches have to be eliminated. As described earlier, resource MeSH classification was on the basis of MeSH Tree Numbers (MN). MNs are similar to the HUIs used to classify SNOMEDCT. Each node in the MeSH hierarchy is described by a concatenation of Three Character Strings (TCS), and the parent and children of a given node contain one less or one more TCS. The MeSH an the SNOMED CT hierarchies differ in that an AUI identifies a given SNOMED CT concept, whereas this is not the case with a MeSH TCS. In overview, the Metathesaurus contains concepts, identified by Concept Unique Identifiers (CUI). In order to map between MeSH and SNOMED CT, SNOMED CT terms need to be found that have the same CUI as the given MeSH terms. In more detail, to map a MN to SNOMED CT we performed the following five steps: Step 1: Using the data from the text version of MeSH which had been entered into a database we obtained the Unique Identifier (UI) for the MN. One UI is returned for each MN. Step 2: The UI is contained in the UMLS Metathesaurus in the table MRCONSO in the column CODE ("Most useful" source asserted identifier). Limiting the SAB to ‘MSH’ (Medical Subject Headings), a list of Concept Unique Identifiers (CUIs) was selected from the MRCONSO table. More than one, or indeed zero, CUIs may be returned for a given UI. Step 3: Limiting SAB to ‘SNOMEDCT’, the AUIs were selected from the table MRCONSO which corresponded to each CUI obtained in the previous step. Multiple AUIs may be returned from a given CUI. Step 4: Again limiting the SAB to ‘SNOMEDCT’, for each AUI, the String or text label (STR) from the MRCONSO table and the Path to the Top or Root of the hierarchical context (PTR) from the MRHIER table were selected. A single AUI may link to many PTRs. Step 5: The PTR and AUI were concatenated to produce an Hierarchical Unique Identifier. The HUI and the corresponding STR are a mapping of MeSH terminology in SNOMED CT.
90
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
This process was automated for all of the resources in our database. PCEL contains 6 000 Mesh Tree Numbers for its 1 500 resources. To map from the MeSH database information to a database information containing SNOMED CT takes five to ten minutes.
2. Results Once the UMLS Metathesaurus had been installed we tested the MRCONSO table against the sample records available from the NLM documentation [14]. Each record listed was selected from the Metathesaurus on the basis of the AUI, and the results were compared with the published sample records. The results showed that the Metathesaurus had been successfully installed. The results of the MeSH classification of resources was a browsable hierarchy of MeSH terms and classified resources available from the PCEL site [12]. Each page of the directory displays the current MeSH term, a link to its parent, a list of the MeSH terms which are children of the current MeSH terms, and a list of the resources categorised under the current MeSH term. To facilitate browsing of the MeSH hierarchy, the total number of resources indexed under a given MeSH heading is listed. If there are no resources indexed under a given MeSH term, then that MeSH term is not displayed as a link. The MeSH hierarchy was utilised by users of the Primary Care Electronic Library and in October of 2005 for every two visitors to the PCEL home page one went on to access a page in the MeSH directory. Extracting data from the UMLS Metathesaurus produced a table containing six and a quarter million SNOMED CT Hierarchical Unique Identifiers (HUIs) and Strings or text labels (STRs). The HUI (a concatenated list of Atom Unique Identifiers (AUIs)) contains information regarding each node in the SNOMED CT hierarchy. The HUI also indicates which nodes are the children of a given HUI and which node is its parent. The parent can be found by removing one AUI to the HUI and the children can be found by searching for HUIs which contain one more AUI than the given HUI. The problem of select statements for the extracted HUIs taking over five minutes to execute was discussed in the methods section. This was still the case when an index was added to the first 300 characters of the HUI column. To overcome this problem a table was prepared containing only HUIs of six or fewer AUIs (less than 54 characters). The calling page would then decide which table to query on the basis of the length of the HUI. In this manner a browsable version of SNOMED CT was produced which took less than two seconds to display. This allowed the presentation of an interface which displayed the entire hierarchy of SNOMED CT on the internet in a timely fashion. This can be viewed online [15] and a screenshot of this resource is presented in Figure 1:
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
91
Figure 1. Screenshot of PCEL SNOMED CT Directory
Mapping between MeSH and SNOMED CT was automated using PHP [13] to query the Metathesaurus database. A sample script for mapping between MeSH and SNOMED CT (using PHP) is available online, as are the results of executing this script [16]. These results are also presented in Table 2. Table 2. Sample mapping between MeSH and SNOMED CT
MN: MeSH Tree Number MH: MeSH Heading UI: Unique Identifier (MeSH) CUI: Concept Unique Identifier (Metathesaurus) AUI: Atom Unique Identifier (Metathesaurus) HUI: Hierarchical Unique Identifier (combination of PTR and AUI) STR: String or text label MN & MH
UI
CUI
AUI
HUI & STR
B05.381.147 B05.930.176 Candida
D002175 C0006836 A2879405 A3684559.A6921673.A3034111.A2872777.C0446043 A2884199 A3283502.A3014173.A3466730.A3466738.C0524509 A2887478 A2879405 A3336986 Candida A3106588 A3684559.A6921673.A3034111.A2872777.A3337107 A3887001.A3014173.A3466730.A3466738.A2879405 Candida A3684559.A6921673.A3158739.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405 Candida A3684559.A6921673.A3158739.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405 Candida A3684559.A6921673.A3034111.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405.A3106588
92
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
Candida utilis A3684559.A6921673.A3034111.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405.A3106588 Candida utilis A3684559.A6921673.A3158739.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405.A3106588 Candida utilis A3684559.A6921673.A3158739.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405.A3106588 Candida utilis B05.381.147.326 D002176 C0006837 A2879406 A3684559.A6921673.A3034111.A2872777.A3045788 A3283502.A3014173.A3466730.A3466738.B05.930.176.326 A3051049 A2879405.A2879406 Candida albicans A3003526 Candida albicans A3245853 A3684559.A6921673.A3034111.A2872777.A3245854 A3887001.A3014173.A3466730.A3466738.A3336987 A2879405.A2879406 A3337101 Candida albicans A3684559.A6921673.A3158739.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405.A2879406 Candida albicans A3684559.A6921673.A3158739.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405.A2879406 Candida albicans A3684559.A6921673.A3034111.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405.A2879406.A3003526 Candida stellatoidea A3684559.A6921673.A3034111.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405.A2879406.A3003526 Candida stellatoidea A3684559.A6921673.A3158739.A2872777.A3283502.A3014173.A3466730.A3466738.A2879405.A2879406.A3003526 Candida stellatoidea A3684559.A6921673.A3158739.A2872777.A3887001.A3014173.A3466730.A3466738.A2879405.A2879406.A3003526 Candida stellatoidea C01.703.160 Candidiasis
D002177 C0006840 A2879411 A3003541 A2875740 A2884201 A2887339 A2968885 A3003509 A3085858 A3045790 A3337143 A3337142 A3794453
A3684559.A3886745.A2880798.A3512117.A2875733.A2968950.A2879411 Candidiasis A3684559.A3886745.A2880798.A3512117.A2875733.A2968950.A2879411.A3003541 Candidiasis NOS A3684559.A3886745.A2880798.A3512117.A2875733.A2968950.A2879411.A3085858 [X]Candidiasis, unspecified
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
93
As with MeSH, SNOMED CT is polyhierarchical. That is, identical concepts can be found at different places in the hierarchy. Thus mapping of MeSH terms produces SNOMED CT results with identical AUIs and STRs, but the HUI of these terms varies with their placement as nodes in the hierarchy. Of the 6194 MeSH terms identified by MeSH Tree Numbers (MN) in the PCEL database, 3384 (55%) were successfully mapped to one or more SNOMED CT concepts. The 6194 MeSH terms mapped to 32339 nodes in the SNOMED CT hierarchy. The results of the mapping are presented online [15].As determined by examination, the classification of resources according to SNOMED CT terms (mapped from MeSH) was apposite.
3. Discussion Using exact matches for Concept Unique Identifiers (CUIs), it was possible to map 55% of the MeSH terms contained in the PCEL database to one or more SNOMED CT concepts. Through examination (browsing the hierarchical structure) this mapping was discovered to be meaningful. We were able to present these results in a browable hierarchy of SNOMED CT terms on the internet which presented the hierarchy in a timely fashion as part of an acceptable interface. The coverage of MeSH is broader than that of SNOMED CT. The number of terms contained within the MeSH vocabulary (22000) is also far smaller than the number of terms in the SNOMED CT vocabulary (300000). Mapping from MeSH to SNOMED CT thus represents mapping from a broader to a more specific vocabulary. This means that a mapping of the basis of exact matches for CUIs will produce more meaningful results than if the mapping was done in the opposite direction. The results suggest that mapping between MeSH and SNOMED CT using the UMLS Metathesaurus is possible. The implication of this is that resources classified using a library based taxonomy (MeSH) can be meaningfully represented in a clinical terminology. Users of PCEL will be able to browse the hierarchical structure of SNOMED CT terms in order to find relevant resources. Moving further in this direction, search facilities could be envisaged, driven by the SNOMED CT vocabulary. The advantages of presenting material on the basis of a clinical terminology are numerous, especially at a time when the UK is moving towards an Electronic Patient Record (EPR) underpinned by SNOMED CT. A limitation of the research is that sibling and parent concepts were not considered when a MeSH term did not map directly to one or more SNOMED CT concepts. This is not considered a major failing in the light of the fact that 55% of MeSH terms were successfully mapped and that we were mapping from a broader to a more specific taxonomy. A further limitation is that the tables designed to produce a browsable version of SNOMED CT and MeSH each contained only two columns: the MeSH Tree Number (MN) or the SNOMED CT Hierarchical Unique Identifier (HUI) and the unique identifier for the resource. For each of these tables, as with the tables describing SNOMED CT and MeSH, it would probably be wise to include the MeSH Unique Identifier (UI) and the SNOMED CT Atom Unique Identifier (AUI). This would enable a simpler grouping of nodes according to their underlying concepts. There is a dearth of literature on mapping from MeSH to SNOMED CT terms using UMLS. Much research on mapping concepts from one taxonomy to another has been done using the Semantic Network (SN), distributed as part of the UMLS [5,6]. We are unable to make comparisons to work on the SN, as as we were mapping from a
94
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
broader to a more specific terminology, we were satisfied that the Metathesaurus alone contained sufficient information for our purposes. In discussing Knowledge Management, Wyatt identifies three related ways that knowledge can be managed once it has been captured in some form: “providing access to the knowledge in paper or electronic libraries, web sites etc. so that doctors and others can find what they need rapidly and interpret it without error; disseminating knowledge that is of high quality and relevant to decision makers in newsletters, emails, printed educational material, verbal presentations etc; and using the knowledge as the substrate for “clinical innovation” methods such as reminders, audit and feedback, decision support systems and other approaches such as outreach visits to bring about changes in clinical practice”[17]. The efforts of PCEL in its classification of resources according to SNOMED CT go some way to fulfilling these three requirements of Knowledge Management. Further research needs to be done to demonstrate how many of the 45% of MeSH terms which could not be mapped to SNOMED CT concepts using the Metathesaurus could be mapped using the Semantic Network. Relationships such as parent, child or sibling could be explored which are not all represented in the Metathesaurus. Future research may concern the construction of a search engine which specifically searches those SNOMED CT concepts under which resources had been indexed. A measure of success of existing and future developments will be provided by the popularity of the SNOMED CT material when it is presented as part of PCEL.
4. Conclusion The UMLS Metathesaurus can be used to map from MeSH terms to SNOMED CT. The mapping is not complete (45% of our terms remained unmapped), but it may be possible to improve on this figure by use of the Semantic Lexicon. The Metathesaurus also contains the information necessary to construct a browsable SNOMED CT hierarchy. Together, this mapping and the development of an interface, enabled resources classified according to MeSH to be classified according to SNOMED CT. Presentation of material classified according to a clinical terminology represents a benefit to healthcare professionals.
References [1] [2] [3] [4] [5] [6] [7] [8]
World Health Organisation. International Classification of Diseases (ICD)
(Accessed 17th March 2006) E. Coiera. The Guide to Health Informatics (2nd Edition). Arnold, London, October 2003. Rector AL. Why do we need Medical Terminologies?
(Accessed 17th March 2006) National Library of Medicine. Unified Medical Language System. (Accessed 15th February 2006) Cimino JJ, Min H, Perl Y. Consistency across the hierarchies of the UMLS Semantic Network and Metathesaurus. J Biomed Inform. 2003 Dec; 36(6):450-61. Caviedes JE and Cimino JJ. Towards the development of a conceptual distance metric for the UMLS. J Biomed Inform. 2004 Apr; 37(2):77-85. National Library of Medicine. Introduction to MeSH. (Accessed 15th February 2006) National Library of Medicine. Medical Subject Headings – Files Available to Download. (Accessed 15th February 2006)
J. Robinson et al. / Using UMLS to Map from a Library to a Clinical Classification
[9] [10] [11] [12] [13] [14] [15] [16] [17]
95
NHS Connecting for Health. SNOMED Clinical Terms. (Accessed 16th February 2006) SNOMED International. SNOMED CT. (Accessed 16th February 2006) National Library of Medicine. Unified Medical Language System – Accessing UMLS Knowledge Sources. (Accessed 16th February 2006) Primary Care Electronic Library (PCEL). (Accessed 23rd February 2006) PHP: Hypertext Preprocessor (Accessed 22nd February 2006) National Library of Medicine . Unified Medical Language System: section 2: metathesaurus. (Accessed 23rd February 2006) PCEL – SNOMED CT Directory: Top Level (Accessed 6th March 2006) Sample mapping between MeSH and SNOMED CT using the UMLS Metathesaurus (written in PHP). (Accessed 6th March 2006) Wyatt JC. Knowledge management and innovation in medicine: how to go beyond practice guidelines? Advances in Clinical Knowledge Management April 2002 vol 5. < http://www.openclinical.org/docs/ ext/workshops/ackm5/absWyatt.pdf> (Accessed 6th March 2005)
96
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Methodological issues for the information model of a knowledge-based telehealthcare system for nephrology (Nefrotel) 1 Manuel Prado a,2 , Laura M. Roa a and Javier Reina-Tosina b a Biomedical Engineering Group, University of Seville, Spain b Signal Theory and Communications Group, University of Seville, Spain Abstract. Several studies point out the paradox that classic telemedicine by which doctor interacts remotely with patients in real-time is disappearing despite it has not been widely adopted yet. Many cues indicate that health information technologies will be finally adopted because of the growth in health expenditure and the emerging healthcare challenges. Notwithstanding, a detailed analysis of the referred concern has led us to propose a shift in the paradigm of telemedicine systems. This paper presents the major methodological issues of the information model of a novel telehealthcare system for nephrology (Nefrotel) which supports the cited shift in the paradigm. With this objective, we first revise the technological requirements of the database of Nefrotel, and second analyze the current scenario of health information model standards. Our study has shown that it is possible to ensure the compliance and evolution of Nefrotel with information model standards, maximizing its interoperability. Keywords. Telehealthcare, Information models standards, Scadas, databases, Physiome, Knowledge generation
1. Introduction Despite the huge investments performed on health information technologies (HIT) as a support for an adequate implementation of telemedicine and e-Health services, scarce advances have been produced in their adoption [1]. A complete analysis of the causes for this scenario is very complex and falls outside the scope of this paper. Notwithstanding, we need to summarize several reasons that to the best of our knowledge are key to understand this situation. We think that it is noteworthy to point out here several of the major 1 This work was partly supported by the Spanish National Board of Biomedical Research (I.S. Carlos III, FIS), under Grant PI04068, and Dirección General de Investigación, Tecnología y Empresa under Grant TIC 314. 2 Correspondence to: Manuel Prado, Grupo de Ingeniería Biomédica, Escuela Superior de Ingenieros, Camino de los descubrimientos s/n, 41092, Sevilla, Spain Tel.: +34 637124960; Fax: +34 954487340; Email:[email protected].
M. Prado et al. / Methodological Issues for the Information Model
97
findings of the recent report May et al. [2]. Regarding telemedicine as a means to interact remotely with patients in real time, or to review and evaluate patients asynchronously, the report concludes that this innovative health technology is disappearing, being displaced by more routine telecare and telehealthcare. This claim must be connected with the fact that still there is no formal structure of governance and accountability for this complementary healthcare model, and with the dispersion and diffusion of clinical risk to a wider context that includes social and organisational elements. Although that report was mainly based on United Kingdom (UK) data, the conclusions and analysis can be extrapolated to the international context. The gap between the promises of telemedicine and the reality of its implantation has been pointed out by different authors [2,3,1]. In opposition to this perspective, several companies are developing and starting to sell telemedicine systems to private and even public health insurance companies, because of the huge expected revenues. Unfortunately, the majority of these systems are far away from the telemedicine cutting-edge. Their major shortages are the lack of true interoperability and implementation of standards, and the delivery of a poor subset of the functions that telemedicine is able to provide. This is not singular since many international research studies fail to overcome such deficiencies [4]. Considering that telemedicine emerged as a promising concept in healthcare more than 20 years ago, as well as the high potential of this research area to give solutions to the many challenges of a globalized world [5,6,7], this scenario is not very encouraging. However, on the one hand, the patient-physician interaction model, classically represented by a teleconsultation, which has been considered a paradigm of telemedicine and this way characterizes the disappearing telemedicine in the words of May et al. [2], does not provide benefits in an universal context, but for particular medical services. The universal distributed doctor-patient interaction picture has been shifted towards a more complex interaction network among a wider range of actors, involving professional users such as physicians, nurses, carers, or medical suppliers and patients. Moreover, the complexity and heterogeneity of clinical environments compels to integrate telemedicine services into the organisational workflow, following the information lifecycle management, which is well-known in software engineering [8], and certainly the particular know-how and policy of medical services and healthcare centers. The difficulty to accomplish this task stems as a clear cause for the delay in a generalized adoption of telemedicine. On the other hand, it seems clear that HIT will be finally adopted because of the current growth in health expenditure and emerging healthcare challenges like chronic pathologies, aging, degenerative disorders and worldwide spread of infectious diseases [1]. However, to the best of our knowledge, the classic telemedicine paradigm focused on the remote healthcare of the patient and on the access to classical data into electronic health records, undervalues the true potential of HIT. Current medical knowledge managed by medical staff is given by a complex set of data organized according to a particular semantic that is related to a pursued objective and to the area of medical specialization. A pattern of information is called archetype or template (tree of archetypes) in current electronic health record (EHR) standards [9]. Despite the electronic management and storage of medical information is a great advancement for healthcare professionals, the type of medical information accessible to the expert is the same as in common paper-based and centralized healthcare.
98
M. Prado et al. / Methodological Issues for the Information Model
We have shown recently that health information technologies are able to provide personalized and adaptive knowledge concerning a patient in a manner which cannot be accomplished by the ordinary healthcare model nowadays [10,11,7]. The distinguishing characteristics of this type of knowledge are the capability to supervise in a personalized way non-monitored variables, the temporal reconstruction of sampled biomedical variables, the temporal correlation among all supervised variables and parameters, both device and patient-related, the access to the dynamics of the supervised system, that is, to the relationships time-variable, and the feasibility of short-time predictions and accordingly the detection of events before their occurrence. The viability of a telehealthcare system for nephrology based on that personalized knowledge-based methodology (Nefrotel) has already been shown [7]. Nefrotel is founded on the previous Virtual Center for Renal Support (VCRS) project, whose methodological basis was published in 2002 [10], and shares goals with the USA Physiome project and the recent European Strategy (STEP) [12,13]. This paper presents technological and methodological issues associated with the information model of Nefrotel. The paper is organized as follows. The next section provides the technological approach to the database (DB) model of Nefrotel that fulfils the required computational performance specification. The two subsequent sections describe the methodological approach used to make the DB model compatible with EHR and Medical Information Bus (MIB) standards. The ultimate goal of these standards is to achieve the full interoperability of the system, both at the functional and semantic levels. This feature is an interesting added value for any type of information system, but it is a necessary requirement in telemedicine and e-health, on account of the heterogeneity of medical services, policies, and needs of physicians and patients. 2. Technological approach of the database model of Nefrotel Nefrotel is a telehealthcare for nephrology that emerges as an evolution of a previous prototype called VCRS [11] to take into account the advances in the deployment and reliability of communications services, as well as in computational technologies. The major differences between VCRS and Nefrotel are firstly, the migration of the X.25 network towards an IP network with MPLS (MultiProtocol Label Switching) and DiffServ (Differentiated Services) quality of service (QoS) mechanisms [14], defined by working groups of the IETF (Internet Engineering Task Force), and secondly, the selection of the .NET framework [15] based on the open source project MONO [16]. This project was able to emerge thanks to the release of the Common Language Infrastructure (CLI) of the .NET framework of MicrosoftTM as an ECMA international standard. Accordingly, MONO merges the cross-language approach of .NET framework with the cross-platform approach of MONO open project, allowing the deployment of Nefrotel on different operating systems, such as Linux, Windows, and several UNIX distributions. This sum of cross-platform and cross-language capabilities was conclusive for the decision of choosing the MONO open .NET against Java 2 Platform Enterprise Edition (J2EE) [17], due to the better performance of the first one [18]. A more exhaustive description of the technology of Nefrotel can be seen elsewhere [10,11], since this exceeds the scope of this paper. The description that follows pursues to provide a sufficient comprehension of the system focused on a subsequent analysis of the information management.
M. Prado et al. / Methodological Issues for the Information Model
99
Figure 1. Simplified block diagram of Nefrotel. Blocks involved with the information model are shadowed. The three scenarios are wrapped by dashed rectangles. The acronyms are defined in text.
Nefrotel is organized in three different scenarios, which are the point of care (POC), the professional user interfaces (PUI), and the telehealthcare center (THCC). These are presented by means of dashed-line bounded rectangles in the simplified block diagram of Figure 1. Data are processed in a distributed way by three main subsystems, a smart and adaptive sensor layer, a patient physiological image (PPI) layer, and finally, a clinical and technical decision & analysis support layer. The first two of them generate the advanced knowledge of each patient indicated in the Introduction [7]. Figure 1 presents the main processes involved in each scenario, shadowing those ones that manage each viewpoint of the information model in Nefrotel. The ability to acquire real-time monitoring data and generate real-time knowledge by means of the smart sensors and especially the PPIs, pushed a convergence between some technical specifications of Nefrotel and modern Supervisory control and data acquisition systems (Scadas). This concept was briefly mentioned in [10]. Moreover, Nefrotel can compare monitored biosignals taken from the patient, as well as variables acquired from therapeutic devices, with their images computed by means of mathematical dynamics models, in a similar way to the modern performance evaluation tools of engineering plants. Summarizing, the THCC of Nefrotel shares some important functions with Scadas, including the preprocessing of signals, both monitored and computed by the PPIs virtual field, the management of alarms, etc. This approach can be better understood if we consider the evolution of Scadas from the end of the 80’s, when they had been properly developed and deployed in many in-
100
M. Prado et al. / Methodological Issues for the Information Model
dustrial plants, up to nowadays, due to the internet revolution. The matureness of Scadas in the 80’s is clearly shown by a review of Gaushell and Darlington [19]. That work also presented the trends toward using graphic human-machine interfaces, the miniaturization of remote terminal units (equivalent to the remote access unit (RAU) in the Nefrotel POC), the advances in distributed processes, and in modular software. The state of the art of the present Scadas can be seen in a recent paper by Li et al. [20], which demonstrates the strong convergence between Scadas and telehealthcare systems nowadays. This convergence includes even the utilization of the same development tools in some particular cases. A frequent example is given by LabVIEW from National Instrument, a widelyused software programming package for supervision and control systems. Certainly, the many advantages of Web-based supervision and monitoring systems, including both industrial Scadas and telehealthcare systems, have their counterparts, being the security and confidentiality of data one of their most significant risks [21]. In agreement with this analysis, we have used a design methodology for the DB model of Nefrotel based on Scada concepts. The Figure 1 shows the assistance Nefrotel DB in a central shadowed block within the THCC scenario. We must note the existence of a second DB in Nefrotel, which supports the research in physiology and pathophysiology by means of multiscale and reusable mathematical models, as described in [10]. This second DB is not presented in Figure 1. As indicated in the aforementioned shadowed block, the DB is divided into two DB management systems. The first one follows an object-relational database model (ORDB), supported by PostgreSQL [22], whereas the second one is a real-time data management system that works with shared memory tables. The latter is a native code-based system programmed by the Biomedical Engineering Group on a Linux (Debian) platform. This design emerged from the fact that although relational and object-relational model-based databases provide a very rich set of functions for the processing and permanent storage of data, they are not designed for real-time operation. Accordingly, SCADA systems were supported initially on memory-resident tables that were loaded during the start-up of the application, and kept simple relationships between their records, such as horizontal concordance. Nowadays, there are commercial streaming databases that come integrated with some SCADA programming tools, for example the LabVIEW Datalogging and Supervisory Control (DSC) [23]. However these solutions are not proper in our context, because they compel to use proprietary systems. There are very few general commercial solutions for real-time databases. We can cite here the Raima DB Manager from Raima UK, or the Streambase, which is a very recent technology (and company) in development from Zdonik and Stonebraker. The last one was also behind the design of PostgreSQL. Due to the cost and even immaturity of some of these few commercial options, we have conceived a hybrid approach to this problem, as suggested in Figure 1. All requests to the Nefrotel DB are managed by processes running into the same server that Nefrotel DB. This way, they are routed to the real-time data manager or to PostgreSQL according to their type. Data in shared-memory tables stream to PostgreSQL both in a periodic and event-driven way. This approach takes advantage of the rich set of functions of ORDBMS systems, and the fast management of memory variables that is needed for real-time monitoring systems and PPIs.
M. Prado et al. / Methodological Issues for the Information Model
101
3. Succinct analysis of information models in health Information models in telemedicine systems can be classified as pertaining to three spheres, which are the EHR, POC (MIB interoperability), and biomedical signals databases. The ultimate objective of these models is to achieve a true syntactic and semantic interoperability among different telemedicine systems, and their internal components, like medical devices. Although many efforts have been made to develop these standards, there are important lacks at present. This is a key obstacle to the development of research and commercial telemedicine systems. We have analyzed the current scenario of available standards and trends, and defined a methodological approach for the design of the information model of Nefrotel, able to evolve in a seamless way with the evolution of standards. The biomedical signal databases standards define common formats for acquiring and store streaming signals and images, such as ECGs, EEGs, polysomnograms (PSGs), electromyograms (EMGs), pressures, and other biosignals [24]. With the aim of clarifying the scope of these standards, we can refer to the SCP-ECG specification (prEN 1064 prepared by CEN/TC 251) for ECG recordings, in terms of binary resolution, filter specifications, sampling rates, data compressions, annotation codes, and even the handling of images. ASTM 1467 is another important specification for neurophysiology, which adds time stamps or electrode transducer locations, among other attributes and properties, to the digitized biosignal waveforms. This specification states different levels of implementation, ranging from level 1 (most basic) to level 3, which adds standard alphanumeric codes for textual data elements such as diagnosis. ASTM 1467 also defines the format of messages to be exchanged. There are other specifications with a more general purpose, such as EDF (European Data Format), which major characteristic is its simplicity, or FEF (File Exchange Format) for vital signs, which is based on a CEN/TC251 model. This last format is based on sections that follow a hierarchical structure. One of those sections is the demographics, which contains data regarding the patient. There are sections associated to the medical devices used in the recording. The 16-bit codes that encode the measured biosignals, body site locations, and others details are a copy of those in the prestandard ENV 13734, which was prepared in conjunction with the IEEE 1073 project for the MIB. Finally, it is necessary to make a reference to the de facto standard for medical image communications, DICOM (Digital Imaging and Communications in Medicine). This standard began to be developed in 1983, that is, before the boost of technologies based on Web services and XML [9]. In summary, the standards (and prestandards) for biomedical signal databases provide the way in which many types of biosignals, usually associated with waveforms and images, could be stored and exchanged. Many of these formats began to be defined before 1990, pushed by the revolution of HIT as a support for telemedicine. However, the evolution of HIT standards during the last years has given emphasis mainly to the EHR and secondly to the MIB, in such a way that many of the previous biomedical signal databases formats have been used as a basis. For example, the SCP-ECG has been used as one of the many starting points of the IEEE 1073 (MIB Standards in POC) [25], and the ASTM was prepared in cooperation with HL7 (Health Level Seven ANSI standard for EHR) [24]. Other biomedical signal databases formats are being extended to be incorporated to the EHR standards. This is the case of DICOM, which has produced at least two DICOM-based EHR standards, WADO, and DICOM Structures Reporting [9].
102
M. Prado et al. / Methodological Issues for the Information Model
Concluding, the biomedical signal databases formats seem to occupy an intermediate place that overlaps with EHR and MIB, which are analyzed now. The electronic health record or EHR refers to any type of digitally stored health care information about a subject. There are many definitions of EHR, but we think that it is hardly useful to limit the meaning of this concept by a more restrictive statement. The EHR includes observations, test results, diagnostic reports, therapies, pathologies, allergies and naturally, the patient identifying information. According to the nature of their information, the privacy and reliability of EHR containers are critical specifications. Additionally the interoperability among different EHR database systems is essential to give full sense and functionality to the EHR. Unfortunately, achieving the EHR interoperability is much more complicated than the same concept in other engineering areas because of the reasons outlined in the Introduction. There are three international standards working groups currently active related to the EHR, which are ISO/TC215 (International Standard Organization), CEN/TC251 (European Standard Organization) and ANSI HL7. Other important international groups and organizations, like the OMG-HDTF (Object Management Group - Health Domain Taskforce), or the openEHR foundation, have made relevant contributions to EHR standards. These standard organizations and groups are cooperating to harmonize their norms. A description, even short, of these standards exceeds the scope of this paper. We are only interested in showing the major concepts and methodologies involved in the design of the information model of Nefrotel. Thus, although these standards, especially the CEN EN 13606 (also known as EHRcom), and HL7 v3 CDA (Clinical Document Architecture), include security issues, and exchange models (messages and service interfaces), among their subparts, their kernel is given by the information model (IM). Pushed by the openEHR foundation, an independent and non profit community, the IM has evolved towards a two-level modelling paradigm, by which the IM is structured in two layers. The first layer of modelling is denoted as reference model (RM) and defines in a hierarchically way (using inheritance and other relationships) the classes more generic and stable. In opposition, the second level of modelling, or archetype model (AM), describes health concepts much more specific, with a more complex semantic, and for this reason, less permanent. Physicians and other professionals interface with model instances pertaining to this second layer, which are called archetypes and templates (tree of archetypes), by means of software applications. This way, the retrieval and access to laboratory test results, or to measurements associated with any kind of clinical protocol, i.e. blood pressure, are performed through archetypes and templates [9,26]. Of course, this is a very simplified view of this subject. First, because the openEHR paradigm did not emerge from scratch. For example, it should be pointed out that HL7 CDA templates and DICOM Structured Reporting Templates share concepts with archetypes. Second, the relationships and collaborations among openEHR, CEN, HL7, and even DICOM Structured Reporting are bidirectional. Figure 2 shows a very simplistic diagram with the relationships among the main standards and specifications related to the EHR. We have intentionally left aside the specifications related to images and waveforms of biomedical signal databases, since they can be classified as another group of standards because of the present lack of integration with EHR, as was indicated at the beginning of this Section. Certainly, the concept of archetype as the information viewpoint front-end to the professional user is a good method to provide the necessary level of structure and seman-
M. Prado et al. / Methodological Issues for the Information Model
103
HL7 v3 (CDA and CMETs) CEN HISA 12967
openEHR
OMG HDTF
EHR Harmonization
GPICs
ISO TS 18308 CEN EN 13606 (EHRcom)
Figure 2. Very simplistic relationships (inspiration, inclusion, and other types of influences) among different standards and specifications. GPIC (General Purpose Information Component), CMET (Common Message Element Type), HISA (Health Information System Architecture).
tic to the knowledge requested by medical services and physicians, keeping the underlying health information stable. We completely, and necessarily, agree with this approach. However, to the best of our knowledge, the IM could be considered simply as an organization model of health information in such a way that there is a growing semantic gradient from basic data types towards the more complex top layer, which is the archetype. This model combines inheritance with other relationships among classes. Accordingly, we consider unnecessary to define the IM as a two-level modelling paradigm. The POC defines the third sphere where it is required the compliance with standards that guarantees the full interoperability among medical devices. This subject is a longtime concern in telemedicine area. The first project of standardization began around 1990 and was known as MIB. It is now called IEEE 1073/ISO 11073, and much work is still pending. This project is divided into three key series. The ISO/IEEE 11073-1xxxx series defines the device data and semantics, the ISO/IEEE 11073-2xxxx addresses aspects related to general communication services, and finally the ISO/IEEE 11073-3xxxx is related to the transport layer. Despite the huge work pending, many particular standards associated with PARs (Project Authorization Requests) included in IEEE 1073 / ISO 11073 already have accessible drafts. In addition, the methodology is based on the specialization of devices for attending particular domains. For example, the ISO 11073-10316 norm related to dialysis devices / renal intensive care systems is based on the specialization of other medical devices that follow IEEE 1073 norms, like infusion devices, or blood pressure monitors. This methodology is stated in norms such as ISO 11073-10300 that explores the framework and overview of device specializations, or ISO 11073-10201 that describes the domain information model. In addition, the IEEE 1073 PARs emphasize current relevant aspects in the POC, as the security and reliability of RF wireless networks, which are acquiring high relevance in ubiquitous patient monitoring. It is noteworthy to accent that many of these IEEE 1073 PARs do not begin from scratch but from previous specifications, like for instance some of the biomedical signal database formats. Another challenging objective defined by this project is the seamless integration of richer information, like waveforms or images, into EHR model information standards. This line is being explored by the Integrating the Healthcare Enterprise (IHE)
104
M. Prado et al. / Methodological Issues for the Information Model
initiative supported by 35 companies, whose objective is to improve the way computer systems in healthcare share information [27].
4. Methodological approach to the IM of Nefrotel The analysis presented in the previous sections was the basis for the design of a methodological approach for an information model that guarantees the ability of Nefrotel for adapting to the evolution of standards, due to the immaturity of many of them. This IM is distributed over the tree scenarios of Nefrotel: POC, PUIs, and THCC. This is illustrated by the three groups of shadowed blocks in Figure 1. The smart sensor layer in the POC side of Nefrotel is composed of several sublayers of sensors that process signals in a distributed manner and send the resulting data with different levels of semantic and complexity to the RAU [7]. This architecture properly matches the different device profiles defined by the IEEE 1073 standard. The conversion of our current proprietary protocol to IEEE 1073 message syntax will be performed by means of black boxes coded into the microcontrollers included in all the smart sensors of Nefrotel. The ability of these smart sensors to modify the firmware with the aim of adapting to new processing algorithms will be used to follow seamlessly the evolution of the IEEE 1073 standard drafts as necessary, modifying the internal code of the cited black boxes. The remaining parts of the IM are the data model (DM), which is implemented into the hybrid assistance Nefrotel database model, and the RM together with the AM (RMAM), which is implemented into the PUI. According to the analysis of the previous section, we refer to the latter as the ARM (archetype-reference model) emphasizing the disputable concept of two-layer paradigm. The basic types and classes of the hybrid Assistance Nefrotel database model are defined in such a way that their size and precision allow the generation of data files compliant with the biomedical signal database formats. This is an easy requirement that allows the exchange of biosignal data by means of the exporting functions implemented in Nefrotel. In agreement with [9] the DM is independent of the ARM. This is achieved by using a mapping process resident in the application server, according to the multitier architecture of Nefrotel (see Figure 1). The parsing and building of the mapping function is performed on-the-fly, although some structures are kept in cache to improve the computational efficiency. The ARM is implemented in the PUI applications, as indicated in Figure 1. Differences among reference models of different EHR standards suppose an important issue to achieve a true interoperability among PUIs based on different standards and the telehealthcare center of Nefrotel. To overcome this inconvenience, the PUI adds a conversion layer between the ARM used in the front-end and a neutral ARM that addresses the requests to the application server. We have selected the openEHR ARM as a neutral model because it provides the specifications of health information systems by way of formal, object-oriented models, by means of textual expressions that ensure the validity of the specification. The specification models are supplied in various implementation technologies (Implementation Technology Specifications or ITS), which are generated as views from those textual primary expressions of the models [28]. We have selected Eiffel as development language because it closely approximates UML 2.0, attends to OCL (object constraint language) and is the primary expression of the openEHR models [28]. In this
M. Prado et al. / Methodological Issues for the Information Model
105
sense, the openEHR Eiffel ITS does not have any semantic difference with respect to the published specification. In addition the selected ISE Eiffel 5.6 development environment is a free (for non-commercial use) IDE that runs in Windows and Linux, generates both C++ and MSIL (.NET bytecode) and adds other important characteristics compatible with the technical approach of Nefrotel described in Section 2. Another practical advantage is the possibility to use the Eiffel implementation of the openEHR reference model in Nefrotel, speeding up the development. Finally, the archetypes are effectively used to constraint and validate data inputs proceeding from clinical protocols and manual inputs in PUIs, in agreement with the third formal principle of the archetype model [29]. However, they are not used to constraint or validate automatic monitoring inputs, except when these are associated with a clinical protocol. This is due firstly to its influence on the computational efficiency, and secondly because constraining inputs from monitoring data with an archetype instance that has a dynamic nature by definition is questionable practice.
5. Summary and conclusions After a short analysis regarding the reasons why telemedicine continues with a very limited deployment after more than two decades of advances and research, we have briefly described some technical issues concerning a telehealthcare system for nephrology (Nefrotel) that provides an advanced supervision of the assisted user. To the best of our knowledge this type of supervision cannot be performed by the ordinary healthcare system nowadays, and it could help to speed up the implementation of telemedicine. The paper has been devoted to present the major methodological issues of the IM of Nefrotel. With this objective, we have firstly revised the technological requirements of its database, and secondly the current scenario of health information model standards. Our major conclusion is that it is possible to ensure the compliance of Nefrotel to IM standards, maximizing the interoperability and facilitating the evolution for attending to the development of new IM specifications.
Acknowledgements We are grateful to Profa. Isabel Román Martínez for her useful comments regarding the EHR standards, and to the undergraduated student Francisco Marchena for his work reviewing the current deployment of telecommunication networks in Spain.
References [1] Peter G. Goldschmidt. HIT and MIS: implications of health information technology and medical information systems. Commun. ACM, 48(10):68–74, 2005. [2] Carl May, Maggie Mort, Frances Mair, and Tracy Finch. Telemedicine and the ’Future Patient’? Risk, Governance and Innovation. Technical Report Project ref : L21825 2067, Economic & Social Research Council, 2005. [3] H. Tanriverdi and C.S. Iacono. Diffusion of telemedicine: a knowledge barrier perspective. Telemedicine Journal and e-Health, 5(3):223–44, 1999.
106
M. Prado et al. / Methodological Issues for the Information Model
[4] Sabine Koch. Home telehealth–Current state and future trends. International Journal of Medical Informatics, In Press, 2006. [5] A. Marsh. The creation of a global telemedical information society. International Journal of Medical Informatics, 49(2):173–93, 1998. [6] Reinhold Haux. Health information systems - past, present, future. International Journal of Medical Informatics, In Press, 2006. [7] Manuel Prado, Laura M. Roa, and Javier Reina-Tosina. Viability study of a personalized and adaptive knowledge-generation telehealthcare system for nephrology (NEFROTEL) (submitted). International Journal of Medical Informatics, 2006. [8] Stephen T. Albin. The Art of Software Architecture: Design Methods and Techniques. John Wiley & Sons, Indianapolis, Indiana, 1st edition, 2003. [9] Marco Eichelberg, Thomas Aden, Riesmeier Jörg, Asuman Dogac, and Gokce B. Laleci. A survey and analysis of Electronic Healthcare Record standards. ACM Comput. Surv., 37(4):277–315, 2005. [10] Manuel Prado, Laura Roa, Javier Reina-Tosina, Alfonso Palma, and José A. Milán. Virtual Center for Renal Support: Technological Approach to Patient Physiological Image. IEEE Transactions on Biomedical Engineering, 49(12):1420–1430, 2002. [11] Manuel Prado, Laura Roa, Javier Reina-Tosina, Alfonso Palma, and José A. Milán. Renal telehealthcare system based on a patient physiological image: a novel hybrid approach in telemedicine. Telemedicine Journal and e-Health, 9(2):149–165, 2003. [12] Dao Ngon, J. McCormick Patrick, and C. Forbes Dewey. The human physiome as an information environment. Annals of Biomedical Engineering, 28(8):1032, 2000. [13] STEP: a Strategy for The EuroPhysiome (http://www.biomedtown.org), 2006. [14] José Antonio Adell, José Enrique Gabeiras, Carmen de Hita, José Jiménez, Jesús Felipe Lobo, José Antonio Lozano, Enrique Menduiña, Salvador Pérez, Carlos Plaza, and Wsewolod Warzanskij. Las telecomunicaciones de nueva generación (new generation of telecommunications). Telefónica I+D, 1st edition, 2005. [15] Microsoft .NET technology (http://www.microsoft.com/net), 2006. [16] Mono Project: open initiative version of the Microsoft .NET development platform (http://www.mono-project.com/), 2006. [17] Java 2 Enterprise Edition(J2EE) - http://java.sun.com/j2ee, 2006. [18] Web Services Performance: Comparing Java 2 Enterprise Edition (J2EE platform) and the Microsoft .NET Framework. A Response to Sun Microsystem’s Benchmark. Technical Report http://www.gotdotnet.com/team/compare, Microsoft Corporation, 2004. [19] Dennis J. Gaushell and Henry T. Darlington. Supervisory control and data acquisition. Proceedings of the IEEE, 75(12):1645–1663, 1987. [20] Duo Li, M. Kiuchi, and Y. Serizawa. Concept design for a web-based supervisory control and data-acquisition (scada) system. In IEEE PES Transmission and Distribution Conference, pages 32–36, 2002. [21] Supervisory Control and Data Acquisition (SCADA) Systems. Technical Report Technical Information Bulletin 04-1, National Communications System, 2004. [22] PostgreSQL - Object-Relational DBMS (http://www.postgresql.org/), 2005. [23] Developing Data Logger Applications with LabVIEW (http://zone.ni.com/devzone/conceptd.nsf/webmain/), 2006. [24] A. Värri, B. Kemp, T. Penzel, and A. Schlögl. Standards for biomedical signal databases. IEEE Eng. Med. Biol. Mag., 20(3):33–37, 2001. [25] Christoph Zywietz, Ricardo Ruiz Fernandez, Franco Chiarugi, Catherine Chronaki, Fabrizio Conforti, and Alberto Macerata. WP-4 Certification and Conformance Testing. OpenECG Certification and Conformance Testing Process. Technical Report OpenECG-WP4-D.4.1, OpenECG Consortium, 2003. [26] T. Beale, S. Heard, D Kalra, and D Lloyd. The openEHR Technical Roadmap. Technical Report Rev 1.5, OpenEHR Foundation, 12 Feb 2005 2005.
M. Prado et al. / Methodological Issues for the Information Model
107
[27] The Key to Integrated Systems: IHE Integration Profiles (http://www.ihe.net/), 2003. [28] T. Beale. The openEHR Modelling Guide. Technical Report Rev 1.2.1, OpenEHR Foundation, 24 Feb 2005 2005. [29] T. Beale and S. Heard. Archetype Definitions and Principles. Technical Report Rev 0.6, OpenEHR Foundation, 14 March 2005.
108
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
HEARTFAID: A Knowledge Based Platform of Services for Supporting Medical-Clinical Management of Heart Failure Within Elderly Population Domenico Conforti a,1, Domenico Costanzo a,2, Francesco Perticone b,3, Gianfranco Parati c,4, Kalina Kawecka-Jaszcz d,5, Andrew Marsh e,6, Christos Biniaris e, Manolis Stratakis f,7, Riccardo Fontanelli g,8, Davide Guerri g,9, Ovidio Salvettish,10, Manolis Tsiknakis i,11, Franco Chiarugi i,12, Dragan Gamberger j,13 and Mariaconsuelo Valentini k,14 a University of Calabria, Department of Electronics, Informatics, Systems (DEIS), Italy b University “Magna Graecia” of Catanzaro, Department of Experimental and Clinical Medicine, Cardiovascular Diseases Division, Italy c University of Milano “Bicocca”, Department of Clinical Medicine, Cardiology Unit, Italy d Jagiellonian University Medical College, I Cardiac Dept., Poland e Virtual Medical World Solutions Ltd, United Kingdom f Hellenic Telecommunications and Telematics Applications Company S.A., Greece g Synapsis S.r.l., Italy h Consiglio Nazionale delle Ricerche – Istituto di Scienza e Tecnologie dell’Informazione, Italy i Foundation for Research and Technology – Hellas, Greece j Rudjer Boskovic Institute, Department of Electronics, Croatia k Istituto Auxologico Italiano, S. Luca Hospital, Department of Cardiology, Italy Abstract. HEARTFAID is a research and development project aimed at devising, developing and validating an innovative knowledge based platform of services, able to improve early diagnosis and to make more effective the medical-clinical management of heart diseases within elderly population. Chronic Heart Failure is one of the most remarkable health problems for prevalence and morbidity, 1
[email protected] [email protected] 3 [email protected] 4 [email protected] 5 [email protected] 6 [email protected] 7 [email protected] 8 [email protected] 9 [email protected] 10 [email protected] 11 [email protected] 12 [email protected] 13 [email protected] 14 [email protected] 2
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
109
especially in the developed western countries, with a strong impact in terms of social and economic effects. All these aspects are typically emphasized within the elderly population, with very frequent hospital admissions and a significant increase of medical costs. Recent studies and experiences have demonstrated that accurate heart failure management programs, based on a suitable integration of inpatient and outpatient clinical procedures, might prevent and reduce hospital admissions, improving clinical status and reducing costs. HEARTFAID aims at defining efficient and effective health care delivery organization and management models for the “optimal” management of the care in the field of cardiovascular diseases. The HEARTFAID innovative computerized system will improve the processes of diagnosis, prognosis and therapy provision, providing the following services: • electronic health record for easy and ubiquitous access to heterogeneous patients data; • integrated services for healthcare professionals, including patient telemonitoring, signal and image processing, alert and alarm system; • clinical decision support in the heart failure domain, based on pattern recognition in historical data, knowledge discovery analysis and inferences on patients’ clinical data. The formalization of the pre-existing clinical knowledge and the discovery of new elicited knowledge represent the core of the HEARTFAID platform.
1. Introduction HEARTFAID project aims, fundamentally, to devise, design, develop and deploy advanced and innovative computerized systems and services that, by collecting, integrating and processing all relevant biomedical data and information, are able to improve medical knowledge and make more effective and efficient all the processes related to diagnosis, prognosis, treatment and personalization of health care of the Heart Failure (HF) elderly patients. This general goal will be achieved by: • developing an innovative technological platform for informative and decision support, which can make the procedures of diagnosis, prognosis and therapy more effective and reliable for the patient and optimal in the use of medical and clinical resources. This platform, by exploiting innovative results on computational modelling, knowledge discovery methodologies, visualization and imaging techniques, and using the medical knowledge of the relevant domain, is able to effectively integrate and process biomedical data and information at different levels of structure; • defining new health care delivery organization and management models for the relevant domain, which may result in more effective and efficient use of the needed total resources (health care operators, health care equipments, financial resources). It is now evident, in fact, that the HF elderly patients demand for an effective and integrated disease management program, which should be able to: • Improve indices of health-related quality of life. This could be achieved by: o making more effective, appropriate and personalized the therapeutic treatment; o realizing a real-time monitoring and assistance of the HF patient, in order to reduce the risk for adverse events.
110
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
•
Control and reduce the overall economic and social costs of medical care, by decreasing the frequency of hospital admissions. In order to fully achieve these results, an effective an efficient HF management program basically requires the identification, collection, integration and processing of a huge and complete amount of biomedical data and information from the patient on several levels: molecular, cellular, tissue, organ and personal/clinical levels (relevant signs and symptoms, anamnesis, risk factors, life style). In particular, the early detection of HF related signs and symptoms and the appropriate identification and acquisition of biomedical data from myocardial tissue and organ, may contribute to delay the hospitalization and to improve both the quality of life and survival in pathologic patients. Moreover, a better knowledge of HF patients, achieved through the collection of biomedical data on personal/clinical level, gives the possibility to personalise and improve the effectiveness of the therapies. The main objectives of a HF therapy can be summarised as follows: slow down the progression of the disease, alleviate symptoms, minimize risk factors. Under this respect, the current availability of several advanced mathematical and information technologies (Knowledge Discovery and Machine Learning, Mathematical Programming and Statistical Inference, Wearable Sensors, Wireless Communication, Data Base, Data Warehouse and Decision Support Systems), and the high potentiality of problem representation and solution which characterize the models and the methodologies of the Decision Science, represent a driven force for improving and making more efficient, effective and accurate all the medical and clinical activities within the HF domain. Finally, new advances in genomics and proteomics research related to HF, potentially allow, by acquiring relevant biomedical data on molecular and cellular level, a better understanding of the pathophysiology of HF, a very early detection of the disease, the development of new treatment strategies, based on individualized gene and cell-based therapies. On this basis, HEARTFAID will devise, develop and validate an advanced and innovative technological platform of services and end-user applications that will contribute to optimize the clinical management of HF and to reduce the economic and social costs, by collecting, integrating and processing all types of the above mentioned biomedical data and information. The HEARTFAID platform will act as an informative and decision support infrastructure, on the basis of which efficient and effective health care delivery organization and management models and new clinical approaches could be potentially defined and developed. The HEARTFAID platform will be an effective distributed and heterogeneous infrastructure and its core will be implemented with a multi-functional middleware layer. This layer will be, in fact, responsible for the data exchange among the different platform modules and for guaranteeing the interoperability both inside the platform and with the external end-user world. In addition, this layer will certify that all the incoming, outgoing and exchanging information are compliant with the data representation standards, as well as all the communications performed among the internal systems of the platform and the external applications reflect the HL7 requirement. The middleware will be implemented using standard interoperability tools and that will do the distributed HEARTFAID platform easily portable on GRID enabling infrastructure. All the functionalities and services provided by the HEARTFAID platform will be developed and implemented respecting the aspects of
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
111
security and privacy of the data and information about the patients. In particular, the following key issues have been identified and will be addressed during the project implementation phase: authentication, confidentiality, integrity and non-repudiation of the data. In terms of health care delivery, the HF platform of services aims to support a patient centric management program, which will be organized by the suitable involvement and competence integration of different health care environments and operators, as shown in Figure 1: • Home Care environment: the patient himself and his family are considered as active users. • Primary Care environment: interaction between the patient and the practitioner. • Ambulatory with internist physicians and professional nurses working on the territory. • Hospital including cardiology, geriatric and internist medicine wards.
Home Care
HF Patient
Primary Care
Ambulatory
Hospital
Figure 1 – The patient centric vision of HEARTFAID
2. Heart Failure Medical Domain HF is a disorder caused by the impairment of cardiac function which leads to altered peripheral blood flow especially to the kidney and skeletal muscles [1], [2]. It should be mentioned however that in the pathogenesis of HF participates not only the haemodynamic impairment but also takes place the activation of number of neuroendocrine systems including renin-angiotensin-aldosterone system, autonomic system, natriuretic peptides and inflammatory processes.
112
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
Various classifications for HF as a syndrome are utilized both in the research protocols and clinical practice [3]. Nevertheless the most common form of HF remains the congestive HF (CHF) often punctuated by acute exacerbations. Right and left HF refer to syndromes presenting predominantly with congestion of the systemic or pulmonary veins, respectively. The terms do not necessarily indicate which ventricle is most severely damaged. Most HF is associated with evidence of left ventricular systolic dysfunction (systolic HF) [4]. Diastolic heart failure is diagnosed when symptoms and signs of HF occur in the presence of normal ejection fraction in echocardiography. As it is a complex syndrome many definitions of CHF exist, however none of them is considered as entirely satisfactory. For practical reasons the actual ESC Guidelines [3] for the diagnosis of HF require the presence of symptoms of HF typically breathlessness or fatigue, either at rest or during exercise, or ankle swelling and objective evidence of cardiac dysfunction at rest preferably by echocardiography. Despite the wide variation in the reported prevalence of HF (undoubtedly caused by differing research methods, in addition to inherent differences in the sociodemographic and risk factor profiles of study cohorts), overall data demonstrate that the prevalence of clinically overt HF increases considerably with age and that the prevalence of HF has increased over the past few decades [5], [6], [7]. In the United States (American Heart Association, 2001) 5 million patients have HF, and nearly 500000 patients are diagnosed with HF for the first time each year [8]. The disorder is the underlying reason for 12 to 15 million office visits and 6.5 million hospital days each year. During the last 10 years the annual number of hospitalizations has increased from approximately 550000 to nearly 900000 for HF as a primary diagnosis and from 1.7 to 2.6 million for HF as a primary or secondary diagnosis. Nearly 300000 patients die of HF as a primary or contributory cause each year, and the number of deaths has increased steadily despite advances in treatment [9], [10], [11], [12]. In Europe (European Society of Cardiology, 2001) almost 10 million patients have HF. Nearly 5 million of these patients will die within 4 years. About 78% of the total patients have at least 2 hospital admissions per year [13], [14]. As far as the diagnosis of HF is concerned, in western developed countries, coronary artery disease, either alone or in combination with hypertension, seems to be the most common cause of heart failure. It is, however, very difficult to be certain what is the primary aetiology of heart failure in a patient with multiple potential causes (for example, coronary artery disease, hypertension, diabetes mellitus, atrial fibrillation, etc). Furthermore, even the absence of overt hypertension in a patient presenting with heart failure does not rule out an important aetiological role in the past, with normalisation of blood pressure as the patient develops pump failure. Even in those with suspected coronary artery disease the diagnosis is not always correct and in the absence of coronary angiography must remain presumed rather than confirmed. In this context, even coronary angiography has its limitations in identifying atherosclerotic disease. Among elderly patients, who are often less intensively investigated, an accurate diagnosis of the presence and aetiology of heart failure is more difficult and obscured by multiple other diagnoses. Systolic hypertension and cardiac hypertrophy, cell loss and fibrosis may be more important causes of heart failure in the elderly and may be more likely to manifest predominantly as abnormalities of diastolic function. The aetiology of heart failure will also depend on ethnic origin, socioeconomic status and geographic location.
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
113
There are some data to suggest that heart failure related mortality is comparable to that of cancer. For example, in the original and subsequent Framingham cohort, the probability of someone with a diagnosis of heart failure dying within five years was 62% and 75% in men and 38% and 42% in women, respectively. In comparison, five year survival for all cancers among men and women in the USA during the same period was approximately 50% [15], [16]. The prognosis of heart failure is uniformly poor. Half of patients carrying a diagnosis of heart failure will die within 4 years and in patients with severe heart failure more than 50% will die within 1 year. Recent studies have confirmed the poor long term prognosis in patients with asymptomatic myocardial dysfunction. Recent studies show that the accuracy of diagnosis by clinical means alone is often inadequate particularly in women, the elderly and the obese. In order to study properly the epidemiology and prognosis and to optimize the treatment of heart failure the uncertainty relating to the diagnosis must be minimized or avoided [17]. In summary, the main issues that specifically characterized the HF medical domain are: • HF represents a major and escalating public health problem. • The overall prevalence of clinically identified HF is estimated to be 3-20 cases/1000 population, but rises to greater than 100 cases/1000 population in those aged 65 years. • The combination of increasing survival post acute myocardial infarction and increased longevity in western developed nations is likely to lead to an increase in the overall prevalence of HF. • The overall annual incidence of clinically overt HF in middle aged men and women is approximately 0.1-0.2%. However, with each additional decade of life there is an approximate doubling of this rate and the incidence of HF in those aged greater than 85 years is approximately 2-3%. • HF hospital admission rates appear to be steadily increasing in all industrialised countries, especially among older individuals. Overall, annual admission rates for 1990 ranged from 10-40 admissions/10 000 population and increased to greater than 75 admissions/10 000 population in those aged greater than 65 years. • The cost of managing HF in the early 1990s was estimated to be 1-2% of total health care expenditure. Because hospital care consumes a significant proportion of this expenditure, and rates of HF related hospitalisation have probably risen, this may be an underestimate of the current cost of HF. The overall activities of HEARTFAID project and its expected results, are potentially able to make some improvements in the HF medical domain. In fact: • the wide clinical application of HEARTFAID platform could turn out in new epidemiological results related to HF; • the knowledge discovery functionalities of HEARTFAID platform are potentially able to induce the discovery of new knowledge in the phisio – pathological processes of HF, especially by integrating and analysing biomedical data from molecular/gene to whole patient;
114
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
•
the application of HEARTFAID platform within clinical settings could allow to devise and implement new and more effective and efficient medical – clinical procedures for the management of HF patients.
3. General Description of HEARTFAID Platform 3.1. Introduction The knowledge-based platform of services proposed in the HEARTFAID project has the main goal to support both decision makers and clinicians operating in the field of heart diseases in the processes of diagnosis, prognosis, treatment and personalization of healthcare assistance to the elderly population. The widespread implementation of the services proposed will guarantee a better quality of life to pathological patients and will also reduce the number of necessary hospitalisations and, consequently, both the social and economical impact on the healthcare system. The achievement of such objective could be possible assuming the following requirements: • supplying availability and easy access to heterogeneous patients data; • common user interface of integrated and easy-to-use services for healthcare professionals; • supplying availability and easy access to formalised clinical knowledge (declarative knowledge, procedural knowledge, and new discovered knowledge). The third point has a crucial importance, as stated in a white paper of OpenClinical [http://www.openclinical.org] web portal: "It is now humanly impossible for unaided healthcare professionals to possess all the knowledge needed to deliver medical care with the efficacy and safety made possible by current scientific knowledge. This can only get worse in the post-genomic era. A potential solution to the knowledge crisis is the adoption of rigorous methods and technologies for knowledge management. (...)". As we have already stated, the HEARTFAID platform will act as an informative and decision support infrastructure, on the basis of which efficient and effective health care delivery organization and management models and new clinical approaches can be defined and developed. In fact, in terms of health care delivery, the management program of pathological elderly patients will be organized by involving and integrating the competences of different health care figures and structures: • Homecare environment with professional nurses, and the patient himself and his family as active users of the solution proposed; • Primary care environment with the involvement of the general practitioners; • Ambulatories, professional nurses, cardiologist and internist physicians operating on the territory; • Hospitals, including internist medicine and cardiology wards.
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
115
Figure 2 shows the overall structure of the health care delivery program. The HF patient is taken into account by several figures working in different health care environments. According to the different characteristics of the environments, the health care operators can collect different type of biomedical data from the patient, can observe the patient using different procedures and exams, can treat the patient at different levels of accuracy. Moreover, these operators can interact, in order to exchange data and information, share decisions and reach consensus on the treatment of the patient. A key issue of the program is the continuous monitoring of the patient at home, aiming at improving the quality of patient care in his own environment patient thus reducing the number of skilled home nursing visits and hospitalization.
3URIHVVLRQDO 1XUVH
3ULPDU\ 'RFWRU
([DPLQHLQ 3ULPDU\ $PE
&DUGLRORJLVW
,QWHUQLVW 3KLV\FLDQ
7DNH&DUHDW +RPH
([DPLQHLQ $PEXODWRU\
+)3DWLHQW
7 DNH &DU HLQ +RVS LWDO
Figure 2 – UML Use-Case Diagram of HEARTFAID Health Care Organization and Management
3.2. HF Technological Domain: State of the Art In terms of scientific and technological advances provides by HEARTFAID, it is worth while to observe that, differently from other previous and current projects on the management of Heart Failure patients, HEARTFAID is specifically characterized by the following potential innovations: • integration of biomedical data, relevant to the medical domain, of different structure and complexity and coming from different and several sources; • integration of several approaches for coding the relevant medical knowledge and extract new knowledge: a knowledge based approach (deductive knowledge) for coding the clinical guide lines and the clinical best practice; a data mining approach (inductive knowledge) for extracting new knowledge from the practical clinical experience represented by suitable sets of cases; • medical decision support level, characterized by functionalities regarding all the clinical management of HF patient: diagnosis, prognosis, therapy planning. In the following, some examples of information and communication technology projects focused on the management of Heart Failure patients is given.
116
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
The listed projects are classified in the following way: • examples of knowledge based systems; • data mining and Heart Failure; • telemonitoring of Heart Failure patients. Examples of Knowledge Based Systems This kind of applications have the aim to support the physicians in the clinical decision making. Usually a Knowledge Based System compares the data of an Electronic Medical Record with the rules contained in a knowledge base; the results of the comparison are used to edit recommendations for the physicians. In this way errors of commission or omission are detected and underlined. One of the first case of DSS developed for the HF patients management has been located in Italy, in the University of Pavia (Italy). [18]. During the experiment the physician received recommendations from a Knowledge Based System about the most appropriate therapy for 20 HF patients. The results of the project showed that DSSs can improve the clinical outcome for the subject affected by Heart Failure. A second example of KBS applied to HF has been implemented at the Indiana University, USA [19]. A large, randomised trial has been conducted on 786 patients, to test the usefulness of a KBS in the HF patients management. The results of the trial did not show any performance improvement for the physician receiving the recommendations about the right therapy choices. In spite of the trial results, the project authors affirm that DSS should be useful in the management of HF patients, may be using a better psychological approach. ITC (Culture Institute of Trento, Italy), is developing a project about information technologies and Heart failure [20]. The general aim of this project is to design, develop and evaluate a computer-based cooperative work framework that embeds innovative knowledge management tools for supporting a guideline-based shared care delivery. The project started three years ago, but no results are known at this moment. Finally, the Australian Government announced in the early 2000 a Decision Support System to help the general practitioners in the management of HF patients [21]. This project consists in a software package for General Practitioners to give access to the most up-to-date medical information for the treatment and prevention of heart failure. Also in this case no results for this project are known. Machine Learning and Heart Failure Machine Learning (ML) is a set of advanced methodologies and tools to discover new knowledge in huge database. In the last years ML has been used also in the health environments, according to the principles of Evidence Based Medicine. The literature reports several Machine Leaning applications in the field of Heart Failure; more exactly these applications are concerned with Prognosis, Diagnosis, Therapy and Text Retrieval. Prognosis assessment [22, 23, 24] Several ML experiments concerned with the prognosis assessment in the field of HF; the aim of these projects has been to develop a decision making model for the right risk stratification of the subjects affected by Heart Failure. The results obtained in each experiment showed a good predictive ability of the obtained models.
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
117
Therapy [25] The National Cardiovascular Centre of Suita (Japan) recently used some techniques of Machine Learning to validate the current therapeutic approach for the management of HF patients. Conclusions: Clinical data mining using Japanese congestive HF patients yielded almost identical data to the results of large-scale trials. Diagnosis [26] The Clinical Decision Making Group at the MIT Laboratory for Computer Science is a research group dedicated to exploring and furthering the application of artificial intelligence to clinical situations. The Heart Disease Program is a computer system with the scope to assist the physician in the task of differential diagnosis, with a diagnostic mechanism that combines probabilistic reasoning in a Bayesian network with the constraints imposed by the severities of the states and the temporal relations of causality. Text Mining and Heart Failure[27] Text Mining has been used by the researchers of the Mayo Foundation to identify the patients diagnosed with congestive heart failure and other related conditions by automatically classifying clinical notes. In this study automatic classifier reached a precision of over 85% on 7620 clinical notes. Telemonitoring of Heart Failure patients The management of subjects affected by HF requires a continuous feedback to assess the patients clinical conditions. In the clinical practice this need is translated in a series of very expensive meetings between physicians and patients. Telemonitoring can help health providers to develop a home monitoring program for HF patients, with a great saving of resource and a better service for the patients. In the following, some examples are reported: • Telehealth system for the monitoring of congestive HF patients: U.O. Medicina Cardiovascolare – Presidio Ospedaliero” M. Bufalini – G. Marconi – Angioloni” ASL Cesena (Italy) [28].This project has been developed during the April 2002 and the May 2003, and it has introduced an innovative model for the management of congestive HF patient. The results of this experiment showed a great improvement of medical outcomes. • Distance information technologies for Home Care (CHS): IST-1999-13352 funded under Fifth Framework Programme [29]. CHS developed a series of personal health services that can be used from home that communicate with the rest of the information infrastructure. These personal health systems have been developed in the areas of diabetes, heart failure and post-trauma patients. The technical infrastructure of the project included also a complex alert system based on Artificial Intelligence. • Chronic disease management of congestive HF via Telemonitoring: Manitoba’s Provincial Contact Centre, Canada [30]. Administered by Manitoba’s provincial contact centre, and developed for the rural zones, this project have the following goals:
118
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
o
Demonstrate Effective Coordination and Integration of Health Care Providers to Manage CHF via Telehealth o Demonstrate Decreased Health Care Usage (ER utilization, Days of Stay, Re-admission Rates) o Demonstrate Improved Health Outcomes/Patient Satisfaction o Demonstrate Patient Acceptance of Telehealth as Means of Access o To carry-out an effective collaborative evaluation of the initiative. The project is still in execution, and no informations are available about results. • COMPASS – HF Study, clinical trial: Medtronic (Orlando, USA) [31]. COMPASS-HF evaluated the use of a new, investigational device, the Chronicle implantable hemodynamic monitor (IHM) that is designed to continuously track intracardiac pressure, body temperature, physical activity and heart rate in patients with systolic and diastolic heart failure. The innovative factor of this study is the use of an internal device to control the emodynamic variables. COMPASS-HF showed that with implantable hemodynamic monitoring clinicians can be alerted to early signs of heart failure deterioration and proactively tailor medical therapy to improve the patient’s condition. 3.3. The Heartfaid Platform: Description The macro components of the HEARTFAID platform are: • Multi-channel data acquisition, • Medical and clinical knowledge generation and management (Knowledge engine), • Decision support services, • Interoperability/Integration middleware and use of clinical data representation and communication standards, • End-user services and applications. Figure 3 shows the interactions among these components by representing the flows of data and information, the roles of the involved actors and the services to be provided to the end-users. The HEARTFAID platform of services will be sustained by the continuous flows of the data acquired from the biomedical devices, and the structured information collected from clinical and medical applications. In particular, the continuous monitoring of the patients on territory allows the health care operators to observe the health status of their patients and to react promptly. The system could perform previsions on the clinical conditions of the monitored patients using historical data contained in the central “Repository” of the HEARTFAID platform, thus allowing the early interventions of the doctors and avoiding, if possible, the hospitalisation of the patient himself.
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
119
Figure 3 – HEARTFAID System Functionalities and Services
The continuous monitoring will be based on the use of wearable devices transmitting biological data such as blood pressure, ECG, glucose levels, and so on. The information acquired by the wearable devices will be transmitted to the HEARTFAID platform using the “Raw Data Transmission Infrastructure” that will implement up to date communication technologies, such as PSTN, GPRS, or UMTS. These data will be then managed by the “Data Management System” that will be in charge to guarantee the adoption of appropriate data codification standards to store the acquired information into the Repository. The complex data acquired within healthcare structures during patient hospitalisation (e.g. structured data produced by the laboratory analysis, unstructured data such as clinical reports, as well as multimedia data such as images or Ultrasound signals) are transferred to the Data Management System using the “Structured Data Transmission Infrastructure” that will implement Bluetooth, Wi-Fi, or Intranet technologies. The Data Management System, the Transmission Infrastructures and the Repository represent the architectural core for data collection, storing and organization. The Repository will be the general data storage component. In particular, it will be composed by one or more physical/virtual databases where data are structured for both transactional applications (e.g. electronic health records) and data analysis in knowledge discovery processes. Any access to the Repository is controlled by the Data Management System that guarantees the use of data coding and communication standards in any information exchange.
120
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
Security and privacy issues will be accurately addressed at both data storage (central repository of the platform) and communication/exchange levels (including Authentication, Authorisation and Data Encryption). Concerning the knowledge generation and management, the “KDD” component has the goal to support the implementation of Knowledge Discovery in Databases processes to extract valid, novel, potentially useful and understandable knowledge from the information acquired during the project lifetime. This component will guide the users through the iterative phases of the process: data preparation, data transformation, data visualization and data mining applying innovative algorithms. The discovered knowledge will be validated by the domain experts and will be opportunely coded in order to extend the “Ontology/Knowledge Base System” (Onto/KB). This component represents the knowledge repository of the HEARTFAID platform, where concepts, constraints and relations, as well as clinical protocols will be formalised in a machine understandable manner. The platform should also allow the user to maintain the knowledge base, i.e. to insert new rules/constraints or to modify/delete existing ones using an editing tool. The Decision support services will be supplied by the DSS component. It will represent the brain of the platform by exploiting the knowledge base in order to perform inference reasoning on the specific patients’ data. The DSS has so the main goal to support the medical personnel in their daily activity. The technological components of the HEARTFAID platform will be integrated to provide the following list of services, which will be exposed by the “Web-Based EndUser Applications & Services” level: • Electronic Health Record • Patient Telemonitoring • Alert and Alarm System • Pattern recognition in historical patients’ data • Signal and image processing • Inferences on patients’ data, using the knowledge base • Knowledge base editing • Support to knowledge discovery analysis 3.4. The Heartfaid Platform: Development Methodologies and Technicques In order to develop an integrated and interoperable system, able to guarantee an umbrella of services that range from the acquisition and management of raw data to the provision of effective diagnostic support to clinicians operating in the field of cardiovascular diseases prevention, we propose a multi-level heterogeneous and distributed architecture. In this way, each level has different responsibilities and provides different functionalities. The levels of the HEARTFAID architecture can be outlined as follows:
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
121
•
Biomedical Data level (Biomedical data collection and transmission): it is the lower level, concerned with the heart failure related biomedical data. This part of the platform is responsible for collecting all data that can be exchanged with the external world, including raw data, structured and laboratories data, non-structured information and multimedia data. • Middleware level (Interoperability/Integration Middleware and Repository): the biomedical data level interacts with the middleware level, which is responsible for the exchange of data among the platform modules and it is charge of guaranteeing the interoperability both inside the platform and outside with the external end-user world. In addition, this level certifies that all the incoming, outgoing and exchanging information, as well as all the communications performed among the internal modules of the platform and between the platform and the external applications are compliant with the standards for clinical data representation and communication. • Knowledge level (Data preparation, Knowledge Discovery in Database and Ontologies): it deals with the management of the domain expertise and knowhow, both explicit (i.e. formal know-how already represented using a formal approach, e.g. a clinical protocol) and implicit (i.e. derived from the daily practice of the clinicians and their experience), as well as with the extraction of novel, useful and non-trivial knowledge from the project repository by using innovative knowledge discovery processes. • Decision Support level (Decision Support System and Signals/Images processing): it provides an effective support to the daily practice of the clinicians in the field of cardiovascular diseases prevention by implementing adequate data processing algorithms, providing guidelines to medical protocols as well as access to the knowledge base, alarms in case of critical situations and diagnostic suggestions. • End-users level: it is the higher level of the platform and interacts with the external users, both human being and software application. This level provides specific services and applications to exploit the functionalities of the developed platform. The scheme of the HEARTFAID architecture is shown in Figure 4.
4. Conclusions In general, in the health care delivery sector, advanced and innovative information technologies enable services to be delivered more efficiently and effectively, as well as new services that correspond to people’s evolving needs and requirements. Typically, the application of quantitative methodologies and advanced ICT tools within medical and clinical settings may contribute to considerable reduction of time and efforts for carrying out the relevant procedures.
122
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
Figure 4 – HEARTFAID Architecture
For the HF medical and clinical domain, information technologies offer new solutions to meet the societal demands and solve societal problems. In fact, the strategic impact of the project proposal mainly regards: • the improvement, in terms of efficiency and effectiveness, of the overall medical and clinical activities and procedures within the relevant medical domain, with the final aims to guarantee a high level of quality of the health care service offered to the patients; • the strong social impact of the obtainable results, by improving the functional status and the quality of life of the patients and decrease the social and economic costs.
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
123
From the medical and clinical impact point of view, it is worth while to remark that chronic diseases within cardiovascular domain are major causes of frailty and disability in late life. Age is the major risk factor for cardiovascular disease. Heart disease and stroke rise steeply after age 65, accounting for more than 40% of all deaths among people age 65 to 74 and almost 60% at age 85 and above. People age 65 and over are much more likely than younger people to suffer a heart attack, to have a stroke, and to develop coronary heart disease and high blood pressure leading to heart failure. Cardiovascular diseases are also major causes of disability, limiting the activity and eroding the quality of life of millions of older people each year. Heart failure is primarily a disease of the elderly. Approximately 6% to 10% of people older than 65 years have HF, and approximately 80% of patients hospitalized with HF are more than 65 years old. Heart failure is the most common Medicare diagnosis-related group (DRG), and more Medicare dollars are spent for the diagnosis and treatment of HF than for any other diagnosis. The total inpatient and outpatient costs for HF in 1991 were approximately $38.1 billion, which was approximately 5.4% of the health care budget that year. In the United States approximately $500 million annually is spent on drugs for the treatment of HF. A different type of epidemiological information comes from reports of HF related hospital admissions on a country to country basis. Hospitalisation for HF appears to be a growing problem on a global scale. In the USA HF continues to be the most common cause of hospitalisation in people over the age of 65 years. HF is the reason for at least 20% of all hospital admissions among persons older than 65. Over the past decade, the rate of hospitalizations for HF has increased by 159%. Hospital admission for heart failure is frequently prolonged and in many cases followed by readmission within a short period of time. For example, in the UK the mean length of stay for a heart failure related admission in 1990 was 11.4 days on acute medical wards and 28.5 days on acute geriatric wards. Within the UK about one third of patients are readmitted within 12 months of discharge, while the same proportion are reportedly readmitted within six months in the USA. Such readmission rates are usually higher than the other major causes of hospitalisation, including stroke, hip fracture, and respiratory disease. Moreover, although there is evidence to suggest that an increasing number of heart failure patients are surviving a heart failure related hospital admission, there is a parallel decrease in the number of patients who are discharged on an independent basis to their own homes. In any health care system, hospital admissions represent a disproportionate component of total health care expenditure. Not surprisingly, considering the high rates of hospitalisation for heart failure and the ongoing treatment and care it requires, the overall management of heart failure requires a significant amount of health care expenditure in industrialised nations. Heart failure is reported to consume 1-2% of health care expenditure in a number of industrialised countries. Under this respect, the measurable benefits provided by HEARTFAID are basically related to: • improve indices of healthy related quality of life. This is achieved by the possibility to personalize the therapy and have a real-time monitoring and assistance of the patient; • control and reduce the overall economic and social costs of medical care, by decreasing the frequency of hospital admissions.
124
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
In fact, the application of HEARTFAID, by assuring process optimization, will bring an important increase of the treatment quality of the individual patient as well as a remarkable reduction of health care costs. Under this respect, it is expected that the highly innovative systems and services coming out from HEARTFAID project will have a high acceptance in targeted health care domains.
References [1] [2] [3] [4] [5] [6] [7] [8] [9]
[10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24]
McMurray JJ, Petrie MC, Murdoch DR, et al. Clinical epidemiology of heart failure: public and private health burden. Eur Heart J 1998;19:P9-16 Cowie MR. Annotated references in epidemiology. Eur J Heart Failure 1999;1:101-107. Guidelines for the diagnosis and treatment of Chronic Heart Failure (update 2005). The Task Force for the diagnosis and treatment of CHF of the European Society of Cardiology. Eur Heart J 2005. McDonagh TA, Morrison CE, Lawrence A, et al. Symptomatic and asymptomatic left-ventricular systolic dysfunction in an urban population. Lancet 1997;350:829-833. Kannel WB, Belanger AJ. Epidemiology of heart failure. Am Heart J 1991;121:951-7. Kannel WB. Epidemiology and prevention of cardiac failure:Framingham Study insights. Eur Heart J 1987;8 Suppl F:23-6. Massie BM, Shah NB. Evolving trends in the epidemiologic factors of heart failure: rationale for preventive strategies and comprehensive disease management. Am Heart J 1997;133:703-12. Senni M, Tribouilloy CM, Rodeheffer RJ. Congestive heart failure in the community: a study of all incident cases in Olmsted County, Minnesota, in 1991. Circulation 1998;98:2282-2289 Vasan RS, Larson MG, Benjamin EJ, et al. Congestive heart failure in subjects with normal versus reduced left ventricular ejection fraction: prevalence and mortality in a population-based cohort. J Am Coll Cardiol 1999;33:1948-1955 O’Connell JB, Bristow M. Economic impact of heart failure in the United States: Time for a different approach. J Heart Lung Transplant 1993;13:S107-S112. Haldeman GA, Croft JB, Giles WH, Rashidee A. Hospitalization of patients with heart failure: National Hospital Discharge Survey, 1985 to 1995. Am Heart J 1999;137:352-60. Cowie MR, Wood DA, Coats AJ, et al. Incidence and aetiology of heart failure; a population-based study. Eur Heart J 1999;20:421-428. McMurray J, McDonagh T, Morrison CE, et al. Trends in hospitalization for heart failure in Scotland 1980-1990. Eur Heart J 1993;14:1158-1162. Kannel WB, Ho KK, Thom T. Changing epidemiological features of cardiac failure. Eur Heart J 1994;72:S3-S9. Ho KK, Pinsky JL, Kannel WB, et al. The epidemiology of heart failure: The Framingham study. J Am Coll Cardiol 1993;22:6A-13A. Ho KKL, Anderson KM, Karmel WB, et al. Survival after the onset of congestive heart failure in the Framingham heart study subjects. Circulation 1993;88:107-115. Rosamund WD, Chambless LE, Folsom AR, et al. Trends in the incidence of myocardial infarction and in mortality due to coronary artery disease. N Engl J Med 1998;339:861-867 Treatment of chronic heart failure: an expert system advisor for general practitioners. Acta Cardiol. 1990;45(5):365-78. Effects of Computerized Guidelines for Managing Heart Disease in Primary Care J GEN INTERN MED 2003; 18:967–976. e – Heart Failure web site: http://imt.itc.it/Fondo_Unico2.html Web article: http://www.health.nsw.gov.au/news/2000/may/17-05-00b.html Risk Stratification in Heart Failure Using Artificial Neural Network; Proc AMIA Sym 2000;:32 – 6 One-year mortality prognosis in heart failure: a neural network approach based on echocardiographic data; J Am Coll Cardiol. 1995 Dec;26(7):1586-93. Combining the Performance Strengths of the Logistic Regression and Neural Network Models: A Medical Outcomes Approach; The Scientific World JOURNAL (2003) 3, 455-476
D. Conforti et al. / HEARTFAID: A Knowledge Based Platform of Services
125
[25] A Novel Data Mining Approach to the Identification of Effective Drugs or Combinations for Targeted Endpoints-Application to Chronic Heart Failure as a New Form of Evidence-based Medicine; Cardiovasc Drugs Ther. 2004 Nov;18(6):483-9. [26] MIT Clinical Decision Making Group web site: http://www.medg.lcs.mit.edu/index.html [27] Identification of Patients with Congestive Heart Failure using a binary classifier: a case study; Proceedings of the ACL 2003 Workshop on Natural Language Processing in Biomedicine, pp. 89-96. [28] Web article: http://www.sanita.forumpa.it/documenti/0/0/10/11/esperienzan_0.html [29] Distance Information Technologies For Home Care (CHS) IST-1999-13352 funded under Fifth Framework Programme; description available on: http://dbs.cordis.lu/cordis-cgi/srchidadb?ACTION= D&SESSION=&DOC=1&TBL=EN_PROJ&RCN=EP_RCN:58097&CALLER=EN_UNIFIEDSRCH [30] Official Project Presentation: http://www.cha.ca/conference/presentations/Session_2_Robinson.ppt [31] Web article: http://wwwp.medtronic.com/Newsroom/NewsReleaseDetails.do?itemId=1110237750252 &lang=en_US
126
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
The State of the Art in the Reduction of Medical Errors Danny KOPEC
a,b
a
b
, Suzanne TAMANG , Karen LEVY , Ronald ECKHARDT a Gene SHAGAS a The Graduate Center, The City University of New York b Brooklyn College, The City University of New York
a ,b
,
Abstract. The IOM report, To Err is Human, Building a Better Health System, galvanized public and political attention to the prevalence of medical errors in the Unites States. The IOM set a clear goal, “given the current knowledge about the magnitude of the problem, the committee believes it would be irresponsible to expect anything less than a 50 percent reduction over five years.” As part of the IOM’s four-part strategy was a recommendation that error reporting systems be established. No one denies that errors that occur in medicine can not be reduced if they cannot be defined. To achieve this goal of reducing errors, we have established a definition of a “medical error”, described the current taxonomies that have been created over the last five years for their classification, and suggested a conceptual model for designing and testing a medical error reporting system. A system that facilitates identification, relies on health professionals and electronic repositories of clinical information to report events, and tracks and monitors medical errors, reliably, efficiently, and accurately is the objective of our design. Our next step is to implement, test, and evaluate this system based on our research. Keywords. Medical error, error reporting sytems, systems analysis, expert systems
Introduction The term “error,” especially if attributed to a human, tends to connote blame or responsibility. Many theories have been espoused, and experts have yet to reach a consensus on the definition of an error. Hence, a task that is important to researchers is the development of a more refined and universally accepted terminology for discussing human medical errors. Senders and Moray [1] maintain that the definition of an error depends on the point of view of the person who judges that an error has occurred. “The actor who commits an error recognizes it only after the fact, with the perspective provided by hindsight, and either an actor or an external judge needs a model of task performance in order decide whether an action has been correctly executed.” They specify that an “error occurs when a planned series of actions fails to achieve its desired outcome, and when this failure cannot be attributed to the intervention of some chance occurrence.” For instance, a chess expert sees things that the novice cannot see. The novice, therefore, does not do things that an expert would do. Since the novice cannot even conceive of the expert’s move, it may not be entirely correct to say that he or she made an error. It seems more reasonable to say that where there is no possibility of correct performance there can be no error, even though the performance may be imperfect [1].
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
127
Senders and Moray also distinguish between errors and human errors. “An error is any significant deviation from expectation, depending on statistical criteria or experience of normal performance standards whereas human error is a deviation from expected human performance.” This distinction concerns whether one examines the actor’s behavior in isolation, or the performance of the human-machine system as a whole [1]. Senders and Moray also suggest that there are important philosophical issues that should not be overlooked. Some individuals believe that errors do not exist, others consider them as effects and not causes. Still others believe that only certain kinds of human acts can ever be in error, since for many acts, a good reason can be given, even if to the observer the action may appear to be incorrect. What is agreed is that all errors imply a deviation from intention, expectation or desirability. Errors can be perceived as psychological mechanisms, as sensory or perceptual events, cognitive events, motor events, actions in well-defined system (expression of error) or unacceptable consequences in the output of the controlled system (consequence of error) [1, 2]. Reason’s definition of human error is one of the most widely accepted: “an error is a failure of a planned sequence of mental or physical activities to achieve its intended outcome when these failures cannot be attributed to chance” [2]. Reason proposed a framework, which classifies human performance into three basic levels: Skill-based, Rule-based and Knowledge-based. Figure 1 illustrates these three performance levels and their link to human perception. Skill-Based Rule-Based Knowledge-Based Unconscious Conscious Figure 1. Reason’s Three Human Error Performance Levels and their Link to Human Perception
A slip or “an unconscious glitch in automatic activity” is a skill-based error. A slip results in an incorrect execution of a correct action sequence. An example of a slip would be a physician who chooses an appropriate medication but writes 10mg when the intention was to write 1 mg. The intended dose was correct, but the action sequence (writing the correct dose) was incorrect. A lapse is a rule-based error and like a slip, is an error of execution, with the difference being that a slip is observable, and a lapse (for example, not being able to recall something from memory) is not. A mistake is a knowledge-based error whereby an action proceeds as planned but fails to achieve the intended outcome because the planned action was incorrect. Mistakes typically occur from a lack of or misapplication of knowledge [1-3]. As seen from the above discussion, there is no universally recognized terminology for error, human error or even medical error. However, for the purposes of our research, we have adopted the definition outlined in the IOM report, which defines a medical error as “the failure of a planned action to be complete as intended or the use of the wrong plan to achieve an aim” [3]. It is also important to note that an error is not defined by an adverse or serious event. An adverse event may occur with no error if the intention was the proper one, the action was properly executed, and the outcome was probabilistic in nature (as in administering a medication or performing an operation known to be risky). Thus, an adverse event is defined as “an injury caused by medical management rather than the underlying condition of the patient” [3].
128
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
1. Error Classification Schemes Reason differentiates between active errors and latent errors. Active errors are errors that are generally readily apparent (for example, pushing an incorrect button or ignoring a warning light) and almost always involve an operator at the frontline. Latent errors (or latent conditions), in contrast, refer to less apparent failures of organization or design that contributed to the occurrence of errors, or allowed them to cause harm to patients [2]. Active errors are sometimes referred to as errors at the sharp end; errors at the sharp end are noticed first because the person closest to the patient commits them. Examples would be an orthopedist who operates on the wrong leg, or a nurse programming an intravenous pump incorrectly or when a health care professional performs any aspect of direct care with some error. Latent errors are referred to as blunt end errors; this term refers to the many layers of the health care system removed from the direct control of the health care professional. These layers include poor system design, inadequate protocols/procedures, incorrect installation of software or equipment, bad management decisions and poorly structured organizations [2].
2. Existing Medical Error Taxonomies One of the problems with classifying medical errors is that there are many ways of accomplishing this task. For example, one can focus on processes such as diagnosis or on some underlying system failures. Also, one can classify errors in terms of the types of disease, drug or procedure that is most commonly associated with the error, or in terms of outcome. Another issue is that the nomenclature for defining medical errors in health care is not standardized, meaning that there is no single internationally recognized taxonomy for defining and classifying medical errors. The IOM made the first attempt to clarify definitions [3]. Current taxonomies are very diverse and vary widely in scope and aim. Of the available taxonomies used to classify medical errors, some include lists of descriptive words organized into several domains, while others use hierarchies based on the developers’ approach to the understanding of errors [4]. Furthermore, the approach to codification varies widely among different groups studying medical errors. For example, the New York Patient Occurrence and Tracking System (NYPORTS) and early users of the American Academy of Family Physicians (AAFP)-Linnaeus Primary Care Patient Safety Taxonomy primarily applied a single global code to an error report; the Applied Strategies for Improving Patient Safety (ASIPS) and Medical Errors Reporting System (MERS) coding schemes label each event with multiple relevant codes. The resulting description of medical errors may vary, based on the coding approach as well as the codification schema. Additionally, most taxonomies are conceptually based and have not been evaluated to determine their utility in furthering the understanding of the processes involved in errors [4]. An important exception to the conceptually derived taxonomies is the AAFPLinnaeus taxonomy developed by Dovey, et al. The AAFP-Linnaeus taxonomy uses an iterative, qualitative analysis of medical error reports to develop a hierarchical taxonomy that describes error processes in primary care. The qualitative approach identifies themes found in the available data, instead of imposing on the data concepts and constraints based on preconceived ideas. The AAFP-Linnaeus taxonomy is
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
129
grouped into two major sections: process errors and knowledge/skills errors. The codes provide detailed descriptions of actual events and appear to be easy to use for anyone with clinical knowledge. However, potential issues with the current version include its inability to easily separate the event processes from the participants; the lack of information on who discovered the event; and the mixing of process and causation codes. The inability to clearly delineate causation may limit the ability of the AAFPLinnaeus system to promote the development of interventions designed to improve care and decrease errors. It is also unclear if the taxonomy can highlight similar process errors across different clinical activities or among the array of error processes within a given clinical area. The qualitative approach used to develop the AAFP-Linnaeus taxonomy has strengths, and the themes and constructs identified should be included as ambulatory patient safety taxonomies are further developed [4]. Other taxonomies, although primarily developed for inpatient use, have been applied in the ambulatory setting. Given the major differences in the care processes between inpatient and outpatient settings, it is unclear whether descriptions of the breakdowns in care in one setting can be applied to another. Taxonomies designed to evaluate specific domains of errors, such as the National Coordinating Council for Medication Error Reporting and Prevention (NCC MERP), may apply across care settings, but are designed to specifically describe one aspect of the medical error universe, that of medication errors. Moreover, not all error taxonomies have been made available for public scrutiny, thereby hindering continued advancement of the discipline [4]. 2.1. Dimensions of Medical Outcomes (DMO) Dr. Michael Victoroff began working on a conceptual based taxonomy to code medical errors and malpractice reports in the mid-1990s. This system, called Dimensions of Medical Outcomes (DMO), had undergone several revisions and refinements when it was used under agreement with Dr. Victoroff and COPIC, Inc. to code medical error reports for a large AHRQ sponsored research project focused on primary care offices, called ASIPS. The ASIPS research group found that they needed to add some codes to the existing taxonomy to better describe the reports they received, and they also felt that the DMO taxonomy did not demonstrate parallel construction in some areas. This group developed a modified version of the DMO that addressed some but not all of the issues discovered during this research project [4]. 2.2. American Academy of Family Physicians (AAFP)-Linnaeus Primary Care Patient Safety Taxonomy The American Academy of Family Physicians and others have, over several years, been developing a taxonomy, now called the Linneaus taxonomy based on a qualitative analysis of several hundred error reports collected from the United States initially, and then from six other countries. AAFP/Linnaeus is derived from (mainly) physicians’ reports of mistakes they observe in daily practice [4].
130
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
2.3. Joint Commission on Accreditation of Hospitals and Healthcare Organizations (JCAHO): Patient Safety Event Taxonomy The JCAHO Patient Safety Event Taxonomy has four primary classification domains: impact, type, domain, cause, and prevention and mitigation. This taxonomy is based collectively on mechanisms, processes, and outcomes that underlie the failures in structure, process and human behavior. This taxonomy is an effort to develop a codification framework for the description of medical errors that is not domain specific. The taxonomy has been developed with input from a number of medical error “experts,” and with consideration of a number of existing taxonomic systems. This taxonomy starts with an outcome and works backwards to the reason(s) for the outcome, whereas the other taxonomies presented start from a mistake and work in both directions - forwards to an outcome and backwards to a cause [4]. 2.4. National Coordinating Council for Medication Error Reporting and Prevention (NCC MERP) Central to the development of medical error reporting is a need for a controlled vocabulary and taxonomy. In response to reducing medication errors, the NCC MERP released a medication taxonomy in 1999. The NCC MERP Error Reporting System is a publicly available taxonomy focused on drug errors and adverse events. Development included input from an international group interested in medication safety. The NCC MERP does not charge for use of the taxonomy which is available for download from the World Wide Web. The NCC MERP medication error taxonomy is organized into eight major categories [4,5]: 1. 2. 3. 4. 5. 6. 7. 8.
Patient Information Medication Error Event Patient Outcome Product Information Personnel Involved Type of Medication Error Causes Contributing Factors
Our research suggests that this taxonomy is particularly strong in the area of physical harm associated with a medical error, and it is one of the bases for the extension of the taxonomy recommended by Kopec et al. [6] (see Figures 2 and 3).
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
131
Medication Patient Information
Patient Outcome
Personnel Involved
Cause
The Event
Product Information
Misuse of Medication
Contributing Factors
Figure 2. Classification of Medication Errors based on NCC MERP Taxonomy [5].
The final taxonomy recommended by Kopec et al., [6] presented below in Figure 3, is a combination of the IOM, JCAHO and NCC MERP classifications.
Figure 3. Taxonomy of Medical Errors Recommended by Kopec, Kabir, et al. [6,7]
132
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
2.5. Harvard Risk Management Program This taxonomy is more a set of domains with lists of second level elements, utilized to analyze events reported to hospital risk management organizations. It is used by a number of private hospitals in the New England area, as well by a number of Academic Health Centers across the United States [4]. 2.6. The Australian Incident Monitoring System General Occurrence Classification (AIMS GOC) The AIMS GOC was designed to capture “things that go wrong” throughout thehealthcare system after the AIMS researchers found that existing classifications such as the Read Codes or ICD-9 E Codes were insufficient for their purposes. It has three major categories: contributing factors and hazards, descriptors of the incident, and outcomes and consequences. The GOC is not strictly speaking a taxonomy, but rather a database that organizes salient and important elements of an incident report in a way that preserves the narrative description, yet allows complex analyses of relationships among many variables. It is not possible to display this complex database on paper, only segments of the trees. AIMS is perhaps unique in that it is designed to receive reports from a wide variety of sources, including incident monitoring, medical record review, death certificates, hospital discharges, surveys of general practice, patient complaints, medico-legal investigations, coroner investigations, results of other enquires and investigators and even literature searches [4]. 2.7. Medical Error Reporting System-Total Healthcare (MERS-TH) The Medical Event Reporting System – Transfusion Medicine (MERS-TM), uses a technique known as root cause analysis to uncover the underlying factors, circumstances, and decisions that contributed to the event in question. The outcome of the analysis is represented as a causal tree. A tree provides a visual representation or diagram (such as a fishbone diagram) of the event that includes all possible causes (and recoveries) gathered during the investigation of the event. The investigator gathers information from individuals involved in the event by repeatedly asking why. This process elicits data at multiple levels and defines the actions and decisions leading up to the event. The final product of the root cause analysis is a set of root causes that are described, coded, and ultimately entered into the database [4]. The MERS-TH system was initially developed to describe and modify errors involved in transfusion medicine. MERS-TH is a root cause analysis system for adverse medical events and is an extension of the MERS-TM. It has now been expanded to a wider setting, though is still primarily focused on hospital care. The system adds codes driven by the data collected, that is, when the “non-specific” code within a particular area grows unwieldy. The system is directed by a causal analysis tree and includes a number of analytical tools. It is underpinned by empirical data, and has had extensive conceptual development over many years. Grounded in general safety theory, it was specifically developed to capture reports of adverse events, with the goal of assigning causal codes to these events. It focuses on understanding causation as a first step in understanding and avoiding similar mishaps in the future. It uses the Einthoven Classification model for the Medical Domain, which has three main causal categories: latent errors (technical and organizational), active errors (human), and other (patient-
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
133
related and unclassifiable). MERS is not strictly speaking a taxonomy, but rather a relational database and tool for causal analyses [4]. It is clear that various medical error taxonomies exist because of the wide range of possibilities that exist for the classification of medical errors. What is notable is that no one system is thought to be intrinsically “better” in incorporating or helping to account for the various possibilities of errors that exist in the multitude of areas in the healthcare system. It is felt that standardization of error terminology will help the health care industry to better study errors, and this in turn will help in a better understanding of the issues at hand.
3. Developing Medical Error Reporting Systems When contemplating the design, coding and implementation of new, comprehensive health care reporting systems, particularly those which will ultimately allow for medical error reporting, we considered it important to survey not only currently used systems in the United States and other industrialized countries, but also to survey health care reporting systems worldwide. In terms of the usefulness of data collected, it is many times mandatory to understand worldwide patterns of health and disease and the capabilities of individual countries to respond to health crises. A good example of this need for global monitoring is the current worldwide tracking of H5N1 avian flu virus with different outbreaks in the Far East, Middle East, Asia, Africa, Europe and soon predicted to make is way to the United States and the Americas by migrating wild bird species. By having advanced warning of potential pandemic outbreaks, the world’s medical resources can be marshaled and grouped to respond to outbreaks even in countries with very limited medical infrastructure. Help in equalizing available resources and providing worldwide monitoring is largely the job of international organizations including the World Health Organization (WHO, www.who.int) which coordinates with the health systems of individual countries and acts as a clearing house for data from health care agencies throughout the world. For instance, WHO’s Epidemic and Pandemic Alert and Response (EPR) group has as one of its stated missions coordinating the global response to human cases of H5N1 avian influenza and monitoring the corresponding threat of an influenza pandemic. Their webpage provides universally available information to track the evolving situation and provides access to both technical guidelines and information useful for the general public. This group publishes: (1) an Outbreak Verification List (OVL) which reports current outbreaks thought to have a potential for international implication, (2) Disease Outbreak News which provides public information about officially confirmed disease outbreaks of international importance, and (3) the Weekly Epidemiological Record which publishes epidemiological information on cases and outbreaks of diseases under the International Health Regulations (yellow fever, plague, cholera) and also on other communicable diseases of public health importance. Clearly, any newly designed comprehensive health care reporting system should anticipate the availability of this type of data and make provision for its maximum utilization. One exceptionally important factor to remember that is quite clear when reviewing the health care infrastructures of diverse countries worldwide is the extreme variability in terms of available local resources for health care. For example, there is only ONE hospital based psychiatrist in the Republic of the Congo, a country of over 2.5 million
134
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
people. In many economically poor countries, there are few if any governmental health care personnel assigned to large geographical areas where much of the population may live. This gives rise to serious concerns when designing comprehensive health care reporting systems as to how needed data will be collected and entered into computerized databases for use in determining global heath care needs and issues. Even simple factors such as the absence of electricity in remote areas act as serious impediments to the collection of vital data for analysis. Innovative new technologies such as the use of battery powered hand-held devices to collect data are currently being explored. Even though there is great variability country-by-country, once again the collection of available data from different countries is largely managed by international organizations mainly WHO. WHO maintains an on-line searchable database library called WHOLIS amongst other statistical global databases including (1) World Health Survey Results, (2) an online World Health Statistics database, (3) an online HIV/AIDS database, (3) a Death and Disability Adjusted Life Years database (estimates for 2002 by cause for WHO Member States) which contains estimates of numbers, crude rates and age-standardized rates as well as information on data sources and levels of evidence, and (4) the International Statistical Classification of Diseases and Health Related Problems, 10th Revision, 2nd Edition, which has become the international standard of diagnostic classification for all general epidemiological and many health management purposes. WHO also sponsors a very important Health Metrics Network (HMN) which is an innovative global partnership founded on the premise that better health information means better decision making and that means better health for all. HMN states that enhancing the availability, quality, consistency, and use of health data requires greater harmonization among stakeholders around agreed technical standards. HMN joins governments with donor agencies, health planners with statistical experts, and communities with health providers in a shared mission to strengthen the systems needed to generate sound health information. Part of the mission of the HMN is to promote consistent data collection, organization and its integration in to universally accepted Health Information Systems (HIS). To help achieve these goals, HMN provides a variety of tools such as (1) the HMN Frameworks and Standards for Country HIS Development, (2) the HMN Assessment and Monitoring Tool, (3) standardized Country Logbooks, and (4) a SAUCE Tool (Synthesis, Analysis and Use of Country Evidence) for the use of health information for country-level health policy formulation and planning. The HMN also co-sponsors periodic worldwide meetings on health information systems and other health issues. They award funding to facilitate the development of useful health information systems with the next deadline for submission of Expressions of Interest directed to trying to achieve international consensus on ways to measure and monitor health care systems scheduled for April 2006 at the time of this writing. When one considers development of new comprehensive health care reporting systems, it would be wise to ensure that they are compatible with models of health care systems proposed by global institutions. Because of the lack of health care infrastructure in many poor countries, medical error reporting is probably not going to be available for quite some time on a global basis. However, any new comprehensive health care reporting system can be designed to include this feature with data entered for developing countries as they later acquire a capacity for medical error reporting. A key document specifying issues important to the international community can be found
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
135
online at: http://www.who.int/healthmetrics/library/issue_1_05apr.doc. The Bulletin of the World Health Organization, Volume 83, Number 8, August 2005, 561-640 was centered around the special central theme of Health Information Systems with numerous editorials, news and research articles discussing the needs of the global community and may be found at: http://www.who.int/entity/bulletin/volumes/83/8/en/index.html.
4. Testing Methodology Erik Hatcher wrote, “one of the governing principles of Extreme Programming (XP) is that programmers should perform regular unit testing and should be continuously integrating the changes into production-like environments. Furthermore, XP suggests that this process be automated whenever possible. After all, if developers are to create test cases as eagerly as they do production code, the process has to be relatively painless” [10]. In response to this request, he modified the popular Ant 1.3 and the JUnit test framework for complete, customized automation of the build and test process. JUnit can be described as a simple, open source framework to write and run repeatable tests. It is an instance of the xUnit architecture for unit testing frameworks. JUnit was originally written by Erich Gamma and Kent Beck [8]. JUnit is Open Source Software, released under IBM's Common Public License Version 0.5 and hosted on SourceForge [14]. JUnit features include: x x x
Assertions for testing expected results Test fixtures for sharing common test data Test runners for running tests[8]
When developing or deploying an application, important features of JUnit framework are options to perform manual and automatic testing. The Eclipse Platform subproject provides the core frameworks and services upon which all plug-in extensions are created. It also provides the runtime in which plug-ins are loaded, integrated, and executed [13]. The Eclipse platform can deal with any type of resource (Java files, C files, Word files, HTML files, JSP files, etc) in a generic [13]. This is makes it easier to share information between constituents. We evaluated JUnit tool for our Java application, created using the Eclipse IDE. To test server-side classes, we considered two viable approaches: mock objects, which test classes by simulating the server container, and in-container testing, which tests classes running in the actual server container [15]. StrutsTestCase for JUnit allows us to use either approach. StrutsTestCase for JUnit provides two base classes, both of which are extensions of the standard JUnit TestCase. CactusStrutsTestCase class uses the Cactus testing framework to test Struts classes in the actual server container. We will utilize class MockStrutsTestCase, which uses a set of HttpServlet mock objects to simulate the container environment without requiring a running servlet engine. [15]. MockStrutsTestCase provides methods that set up the request path, request parameters for ActionForm subclasses, as well as methods that can verify that the correct ActionForward was used, and that the proper ActionError messages were supplied. [11]
136
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
Many books have already been written about automated testing, but very few of them pay attention to the question of how to organize such tests. As more tests are written, it becomes harder to know where to put a test or even what to call it. This has become a “significant issue with the rise of test-driven development (TDD), which has been popularized by Extreme Programming (XP)” [13]. 4.1. Automating Unit Testing with JUnit To automate testing, you need a testing framework. We selected JUnit for several reasons [9]: x We do not have to write our own framework x It is open source x It is widely accepted among developers x There are examples to model new applications from x It allows a programmer to separate test code from product code x It easily integrates into the build process 4.2. Integrating Testing into the Build Process with Ant Ant tool is becoming the de facto standard in the open-source world. The reason is simple: Ant is written in the Java language, which allows the build process to work on multiple platforms. Ant features include: x Class extensibility Java classes are used to extend build features instead of using shell-based commands. x Open source Because Ant is open source, class extension examples are plentiful XML configurable Ant goes beyond just being Java based. Ant uses an XML file for configuration of the build process. Given that builds are hierarchical in nature, using “XML to describe the make process” is logical [9].
5. Future Directions Our future research will concentrate of the design and development of a medical error reporting system, acknowledging the current taxonomies described. This framework will be flexible, scalable and interoperable across platforms. The data definition will be based on internationally accepted standards, to ensure that they are compatible with models of health care systems proposed by global institutions. This medical error reporting system will be designed to incorporate explicit variables that can be found in medical records and are related to adverse events. However, a recent study at Columbia University concluded that a considerable amount of medical errors that occur are underreported [16]. For example, the New York State health department’s mandatory event reporting program [17] estimates that 16% of code 605 events (death within 48 hours of an operating room procedure) are being reported. In the Journal of Hospital Pharmacy, a study indicated that detecting adverse drug events form voluntary reporting had a lower sensitivity than manual review of laboratory reports and pharmacist screening of medication orders [18].
D. Kopec et al. / The State of the Art in the Reduction of Medical Errors
137
To surpass the limitations posed by medical error self-reporting, our system will be based on both voluntary reporting and keyword searching of electronic clinical data. With the current movement to the automated collection of clinical information, this design is an improved approach. The longitudinal EMR is a repository of electronically maintained information about a patients health status and their interaction with the overall health system. In addition to this EMR unit, this system can analyze emergency room data, laboratory reports and other types of electronic medical information. The power of the keyword search, especially in the narrative component of clinical data, is designed to capture implicit errors that would otherwise be underreported.
References [1] [2] [3] [4]
[5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19]
Senders, J., Moray, N., (1991). Human Error: Cause, Prediction, and Reduction. Lawrence Erlbaum Associates, Hillsdale, New Jersey. Reason, J. (1990). Human Error. Cambridge University Press, Cambridge, England. Kohn, L.T., Corrigan, J.M. & Donaldsen M.S. (Eds.) (2000). To Err is Human: Building a Safer Health System. National Academy Press, Washington D.C. Pace, W.D., Fernald, D.H., Harris, D. M., Dickinson, L.M., Araya-Guerra, R., Staton, E.W., Van Vorst, R., Parnes, B.L. & Main, D.S. Developing a Taxonomy for Coding Ambulatory Medical Errors: A Report from the ASIPS Collaborative NCC MERP (National Coordinating Council for Medication Error Reporting and Prevention. NCC MERP Taxonomy of Medication Error. Available: www.nccmerp.org/pdf/taxo2001-07-31.pdf Kopec, D., Kabir, M.H., Reinharth, D., Rothschild, O. & Castiglione, J.A. (2003). Human Errors in Medical Practice: Systematic Classification and Reduction with Automated Information Systems. Journal of Medical Systems, 27(4): 297-313. Shagas, G. (2004). Information Technology in Health Care Quality Management and Outcome-Based Practices, Masters Thesis, Brooklyn College, CUNY. Beck K., Erich Gamma. Junit Cookbook. http://junit.sourceforge.net/doc/cookbook/cookbook.htm Site visited Mar 12, 2006. Davis, M.G. , Incremental development with Ant and Junit IBM developerWorks Java technology. http://www-128.ibm.com/developerworks/java/library/j-ant/ Site visited Mar 12, 2006. Erik Hatcher. Automating the build and test process. IBM -> developerWorks > Java technology. 14 Aug 2001. http://www-128.ibm.com/developerworks/java/library/j-junitmail/ Site visited Mar 12, 2006. Class MockStrutsTestCase http://strutstestcase.sourceforge.net/api/servletunit/struts/MockStrutsTestCase.html / Site visited Mar 12, 2006 Prohorenko A., Prohorenko O, Using Junit with Eclipse IDE 2/4/2004. http://www.onjava.com/pub/a/onjava/2004/02/04/juie.html Site visited Mar 12, 2006 Eclipse Platform Overview. The Eclipse Foundation http://www.eclipse.org/platform/overview.php. Site visited Mar 12, 2006 Mike Clark JUnit FAQ. Sourceforge.net Last modified on February 20, 2006. http://junit.sourceforge.net/doc/faq/faq.htm Site visited Mar 12, 2006 StrutsTestCase for JUnit v2.1.3. http://strutstestcase.sourceforge.net/ 2004. Site visited Mar 12, 2006 H. Cao, P. Stetson and G. Hripcsak, (2003). Assessing explicit error reporting in the narrative electronic medical record using keyword searching, Journal of Biomedical Informatics, Vol.36, pp.99-105. Novello A.C., NYPORTS: the New York Patient Occurance and Tracking System annual report 1999. New York State Health Department. Berry L.L., Berry R.S., Sherrin T.P., et al. (1998). Sensitivity and specificity of three methods of detecting adverse drug reactions, American journal of hospital Pharmacy, Vol.45, pp.1534-1539. Harrington (2005), Revisiting medical error: five years after the IOM report, have reporting systems made a measurable difference?, Health Matrix, Vol.15, No.329.
138
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
e-Care Integration: To Meet the Demographic Challenge Bryan R.M. Manning1 and Mary McKeon Stosuy2 Computing and Compunetics Research Group Cavendish School of Computer Science University of Westminster
Abstract. Current multi-agency models of care will be wholly unsustainable when faced with the forecast doubling of over 65s in the developed and developing nations to around 40% of their populations of the next decades. The resulting imbalance between demand and skilled resources is beginning to force radical change towards a fully “joined up” cross-disciplinary, cross-agency service that spans the wide spectrum of medical and social care. This paper offers a basis for a radically revised model that combines end-toend service processes optimization; the use of integrated assistive technology systems to help the elderly maintain an independent lifestyle; personal risk reduction through medical and status monitoring; extended care-watch and service co-ordination. It then develops an IPTV based approach to provide the necessary infrastructure to underpin provision of these facilities both at home and in the community These substantial benefits are reviewed and weighed against the inherent loss of privacy that can result from the pervasive computing aspects of the care watch approach, together with the trust building and change management aspects that are inevitably involved in the rationalisation process. Keywords. Inter-Agency Care Process Integration, e-Care Services, IPTV, Assistive Technology, Remote monitoring, Wi-Fi and WiMax, Pervasive Computing, Privacy, Smart Homes and Communities
Introduction - The Demographic “Timebomb” Across both the developed and developing world demographic projections show a steep rise in the proportion of the elderly populations (i.e. those aged over 65) doubling to about 40% by 2050 [1]. Inevitably its impact will put a major strain on governments, especially on the provision of healthcare and associated services. Typically current funding within the European Union on healthcare alone consumes [2] around 10% of GDP for those in their 70’s, accelerating towards 15% plus once they enter their 80’s [see Fig 1]. The implications of the forecast doubling in demand will have considerable impact not only on government finances but also on the resources needed to cope with its effects. 1 2
[email protected] European Federation for Medical Informatics Planning & Modelling Group [email protected]
139
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
UK
F D B S I
DK
Fig. 1. Age Profiles for Public Expenditure per head
These will be particularly severe in human resource terms as lowering birthrates will tend to reduce the number of professionals available. This will be further accentuated as expectations of evermore sophisticated, live-span extending treatments have already taken hold and will undoubtedly increase the pressure for political action from the swelling numbers of elderly voters. Although the immediate aim must be to try to get more out of the current processes, it is becoming evident that the medical-centric model fails to address the wider psycho-social, socio-economic issues that all too easily lock the elderly into a downward spiral of dependency. Whilst the range of service providers involved ideally aims to operate in collaboration, organizational boundaries inevitably create and reinforce a “silo” approach, which when accentuated by the sheer volume of cases, results in relatively poor levels of overall cross-agency quality of care. In order to cope with these pressures, early action needs to be taken to deal with the effects of these discontinuities and enable the elderly to enjoy an independent lifestyle for as long as possible, without falling into a repetitive cycle of unnecessary returns back into the core healthcare cycle. Whilst considerable improvements should result from optimizing and coordinating the full end-to end sequence of multidisciplinary, multi-agency processes covering the complete “locus of care”, this will need to be combined with the use of appropriately integrated Assistive Technology.
1. Care Continuum The extended “locus of care” [3] needed to incorporate psycho-social, socio-economic factors [see Fig 2] underpins the interlinked dependency between medical and social care for the elderly with support with housing and logistical issues, together with those of the necessary availability information and finance.
140
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
Supportive “user-friendly” assistive technology going well beyond the current rather basic “aids and adaptions” to the fabric of the house can make all the difference between dependent and independent lifestyles. Increasing levels of sensory, cognitive and mobility/dexterity impairment can lead to a failure to thrive, due to lack of nutrition, hygiene, warmth, stimulation, exercise, etc., together with increased stress due to concerns over personal safety and security. Difficulties with use of transport coupled with an inability to lift and carry home food and other necessities of life have a similar effect. Problems with personal logistics outside the home are not just confined to obtaining food and other basics necessities of life, but contribute to increased social isolation. Moreover the problems of coping with public transport are likely to be become more difficult in terms both of journey planning and also of orienteering and locating places of interest/need once on the move, especially as cognitive impairment sets in.
MEDICAL CARE
SOCIAL CARE
Preventive & Remedial
HOUSING SUPPORT
INFORMATION SUPPORT
LOGISTICAL SUPPORT
FINANCIAL SUPPORT
Fig. 2. Components in the Locus of Care
Personal finance is a major issue for the elderly who are frequently capital rich – through home ownership, – yet revenue poor for many reasons, including lack of understanding of available benefits as well as a mixture of pride and fear where means testing is involved. This failure to gain access to financial resources is compounded by a similar lack of access to useful and readily digestible information in this and other areas of potential benefit.
2. Assistive Technology Whilst rationalisation and optimisation of cross-agency end-to-end care processes as a ‘virtual service utility’ can deliver considerable operational improvement, it is still unlikely that this alone will stem the effect of spiralling demand together with that of a diminishing resource pool. As all processes can only operate stage-by-stage through the deployment and use of relevant human skills and facilities, any imbalance between the
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
141
two can only be resolved either by constraining demand to restore the balance or by substituting one type of resource by the other wherever possible. In the circumstances the latter is the only acceptable option, substituting Assistive Technology [AT] wherever practical and appropriate, whilst also recognising that in some cases it may also enable further optimisation of the process chain. This combination of enabling ‘smart’ technologies can be deployed to good effect both in the home and in the wider community environment
Fig. 3. Smart Systems Assistive Technology Environments
This technology brings together a combination of sensors, controls, prompts, alarms and other aids all focused on providing safe, secure and supportive conditions both at home and out in the community [4]. These individual elements are brought together to provide an integrated support service using a mix of wired and wireless communication links that form a Home Area Network connected to a Residential Gateway that acts as the core local service management hub [see Fig 3]. This hub is linked in turn via broadband to the internet which not only provides access to a wide range of global web services, but also gives continued access to all relevant services available from home together with additional location and logistics oriented information once outside in the community. Secure access will need to be provided using biometric ‘keys’, rather than PIN numbers as these are difficult for the elderly to remember. 3. System Architecture The Residential Gateway Hub is the heart of the support service. At its most basic it provides a stand-alone central control for a wide variety of sensors, devices and subsystem spread throughout the home. For simplicity and ease of use it uses the TV paradigm of a flat screen and remote tablet to select and interact with the system.
142
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
However its major benefits come from connectivity with the internet. Although its key role is to provide the e-Care remote monitoring and reassurance links, it also gives access to the full range of broadband internet communications, voice-over-IP and media content, including digital TV. In view of the steady convergence of these technologies Internet Protocol TV [IPTV] has become the preferred approach [5], especially since the elderly are generally familiar, can cope and are more comfortable with TV as opposed to a computer. The benefits of its triple play capability – internet, video and phone – combined with that of two way communications make it ideal as a single all encompassing ‘personal assistant’ support service. Appropriate sets of these services, coupled with Geographic Information System [GIS] location and logistics information support can be accessed on the move via the IP network using a mobile-phone equivalent of the remote control and screen. This has the added advantage that the position of the user can be tracked as part of the e-Care monitoring service, which is particularly valuable for carers when the user gets lost or confused. Moreover this can include physiological ‘vital signs’ monitoring as at home, releasing the patient from having to remain in doors and thus enhancing their lifestyle options. As this roaming capability is based on wireless broadband service availability, its use is dependent on the spread of ‘metro-access’ networks. These are currently mainly driven by ‘last-mile’, large area ‘hot-zone’ coverage and ‘backhaul’ service provider’s competitive needs. Initially based on Wireless-Fidelity [WI-FI] technology it is now tending to be supplemented, or is some circumstances supplanted, by Wireless Microwave Access [WiMAX] based networks [6]. 4. Residential Gateway Hub Whilst capable of operating in a stand-alone mode, in e-Care the hub interacts with a remote Global Service platform management system. This interfaces and manages multiple provider, value-added service delivery to each Local Service user home via their Residential Gateway [see Fig 4].
Fig. 4. Residential Gateway and System Architecture
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
143
These external services are set up and managed using downloaded bundles that define and control configuration, access and usage, and conform to Open System Gateway interface [OSGi] platform standards. In turn service delivery is controlled in terms of its user(s) profile(s) and content requirements. Internal and external security authentication and access authorisation is managed in relation to both device sets and service bundles currently linked into the system. Network traffic streams are routed via the appropriate access network channels to the IP network and onward to specific service providers. The core e-care service that is discussed below, centres on monitoring physiological and behavioural patterns on a 24/7 basis regardless of the location of the patient(s)/user(s). These respectively involve vital signs sensors, individually mounted on the body surface or integrated into a vest or sweat-shirt; and a combination of motion and other sensors within the home or location tracking whilst outside the home. Other infotainment, communication and other services are available from a growing range of service providers and streamed in the same way, albeit with less stringent performance requirements. All devices, both fixed and mobile, are logged and assigned to services via the OSGi Universal Plug and Play [UpnP] bundle, with device drivers downloaded and installed by the system device manager.
5. e-Care and Assisted Lifestyles The role of the e-Care service is to combine coordination of planned and emergency deployment of care resources to enable users to maintain their independence.
Fig. 5. Integrated e-Care Model Paradigm
144
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
Its aim is to use Assistive Technology to optimise clinical and lifestyle support to patients whilst monitoring and responding appropriately to any indicated abnormal conditions or circumstances. As ever the initial phase of care service provision focuses on Assessment of Need. However in this case assessment covers both planning the care delivery process as well as Assistive Technology support systems procurement, installation and commissioning [see Fig 5]. Whilst care practices will broadly remain the same, the use of shared Integrated Care Pathways as planning tools makes it easier to recognise interdependencies between processes in the service supply chain and lead to further optimisation. As multi-agency, multi-disciplinary Care Watch coordination is essentially a back office function it can easily be combined with current “one-stop-shop” Resource Center practice. In both cases the approach covers matters across the complete locus of care service provision and shares similar skill requirements. Functionally it extends its coverage from advice and guidance to include monitoring and inter-service coordination. Whilst rationalisation of these services into a “virtual utility service” operation does not require massive corporate restructuring, it does entail the merging of information resources within a mutually trusting environment. It also enables the pooling of administrative and management resources, together with more effective deployment of front-line staff. Secure e-business information services within these centers should comprise shared: • • • • •
Multi-agency electronic client/patient records Multi-disciplinary Care Pathway Option maps Multi-agency, multi-disciplinary Resource Commitment schedules Library of knowledge databases spanning each of the elements of the overall the locus of care. Dedicated 24/7 manned Care Watch monitoring and response coordination
As currency and accuracy of information from all sources will be vital to ensuring that correct action is taken, or right advice and guidance is given, the underlying information systems will need to be maintained and validated in real-time. This will require improved inter-active communications with all front-line-staff to keep abreast of their planned commitments, availability and current location. Any serious abnormal event alarm arising from clinical condition or behavioural pattern monitoring will automatically be referred for action to the Care Watch Center, who will coordinate the response and update the appropriate records as any necessary intervention proceeds. In previously agreed circumstances, as deemed appropriate, a general watch can be maintained to identify any emergent abnormal patterns to trigger an early intervention before the patient’s condition radically deteriorates. This approach will preclude many unnecessary home visits, whilst safeguarding and reassuring the individuals concerned that they have continuous cover with care readily at hand, when needed. It also incorporates the “Virtual Hospital” concept and extends it to provide more effective “Care in the Community” by offering a level of care support similar to that available in a hospital high dependency unit. The most obvious difference is that the initial response will need to be provided by existing paramedic services, extended to include an additional “para-welfare” capability.
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
145
The overall effect will be to further enable those suffering from increasing levels of impairment to continue to maintain an independent and participative lifestyle in the community for as long as possible.
6. Smart Home and Community Needs and Scenarios Whilst Assistive Technology has been steadily evolving for one or two decades under a variety of guises, it has generally remained in the clinical backwater reserved for rehabilitation and disability. Sitting uncomfortably between health and social care, but with little or no direct connection to the wider locus of care it has been set apart from each of them whilst impinging on both. Whether at home or elsewhere, the key criteria for the elderly centres on safety and security, closely followed by assistance to overcome increasing impairment and the reassurance that help is at hand when required. In varying degrees dependent on their personality and somewhat lower down their list of priorities is the need for social contact and inclusion together with ready access to information and entertainment according to their individual tastes. From the perspective of their families and/or carers, the requirements are similar but tinged with concern over whether the elderly continue to be capable of coping with the normal activities of daily living in terms of their intake of properly prepared food, house keeping, hygiene, warmth and security. Their biggest worry centres on loss of cognitive ability – in particular forgetting to deal appropriately with simple tasks like turning things off, e.g. gas and electric fires, leaving baths running; or leaving outside doors open or unlocked; or loosing their keys, money or their way. In the home the main daily living needs can be brought together using simple IPTV based controls [see Fig 6]. These can be used to manage a wide range of household devices, automated systems and alarms, as well as audio-visual access controls [7].
Fig. 6. IPTV based services
146
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
As it is all too easy for the elderly to loose track of time and fall out of their usual personal routines, part of the ‘smart’ system need to function as a simple decision support aid, providing prompts for a wide range of activities, as well as actions such as dispensing medication [see Fig 7].
Fig. 7. Prompts
Regardless of both age and the means of transport used, traveling invariably demands a measure of initial planning followed up with a host of ad hoc en route decisions made in response to changing circumstances and personal needs. This is especially so for the elderly, who increasingly have to rely on public transport – perhaps after a lifetime of car driving. Moreover the effect of increasing impairment slows their abilities not only to move rapidly, but also to take appropriate decisions in the face of changing circumstances. The decision support services need to combine a range of current status information content across the range of available services, weather and other travel conditions. Whilst this is linked with a map display centred on the person’s current location it also has the ability to zoom out to cover the complete intended journey. Based on a simplified IPTV enabled PDA variant, this is essentially an extension of their home system with the addition of GIS functionality that transfers seamlessly with them as they set out on their journey [see Fig 8]. En route any additional input on relating to facilities and services close to the current position can be called up as required, i.e locating any medical centres, social care facilities, specific types of shop, toilets, etc. Much of these requirements have already been proven by the Transport Protocol Experts Group [TPEG] [8], which evolved out of the European Broadcasting Union with the support of the EC Information Society Technologies 5th Framework Programme, and will extend the development of the Smart Home and Smart Community, This complements the work of the COST 219 set of programmes [9] also
147
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
Fig. 8. Travel issues
funded by the European Commission, where the Scandanavian and Benelux countries have led the way in proving these principles through a number of practical pilot projects spanning whole communities. Further evolution is envisaged in the recent EC Information Society Technology work programme call on “Ambient Assisted Living for the Aging Society”.
7. Striking the Balance between Benefits and Privacy On the wider front pervasive computing that is an inherent part of patient monitoring is coming in for considerable scrutiny from privacy and personal liberty perspectives in terms of its invisibility and therefore the unpredictability of its uncontrolled use [10] [see Fig 9]. In both the US and the UK legislative enactments aim at ensuring that an ICT
Detectability
Reach Pervasive
Invisible Protection & choice subject to International Agreement
Visible Predictable
Power Decreasing over Time
Citizen Choice
Boundaries
Confined Simple
Protection & choice subject to National Governments
Unpredictable
Complex
Impact
Predictability (C) J.Camerson - Info. TEC Solutions Pty Ltd
Intelligibility IFIP WG 9.2 Conference - Turku, Finland 2005
Fig. 9. Balancing Privacy Rights
148
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
individual’s health information is protected while also permitting the flow of information necessary to promote health and protect public health and well-being. In the US the The Health Insurance Portability and Accountability Act [HIPAA] was enacted by the U.S. Congress in 1996 The U.S. HIPAA rules consist of three sections: privacy, security, and confidentiality. The Privacy Rule sets the standards for, among other things, who may have access to protected health information [PHI], while the Security Rule sets the standards for ensuring that only those who should have access to electronic PHI will actually have it. In the UK, the evolving legal framework is changing the relationship between citizen and government. Key pieces of legislation have created broad rights to ensure that the privacy of people’s personal information is respected [11]. The Freedom of Information Act 2000 [12] will provide for public access to information held by public authorities. This includes an extension of individual rights to information held on them by public authorities regardless of how or where it is held. There are undoubted benefits to be gained for clients/patients and their loved ones in that sophisticated aids and personal circumstance monitoring deliver an extended and independent lifestyle, whilst safe-guarding them against risks that impairment brings. Similarly care services can maintain a closer on-going assessment, but albeit through these ‘virtual’, links without the necessity of a more frequent on-site presence. The downside of this is the inherent invasion of privacy brought about not only by the intrusive nature of monitoring, and also the pervasive nature of sensor-based computing It will be important for government, healthcare providers and individuals to create “privacy frameworks” which give people control of personal information that is collected about them and assurances that it will be kept confidential and secure. Such networks require that personal information cannot generally be shared with others unless the person gives consent. Such networks will need consistent policies. The user agreement is a tool through which these policies are established and enforced and through which participants are assured that the information they make available through the network will be used and disclosed only for appropriate purposes. User agreements can have several purposes, including: • • •
establishing the rules for all the participants in an information sharing network; setting out the terms on which participants will have access to the network and the information contained on the network determining how participants will make data available through the network identifying who owns the systems, software and data that make up the network.
This agreement must describe the obligations of the entity holding the information and operating the network.
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
149
The entity running the system will have other responsibilities: • • •
credentialing users, maintaining and supporting the system monitoring and policing its use.
These responsibilities need to be defined, and the agreement must strike an appropriate balance between protecting the privacy and security of health information, on the one hand, and, on the other, limiting the liability of the information exchange and its participants for failure or misuse of the system. Further, privacy assurance may potentially be policed by copying the medical consent process. This centres on the Consent Form, which carefully delineates the procedures involved and the time frame involved, and which essentially forms a legally-binding contract between the parties concerned. Prior to authorisation for use, these have to pass stringent examination by an independent Ethical Committee. Further, automating the informed consent process can advance patient safety and privacy efforts by ensuring that communications materials are tailored to a patient's individual needs. Standardizing this process further ensures that all providers are afforded the opportunity to discuss proposed treatments in the same level of detail and thus subscribe to a common "standard of care." The automation of the process can also reduce or eliminate delays in treatment due to incomplete or missing documents while the additional, customized communication serves to reduce patient anxiety and increase compliance with instructions.
References [1] [2]
[3]
[4]
[5] [6] [7] [8] [9]
Commission of the European Communities [COM(2004) 356]: e-Health – making healthcare better for European citizens: An action plan for a European e-Health Area H.Steg, H.Strese, J.Hull, S.Schmidt. Europe is facing a demographic challenge Ambient Assisted Living offers solutions, VDI/VDE/IT, September 2005 www.aal169.org/Published/Final%20Version. pdf B.R.M. Manning, M. McKeon Stosuy, B.R. Layzell, K.Madani. e-Care: An Assistive Technology enabled Paradigm Shift. Proceedings 4th International Conference On Smart Homes and Health Telematics. Belfast NI June 2006 K.Madani, M. Lohi, G. Terstyanszky, Y Zetuny, G. Kecskemeti. A Semi-Autonomous Generic Network for Seamless Personalised Services at Home & Elsewhere. IEE Autonomous Systems Conference Proceedings. London 2005 Accenture. International IPTV Consumer readiness Study. Accenture 2006 Intel. White Paper – Understanding Wi-Fi and WiMAX as Metro-Access Solutions. Intel Corporation 2004 www. intel.com/netcomms/technologies/wimax/304471.pdf J.Gill [Ed.]. Making Life Easier. COST 219. 2005. ISBN 1 86048 031 3 www.tiresias.org/cost219ter/ making_life_easier/making_life_easier.pdf B.Marks TPEG – What is it all about www.ebu.ch/CMSimages/en/online_45_e_TPEG_tcm6-7661.pdf P.R.W. Roe (Ed.), Bridging the Gap? Access to telecommunciations for all people. Commission of European Communities. Presses Centrales Lausanne SA, November.2001
150
B.R.M. Manning and M. McKeon Stosuy / e-Care Integration
[10] J.Cameron. The Information Society: Emerging Landscapes, Proceedings of the IFIP WG 9.2 Conference on Landscapes of ICT and Social Accountability. Turku, Finland, 27-29 June 2005. Springer Publishers, USA. [11] The Prime Minister’s Strategy Unit. Privacy and Data-Sharing: The Way Forward For Public Services. April 2002, www.strategy.gov.uk/downloads/su/privacy/downloads/piu-data.pdf [12] Freedom of Information Act 2000 (2000 c. 36) Freedom of Information Act 2000, 2000 Chapter 36 ISBN 0·10·543600·3
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
151
Applied Medical & Care Compunetics to Public Health Disease Surveillance and Management: Leveraging External Data Sources - A Key to Public Health Preparedness Michael L. Popovich and Todd Watkins Scientific Technologies Corporation
Abstract In today’s global community the ability to prepare for a disease outbreak in order to mitigate the public health, social, and economic impacts on a community depends upon data to support the decision and response process. Data can come from a variety of sources. These sources not only include the medical and health care community, but also geographic, demographic, and socio-economic data. The ability to capture and utilize the data effectively from these types of data sources can mean the difference between a manageable disease outbreak that represents little or no threat to a community and one that causes a significant social and economic impact. As the health profession expands the applied use of information technology within the medical and health care communities, opportunities are created to expand the use of new data sources to support information based decisions. Information that can be used to provide early warning for disease outbreaks both naturally occurring or through a bioterrorist event; information that can be used to plan, analyze and respond to a disease event; information that can support a community’s preparedness activities in order to minimize a public health event. This chapter illustrates how applied compunetics can be used to support health care as the public health professional responds to, and manages, naturally occurring diseases as well as emerging new disease threats. An electronic health environment (EHE) vision is presented that capitalizes on the use of a variety of environmental, medical, and health care data to support disease early warning, reporting, case and outbreak management and community preparedness.
Introduction In 2006, the major global health concern that is most commonly addressed in the media is the possibility of a pandemic flu triggered by the H5N1 virus (bird flu). Worldwide communicable diseases of malaria, TB and HIV are the major public health threats. Cholera, and vaccine preventable diseases continue to impact the global population and provide on-going challenges for the public health care professional.
152
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
As the global population expands and becomes increasingly mobile, new and emerging diseases increase the need to rapidly detect and manage any outbreak in order to minimize not only health but also the economic impacts of a region. The 2003 SARS outbreak demonstrated how quickly a disease spreads around the world, impacting the economies of communities and countries. After action analysis and recommendations in the wake of the SARS outbreak illustrated one of the identified that one of the key factors to minimize the effects of this event was the lack of timely information. Given the core premise that public health case investigators, decision makers, and health care providers can more rapidly respond and thus minimize the impact of a disease outbreak with timely and accurate data, the following three basic questions can be addressed within the framework of this chapter: x What data is important to support public health preparedness to disease outbreaks? x How can informatics be applied to collect and process this data? x How can compunetics be applied to analyze this information in order to support the decision process and manage the response? In essence, the answer to these questions would only be valid in what we knew about any given disease yesterday. Before today is over and tomorrow even begins a new disease, a new prevention process, new technology, and applied science may come into existence that changes how we would answer these questions. Therefore, the key is not as much the specifics in each area but more the overall vision and framework that will support existing and future knowledge and technology.
1. A Vision for Applied Compunetics to Public Health Preparedness Current challenges center on increasing the interoperability of information systems to allow data to be captured, processed, and analyzed efficiently. International efforts continue within the health industry focusing on the value and use of standards to support improved disease surveillance and reporting. Laboratory tests that use SNOMED (http://www.snomed.org) and LOINC (http://www.loinc.org) code sets for testing and results represents the core of key standards to support disease surveillance and reporting. The ability to electronically transmit and receive results to a disease reporting and management system for case investigation using a set of transmission and formatting standards, specifically those evolving within the Health Level 7 (HL7) and the use of standard vocabulary sets to investigate and manage disease are all areas in which standards play major roles. Applied information systems technology architectures can be developed to support the initial disease reporting and investigation process. The following figure illustrates an example architecture design from a web-based disease surveillance and management system.
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
153
Figure 1: Example System Architecture for Disease Reporting System
This design follows a standard 3-tiered architecture, the data, business and presentation layers. Public health systems adhering to this structure allow changes be it data, processes or disease protocols to be integrated within the information and decision support systems required to support preparedness and response.
2. Data Layer The data layer can be segmented into three specific areas; (1) early warning, (2) case specific and (3) supporting data. The first segment, early warning, contains a variety of data sets, most notably data that can be processed to provide a measure of likelihood or an indication that a potential outbreak is probably. Early warning indicators used for disease detection prior to a confirmed laboratory result may include information available from hospital emergency departments, increased orders of laboratory tests, point of sales of overthe-counter pharmaceuticals and home remedies, absenteeism rates in schools or occupational health, calls to call centers from emergency response to programs such as online “ask a nurse” queries. In addition, non-human health indicators that are monitored
154
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
within a geographic area to include environmental and animal health can play significant roles in early disease detection. Understanding the value of each data source, as well as the content, ensures data collection systems within the overall vision capture this information in a timely fashion. The information systems to support early warning indicators must recognize that data can be in the form of individual case counts or aggregated. The initial processing of this data must also recognize that even within similar categories of information sources, such as point of sales pharmaceuticals, the sales of a specific brand name is not the key element but more importantly the underlying ingredients and quantities. The following table illustrates this example in which UPI codes used by individual manufactures for a specific brand name are categorized by the key ingredient and specifically the type of disease symptom the drug targets. Applied compunetics can be used to leverage the value of this data only once the data is in its lowest common denominator. Table 1. Example Translation from a Manufacturer’s Product to a Specific Disease Symptom of Interest.
UPI Code
Medicine
Active Ingredient
Size
Disease Symptoms
30149003942
PEPTO BISMOL LIQ 12 OZ
BISMUTH SUBSALICYLATE
12 FL ounce
Gastroinestinal
30045018904
TYLENOL COLD CHILDS 4 OZ
ACETOAMINOPHEN
4 FL ounce
Respiratory
Furthermore, for early warning data sources, area demographics, geographic information, and time sensitivities are all important. Sensitivity to day of the week, time of day, as well as other calendar specific events holidays, special events must be accounted for when applied compunetics is used within the Business Layer of the overall vision to analyze these types of datasets effectively. In summary early warning data is diverse, non-standard and continuous. Once a disease is suspected, processes for reporting are more formal, standardized and on a caseby-case basis. This leads to the second category of data within the overall vision. Case specific data is most commonly data that originates from laboratory confirmation of a reportable disease. This information resides within the Laboratory Information Management Systems (LIMS) of hospitals, public health and 3rd party laboratories. Standardized laboratory testing procedures and results are commonly identified through the LOINC (test to be performed) and SNOMED (test results) code sets and there are initiatives underway that support electronic laboratory reporting (ELR) directly to public health organizations when positive tests are confirmed. Integration of ELR messages into an electronic health environment requires first the understanding of the transmission message format, i.e. simple comma delimited or a more
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
155
formal HL7 (see Figure 2) and, second , the requirements for converting the laboratory data 1 source through mapping of the code sets into notifiable diseases.
Figure 2: Example HL7 Message from Electronic Laboratory Report
Laboratory data does not include patient demographic information that would reside in the information systems of the requesting laboratory source, such as the private physician’s office. Data capture of the laboratory information is the first step, processing the information and integrating this data with the exact case must also occur prior to its utilization to support investigation and disease mitigation. The third segment of the data layer for disease surveillance and reporting is information to support the case and outbreak investigations. This data may include environmental data, specific patient medical information to contact data, person and place. Data is often captured through data collection instruments both standard for well known disease investigation processes, for example, a measles outbreak and non-standard disease for evolving diseases such was the case for the SARS outbreaks. In each case data collection varies by what is currently known about epidemiological best practices at the time. Examples of data collection instruments are included in the following figure.
1 Electronic Laboratory Reporting for the Infectious Disease Physician and Clinical Microbiologists, Rebecca Wurtz MD, MPH and Bruce Cameron, August 2004, Clinical Infectious Diseases Weekly
156
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
Figure 3: Example non-standardized data collection instruments support case investigations
Lessons learned from the SARS outbreak indicated that a greater emphasis must be placed upon the value of collecting common data through use of standardized questions, vocabularies, and version control of instruments allowing a more rapid evaluation to support the specific case as well as outbreak issues. This has allowed the use of applied compunetics to support the generation of standardized data collection instruments through established epidemiology vocabulary data sets establishing common bases of information for case investigators and researchers. (Figure 4). In addition, this provides the ability to historically retain the information correlated with the decision support processes creating a resource for establishing future best practices that minimize the impact of any disease or disease pattern.
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
157
Figure 4: Applied compunetics supporting the generation of standard disease data collection instruments must leverage established and evolving vocabulary standards. Although these are but a few examples of the types of data and characteristics of this data that are important to public health disease surveillance systems, they illustrate the value of this data when applied to information technology design, processes, and the collection of this information. The designer of an information system must ask the following questions: 1. 2. 3. 4. 5.
What is the epidemiological basis of the underlying data and it’s value to support either early warning, disease reporting, investigation and/or management? What existing sources of data exist within each data segment, availability, timeliness, quality, and sensitivity? What additional sources of data could be leveraged through work flow, business operations and other processes, today and in the future? What system components are required to capture data today and in the future as well as process this data to support the decision processes integrated into the business layer? What non-technical issues must be overcome to support the use of these various data streams?
Once the environment is understood it is then possible to design a data collection system to support the disease surveillance and management process.
158
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
3. Business Layer The data layer within the system architecture for an integrated disease system creates the foundation on which decision processes can be built. The fact that data should be electronically captured in real or near-real time offers the opportunity to develop decision processes to support assessments of possible changes in the overall public health status of a community and, thus, notifications to investigators, first responders and public health managers, thereby allowing for a more rapid deployment or pro-action to minimize an outbreak. These decision support tools are incorporated within the business layer. There are many examples currently being employed, from bio-surveillance initiatives to population impact assessments, given an outbreak situation. These range from probabilistic to deterministic solutions.
4. Presentation Layer As data is processed and results are generated, the ability to present this information to the system users and decision makers is critical to understanding issues and impacts of any given disease or outbreak. Within the system architecture illustrated by the three layers, the presentation layer represents the results. Graphics, visualization, simulation, dashboard illustrations and reporting are all examples presentation modes. Within a public health system the presentation layer should support role-based usage of the system. For example, the Medical Director may simply need an overall account of the total number of cases by geographic region and an indicator as to if this was within acceptable limits, whereas a specific case investigator/epidemiologist researching a foodbourne report would want detail on individual meals and locations. Building specific use cases for each system user allows an application to be implemented that supports the specific responsibility of each user. The following figures illustrate a number of example user presentations formats that benefit the public health professional. Within today’s environment these are web-based presentations that often can be configured by end users.
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
159
Figure 5: Example Dashboard User Interface Presentation for Case Management of Disease Reports – Canada Prototype, STC/IBM Canada, 2006
Figure 6: Example Graphical Illustration of Disease Reports, China Information System for Disease Control and Prevention, 2005
160
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
Figure 7: Example use of Geographic Information System Visualization Tools to Support Emergency Response, 2003
5. Summary Implementation of public health information systems to support disease surveillance, investigation, and management when built upon a standard three-tiered system architecture, increases the likelihood of utilization and thus success. As the epidemiological framework and disease practice management processes change due to environmental, disease, and population characteristics the supporting information system must also change. The ability of a user to leverage a variety of data sources on which to base decisions may appear simple and straight forward but there are significant complexities, processes and stakeholders to be understood. The ability of a user to know the impact of each decision and to monitor the effectiveness of each action further supports the ability for the public health community to maximize the limited number of resources available (funding, facilities, supplies, staff, etc.). The key criteria within the information environment when applying compunetics to support public health preparedness is not so much infrastructure, commercial products, 3rd party tools, or even existing public health practice as it is an understanding of component integration, but rather components that can be built within a standard based environment for vocabularies and communications. This will increase interoperability between information systems thereby reducing time to process and analyze data for decision support. Applied compunetics to support the public health mission of disease mitigation offers system users an opportunity to have the right tools at the right time in which to make the
M.L. Popovich and T. Watkins / Applied Medical & Care Compunetics
161
right decisions. Preparedness for disease outbreaks will, in part, be a function of rapid detection and action. Rapid detection equates to identifying indicators that an outbreak is likely. Build the right public health electronic environment and the technologist will be as valuable as the first responder to mitigating disease impacts.
162
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Patient Record Access – The Time Has Come Dr Brian Fisher MBBCh MSc a,1 , Dr Richard Fitton b,2, Charline Poirier, PhD c,3 , Dr David Stables MBChB d,4 a GP, Wells Park Practice b GP, Hadfield Medical Centre c Ethnography/user research consultant d Medical Director, Egton Medical Information Systems Ltd
ABSTRACT There are now a number of systems across the world that enables patients to view their electronic health records. These include kiosks that have fingerprint authentication and also net-based access. The paper outlines the approach taken by the UK NHS and explains the legal underpinning of access. Starting form the premise that record access is here to stay, the paper outlines the research on benefits and risks of record access, concluding that, with simple precautions, record access is safe and affords many benefits to both patients and clinicians. It goes on to consider possible impacts of record access on the way records might be written as a co-produced document and emphasizes that national standards for record sharing need to be written. Keywords: record access, patient empowerment, record sharing
Introduction Current NHS plans that NHS Connecting for Health’s Healthspace will, by 2008, support patient access to the Spine, through the National Care Record Service. This is expected to be a summary of the GP problem list probably excluding mental health, sexual health and some infections. These summaries will need to be discussed with individual patients, probably starting late 2006. Healthspace is designed to support patients in self-care. Patients will eventually be able to specify which parts of their record are to be placed in “sealed envelopes” with access restricted to specific NHS professionals (NHS Care Records in England Connecting for Health 2005). 1 1 Wells Park Rd, London SE26 6JQ, UK, Tel: 020 8291 6898 Fx:020 8699 2552, [email protected] 2 82 Brosscroft, Hadfield, Glossop, Derbyshire SK13 1DS, UK, Tel 01457 860860 Fax 01457 857735, [email protected] 3 59 Carlton Mansions, Randolph Avenue, London, W9 1NR, UK, Tel: 020 7328 1563, [email protected] 4 Park House Mews, Off Broadway, 77 BackLane, Leeds LS18 4RF, UK, Tel 0113 2591122
B. Fisher et al. / Patient Record Access – The Time Has Come
163
This paper describes developments that will enable patients to have access both to their full and their summary medical records in the surgery and on the web. It outlines the current legal framework and explores how record access (RA) may impact on many aspects of care. It also briefly discusses the key role of design. RA is currently available in a number of different forms across the world. In the UK, kiosks, designed outside the NHS Connecting for Health programme, offer access to the full GP electronic record with linked health-related information. Access is authenticated by fingerprint and PIN to protect access, and the touch screen and reformatted records make content and navigation easier to understand. (PAERS 2004). A web-based service is being designed with other functionality possibly including the ability to rectify errors. A number of practices in the UK are using RA in the surgery. One surgery allows patients to take away their records on a USB memory stick or on a CD. Patients in some practices can insert health data such as BP and Peak Flow directly into their record. In the US a number of HMOs offer RA. (Eklund B, Joustra-Enquist I. (2004)). In all situations, security and legal protection are of the highest order. So, RA is on the way. What do we know about it? What will it look like? What is its likely impact?
1. Legal underpinning The legal underpinning to RA includes the Access to Medical Records Act, the Data Protection Act and the Freedom of Information Act. Access to Medical Reports Act 1988 (Access to Medical Reports Act 1988) establishes a right of access by individuals to reports relating to themselves provided by medical practitioners for employment or insurance purposes (subject to exceptions, broadly similar to those for the Data Protection Act, described below). Data Protection Act 1998 (Data Protection Act 1998) states that patients or anyone authorized by the patient, parents of children under 16 or a ‘Gillick competent’ child are entitled to access their medical records. Access can only be denied where the information: x may cause serious harm to the physical or mental health, or condition of the patient or any other person x may relate to or be provided by a third person who had not consented to the disclosure. The Freedom of Information Act 2000 (Freedom of Information Act 2000) gives people a general right of access to information held by or on behalf of public authorities. The Act provides that information is exempt if, inter alia, its disclosure under the Act would, or would be likely to x endanger the physical or mental health of any individual, (including the applicant, the supplier of the information or anyone else) x endanger the safety of any individual. The Copying Letters to Patients initiative (DOH (2003)). enabling patients to see all letters written about them does not have any legal underpinning but raises many of the
164
B. Fisher et al. / Patient Record Access – The Time Has Come
same issues as RA . It is slowly being adopted across the NHS, with general acceptance by patients and clinicians.
2. What do we know about RA? 75% of patients who have been registered to use the electronic kiosk access system have looked at their notes - the same proportion as those who looked at their paper records which are being phased out in most general practices. Some patients access their records repeatedly; most only do so occasionally for specific purposes. Clinicians are often initially sceptical and worried about the impact of RA. (Fisher B, Britten N. (1993)) They fear that mistakes and confusion will be exposed and that litigation may increase. There is no evidence, however, that this is likely to occur. (Baldry M., Cheal C., Fisher B., Gillett M., Huet V. (1986)). On the contrary, evidence is clear that RA improves relationships between clinicians and patients. Experience with RA tends to convince clinicians that its benefits outnumber its potential problems, and many have become quite enthusiastic (Protti D, Eggert C. (2005)). The benefits of RA appear to be substantial. Patients describe improved trust in their doctors, improved confidence in their clinicians, (Baldry M., Cheal C., Fisher B., Gillett M., Huet V. (1986)) and they feel more informed and in control of their condition and its management.(Pyper C, Amery J, Watson M, Crook C., (2004)) There is some evidence for improved health practices by patients – for example, improved compliance in heart failure. (Ross SE, Moore LA, Earnest MA, Wittevrongel L, Lin CT. (May 2004)) In general, patients are keen on RA in principle (National Programme for IT, (7 October 2003.)) and in practice. (Pyper C, Amery J, Watson M, Crook C.,( 2004)). Additional advantages of RA include that it can be used to reduce recording errors and thus increase patient safety, (Fitton Richard, personal communication) and that patients looking up information in their records can save time for practices. If integrated into daily practice, we expect that RA will not result in an increase in consultation time, although this has not yet been formally measured. On the contrary, we predict that RA will help patients focus their medical agenda and ultimately, RA will end up saving time and foster compliance. There are risks, to be sure. 10% of patients were upset by what they read, although the vast majority of those were still pleased that they had seen the notes. Patients with cancer, in particular, were overwhelmingly pleased to have read their full GP records. Evidence suggests that patients with psychiatric problems can find seeing their notes distressing (Baldry M., Cheal C., Fisher B., Gillett M., Huet V. (1986)). However, the experience can be harnessed therapeutically. There are potential risks if the process is not handled carefully, if, for example, patients see frightening information before it has been discussed with them or if they are able to access third party information. Simple precautions in letter and result handling, however, can virtually eliminate these risks. Experience so far has been with enthusiastic committed practices, and it may be that such safety precautions may not be so strictly adhered to when the majority of practices will be able to offer access. This is
B. Fisher et al. / Patient Record Access – The Time Has Come
165
one of many reasons that a set of national standards of managing RA are essential and urgent. Confidentiality is well-maintained in the waiting room kiosk-based approach: the system uses both fingerprint and pin identification and there are simple but effective ways of ensuring that it is only with the patient’s permission that the record may be seen by anyone else. A web-based approach may be more prone to abuse: despite secure access, it is possible that members of the family, for instance, will be able to see records, perhaps by glancing over patients’ shoulders or by coercing them. However, as with internet banking and other protected sites, once the record has been delivered, the patient becomes responsible for its security. Overall, RA appears to be safe and practical when used with simple precautions and education. In order to guide beginners and to clarify procedures, there is a need for NHS and international standards and guidelines.
3. To what use do patients put RA? Current research suggests that patients use RA to prepare for consultations and recap after them; for finding information that they would otherwise have to ask the practice for, such as immunization history; it helps understand the history of a particular condition; improves awareness of their condition; enables them to pass on information obtained when visiting hospitals or when taking sick elderly parent to A & E. In general, they say that they feel more of a partner in their health care. (unpublished data NHS Connecting for Health).
4. What impact could RA have on daily clinical life? Consultations (when they work well) find agreement on a description of what is going on and develop and understanding of how to manage it. The shared record, if we get it right, offers a new dialogue in which clinician and patient learn from each other. Thus, the task is not only to foster ease of use for the clinician, it is also to make the record useful for the patient. The electronic record could change from a repository of recorded clinical information for clinicians to a tool of communication and health management used by patients and health professionals. This could affect the structure, processes and outcomes of records in a number of ways. 4.1. Reading the record GPs’ notes are full of abbreviations, technical terms, and other impediments to lay understanding. Patients tell us that they understand on average 60% of the record as it is currently written. If patients start relying on the record to make sense of their health and to participate in their own care, recording will have to change to improve lay understanding. For instance, writing “Heart attack” for the patient’s benefit rather than “MI”.
166
B. Fisher et al. / Patient Record Access – The Time Has Come
This might mean that clinicians need to spend more time writing in the record. However, technology can help to write efficiently with predictive text, automatic correction and glossary or information boxes, reducing time and effort while maintaining reliability. Technology can also provide lay interpretation of medical terms. One system currently enables patients to see information about most of the Read codes by touching the screen to reveal a Patient Information Leaflet on the topic. 4.2. Making sense of data Quantitative data, such as investigation results are another restricted area of clinical knowledge. This data currently makes immediate sense to clinicians but is not generally meaningful to patients. RA could make sense of data for patients. For example, blood pressure, blood glucose and lipids can be displayed as charts and diagrams with normal ranges and including clinicians’ comments on their significance. Technology could develop clinicians’ informal practice of illuminating descriptions with drawings. 4.3. Issues of equity and design The design of RA will also need to ensure equality of care. Ethnographic studies suggest that patients have different native mental models or world views of health which structure their behaviours around health. (Poirier, C. (2000)) A patient’s world view and particular health goals will affect their motivation to adopt and use their record. Design needs to be increasingly universal to ensure equity of access. It will need to relate medical information to the goals and needs of patients. 4.4. Correction of errors in the record Experience has shown that RA can aid the correction of recording errors. These errors often involve patient identification. They also often pertain to aspects of a consultation, for example, to a description of conditions or symptoms described by the patient, or even outcomes. In pilot studies, we have found that patients are able to point to inconsistencies in prescribing and test results. Studies are being conducted to quantify error reduction outcomes in records provided by RA. 4.5. Ensure continuity of care The patient can also help in the sharing of information that the record contains with appropriate health professionals. There are a number of examples where carrying records on holiday has made medical intervention safer.
B. Fisher et al. / Patient Record Access – The Time Has Come
167
4.6. Patients entering their own data A number of practices have experience of patients adding data directly to their record by email. Peak Flow and BP would be the obvious candidates here. Design would need to ensure that the data was viewed by the clinician before being entered into the notes so that any relevant clinical response could be made.
5. CONCLUSION In summary, we see RA as significantly improving shared care and improving not only trust in clinicians, but trust by clinicians for their patients. It appears safe when used with simple precautions. It is likely to form the bedrock of future choice and shared decisionmaking.
REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
Access to Medical Reports Act 1988 www.opsi.gov.uk/acts/acts1988/Ukpga_19880028_en_1.htm Baldry M., Cheal C., Fisher B., Gillett M., Huet V. (1986). ‘Giving Patients their own records in general practice: experience of patients and staff’. Br Med J (Clin Res Ed) Mar 86, 1;292(6520):596-8 The Care Record Guarantee Our Guarantee for NHS Care Records in England Connecting for Health 2005 http://www.connectingforhealth.nhs.uk/all_images_and_docs/crbb/crs_guarantee_2.pdf Data Protection Act 1998 www.opsi.gov.uk/acts/acts1998/19980029.htm DOH (2003). Copying letters to patients scheme. Available at www.dh.org.uk Eklund B, Joustra-Enquist I. (2004). SUSTAIN- Direct access for the patients to the medical record over the Internet. In Lakovidis I, Wilson P, Healey JC Eds: E-Health: Current Situation and Examples of Implemented and Beneficial E-Health Applications. Amsterdam:IOS Press Fisher B, Britten N. (1993). Patient access to records: expectations of hospital doctors and experiences of cancer patients. Br J Gen Prac. 43:52-56 Fitton Richard, personal communication Freedom of Information Act 2000 www.opsi.gov.uk/acts/acts2000/20000036.htm National Programme for IT, (7 October 2003.) ‘The public view on electronic health records’, available from: http://www.dh.gov.uk/assetRoot/04/05/50/46/04055046.pdf PAERS (2004). ‘Patient Access to Electronic Medical Record and Automatic Arrival System’. PAERS Ltd. Lincs. Available from www.paers.net Protti D, Eggert C. (2005). Personal Health Records and Sharing Patient Information. www.connectingforhealth.nhs.uk/worldview/protti7 Pyper C, Amery J, Watson M, Crook C., (2004) ‘Access to electronic health records in primary care-a survey of patients' views’, Med Sci Monit.Nov;10(11):SR17-22. Pyper C, Amery J, Watson M, Crook C.,( 2004). ‘Patients' experiences when accessing their on-line electronic patient records in primary care’, Br J Gen Pract. Jan;54(498):38-43. Ross SE, Moore LA, Earnest MA, Wittevrongel L, Lin CT. (May 2004) Providing a web-based online medical record with electronic communication capabilities to patients with congestive heart failure: randomized trial. J Med Internet Res. 20;6(2):e14.
168
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
New Trends in the Virtualization of Hospitals – Tools for Global e-Health Georgi GRASCHEWa, Theo A. ROELOFSa, Stefan RAKOWSKYa and Peter M. SCHLAGa a Surgical Research Unit OP 2000, Robert-Roessle-Klinik and Max-DelbrueckCentrum, Charité – University Medicine Berlin, Lindenberger Weg 80, D-13125 Berlin, Germany and b
Paul HEINZLREITERb, Dieter KRANZLMÜLLERb, and Jens VOLKERTb GUP - Institute of Graphics and Parallel Processing, Johannes Kepler University Linz, Altenbergerstrasse 69, A-4040 Linz, Austria Abstract. The development of virtual hospitals and digital medicine helps to bridge the digital divide between different regions of the world and enables equal access to high-level medical care. Pre-operative planning, intra-operative navigation and minimally-invasive surgery require a digital and virtual environment supporting the perception of the physician. As data and computing resources in a virtual hospital are distributed over many sites the concept of the Grid should be integrated with other communication networks and platforms. A promising approach is the implementation of service-oriented architectures for an invisible grid, hiding complexity for both application developers and end-users. Examples of promising medical applications of Grid technology are the real-time 3D-visualization and manipulation of patient data for individualized treatment planning and the creation of distributed intelligent databases of medical images. Keywords. Telemedicine, Virtual Hospital, Digital Medicine, Health Grid Applications, Grid Tools Suite
Introduction The EMISPHER1 project (Euro-Mediterranean Internet-Satellite Platform for Health, medical Education and Research, EUMEDIS pilot project 110, co-funded by the EC under the EUMEDIS2 programme, strand 2, sector 1) has been dedicated to telemedicine, E-Health and medical E-Learning in the Euro-Mediterranean area. Telemedicine aims at equal access to medical expertise irrespective of the geographical location of the person in need. New developments in Information and Communication Technologies (ICT) have enabled the transmission of medical images in sufficiently high quality to allow for a reliable diagnosis to be determined by the expert at the receiving site [1-2]. 1 2
http://www.emispher.org http://www.eumedis.net
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
169
At the same time, these innovative developments in ICT over the last decade bear the risk of creating and amplifying a digital divide in the world, creating a disparity in quality of life between the northern and the southern Euro-Mediterranean area. The digital divide in the field of health care has a direct impact on the quality of the daily life of the citizens. In recent years, different institutions have launched several Euro-Mediterranean telemedicine projects. All of them aimed to encourage the cooperation between the European member states and the Mediterranean Countries. During its implementation over the last two years, EMISPHER has deployed and put in operation a dedicated internet-satellite platform consisting of currently 10 sites in 5 MEDA countries (Casablanca, Algiers, Tunis, Cairo and Istanbul) and 5 EU countries (Palermo, Athens, Nicosia, Clermont-Ferrand and Berlin). The EMISPHER network hosts three key applications: x Medical eLearning: EMISPHER Virtual Medical University with courses for under-graduates, graduates, young medical professionals, etc., in real-time and asynchronous modes x Real-time telemedicine: Second opinion, demonstration and spread of new techniques, telementoring, etc. x eHealth: Medical assistance for tourists and expatriates [3]
Methods The EU is committed to realise by 2008 a number of steps forward in the area of eHealth: electronic health records, electronic health insurance cards, Europe-wide patient identifiers, interoperability of the various cards, medical e-Learning for health professionals, harmonisation of reimbursement and liability issues, as well as a European public health portal for citizens. For the provision of global healthcare dedicated telemedicine and e-Health services are needed 24 hours per day, 7 days per week (24/7). These services should meet high standards for reliability and quality of service (QoS). Furthermore, opensource and open-standard solutions are essential for interoperability and integration of the various services. Also, gateways to other communication networks should be created. The implementation of interactive remote control of medical devices will enhance telediagnosis. Consequently, the medical workflow and decision-making tree has to be re-evaluated and new management tools for global virtual alliances have to be introduced. Mental, intellectual and educational e-services for citizens shall be created [4-5]. The EMISPHER network serves as a basis for the development and deployment of a Virtual Hospital for the Euro-Mediterranean region. The Virtual Euro-Mediterranean Hospital aims to facilitate and accelerate the interconnection and interoperability of the various medical applications, being developed by different organisation at different sites, by integrating them into a consistent set of services. Activities will include various real-time telemedicine services to support implementation of evidence-based medicine and area-wide coverage including all Mediterranean countries.
170
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
Results Pre-operative planning, navigation and robotics offer advantages in minimally-invasive surgery by increasing the precision of the intervention and by shortening the recovery time of the patient. As minimally-invasive surgery is image-guided it requires an adequate fully digitized environment for optimized usage in clinical routine. Navigated instruments support surgical procedures in various disciplines such as neurosurgery, craniofacial or liver surgery, etc. All these areas produce an information flood. To deal with such an amount of information, personalized avatars which represent the user virtually in an online community of medical information systems and multi perception for multi media performance in virtual reality environments (visualisation of virtual 3-D objects, full navigation, haptic simulation, etc.) are needed (Fig. 1). It is assumed that multi-modal stimulation in virtual environments raises the experience of presence perceived by the user. Thus, a multimedia and multimodal data display supports perception of the user effectively.
Fig. 1. Surgical Table for operation planning, simulation and training of surgical procedures. Two users can simultaneously observe tracked, stereoscopic views of virtual objects and work interactively (Integration of haptic feedback is in progress).
ICT contribute to digital radiology, digital pathology, telemedicine and navigation and simulation. New developments in ICT have enabled the transmission of medical images (both still images and live video sequences) in a sufficiently high quality to allow for a reliable diagnosis to be formulated by the expert at the receiving site. Realtime telemedicine refers to those applications that involve live transmission of medical data and concomitant live teleconsultation by the remote expert. Successful real-time telemedicine applications exhibit several key factors such as sufficiently high communication bandwidth that is also economically affordable, as well as intelligent data compression modules that allow for drastic reduction of the required bandwidth. In radiology the use of digital, filmless radiology information systems is now standard.
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
171
For digital pathology a digital virtual microscope must scan the slides at the highest possible magnification and generate images on a PACS server. Image sizes are still large but the vast progression in data storage allows managing this level of data. The system’s advanced functionality is likely to enable introduction of digital pathology in routine diagnostic work in near future. However, the promise of telemedicine to provide equal access to medical expertise irrespective of the geographical location can only be met when not merely the patient’s data are transferred but rather a telepresence is created, thus bringing patient and remote expert together using ICT. Besides general interactivity between the two sites features like telehaptic, telesensation and remote control of medical devices (e.g. telerobotics) are prerequisite for a real telepresence (Fig. 2).
Fig. 2. MEDASHIP telesonography demonstrator. The expert (bottom right) can diagnose the patient (bottom left) from the US-images transmitted in real-time (top left). The expert can also remotely control the ultrasound (US) head (bottom left) (work in progress).
For treatment according to verifiable guidelines according to the concept of evidence-based medicine an optimization of the clinical workflow is necessary. Workflow management will specify the technical realisation of medical sequences of operations. Here the integration of the different modalities (imaging, medication, OPreport, etc) into a centralized electronic patient record is needed. The electronic patient record has the potential to improve the communication in health care and consequently the quality of treatment and to save a lot of money. To integrate all these concepts the Virtual Euro-Mediterranean Hospital (VEMH) will provide a heterogeneous integrated platform consisting of satellite links, such as the EMISPHER network (2 Mbit/s bandwidth, meshed topology), terrestrial links such as GÉANT2 and EUMEDCONNECT, as well as wireless channels and capabilities for ad-hoc networks.
172
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
Due to the geographically dispersed character of the Virtual Euro-Mediterranean Hospital, data and computing resources are distributed over many sites under different administrative domains. Therefore Grid-based infrastructures, architectures and services [6] become a useful tool for the successful deployment of medical applications and thus provide medical personnel with the required information, computation, and communication services [7]. Services like acquisition and processing of medical images, data storage, archiving and retrieval, as well as data mining being applied especially for evidence-based medicine are common requirements within the medical application domain. In addition, simulations and modelling for therapy planning and computer-assisted interventions, and large multi-center epidemiological studies are typical clinical services that will profit strongly from the development and implementation of suitable Health Grid environments. While giving access to distributed services in a wide-area network of connected institutions a Grid-based system can integrate domain knowledge, powerful computing resources for analytical tasks and means of communication with partners and consultants in a trusted and secure system, tailored according to the users requirements in medico-clinical applications. A strong argument favouring the integration of eHealth services with Grid environments is given by the Grid expertise within the European research community. Currently, the largest and most important concerted effort in the European Grid field is the EGEE-Grid3. Nevertheless, commercial and day-by-day Grid-aware applications are still not widely available. This is mainly due to the lack of proper tools for supporting programmers in the design, development and implementation of Grid-based applications. The main challenge in the domain of grid-based tools and applications is given by hiding the complexity of the underlying Grid infrastructure from the application developer by integrating higher level tools and services for grid application development.
Fig. 3: The “Invisible” Grid for Health Services: Hide the Grid complexity from the application-developers and end-users
3
http://www.eu-egee.org
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
173
The main reason for the lack of Grid-aware applications appears to be a gap between the Grid infrastructures and their developers / operators on the one side and the developers and end-users of Grid-based applications on the other side. To bridge this gap a user-driven approach needs to be implemented, which includes all stakeholders. A Grid Tools Suite (GTS) needs to be developed that will facilitate and enhance the development of Grid-aware applications. The architecture of the GTS needs to be service-oriented and based on the needs of both application developers and end-users. Inclusion of already existing tools fulfilling the defined requirements, as well as the development of new tools and extensions of existing ones will guarantee building on previous achievements while not compromising on the strict requirements for architecture and functionalities. One example of a promising application of Grid technology within the Virtual Hospital is given by the real-time 3D-visualization and manipulation of medical images (patient data) for individualized treatment planning and training purposes. Experience of the last years shows that by an improved preoperative planning supported by three-dimensional stereoscopic visualisation and modelling better medical results can be achieved. The reason for this is that by planning the therapy can be individualized and the matching to the patient can be improved. This has been shown especially for the construction and adjustment of implants such as a hip joint, maxillofacial surgery, radiation planning, and neurosurgical interventions. In this regard it is not only necessary to supply a three-dimensional morphological patient model but also functional interrelations like tissue properties, function, and blood circulation. To enable fast 3D visualization and interactive inspection of CT, MRT and US patient data after semi-automatic segmentation and reconstruction Grid technology comes into consideration. Currently, using the existing View Sphere Rendering software about 5000 views on an imaginary sphere enclosing the data cube (CT, MRT) can be displayed as a result of off-line pre-calculation of the views [8]. As a result of these pre-calculation of the view sphere the user is able to rotate the data cube in realtime (50 frames per second on each channel) using different interaction devices such as joystick, mouse, keyboard, or voice control to inspect not only the original 2D slices but also recalculated slices for any new orientation of the data set, and to navigate through the data slices inside a region of interest. Using grid resources an on-line calculation of the view sphere would be possible thus enhancing operation planning facilities considerably. Also Grid services like the Grid Visualization Kernel (GVK) [9] can be used for 3D visualisation. The rendering of multiple images using different viewpoints is required. Taking into account the typically large size of medical datasets the rendering techniques have to be highly parallelized to exploit the performance of grid resources to the full extent. If multiple distributed grid resources are used for rendering, the input data has to be distributed onto the resources beforehand. Rendering approaches which can be applied on medical volume datasets can be separated into direct volume rendering approaches such as raycasting [10] or splatting [11] and surface fitting algorithms like isosurface extraction [12]. Using direct volume rendering the images can be generated directly out of the volume data while isosurface extraction requires an additional rendering step for image generation. This rendering step can also be executed in parallel using an off-screen rendering library and depthbuffer merging for assembling the final images. One would typically execute the rendering step on the same resource as the isosurface extraction thus saving the transmission of the intermediate triangle mesh. All techniques are well parallelizeable
174
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
and applicable within a Grid environment yielding significant performance benefits. In case of raycasting each of the parallel rendering processes or threads needs the whole input dataset for image generation while the other approaches only require one part of the volume data per rendering thread or process. After the parallel rendering has finished the final image has to be assembled and sent to the users desktop machine. Besides parallelizing the rendering of a single image the invocation of multiple instances of the rendering module applied will prove beneficial since multiple images can be rendered concurrently. Which rendering technique proves best for a given application such as online rendering of images to be mapped onto the view sphere heavily depends on the type of input data as well as the types of resources available. If a set of distributed resources is available such as a pool of workstations interconnected over a fast network, the data to be rendered can be distributed beforehand and each workstation can do the rendering for a different viewpoint. If there is a multiprocessor machine with shared memory available, the input data needs not be replicated and parallelized rendering techniques can be applied without inducing higher latency due to communication costs. Another promising example of a Grid-based application is the MammoGrid project4, which developed a Europe-wide database of mammograms to facilitate a set of first priority healthcare applications. Key aspects here are standardisation of mammograms, design of an appropriate clinical workstation for the end-user, as well as the distribution of data, images and clinical queries across a Grid-based distributed database. Beyond these specific applications, a more generic goal was to explore the potential of Grid to support effective collaborative work (in particular for collaborative medical image analysis) between healthcare professionals located at geographically dispersed sites across Europe. In general it is expected that medical applications will profit most from the Grid when they involve large amounts of image data distributed across dispersed sites, which treatment and analysis is computing resource intensive and/or can be improved by computer-aided routines. Potential examples are in the field of Teleradiology (see above) or Telepathology (virtual microscopy).
Conclusions For successful deployment of the various medical and clinical services in the Virtual Euro-Mediterranean Hospital, the development and implementation of Health Grid services appears crucial. The Virtual Hospital will foster cross-Mediterranean cooperation between the leading medical centres of the participating countries by establishing a permanent medical and scientific link. Through the deployment and operation of an integrated satellite and terrestrial interactive communication platform, it will provide for medical professionals in the whole Euro-Mediterranean area access to the required quality of medical service depending on the individual needs of each of the partner.
References [1]
4
G. Graschew, S. Rakowsky, P. Balanou, P.M. Schlag, “Interactive telemedicine in the operating theatre of the future”, J. Telemed. Telecare, Vol. 6, suppl 2, pp. 20-24, (2000).
http://MammoGrid.vitamib.com
G. Graschew et al. / New Trends in the Virtualization of Hospitals – Tools for Global e-Health
175
G. Graschew, T.A. Roelofs, S. Rakowsky, P.M. Schlag, “Broadband Networks for Interactive Telemedical Applications”, APOC 2002, Applications of Broadband Optical and Wireless Networks, Shanghai 2002, Proc. of SPIE, Vol. 4912, pp. 1-6, (2002). [3] G. Graschew, T.A. Roelofs, S. Rakowsky, P.M. Schlag, „Überbrückung der digitalen Teilung in der Euro-Mediterranen Gesundheitsversorgung – das EMISPHER-Projekt“, in: JÄCKEL A. (Ed.), Telemedizinführer Deutschland 2005, (Ober-Mörlen), pp. 231-236, (2005). [4] R.U. Pande, Y. Patel, C.J. Powers, G. D’Ancona, H.L. Karamanoukian, “The telecommunication revolution in the medical field: present applications and future perspective”, Curr. Surg. Vol. 60, pp. 636-640, (2003). [5] C. Dario, A. Dunbar, F. Feliciani, M. Garcia-Barbero, S. Giovannetti, G. Graschew, A. Güell, A. Horsch, M. Jenssen, L. Kleinebreil, R. Latifi, M. M. Lleo, P. Mancini, M. T. J. Mohr, P. Ortiz García, S. Pedersen, J. M. Pérez-Sastre, A. Rey, “Opportunities and Challenges of eHealth and Telemedicine via Satellite”, Eur J. Med. Res. Vol. 10, Suppl I, p. 1-52, (2005). [6] I. Foster, C. Kesselman (Eds.), “The Grid. Blueprint for a New Computing Infrastructure“, Morgan Kaufmann Publishers, (1999). [7] G. Graschew, T.A. Roelofs, S. Rakowsky, P.M. Schlag, and S. Kaiser, S. Albayrak, “Telemedical applications and GRID technology”, in: P.M.A. Sloot et al. (Ed.), Advances in Grid Computing - EGC 2005, European GRID Conference, Amsterdam, The Netherlands, 14.-16.2.2005, p. 1-5, (2005). [8] G. Bellaire, G. Graschew, F. Engel-Murke, M. Krauss, P. Neumann, P. M. Schlag, “Interactive telemedicine in surgery: Fast 3-D visualization of medical volume data”, Min. Inv. Med. Vol. 8, pp. 22-26, (1997). [9] P. Heinzlreiter, D. Kranzlmüller, “Visualization Services on the Grid – The Grid Visualization Kernel“, Parallel Processing Letters (PPL), Vol. 13, No. 2, pp. 135-148, (June 2003). [10] A.S. Glassner (Ed.), “An Introduction to Raytracing“, Academic Press, 1989. [11] L.A. Westover, “Splatting: A Parallel, Feed-Forward Volume Rendering Algorithm”, Doctoral Thesis, University of North Carolina at Chapel Hill, NC, USA, (January 1992). [12] W.E. Lorensen, H.E. Cline, “Marching Cubes: A High Resolution 3D Surface Construction Algorithm”, in: Proc. of ACM SIGGRAPH ’87, Anaheim, CA, USA, pp. 163-169, (July 1987). [2]
176
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Monitoring the integration of hospital information systems: how it may ensure and improve the quality of data Ricardo CRUZ-CORREIA a,b,1, Pedro VIEIRA-MARQUES c, Ana FERREIRA c, Ernesto OLIVEIRA-PALHARES a, Pedro COSTA a, Altamiro COSTA-PEREIRAa,b a
b
Department of Biostatistics and Medical Informatics CINTESIS – Center of Research in Health Information Systems and Technologies c Center of Informatics Faculty of Medicine of University of Porto Al. Prof. Hernâni Monteiro, 4200-319, Porto, Portugal
Abstract. Integration of hospital departmental information systems (HDIS) has become a common but difficult issue. In May 2003, the Department of Biostatistics and Medical Informatics implemented a Virtual Electronic Patient Record (VEPR) for the Hospital S. João (HSJ), a university hospital with over 1350 beds. The system integrates clinical data from 10 legacy HDIS plus the Hospital Administrative Database (HAD), aiming to deliver all patient information to health professionals. Currently, around 500 medical doctors use the system on a regular basis and the HSJ-VEPR retrieves an average of 3,000 new reports per day, in PDF or HTML formats. This paper describes and discusses the role of monitoring in the assurance and improvement of data quality. Three approaches were put in place: (a) monitoring the HSJ-VEPR concerning the frequency of clinical records retrieved from the DIS by checking if the daily number of reports sent by the HDIS fell in the normal range from similar week days; (b) monitoring inconsistencies in the patient’s identification by cross-checking between HDIS and HAD; and (c) monitoring the integrity of clinical records delivered to medical doctors through the HSJ-VEPR by checking their digital signature. During 2005, the monitoring system detected 53 unusual frequency patterns of which 44 corresponded to real problems. Over a 6 months period, more than 400 alerts were generated concerning inconsistencies in the patient’s identification found in laboratory reports. Nevertheless, a significant reduction in the number of these inconsistencies occurred – from 116 in July to 10 in December 2005 – due to implementation of preventive measures by the DIS. Finally, report’s integrity was checked each time the report was asked to be visualized i.e. in more than one hundred thousand times during a one year period. In conclusion, all information available in hospital information systems can and should be used to trigger alerts of malfunctions and inconsistencies, in order to improve data quality and ensure a better health care. Keywords. Computerized Medical Records Systems; Medical Record Linkage; Hospital Information Systems; Systems Integration; Data Quality; Validation and Integrity 1
Corresponding Author: Ricardo João Cruz Correia; E-mail: [email protected]
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
177
Introduction Integration of data in hospitals has many different advantages and is currently taking place in many institutions [1]. Although frequent, it has still many difficult issues to tackle. Patient data quality in computer-based patient records has been found to be rather low in several health information systems [2-4]. This problem is increasingly important as more data on patients are now recorded than ever before [5]. Furthermore, the assessment of the correctness of collected patient data is a difficult process even when we are familiar with the system in which it was collected [6]. Therefore, one of the main challenges of health information systems or networks is to be able to gather the different parts of the medical record of a patient without any risk to mix them with those of one other patient [7, 8]. Erroneous patient identification has also an impact on hospital charging, as subsidiary partners refuse to pay for misidentified medical procedures. In May 2003, the Department of Biostatistics and Medical Informatics implemented a Virtual Electronic Patient Record [9] for the Hospital S. João (HSJ), a university hospital with over 1350 beds. The system integrates clinical data from 10 legacy HDIS and the Diagnosis Related Groups (DRG) and Hospital Administrative (HAD) databases, aiming to deliver the maximum information possible to health professionals. Over 500 medical doctors use the system on a daily basis and the HSJVEPR retrieves an average of 3000 new reports each day (in PDF or HTML formats). In this paper we aim to describe and discuss the role of monitoring in the assurance and improvement of data quality.
Monitoring integrated systems To detect and prevent possible problems in the HSJ-VEPR, Nagios [10] version 2 (a system and network monitoring application) was installed and configured. Nagios watches hosts and services that you specify, alerting you when things go bad and when they get better. Nagios was designed as a solid framework for monitoring, scheduling and alerting. Apart from the common hardware and services monitoring sensors (e.g. free hard disk, network ping or database listener ping), special sensors were implemented to monitor the HSJ-VEPR report retrieval and visualization rate. This is possible because it allows simple plug-in design that allows users to easily develop new service checks, while taking advantage of the notification (via email, pager, or other user-defined method) and scheduling API. It also supports implementation of redundant and distributed monitoring architectures. Our Nagios’ specific services plugins are PHP 5 scripts that return one of four states (0 – ok; 1 – warning; 2 – critical; 3 – unknown), and a descriptive message. Sometimes a HDIS sends an abnormal number per day (too big or to small) of reports to our HSJ-VEPR. This normally reflects some kind of HDIS problem. Initially, it was implemented a static monitoring system that uses predefined ranges of frequency normality for each HDIS (e.g.: System A sends from 100 to 4000 reports per day). The main problem of this solution was the large number of false alarms and of alarms that should have been triggered, these situations originate from all weekdays being treated as equal and from the fact that on weekends some departments don’t send clinical reports.
178
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
Table 1. Percentiles 2.5 and 97.5 of reports sent in 2005 by System A Percentile
Mon
Tue
Wed
Thu
Fri
Sat
Sun
2.5
82
100
148
121
99
45
40
97.5
561
595
560
674
668
300
364
Table 2. Alerts triggered by dynamic and static method in System A (numbers in bold represent the number of erroneous alert detections – false positives+ and false negatives*) Static Alert
Dynamic
No alert *
There was a real problem
35
9
There was no problem
11+
310
Alert
No alert
44
0*
9+
312
It was decided to develop a dynamic system that learns from the number of reports received previously in the same weekday. To define an initial knowledge base, a table was created where each record included the number of reports of a particular HDIS in a particular day. Days triggering true alarms were excluded so that in only included normal days. The system calculates percentile 2.5 and 97.5 (using Oracle’s percentile_disc function) to be used as lower and higher margins of the normality interval. When the job runs, the number of reports is compared with the percentiles. Only if no alarm is triggered does the knowledge database grows to include this new day. Table 1 describes the percentiles 2.5 and 97.5 of reports retrieved in 2005 divided by weekday. It is obvious from this table that there is a large difference between different weekdays in the same System. In Table 2 it’s described the number of alerts from both static and dynamic methods. The number in bold represents the erroneous alert detections, both false positives (an alert was triggered but it shouldn’t have been), and the false negatives (an alert should have been triggered and it wasn’t). The dynamic method showed a better sensitivity (44/44=100%) than the static method (35/44=79%). The specificity was also better in the dynamic method (312/321=97%) than in the static method (310/321=96%).
Monitoring inconsistencies in the patient’s identification One of main challenges of health information systems integration is to gather parts of the medical record without jeopardizing patient data quality. The HSJ-VEPR indexes all information to a unique hospital patient number. Identification problems occur when the hospital patient number or the hospital encounter number that are being sent by the HDIS are wrong. These errors could lead to associating the report to a different patient. Because, most of these errors originate solely in wrong introduction of identification numbers, other information (name and date of birth) usually refer to the right patient. The idea of detecting identification errors is based on checking the name and date of birth sent by the HDIS against the hospital administrative database (HAD). The main difficulty arises from small changes in patient names, which would originate false identification errors (e.g.: “Jessica Maria Smith Murphy” <=> “Jessica Maria S. Murphy”).
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
179
The patient data quality algorithm is triggered with the arrival of a new clinical report from a particular HDIS, and is divided in three phases: 1st detect errors in hospital patient number, 2nd detect errors in hospital encounter numbers and 3rd store report in HSJ-VEPR . 1st phase – HAD is searched using the hospital patient number. Function equivalent is used to calculate if both identification (from the HDIS and HAD) refer to the same person. If not, a data error exception is triggered. 2nd phase – HAD is searched using the hospital encounter number. Function equivalent is used to calculate if both identification (from the HDIS and HAD) refer to the same person. If not, a data error exception is triggered. 3rd phase – if both calls on previous phases to function equivalent return false, than patient identification data is not consistent in HAD and HDIS, and the clinical report is not archived in the HSJ-VEPR . If at least one of the calls returns true than the clinical report is archived. Four functions were implemented to calculate the equivalence of identities. x wordsIn(name): returns the number of words that exist in name. x numberEqualWordsIn(name1, name2): returns the number of equal words in name1 and name2. Both strings are split using blank spaces into separate arrays. The number of strings that exist in both arrays is returned. x sim(name1, name2): returns a value between 0 and 1 that describes the similarity between name1 and name2; 0 means that names are different and 1 that name are exactly the same.
sim(name1, name2 ) x
numberEqualWordsIn(name1 , name2 ) u 2 wordsIn(name1 ) wordsIn(name2 )
equivalent(id1,id2): return true if id1 and id2 refer to the same person and false if not. Both identifications are equivalent if patient names similarity is greater that 60% (this value was found empirically after the observation of several cases) or if the date of birth is the same. equivalent (id1 , id 2 ) ( sim(id1 .name, id 2 .name) ! 60%) (id1 .birth id 2 .birth ) As an example if a report of “Jessica Maria Smith Murphy” born in 13-Jun-1964 with hospital patient number 4012734 is sent by a particular HDIS, but for the same hospital patient number HAD has patient “Jessica Maria O’Sullivan” born in 16-Feb1962, then numberEqualWordsIn(“Jessica Maria Smith Murphy”, “Jessica Maria O’Sullivan”)=2, and sim=(2*2)/(4+3)=57% and the date of birth is different, so equivalent returns false and an identification error is triggered. When errors occur, a report is generated and sent to the HDIS administrators. This report includes a description of the error along with all information sent by HDIS and retrieved from HAD. By doing so, the origin of the error can be traced and corrected. A local log of errors is maintained for future use. This module has been deployed in July 2005, and is being configured for each HDIS. Currently it scans an average of 65.000 reports per month (2.100 per day). Patient identification errors have been found in every HDIS, and their evolution is described in Table 3. These errors are the sum of both hospital patient numbers and hospital encounter numbers.
180
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
Table 3. Frequency of patient’s identification errors on clinical reports from four departmental information systems and the hospital administrative database between July and December 2005 Information System
Total
Jul
Aug
Sep
Oct
Nov
Dec
System A
374
102
219
10
26
12
5
System B
44
12
7
5
5
11
4
System C
2
1
1
System D
1
HAD
2
2
423
116
226
15
32
24
10
391.258
62.455
61.810
66.737
67.267
67.680
65.309
Total errors found Total reports checked
1
The detection of these errors has triggered both their correction on each HDIS as well as a change on department workflow (e.g. System A) which resulted in less identification errors. Two errors where also found on HAD, caused by inappropriate reutilization of a unique hospital patient number. Due to HDIS software errors, some patient reports have problems when they are generated, originating near zero-sized files. When these files are detected, also a report is generated and sent to the HDIS administrators.
Monitoring the integrity of clinical records through digital signatures
Digital signature mechanisms protect the integrity of an electronic document by creating a unique identifier (a hash) for that report that is closely associated with its contents. This unique identifier is then digitally signed using public key encryption technology (e.g. uses private/public key pair). The private key (that must be kept secret) is used to apply the digital signature whilst the public key (that is of public knowledge) is used to verify the validity of that signature. If the contents of the reports change for some reason the digital signature will not be valid and the report cannot be trusted anymore. The process for digitally signing the reports in the HSJ-VEPR is illustrated in Figure 1. When the agent collects the reports, they are digitally signed using the private key and stored [11]. This process is only done once per report and does not need any human interaction since the agent calls automatically the encryption software to sign the report. It is very important that this private key is kept secret and that all the actions of the agent are closely monitored and audited. When a report is requested, the public key is used to perform automatically the verification of the report digital signature (in a module named HSJ.ICU proxy). The encryption technology used for this effect is the GnuPG [12]. This is open source software based on the Open PGP standard [13] email encryption software. It uses public key Digital Signature Algorithm (DSA) (key size 1024) to perform digital signature services (and SHAD-1 to do the hashing) [14]. The whole process is transparent and does not interfere with the rest of the system (requires no extra functionality or features) and its real usage. A Nagios plug-in is being implemented to trigger alerts when the digital signature verification fails.
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
181
Figure 1. Digital signature and signature verification process
Discussion
The comparison of current and previous IS behaviour also allows the detection of irregularities. In this case the knowledge used to trigger alerts is build from past experience. We feel that as the time goes, we will have more records and consequently the percentiles for normality the range can be changed from [2.5, 97.5] to [1, 99] increasing even more the method specificity. We are also currently studying the improvement from having distinct actions taken when the alerts are triggered because the values are too low or too high. Our method for detecting patient identification errors is a particular case (although a serious one), of what can be done to improve patient data quality. Many other types of patient data could benefit from this methodology, from administrative to clinical data. In our opinion, cross-checking between integrated distributed systems may be used to guarantee global patient data quality. The knowledge that an institution has about a particular patient should be the sum of the knowledge laying on each IS belonging to a distributed infrastructure. The methodology presented in this paper guarantees that distributed knowledge is used as a whole with benefits regarding patient data quality of each IS. As proper checking methods are put in place, the number of inconsistencies in integrated systems tends to decrease as people awareness of these silent problems increases. The digital signature system implemented adds a real value to the system that will not be attained immediately. Its importance will be valued only in a future when the need to access past patient information, will stress the importance and necessity for that information to be trustable and without inconsistencies. In conclusion, all information available in hospital information systems can and should be used to trigger alerts of malfunctions and inconsistencies, in order to improve data quality and ensure a better health care.
182
R. Cruz-Correia et al. / Monitoring the Integration of Hospital Information Systems
References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
R. Lenz and K. A. Kuhn, "Integration of Heterogeneous and Autonomous Systems in Hospitals," Business Briefing: Data management & Storage Technology, 2002. W. Hogan and M. Wagner, "Accuracy of data in computer-based patient records.," J Am Med Inform Assoc, vol. 4, pp. 342-355, 1997. K. Hammond, S. Helbig, C. Benson, and B.-S. BM, "Are electronic medical records trustworthy? Observations on copying, pasting and duplication," presented at AMIA Annual Symposium, 2003. J. Hohnloser, M. Fischer, A. Konig, and B. Emmerich, "Data quality in computerized patient records. Analysis of a haematology biopsy report database," Int J Clin Monit Comput, vol. 11, pp. 233-40, 1994. J. C. Wyatt, "Clinical data systems, Part 1: Data and medical records.," Lancet, vol. 344, pp. 1543-7, 1994. E. Berner and J. Moss, " Informatics Challenges for the Impending Patient Information Explosion," J Am Med Inform Assoc, vol. 12, pp. 614-7, 2005. C. Quantin, C. Binquet, K. Bourquard, R. Pattisina, B. Gouyon-Cornet, C. Ferdynus, J. B. Gouyon, and F. A. Allaert, "A peculiar aspect of patients' safety: the discriminating power of identifiers for record linkage," Stud Health Technol Inform, vol. 103, pp. 400-6, 2004. M. G. Arellano and G. I. Weber, " Issues in identification and linkage of patient records across an integrated delivery system," J Healthc Inf Manag, vol. 12, pp. 43-52, 1998. R. Cruz-Correia, P. Vieira-Marques, P. Costa, A. Ferreira, E. Oliveira-Palhares, F. Araujo, and A. Costa-Pereira, "Integration of hospital data using agent technologies - a case study," AI Communications, vol. 18, pp. 191-200, 2005. D. Koffler and E. Galstad, "Nagios 1.x documentation," 2002. A. Ferreira, R. Cruz-Correia, L. F. Antunes, E. Oliveira-Palhares, P. Marques, P. Costa, and A. CostaPereira, "Integrity for Electronic Patient Record Reports," presented at Proc. 17th IEEE Symp. Computer-Based Medical Systems, 2004. "Gnu PG - Gnu Privacy Guard, Open PGP (www.gnupg.org)," 2004. J. Callas, L. Donnerhacke, H. Finney, and R. Thayer, "RFC 2440: OpenPGP message format," November 1998. "Fact Sheet on Digital Signature Standard," National Institute of Standards Technology, 2004.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
183
MedIEQ – Quality Labelling of Medical Web Content Using Multilingual Information Extraction Miquel Angel MAYER a,1, Vangelis KARKALETSIS b, Kostas STAMATAKIS b, Angela LEIS a, Dagmar VILLARROEL c, Christian THOMECZEK c, Martin LABSKÝ d, Fernando LÓPEZ-OSTENERO e and Timo HONKELA f a Web Médica Acreditada ( WMA) of the Medical Association of Barcelona (COMB), Spain b National Centre for Scientific Research “Demokritos (NCSR)”, Greece c Agency for Quality of Medicine (AQuMED), Germany d University of Economics in Prague (UEP), Czech Republic e Universidad Nacional a Distancia (UNED), Spain f Helsinky University of Technology (HUT), Finland
Abstract. Quality of Internet health information is essential because it has the potential to benefit or harm a large number of people and it is therefore essential to provide consumers with some tools to aid them in assessing the nature of the information they are accessing and how they should use it without jeopardizing their relationship with their doctor. Organizations around the world are working on establishing standards of quality in the accreditation of health-related web content. For the full success of these initiatives, they must be equipped with technologies that enable the automation of the rating process and allow the continuous monitoring of labelled web sites alerting the labelling agency. In this paper we describe the European project MedIEQ (Quality Labelling of Medical Web Content Using Multilingual Information Extraction) that integrates the efforts of relevant organizations on medical quality labelling, multilingual information retrieval and extraction and semantic resources, from six different European countries (Spain, Germany, Greece, Finland, Czech Republic and Switzerland). The main objectives of MedIEQ are: first, to develop a scheme for the quality labelling of medical web content and provide the tools supporting the creation, maintenance and access of labelling data according to this scheme and second, to specify a methodology for the content analysis of medical web sites according to the MedIEQ scheme and develop the tools that will implement it. Keywords. Semantic web, medical information, quality labelling, web content analysis
Introduction The number of health information web sites and online services is increasing day by day. It is known that the quality of these web sites is very variable and difficult to 1
Corresponding Author: Colegio Oficial de Médicos de Barcelona, Pg Bonanova 47, 08017 Barcelona, Spain; E-mail: [email protected].
184
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
assess; we can find web sites published by government institutions, consumer and scientific organisations, patients associations, personal sites, health provider institutions, commercial sites, etc.[1] On the other hand, patients continue to find new ways of reaching health information and their physicians and more than four out of ten health information seekers say the material they find affect their decisions about their health itself.[2,3] Health information consumers, such as the patients and the general public, cannot assess themselves of the good quality of the information because of they are not always familiar with the medical domain and vocabulary.[4] Although there are divergent opinions about the need for accreditation of health Web sites and adoption by Internet users,[5] different organizations around the world are working on establishing standards of quality in the accreditation of health-related web content.[1, 6-12] The European Council (EC) in 2000 supported an initiative within eEurope 2002 to develop a core set of Quality Criteria for Health Related Websites. The specific aim was to draw up a commonly agreed set of simple quality criteria on which Member States, as well as public and private bodies, may draw in the development of quality initiatives for health related websites. These criteria should be applied in addition to relevant Community law. As a result, a core set of quality criteria was established. The criteria may be used as a basis in the development of user guides, voluntary codes of conduct, trust marks, accreditation systems, or any other initiative adopted by relevant parties, at European, national, regional or organisational level. By using a common set of criteria as a starting point, such initiatives can develop in a focused manner across the European Union. [13] There are three major mechanisms in medical quality labelling. The first one is based on third party rating where the web site is assessed by a labelling agency, in terms of certain labelling criteria, and is asked to make some changes to get the accreditation label which then it is added onto the web site. The second one examines medical web sites in specific thematic areas, characterizes them against certain criteria, filters some of them based on their characterization, and organizes the rest into web directories to facilitate access by health information consumers. The third mechanism is based on self-adherence to some codes of conduct or ethics that is nothing more than a claim or a pledge with little enforceability. [14] On the other hand, the current Web is based on HTML (hypertext mark-up language), which specifies how to layout a web page for human readers. HTML as such cannot be exploited by information retrieval techniques to improve results, which thus to rely on the words that form the content of the page. This “current web” must evolve in the next years, from an human-understandable information, to a global knowledge repository, where the information should be machine-readable and directly processed by computers, enabling the use of advanced knowledge management technologies.[15] This change is based on Semantic Web technologies. The Semantic Web is "an extension of the current web in which information is given well-defined meaning, better enabling computers and people to work in cooperation" based in metadata. [16] We can think of it as being an efficient way of representing data on the World Wide Web, or as a globally linked database.[17] These metadata can be expressed in different ways as the Resource Description Framework (RDF) language. RDF, developed under the auspices of the World Wide Web Consortium (W3C), [18] is the standard language for representing information about resources in the World Wide Web. It is particularly intended for representing metadata about Web resources, such as the title, author, and modification date of a Web page, copyright and licensing
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
185
information about a Web document, or the availability schedule for some shared resource.[19] RDF defines a simple, yet powerful model for describing resources. Thus the choice of appropriate evaluation criteria as well as the development of tools to support the labelling process (retrieval of unlabelled web sites, monitoring of labelled web sites) are both crucial and challenging. [20]
1. MedIEQ project MedIEQ [21] continues the work of previous projects in the area of medical quality labelling (MedCERTAIN,[22] MedCIRCLE [10] and WRAPIN [23]) and quality labelling standards (QUATRO [24]). MedCERTAIN (MedPICS Certification and Rating of Trustworthy Health Information on the net) and MedCIRCLE (Collaboration for Internet Rating, Certification, Labelling and Evaluation of Health Information on the World-Wide-Web) were some projects that established a third-party rating systems to select high quality information medical websites on the Internet. These systems used a metadata language (HIDDEL: Health Information Disclosure, Description and Evaluation Language) which allows expression of descriptive and evaluative annotations in RDF. [25] WRAPIN (Worldwide online Reliable Advice to Patient and Individuals) was another project that its main objective was to make available a tool to determine information quality by automatically checking a document against matching sources from databases of known quality. The QUATRO project (Quality Assurance and Content Description) is a platform that applies semantic web technologies to trust mark schemes and quality labels. [26] The overall objective of MedIEQ is to advance current medical quality labelling technology, drawing on past and original research in the area. The implementation of this objective will be based on the realisation of the following more specific objectives: 1. Develop a scheme for the quality labelling of medical web content and provide the tools supporting the creation, maintenance and access of labelling data according to this scheme; 2. Specify a methodology for the content analysis of medical web sites according to the MedIEQ scheme and develop the tools that will implement it; 3. Specify a methodology and develop the tools for the creation and maintenance of the multilingual resources that will support content analysis in medical web sites; 4. Integrate the above technologies into a prototype labelling system implemented using an open architecture; 5. Demonstrate the resulting prototype in 7 different languages and two labelling applications (third party accreditation and classification).
2. MedIEQ tools MedIEQ will examine two major mechanisms in medical quality labelling which are currently being used by the medical quality labelling agencies participating in the project: Web Médica Acreditada (WMA) and the Agency for Quality in Medicine (AQuMED). WMA is based on third party rating and grants the websites a quality seal. AQuMED filters quality websites and organizes them into directories. In the case of WMA, the accreditation process is as follows: [1]
186
1.
2. 3. 4.
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
The person in charge of a website sends a (voluntary) request to the WMA website in order to begin the process. Using the online application form, the person in charge provides certain information for the WMA and auto-checks the WMA criteria (based on the Code of Conduct and the Ethical Code) (step/level1) to express acceptance of these recommendations; The Standing Committee assesses the website based on the WMA criteria (step/level 2/ medical expert); WMA sends a report to the person in charge, who implements the recommendations; When the recommendations are implemented, it is possible to obtain the seal of approval and WMA sends an html seal code to be posted on the accredited website, as well as adding its name and URL to the index of accredited websites.
In the case of AQuMED the medical websites are selected according to some criteria of Health on the Net Code [5] and classified in four categories: treatment information, background information, self-help and counselling organisations and finally medical organizations. After that, the treatment information are evaluated according to DISCERN guidelines [27] and with CHECK-IN instrument (http://www.patienteninformation.de/content/informationsqualitaet/download/check_in. pdf). Patients have access to this information through the website http://www.patienten-information.de/. MedIEQ aims to tackle the main problem of current medical quality labelling mechanisms, that is, the need for a continuous review and control of the accredited or filtered medical web sites, a process that requires a huge amount of human effort. To achieve this, MedIEQ integrates the efforts of relevant organizations on medical quality labelling, multilingual information retrieval and extraction mechanisms and semantic resources from six different European countries (Spain, Germany, Greece, Finland, Czech Republic and Switzerland). The labelling system must involve components for the following tasks (see Figure 1): x Crawling: crawl the Web to locate interesting web sites. x Spidering: Each Web page visited is evaluated, in order to decide whether it is really relevant to the topic (that is the labelling criteria), and its hyperlinks are scored in order to decide whether they are likely to lead to useful pages. Thus, a score-sorted queue of hyperlinks is constructed, which guides the retrieval of new pages. The spidering tool consists of three components: site navigation, page classification and link scoring. [28] x Information extraction: The pages retrieved by the spidering component are processed in order to locate and extract useful facts, that is, facts relevant to the labelling criteria. For instance, in a contact page, we are looking for entities such as organization name, person name, medical specialty, an e-mail address, etc. Based on the entities retrieved, certain key phrases, the page layout, we locate the part of the page that contains the information we are looking for. This is a well-known web information extraction task, which requires the combination of technology on web wrappers and language technology. [28] x Data storage: The extracted information is stored in a database according to the specification of the medical quality labelling schema.
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
187
Figure 1. MedIEQ architecture using semantic web resources and label authorities.
The processes of continuous review and control of medical web sites and locating new unlabelled medical web sites are absolutely essential to assure the quality of health knowledge disseminated through the Web. We propose the development of a labelling platform that enables the development of labelling systems. These systems will assist the work of labelling experts, thus increasing the number of labelled medical sites and improving their monitoring. [20] In the case of WMA, the application of the platform tools concerns the constant monitoring of already labelled medical web sites comparing newly extracted information from the site pages against the data stored in the labelling operator database. Taking into account the steps of the WMA labelling process these will be supported by the labelling systems in the following ways: x Every time a new request arrives to WMA, the labelling system is invoked in order to collect an initial set of data from the corresponding web site. The type of data collected (they will vary according to the request type) will be stored in a separate database in order to be used by the WMA standing committee.
188
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
x
After the site owner informs WMA that any committee recommendations have been implemented, the labelling system is invoked to examine the corresponding updates. The system outcome is again stored in order to be used by the labelling experts in WMA, who will decide whether the specific site will be labelled or not. x After the site gets the WMA label, the system will be invoked periodically to examine whether any changes occurred, in terms of the labelling criteria. Depending on the change, the system can alert WMA, thus facilitating the review process.[20] In the case of AQuMED, the application of the platform tools concerns the identification of new medical web sites, in specific thematic areas, their characterization, the filtering of some of them based on their characterization, and their organization into web directories. Taking into account the steps of the AQuMED labelling process, these will be supported by the labelling systems in the following ways: x A focused web crawler will be trained to locate medical web sites for specific subjects. x Every time a new web site is retrieved, the labelling system will examine it against AQuMED criteria and store the data collected in a data base separate from the data base storing the meta-data of the AQuMED web directories. x In case the labelling system has to re-examine an already characterized web site, it checks first whether the previously collected meta-data are still valid and in case changes occurred it updates the data collected in the data base, alerting the labelling expert. x The sites that do not meet certain criteria are filtered and their data are stored separately in order to be examined by the labelling expert who will take the final decision on adding, excluding or withdrawing a site from the directory. x The labelling system operates periodically in order to locate new web sites or update the data on existing ones.[20]
3. Conclusions Since the number of medical websites as well as the patient interest for this information grow it is necessary to find a mechanisms to guarantee and control the quality of them. The main problem that these mechanisms face is the need for a continuous review and control of the accredited or classified web sites that means a huge amount of human effort. WMA, as third-party accreditation system, for instance, periodically reviews manually the accredited web sites to renew the quality label. On the other hand, in AQuMED, as filtering and rating system, website directories are periodically updated due to the addition of new sites and changes in the characterization of the already visited ones. Up to now there is not working a standard RDF schema for medical web sites. MedIEQ will put forward a specific medical metadata vocabulary, making use of the experience in previous projects in this area, the EC Quality Criteria for Health Related Websites,[13] the W3C standards as the RDF Content labels schema [29] that is developed in QUATRO, and other standardized vocabularies as the Dublin Core Metadata Initiative [30] and FOAF project.[31] On the other hand, previous initiatives
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
189
didn’t use spidering tools and technologies that enable the automation of the rating process, such as information extraction techniques that allow the continuous monitoring of labelled web sites alerting the labelling agencies (LA) in case some changes occur against the labelling criteria, alerting experts the sites content is updated against the quality criteria, thus facilitating the work of medical quality labelling agencies. [28] The resulting technology presented by MedIEQ is expected to have a significant impact on medical quality labelling assisting the work of labelling experts, increasing the number of labelled medical sites across Europe and their effective monitoring, and thus improving the quality health knowledge disseminated through the Web.
Acknowledgements MedIEQ is a project funded by the European Union under the Programme of community action in the field of Public Health (2003-2008) and it is made up of: National Center for Scientific Research "Demokritos", Greece (the coordinator), Institute of Informatics and Telecommunications, Software and Knowledge engineering Laboratory (I-sieve Technologies Ltd.), Greece; Universidad Nacional de Education a Distancia, (UNED), Spain; Web Medica Acreditada (WMA) of the Medical Association of Barcelona (COMB), Spain; Agency for Quality in Medicine (AQuMED), Germany; the University of Economics in Prague (UEP), Cezch Republic; Helsinki University of Technology (HUT), Finland; Geneva University Hospitals Service of Medical Informatics (HUG), Switzerland.
References [1]
Mayer MA, Leis A, Sarrias R, Ruíz P. Web Mèdica Acreditada Guidelines: realiability and quality of health information on Spanish-Language websites. In: Engelbrecht R et al. (ed.). Connecting Medical Informatics and Bioinformatics. Proc of MIE2005 (2005), 1287-92. [2] Eysenbach G. Consumer health informatics. BMJ 320 (4) (2000), 1713-16. [3] Diaz JA, Griffith RA, Ng JJ, Reinert SE, Friedmann PD, Moulton AW. Patients´use of the Internet for medical Information. J Gen Intern Med 17(3) (2002), 180-5. [4] Soualmia LF, Darmoni SJ, Douyère M, Thirion B. Modelisation of Consumer Health Information in a Quality-Controled gateway. In: Baud R et al. (ed.). The New Navigators: from Professionals to Patients. Proc of MIE2003 (2003), 701-706. [5] Analysis of 9th HON Survey of Health and Medical Internet Users Winter 2004-2005. Available from: http://www.hon.ch/Survey/Survey2005/res.html. [6] Risk A, Dzenovagis J. Review of Internet health information quality initiatives. J Med Internet Res 3(4) (2001), e28. [7] Health on the Net Foundation (HONCode). Home page. Available from: http://www.hon.ch. [8] Winker MA, Flanagan A, Chi-Lum B, . Guidelines for Medical and Health Information Sites on the Internet: principles governing AMA web sites. American Medical Association. JAMA 283 (12) (2000), 1600-1606. [9] Hi-Ethics, Inc. Health Internet Ethics: Ethical Principles for offering Internet Health services to consumers. Available from: http://www.hiethics.com/Principles/index.asp. [10] Kohler C, Darmoni SD, Mayer MA, Roth-Berghofer T, Fiene M, Eysenbach G. MedCIRCLE - The Collaboration for Internet Rating, Certification, Labelling, and Evaluation of Health Information. Technology and Health Care, Special Issue: Quality e-Health. Technol Health Care 10(6) (2002), 515. [11] URAC. Health Web Site Accreditation. Home page. Available from: http://webapps.urac.org/ websiteaccreditation/default.htm.
190
M.A. Mayer et al. / MedIEQ – Quality Labelling of Medical Web Content
[12] Curro V, Buonuomo PS, Onesimo R, de RP, Vituzzi A, di Tanna GL, D'Atri A. A quality evaluation methodology of health web-pages for non-professionals. Med Inform Internet Med 29(2) (2004), 95107. [13] European Commission. eEurope 2002: Quality Criteria for Health related Websites. Available from: http://europa.eu.int/information_society/eeurope/ehealth/doc/communication_acte_en_fin.pdf. [14] Wilson P. How to find the good and avoid the bad or ugly: a short guide to tools for rating quality of health information on the Internet. BMJ 321 (2002), 598-602. [15] Eysenbach G. The Semantic Web and healthcare consumers: a new challenge and opportunity on the horizon?. J Healthc Techn Manag 5 (2003), 194-212. [16] Berners-Lee T, Hendler J, Lassila O. The Semantic Web. Scientific American, May 2001. [17] Palmer Sean B. The Semantic Web: an Introduction. Available from: http://infomesh.net/2001/swintro/. [18] World Wide Web Consortium (W3C). Available from: http://www.w3.org. [19] Manola F, Miller E. RDF Primer. W3C Recommendation 10 February 2004. Available from: http://www.w3.org/TR/2004/REC-rdf-primer-20040210/. [20] Mayer MA, Karkaletsis V, Archer P, Ruiz P, Stamatakis K, Leis A. Quality labelling of medical web content. Health Informatics Journal 12 (2006), 81-87. [21] MedIEQ (Quality labeling of Medical Web Content Using Multilingual Information Extraction). Internet homepage. Accessible in: http//www.medieq.org. [22] Eysenbach G, Köhler C, Yihune G, Lampe K, Cross P, Brickley D. A framework for improving the quality of health information on the world-wide-web and bettering public e-health: The MedCERTAIN approach. In: Haux R, Patel V, Hasmann A (eds.) MedInfo 2001. Proc of the Tenth World Congress on Med Informatics (2001), 1450-1454. [23] Gaudinat A. & Boyer C. WRAPIN (Worldwide online Reliable Advice to Patients and Individuals). MEDNET 2003. The 8th Annual World Congress on the Internet and Medicine, Geneva. [24] Quality Assurance and Content Description. (QUATRO). Internet homepage. Available from: http://www.quatro-project.org. [25] Eysenbach G, Köhler C, Yihune G, Lampe K, Cross P, Brickley D. A metadata vocabulary for self- and third-party labelling of health websites: Health Information Disclosure, Description and Evaluation Language (HIDDEL). Proc AMIA Annu Fall Symp (2001), 169-173. [26] Archer P and Quatro members. Quatro – a metadata platform for trustmarks. Proc Int Conf on Dublin Core and Metadata Applications (2005), 211-214. [27] DISCERN online. Quality criteria for consumer health information. Available from: http://www.discern.org.uk/. [28] Stamatakis K, Karkaletsis V, Paliouras G, Horlock J, Grover C, Curan JR, Dingare S. Domain-specific web site identification: the CROSSMARC focused web crawler. Proc Int workshop on Web Document Analysis (2003), 75-78. [29] RDF Content Labels: Schema Description. Available from: http://www.w3.org/2004/12/q/doc/contentlabels-schema.htm. [30] Dublin Core Metadata Initiative (DCMI). Internet homepage. Available from: http://dublincore.org/. [31] The Friend of a Friend (FOAF). Internet homepage. Available from: http://www.foaf-project.org/.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
191
Improving Uptake of a Breast Screening Programme: a Knowledge Management approach for opportunistic intervention Vikraman BASKARANa, Rajeev K. BALI a, Hisbel AROCHENAa, Raouf N.G. NAGUIB a, Margot WHEATON b, Matthew WALLISb a Biomedical Computing and Engineering Technologies Applied Research Group (BIOCORE), Coventry University, UK b Warwickshire, Solihull & Coventry Breast Screening Service, University Hospitals Coventry and Warwickshire NHS Trust, Coventry, UK
Abstract. Reducing mortality from breast cancer through screening has been accepted as a viable tool and breast screening has attracted a lot of attention from healthcare organisations worldwide. Government funded screening programmes in Europe, the Americas and Australia have made good progress in diagnosing and treating breast cancer through effective screening programmes. The UK’s National Health Service (NHS) National Screening Programme manages one of the biggest publicly funded breast screening programmes. In the UK, only 75% of the intended population is screened and a diverse set of efforts has attempted to identify and initiate countermeasures to improve screening attendance. This paper identifies how innovative use of information and communication technologies (ICTs) can be the focus for strategising not only improved screening attendance but also better quality of care for women. Keywords. Breast screening, KM, intervention, primary care
Introduction Breast screening is one of the most effective tools available in fighting breast cancer in its early stages of development. Research has successfully identified that women aged fifty years and above are more susceptible to breast cancer [1]. Breast tissue is best suited for cancer diagnosis only at that age through a low dosage x-ray or mammogram. The UK’s National Health Service (NHS) Screening Programme was initiated in 1988 as a nationwide breast screening service. Despite concerted efforts, the non-attendance rate remains quite high at about 25% [5].
1. Attendance The attendance levels for women in England during the period 1996 to 2004 are listed in Table 1 below. The screening population has grown due to various factors from 1.5 million to 2 million over the years since national screening commenced. The acceptance rate (uptake) of the screening has remained static at around the 75% rate. A
192
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
sudden increase on the screening population during 2003-04 is mainly attributed to the change in the NHS strategy of increasing the upper age limit of screened women from 65 to 70. The cancer incidence rate is related to all the screened women which includes self and GP referrals [3]. A simple extrapolation of the number of cancers detected to the number of women invited would suggest that an additional three thousand cancer cases would have been identified (see Table 1). If screening had been carried out, a proper prognosis and treatment could have been initiated, eventually reducing the breast cancer mortality.
2. Factors related to Non-attendance The acceptance rate figures (Table 1) clearly indicate that screening attendance has to be improved. Earlier research has identified many factors related to non-attendance [5]-8] which can be generally classified into permanent and temporary factors [7]. Permanent factors for eligible women (aged between 50-70) include such elements as ethnicity, age group, marital status, income, education and chronic monitorable conditions. These factors cannot be altered in order to increase screening uptake. Temporary factors such as employment (women in the age group later than 60 are mostly employed part-time), personal apprehensions, beliefs, knowledge and access (and accessibility) to a screening unit can be targetted for increasing the screening uptake [6,7,9-11]. Table 1. Screening attendance and probable number of cancers not-detected through simple extrapolation, England 1996-2004 [5] Screening Year
Number of women invited
Acceptance rate
Number of cancers detected
Probable number of cancers not detected
1996-97
1,558,995
75.1
7,141
1,776
1997-98
1,668,476
75.5
7,932
2,635
1998-99
1,669,727
75.5
8,771
2,580
1999-00
1,811,541
75.4
9,525
3,110
2000-01
1,815,610
75
9,866
3,286
2001-02
1,752,526
75.5
10,003
3,237
2002-03
1,873,470
74.7
10,467
3,539
2003-04
1,998,989
75.2
13,064
4,284
3. Countermeasures Some major UK employers have recently initiated their own free screening for their employees [12] which assists National Screening Programme efforts in combating breast cancer. The NHS has identified many countermeasures for targeting breast screening non-attendees with respect to temporary factors [13]. Access to screening units has been improved by some NHS trusts through free rides to and from the screening unit under the patients transport scheme [14]. Additionally, the deployment of mobile screening units has addressed the issue of easy access [15]. Other temporary factors have been tackled to a certain extent by way of posters, publicity campaigns,
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
193
media-based advertisements and education-driven efforts such as pamphlets and handouts. All these countermeasures are not directed towards individual women and can be described as a “many-to-many” type of interaction (in that many countermeasures are directed at many women). Targeting women more personally is possible through a “one-to-one” type of interaction (one countermeasure directed at one woman). This effort with the rest of the “many-to-many” type of interactions can work in unison to result in a better uptake [8-10]. General Practitioners (GPs) are ideal healthcare deliverers who can carry out a “one-to-one” type of intervention [8-10,16,17].
4. Predicting non-attendees Research has indicated that even one additional letter from a GP to women invited for screening would appreciably increase uptake [5,7,8,11]. This does however require an additional use of resources. Earlier research has focused on identifying alternative ways to reduce this requirement [18]. One initiative was to identify, via prediction techniques, probable non-attendees (less than a third of the overall screening population); this approach was popular since it required less resources. This prediction was mainly based on the woman’s previous history within the screening episodes. The woman’s socio-economic background was also identified as a contributing factor which is closely linked to deprivation scores related to the woman’s residential postcode [19]. One of the most suitable methods for predicting non-attendance is by use of an Artificial Intelligence based algorithm. This algorithm predicts the screening attendance using the aforementioned factors by employing a neural network [20]. Previous research was aimed primarily at identifying key factors for predicting the nonattendance. This study did not focus on issues of how this could be employed within the screening mechanism itself. The procedure has been tested on a simulated environment to perform complex analysis and the successful running of the algorithm required personnel who possessed competences in special statistical knowledge. There was also the additional requirement to purchase software licences for statistical analysis, adding to the financial burden of the screening office [21].
5. A Knowledge Management (KM) Approach This paper proposes a novel software solution (based on an Artificial Intelligencebased algorithm) to address the problems discussed. Currently in prototype form, the software has been designed with both functionality and usability in mind so that it can be used by any staff member within a screening office. The prediction of nonattendance can be carried out without any prior statistical knowledge and the software has the advantage of being created using Open Source software, thereby keeping the cost of production and usage to a minimum. The solution not only minimises the resource wasted due to non-attendance but also focuses on the core issue of countering non-attendance [21]. Our solution actively incorporates primary care deliverers as healthcare facilitators who are in direct contact with the target women of the screening programme. If clinical knowledge can be harnessed and efficiently transferred to these healthcare
194
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
deliverers, efforts can then be concentrated on opportunistic interventions for the target group [9,16]. GPs are identified as key enablers as they can play a vital role in making these interventions. Table 2 traces how the changes in ICT products have developed with the evolution of the Knowledge Management (KM) concept in organisational decision-making over the last forty years [22]. Table 2. Stages in the Evolution of Knowledge Discovery Evolutionary Stage
Business question
Enabling Technologies
Features
Data Collection (1960s)
Breast cancer worldwide?
Computers, tapes, disks
Retrospective, static data delivery
Data Access (1980s)
Breast cancer in UK from 1960?
Relational databases, Structured Query Language (SQL)
Retrospective, dynamic data delivery at record level
Data warehousing & decision support systems (early 1990s)
Breast cancer in West Midlands from 1960?
Online analytic processing, multidimensional databases
Retrospective, dynamic data delivery at multiple levels
Intelligent data mining Incidence of Breast (late 1990s) cancer in Coventry next year? Why?
Advanced algorithms, multiprocessor computers
Proactive, information delivery
Artificial Intelligence based tools (early 2000s)
Application level AI tools (open source technology), web-services technology
Proactive, knowledge delivery
Increase screening attendance in Coventry area?
Contemporary organisations (including those operating in a healthcare environment) are facing a deluge of data and information whilst simultaneously lacking knowledge [23,24]. New ways of working and collaboration, and the prevalence of ICTs, have resulted in organisations being inundated with information to an unprecedented degree resulting in “information overload” [24-28]. This has major implications for clinical decision makers as they have to deal with increasingly large amounts of data. One of the major challenges that face managers is how to make effective decisions based on the data at hand. It is acknowledged that the selection of a particular direction is both constrained and influenced by the availability of data, the ability to transform data into information and then to make recognition of it by deriving knowledge from information. Knowledge Management is a steadily maturing, yet often misunderstood management approach, that is aimed at solving contemporary organisational challenges to increase efficiency and efficacy of core organisational processes while simultaneously incorporating continuous innovations. KM, via the use of various tools, processes and techniques, combines relevant organisational data, information and knowledge to create business value and enable an organisation to capitalise on its intangible and human assets so that it can effectively achieve its primary business goals, as well as maximise its core business competencies [29-30]. Adoption of KM has been spoken of as a solution to the massive problem of information overload [31]. It is our contention that transferring such knowledge to the primary care deliverers requires seamless integration within routine clinical process. The seamless transfer should address the issue of communicating knowledge to the GP while avoiding the problem of information “inundation”. This would pave the way in refining and making well informed evidence-based clinical decisions.
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
195
6. Current status of project The focal point of our larger research study is to successfully understand the nuances of GP-based interventions and to shed more light on how knowledge transfer to GPs can focus on breast screening non-attendees. A research questionnaire to GPs has been identified as a valuable tool to assist in identifying additional factors when implementing our seamless intervention mechanism. At the time of writing, questionnaires have been dispatched to the GP population in Coventry (UK) which seek to understand the efficacy of GP intervention [25,26]. The identified GP population are those catered by our clinical collaborators Warwickshire, Solihull & Coventry Breast Screening Unit. The Unit is one of the biggest Screening offices in the West Midlands region of England and will cater to more than 140,000 women (by March 2007). Briefly, the questionnaire encompasses the following six major areas: 6.1. Screening Women This segment addresses details of the target population of the screening programme. Under this section, data collected includes the approximate population of women registered with the GP between the ages of 40 to 75, a list of clinical conditions related to the age group and the frequency of the service rendered. 6.2. Prediction The Prediction section includes data related to the usefulness of providing prior information (by prediction) of non-attending women and how early this information has to be delivered to the GP to attempt to increase the uptake. This information would assist in planning and scheduling the prediction process so that it could be carried out on the screening batch (a list of women planned for the oncoming episode) for that GP. 6.3. Electronic Data Interchange (EDI) This section relates to the technical data pertaining to the passing of messages to the GP. This includes the identification (and the usefulness) of the existing paper-based reporting of non-attendance and how often they are updated with the woman’s clinical records. This section also collects data on the utilisation (and usefulness) of electronically transferring results and its preference on the modalities such as manual updating, automatic updating and supervised updating of the results within the clinical records. 6.4. Impact The Impact section collects data on the probable impact of GPs on screening attendance, what type of intervention they prefer and how long an intervention would typically last (for direct contact with the women). The GP’s opinion on who would be the preferred person (within the surgery) to conduct the intervention is also included.
196
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
6.5. Additional Information This part of the questionnaire addresses the ability (and positive impact) of the GPs through intervention on the screening attendance, how the efforts of the GPs should be recognised and the preferred recognition options (awards, appreciation, remuneration etc). Also, this section includes preferred resources required by the surgery to assist in the process of intervention (patient-directed leaflets on breast cancer screening in various languages, additional training to all staff and CDs/DVDs about breast screening and GP information packs). 6.6. Miscellaneous The final section collects miscellaneous GP information such as gender, practice experience, number of partners in their surgery and the surgery’s patient population.
7. Conclusion This paper reports the latest findings of a research study that can assist primary care deliverers in effective intervention to increase uptake in a breast screening programme. Using a KM approach in conjunction with the software, the paper identifies and initiates countermeasures to make opportunistic interventions for increasing screening attendance. Further work will utilise the results from GP questionnaires to further refine the Artificial Intelligence software (a major component of the study) and its accuracy.
Acknowledgements We are grateful to the NHS Cancer Screening Programmes and Julietta Patnick for funding this study.
References [1] [2] [3] [4] [5] [6] [7]
A.P.M. Forrest, Breast Cancer Screening- A report to the health ministers of England, Scotland, Wales and Northern Ireland, London HMSO, 1986. L. Tabar, B. Vitak, H.H. Chen, et al., The Swedish two-county trial twenty years later. Updated mortality results and new insights from long term follow-up, Radiologic clinics of North America, 38 (2000), 625-51. J. Patnick, NHS breast screening: the progression from one to two views, Journal of Medical Screening, 11 (2004), 2:55-56. R. Smith-Bindman, R. Ballard-Barbash, D.L. Miglioretti, J. Patnick, K. Kerlikowske, Comparing the performance of mammography screening in the USA and the UK, Journal of Medical Screening, 12 (2005), 1:50-54. NHSBSP, NHS Breast screening programme annual review, 1999-2005 R.M. Bostick, J.M. Sprafka, B.A. Viring, J.D. Potter, Predictors of cancer prevention attitudes and participation in cancer screening examinations, Journal of Preventive Medicine, 23 (1994), 816-826. M. Lagerlund, A.E. Maxwell, R. Bastani, E. Thurfjell, A. Ekbom, M. Lambe, Sociodemographic predictors of non-attendance at invitational mammography screening – a population-based register study (Sweden), Journal of Cancer Causes and Control, 13 (2002), 73–82.
V. Baskaran et al. / Improving Uptake of a Breast Screening Programme
[8] [9] [10] [11] [12]
[13] [14]
[15] [16] [17] [18]
[19] [20] [21]
[22] [23] [24] [25] [26] [27] [28] [29] [30] [31]
197
M. Lagerlund, A. Hedin, P. Spare´n, E. Thurfjell, M. Lambe, Attitudes, Beliefs, and Knowledge as Predictors of Nonattendance in a Swedish Population-Based Mammography Screening Program, Journal of Preventive Medicine, 31 (2000), 417–428. R.M. Saywell, V.L. Champion, C.S. Skinner, D. McQuillen, D. Martin, M. Maraj, Cost–Effectiveness Comparison of Five Interventions to Increase Mammography Screening, Preventive Medicine, 29 (1999), 374–382. S.J. Katz, J.K. Zemencuk, T.P. Hofer, Breast cancer screening in the United States and Canada, 1994: Socioeconomic Gradients Persist, American Journal of Public Health, 90 (2000), 5: 799-803. E.E. Calle, W.D. Flanders, M.J. Thun, L.M. Martin, Demographic predictors of mammography and pap smear screening in US women, American Journal of Public Health, 83 (1993), 1: 53-60. Breakthrough Breast Cancer, “Corporate Social Responsibility” http://www. breakthrough.org.uk/you_can_help/companies_and_employees/whats_it_all_about/corporate_social.ht ml, Accessed March 14, 2006. M.J. Stead, M.G. Wallis, M.E. Wheaton, Improving uptake in non-attenders of breast screening: selective use of second appointment, Journal of Medical Screening, 5 (1998), 2:69-72. The new patient transport scheme, Guy’s and St Thomas’ Hospital NHS Trust, http://www.guysandstthomas.nhs.uk/resources/Patient_ Transport_Large_1.pdf , Accessed March 14, 2006. E.L. Hamilton, M.G. Wallis, J. Barlow, L. Cullen, C. Wright, Women's views of a breast screening service, Health Care for Women International, 24 (2003 )1: 40-48. H. Bekker, L. Morrison and T.M. Marteau, Breast Screening: GPs’ beliefs, attitudes and practices, Family Practice, 16 (1999;) 60-65. B.K. Rimer, M.K. Keintz, H.B. Kessler, P.F. Engstrom, J.R. Rosan, Why Women Resist Screening Mammography: Patient-related Barriers, Journal of Radiology, 172 (1989), 1: 233-6. H.E. Arochena, R.N.G. Naguib, H. Mashhoudy, M. Wheaton and M. Wallis, Factors associated with the prediction of attendance to the UK breast screening programme, Proc of the 23rd Ann Int Conf of the IEEE Eng in Med and Biol Soc (EMBS), 25-28 October 2001, Istanbul, Turkey, 2001. H.E. Arochena, Modelling and predicting of parameters affecting attendance to the NHS breast cancer screening programme, unpublished PhD thesis, Coventry University, 2003. H.E. Arochena, R.N.G. Naguib, A. Todman, M.E. Wheaton, M.G. Wallis, An algorithm for the prediction of attendance to a Breast Screening Unit in the UK. Proc of the 24th Ann Int Conf of the IEEE Eng in Med and Biol Soc (EMBS), 23-26 October 2002, Houston TX, 2002. V. Baskaran, R.K. Bali, R.N.G. Naguib, H. Arochena, A Knowledge Management approach to increase uptake in a breast screening programme, Proc. IEEE Int. Conf. on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management, Manila, Philippines, 2005. An introduction to data mining, Pilot Software Inc. http://www.umich.edu/~cisdept/bba/ 320/ 1999/fall/pilot-software.html, Accessed March 4, 2002. J. Liebowitz, T. Beckman, Knowledge Organizations: What every manager should know, St. Lucie Press, U.S.A, 1998. C. Sieloff, If only HP knew what HP knows: The roots of knowledge management at Hewlett-Packard, Journal of Knowledge management, 3 (1999), 1: 47-53. K.R. Yabroff and J.S. Mandelblatt, Interventions Targeted toward Patients to Increase Mammography Use, Cancer Epidemiology Biomarkers & Prevention, 8 (1999), 749–757. T.S. Bell, L.K. Branston, R.G. Newcombe and G.R. Barton, Interventions to Improve Uptake of Breast Screening in Inner City Cardiff General Practices with Ethnic Minority Lists, Ethnicity & Health, 4 (1999), 4: 277-284. J. Cothrel and R. Williams, On-line communities: helping them form and grow, Journal of Knowledge management, 3 (1999), 1: 54-60. P. Drucker, The coming of the new organization, Harvard business review on knowledge management: Harvard Business School Press, USA, 1998. J. Swan, H. Scarbrough, & J. Preston, Knowledge Management – The Next Fad To Forget People? Proceedings of the 7th European Conference in Information Systems, 1999. T. Davenport, and L. Prusak, Working Knowledge, Harvard Business School Press, Boston, 1998. J. Liebowitz, T. Beckman, Knowledge Organizations: What every manager should know, St. Lucie Press, U.S.A, 1998.
198
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
EHR Standards – A Comparative Study Bernd BLOBEL 1 and Peter PHAROW eHealth Competence Center, University of Regensburg Medical Center, Germany
Abstract. For ensuring quality and efficiency of patient’s care, the care paradigm moves from organization-centered over process-controlled towards personal care. Such health system paradigm change leads to new paradigms for analyzing, designing, implementing and deploying supporting health information systems including EHR systems as core application in a distributed eHealth environment. The paper defines the architectural paradigm for future-proof EHR systems. It compares advanced EHR architectures referencing them at the Generic Component Model. The paper introduces the evolving paradigm of autonomous computing for self-organizing health information systems. Keywords. Model-Driven Architecture, Meta-languages, Generic Component Model, Concept Representation
Introduction Shared care, managed care, disease management are different approaches to meeting the challenge for efficient and high quality care according to the advanced state of knowledge and technology as well as independent of time, location and local resources. This challenge must be realized despite demographic developments, increasing multimorbidity, increasing demands and growing expenditures for diagnostic and therapeutic procedures as well as the decreasing contributions to the health insurance funds. Shared care concepts are bound to the specialization and distribution paradigm, which is strongly related to enhanced communication and co-operation between the healthcare establishments directly and indirectly involved in the patient’s care, by that way guaranteeing the needed comprehensive view on the patient and realizing integrated care. In the near future, this paradigm will be advanced to personal health, dissolving organizational relationships. This process requires the deployment of advanced information and communication technologies (ICT). Informational representing a patient and all processes of care, the Electronic Health Record is the core application of any shared care environment. 1. EHCR Characteristics An EHR is a persistent longitudinal and potentially domain-crossing record of health and care provision relating to a single subject of care (the patient), created and stored in one or more physical systems in order to inform the subject’s future health care and to 1
Bernd Blobel, Ph.D., Associate Professor, University of Regensburg Medical Center, eHealth Competence Center, Franz-Josef-Strauss-Allee 11, D-93042 Regensburg, Germany; Email: [email protected]; URL: http://www.ehealth-cc.de
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
199
provide a medico-legal record of care that has been provided [1]. A domain is characterized by common properties, e.g., common policies, forming a domain hierarchy at workstation, department, organization, regional, or national level. An EHR arises as dynamic process from clinical practice and controls care processes by deriving alerts or supporting decision making. It performs a complex workflow connected with medical acts. An EHR documents any diagnostic and therapeutic measures in a standardized structure. Reducing or avoiding redundancy, an EHR facilitates an optimized unambiguous presentation of medical concepts, preserving the original context and enabling new ones. According to UCL [2], different context ranges have to be considered for context preservation such as the compositional context, the data value context, the qualifier context, the ethical and legal context, and the care process context. An EHR reflects chronology and accommodates future developments and views. An EHR system is the technical implementation of an EHR, i.e., a set of components establishing mechanisms to generate, use, store and retrieve an EPR. As an architecture defines a technical or non-technical system’s components, their functions and their relationships, an EHR architecture describes a model of generic properties required for any EHR for providing communicable, comprehensive, useful, effective, and legally binding records, which preserve their integrity over the time independent of platforms and systems as well as of national specialties. An EHR architecture has to provide clear and consistent rules for recording, amending, deleting, and commenting, for reorganizing, for extracting, and for re-using information. For managing an EHR system, the architecture of such distributed and highly complex component system as well as its behavior (functionality, set of services) must be designed appropriately.
2. Advanced EHCR Approaches While traditional business processes and their IT support are rather static, shared care environment and especially personal care require highly flexible solutions. Processes, states and properties as well as contexts, relationships and scale are steadily changing. Even the underlying terminology and ontology is not stable. Therefore, advanced EHR solutions have to meet specific requirements such as openness, scalability, flexibility, portability, trustworthiness, etc. It must be user-friendly and business process controlled. Therefore, the EHR architecture has to follow the paradigms of • • • • • • • • • • •
Distribution; Following a unified process (interoperability basics); Component-orientation (flexibility, scalability); Separation of platform-independent and platform-specific modeling, i.e., Separation of logical and technological views (portability); Being based on reference and domain models at meta-level (semantic interoperability); Knowledge-based approach (concepts, contexts, knowledge); Enterprise view driven design (user acceptance); Multi-tier architecture (user acceptance, performance, etc.); Appropriate multi-media GUI (illiteracy) ; Common terminology and ontology (semantic interoperability); Appropriate security and privacy services.
200
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
Following, advanced EHR specifications will be presented and discussed shortly. 2.1. The HL7 Development Framework and the Clinical Document Architecture Within its version 3 Message Development Framework, the well known health industry standard for communication HL7 specified a Reference Information Model (RIM) covering any information in the healthcare domain in a generic and comprehensive way [3]. The HL7 RIM deals with the associations between the six core classes entity (physical information object in the healthcare domain), the role the entity can play (competence for action), participation (performance of action), the act as well as role relationship mediating interaction between entities in the appropriate roles and act relationship for chaining different activities. The second foundation for HL7 standards development is a common vocabulary, which uses the best of breath vocabularies available such as SNOMED£2, LOINC£3, etc., extended by HL7-defined specifications if needed. The third foundation is the defined set of data types. At the next level, a formal development process, the HL7 Development Framework (HDF), is being introduced. Basic concepts are represented as reusable Common Message Element Types (CMETs) analogue to GEHR archetypes. HL7’s RIM and vocabulary provide domain knowledge which is exploitable, e.g., for knowledge representation (representation of concepts and relations) in the GEHR Object Model and archetypes discussed in the next chapter. Every specification must be derived from both the RIM and the vocabulary. Based on the generic RIM, its domain-specific specialization to Domain Information Models (DIMs), and their refinements as Refined Message Information Models (R-MIMs) for EHR related scenarios which established a dual model approach analogue to the GEHR approach, a specialized model for Clinical Document Architecture (CDA) has been specified for developing appropriate messages to support EHR communications. Besides narrative text, CDA defines a document structure consisting of a header and a body with structures information represented in up to three levels of granularity depending on the corresponding release. Technical interoperability is ensured by Implementation Technology Specifications (ITSs). While CDA follows a document-oriented approach, HL7 moves with its HDF towards an architectural approach. In that context, the HL7 Functional Model Standard for Trial Use provides a first services-oriented approach leaving the message paradigm behind. The newly created Service-Oriented Architecture Special Interest Group narrows HL7 activities to the CORBA Healthcare Domain Taskforce. 2.2. The CEN “Electronic Healthcare Record Communication” Standard In 1999 approved, the CEN ENV 13606 “EHCR Communication” defines in its Part 1 an extended component-based EHCR reference architecture [4]. Such an extended architecture is mandated to meet any requirements through the EHCR’s complete lifecycle. According to CEN ENV 13606, an EHCR comprises on the one hand a Root Architectural Component and on the other hand a Record Component established by 2 3
SNOMED - Systematised Nomenclature of Medicine developed by the College of American Pathologists LOINC - Logical Observation Identifier Names and Codes developed by the Regenstrief Institute
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
201
Original Component Complexes (OCC), Selected Component Complexes, Data Items, and Link Items. The OCC consist of 4 basic components, such as folders, compositions, headed sections, and clusters. These OCC sub-components can be combined in partially recursive ways. Beside its Part 1 “Extended Architecture”, the CEN ENV 13606 offers the Part 2 “Domain Term List”, Part 3 “Distribution Rules”, and Part 4 “Messages for the Exchange of Information”. According to the CEN rules, a CEN ENV must be touched again after three years either to cancel it as obsolete, or to adopt it as European Norm (EN) as it is, or to revise the specification. CEN ENV 13606 is currently under revision to resulting in the 5 part EN 13606 “EHR Communication” [1]. The scope of EN 13606 has been extended as follows. In addition to traditional message-based communication between isolated clinical systems, the Electronic Health Record will in some cases be implemented as a middleware component (a record server) using distributed object technology and web services. Communication is not only supported with other EHR systems but also with applications and components such as middleware services, moving towards an architecture-centric approach with alerting and decision support services, agent components including workflow management systems. The revision is realized reusing other developments and efforts, thereby supporting a convergent strategy between different approaches. Completely changing the old paradigm, the GEHR/openEHR dual-model approach has been followed. In most of the parts, meta-models will be provided following UML and XML specifications. For aforementioned harmonization reasons, the four part standard has been extended to a five part one. Part 1: Reference Model: provides a generic information model for communicating the electronic health record of any one patient, as a refinement of ENV13606 Part 1. Part 2: Archetype Interchange Specification: describes a generic information model and language for representing and communicating the definition of individual instances of Archetypes. Part 3: Reference Archetypes and Term Lists: a range of Archetypes reflecting a diversity of clinical requirements and settings, as a "starter set" for adopters and to illustrate how other clinical domains might similarly be represented (for example by health professional groups), plus relevant enumerated lists (normative or informative) in support of the other parts of this standard. This will draw on ENV13606 Part 2. Part 4: Security Features: the information model concepts that need to be reflected within individual EHR instances to enable suitable interaction with the security components that are anticipated to be required in any future EHR deployment. This relates to ENV13606 Part 3. Part 5: Exchange Models: a set of models that build on the above parts and can form the basis of message-based or service based communication, fulfilling the same role as ENV13606 Part 4. EN 13606 is based on the HL7 RIM, a set of datatype definitions harmonized between HL7 and CEN, the EHR Domain Information Model (DMIM) and a bunch of R-MIMs dedicated to certain structures and functionalities. The project is restricted to structural aspects expressed through platform-independent information models ignoring the other RM-ODP views including behavioral aspects of EHR systems, however. Figure 1 demonstrates the Reference Model’s Extract Package, which is the crucial concept for communicating EHRs. Nevertheless, this Extract concept also meets the EHR architecture requirements in general via the aggregation of all possible EHR Extract instances forming a comprehensive EHR.
202
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
2.3. The Government Computer-based Patient Record Project Launched by a consortium formed by the US Department of Defense, the US Department of Veterans Affairs, and the Indian Health Service of the Health and Human Services, the federal interagency healthcare technology initiative Government Computer-based Patient Record (G-CPR) established a model and tools for implementing and managing a proper business as well as technical environment to share patient’s information [5]. The main goals concern x x x
the establishment of a secure technical environment for sharing sensitive personal information, the development of a patient focused national information technology architecture, and the creation of common information model and adequate terminology models to ensure interoperability between disparate systems.
The solution should be based on advanced national and international standards. In that context, CORBA, HL7 and DICOM have to be mentioned. Services such as the Person Identification Service (PIDS), the Clinical Observation Access Service (COAS), or the Resource Access Decision Service (RADS) provide the basis for the G-CPR framework. Using object oriented specifications for interoperability, the approach was rather service oriented than architecture based. 2.4. The GEHR Approach Based on the European Commission’s Third Framework Programme project “Good European Health Record (GEHR)”, but also acknowledging the results of other Research and Development projects and efforts for standards around the globe such as the European projects SYNAPSE or PICNIC alike, the Australian Government launched and funded the Good Electronic Health Record project [6]. The basic challenge towards GEHR is knowledge level interoperability. The GEHR model consists of two parts: the concrete GEHR Object Model (GOM) delivering the EHCR information container needed at the one side and the GEHR metamodels for expressing the clinical content at the other side. The meta-models bearing the medical knowledge in the sense of healthcare specialty-specific or the organizationspecific, department-specific or even person-specific views and restrictions are commonly called “Archetypes”. Because the archetypes are separately developed, they can be step by step instantiated at the technical model level until the complete medical ontology has been specified. In summary, the GEHR approach consists of small flexible pieces like LEGO£ bricks which can be combined in a proper, health domain specific way following construction plans defined in archetypes. 2.5. The openEHR Foundation The openEHR Foundation has been launched for specifying Archetype und providing tools for the GEHR implementation in an Open Source process.
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
203
3. Comparative Evaluation of the Advanced EHCR Approaches Contrary to the other approaches presented, ENV 13606 “Health informatics – Electronic healthcare record communication” and the Government Computer-based Patient Record project follow the classical methodology consisting of one comprehensive model which covers all the concepts known at the development time. Such a one model approach however reveals some essential weaknesses and problems related to technical, complexity, and management issues [7]. Considering the technical problems of the one model approach, the mixture of generic and domain-specific knowledge concepts with their own expressions, but also weaknesses in basis class stability must be mentioned. Regarding the complexity problems, the size of the resulting model leads to difficulties in managing so many concepts in parallel, in completing the model which might be unachievable, in standardizing such models and in providing interoperability due to the needed agreement on a huge number of aspects and details. Related to the management of the one model approach, different developer groups and user groups dealing with their own concepts expressed in their specific language must be managed, combined and harmonized. HL7 and GEHR offer a dual model approach consisting of a Reference Information Model (RIM) and a series of Domain Information Models (DIMs). The generic part of the EHCR concepts concerns the grammar of the IT-system domain which is specified by computer scientists. The health domain specific concepts representing the domain knowledge are specified and maintained by medical experts. In the HL7 case, also the reference model is a domainspecific one. Both groups are characterized by their own terminology and their specific way of thinking. The dependency of both groups results from the fact that there is only a single common development process using a single formalism.
4. A Future-Proof EHR Architecture Complying with the paradigms for advanced EHR architectures mentioned in section 3, the Generic Component Model for health information systems has been developed in the mid nineties by the Medical Informatics Department of the Magdeburg University Hospital. This approach offers a service-oriented model-driven system architecture enabling the design of future-proof EHR systems. Its original version provided a predecessor of the ISO Reference Model – Open Distributed Processing (RM-ODP). Simplifying the system structure by the separation of domains, the composition / decomposition of its components and the consideration of different viewpoints on the system, it establishes a multi-model approach for EHR architectures, system design and implementation. Thereby, the Generic Component Model is combining and harmonizing all achievement realized through the alternative specifications presented, independent of their time of development before, during or after the Generic Component Model’s specification. More information can be found in [8]. As an architectural approach, the Generic Component Model defines for all dimensions mentioned a hierarchical set of concepts resulting from specialization through constraint specification on one hand and aggregation or generalization using rules on the other hand. Beside concepts and rules covering both structure and functions, also inter-relationships have to be considered, altogether expressed by knowledge representation means.
204
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
Figure 1 below presents the Generic Components Model.
Domain n Domain 2 Domain 1 Business Concepts
Basic Services/Functions
Component Decomposition
Relations Network
Component View
Technology View
Engineering View
Computational View
Information View
Enterprise View
Basic Concepts
Figure 1. Generic Components Model
5. Discussion Concept complexity, representation and underlying composition/decomposition rules (aggregation), knowledge structuring and querying, as well as models reflecting platform-specific issues (engineering and technology view) differ between care settings, are different in traditional medicine or advanced molecular medicine. Underlying business models defining the architectural strategy, middleware services needed (e.g. common data warehouses), and implementation strategies (e.g. grid technology) have to be adopted properly too. This must be considered in specification and tooling for advanced health information systems especially in regard to the core application of an Electronic Health Record (EHR) / Personal Health Record (PHR) including their specializations such as medication files, shareable records etc. Based on the Generic Component Model referencing the ISO Reference Model – Open Distributed Processing (RM-ODP) [9], formally and platform-independently modeled basic concepts from different domains such as medicine, financing, administration, or security, are aggregated according to business rules, contextual and other constraints. The business process and services-oriented models have to be properly expressed by platform independent information models including appropriate computational views. For providing semantic interoperability including multi-linguality between systems and components, reference models for business processes and information, but also a common terminology and ontology have to be established. The resulting model set built on meta-languages can be automatically transferred into platform-specific models reflecting physical distribution of components, protocols, maintenance procedures, education and training. The platform-specific specifications
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
205
reflect both engineering and technology view of RM-ODP. Profiling the resulting specifications and instantiating them, an optimally adopted virtual application is designed and implemented at runtime [8, 10, 11]. The formal approach and especially the integration of security services into the presented formal approach has been assessed revolutionary and provides an exclusivity characteristic.
6. Conclusion For designing and implementing eHealth, the Electronic Health Record or Person Health Record based on a sophisticated architecture is the highest prioritized application. This e-Health core application is fed from health service process and controls the clinical workflow. One prioritized EHR function concerns the eprescribing process with decision support which is based on knowledge services. Other services related to an EHR system the user community is looking for at a short term are EDI ones regarding the exchange of ADT information, order entry and result reporting data, but also e-prescription (e-receipt). For implementing the aforementioned prioritized applications, certain infrastructure components and services are inevitable. The most important infrastructure service is the identification and authentication of all principals involved in patient’s care. Principals are all actors in the care system such as persons, organizations, devices, systems, applications, components, or even single objects. In that context, security token (e.g. smart carts) a Public Key Infrastructure (PKI) and further Trusted Third Party (TTP) services are essentially. In the infrastructure framework, other security services such as privilege management and access control as well as audit have to be provided. The aforementioned token can also be used to support access to components of a normally virtual EHR by appropriate pointers. A unified process has to be established. Authorities for infrastructure services, directory services as well as testing, evaluation, and certification services must be provided. Finally, appropriate terminology and classification services based on an agreed reference terminology and ontology is required. In that context, SNOMED CT has to be mentioned. The challenge the paper is dealing with is strictly emphasized in the European Commission’s 7th Framework Programme. Meanwhile, the proposed paradigm has been accepted at different levels in advanced projects and national strategies such as the US National Health Information Infrastructure, the NHS National Programme for IT, the Danish EHR Strategy, the openEHR Foundation’s work, and the German bIT4health project. In that context, contractual relationships between National Agencies as the US DoD Health Services or influential companies have been established or are in preparation.
Acknowledgement The author is indebted to the colleagues from HL7, OMG/CORBA, ISO TC 215 and CEN TC 251 for kind support as well as especially to Thomas Beale (Deep Thought Informatics Pty Ltd, Mooloolah, Qld, Australia), Ken Rubin (VHA, Washington), and Dipak Kalra (CHIME, University College London, London, UK) for collegial cooperations.
206
B. Blobel and P. Pharow / EHR Standards – A Comparative Study
References [1]
EN 13606 “Health informatics – EHR communications, Part 1 – Reference model”; http://www.centc251.org [2] EC AIM: The Good European Health Record project (GEHR A2014). [3] Health Level Seven Inc.: http://www.hl7.org [4] CEN ENV 13606 “Electronic Healthcare Record Communication”. [5] US Department of Defense: The G-CPR Project: http://www.gcpr.gov [6] Australian Ministry for Health and Aging: The GEHR Project: http://www.gehr.org [7] Beale T. A Model Universe for Health Information Standards (2003): http://www.deepthought.com.au [8] Blobel B: Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Series “Studies in Health Technology and Informatics” Vol. 89. IOS Press, Amsterdam 2002. [9] ISO/IEC 10746 “Information technology – Open Distributed Processing, Part 2 – Reference Model”. [10] Blobel B, Pharow P (Edrs.): Advanced Health Telematics and Telemedicine. The Magdeburg Expert Summit Textbook. Series “Studies in Health Technology and Informatics” Vol. 96. IOS Press, Amsterdam 2003. [11] Bos L, Laxminarayan S, Marsh A (Edrs.): Medical and Care Compunetics 1, 394-399. Series Studies in Health Technology and Informatics, Vol. 103. IOS Press, Amsterdam 2004.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
207
Developing a Strategic Framework for Healthcare Standards Bryan R.M. Manning University of Westminster Business School Centre for Business Information, Organisation and Process Management [email protected]
Abstract: This paper uses the example of information security to consider ways of ensuring that standards development matches evolving market needs within appropriate timeframes. It then considers the use of simple process maps as a way to identify interdependencies between emergent standards within specific domains, as well as generic characteristics that cross domain boundaries. It concludes by briefly examining issues that lie beyond the traditional technical orientation to consider its extension to information content and safety. Keywords: Health/Social Care Service Planning/Provision, Standards Framework, Locus of Care, EHR, Archiving, Privacy, Safety Cases, Risk
1. Background The broad objective of standards is to provide frames of reference for consistency in functionality, performance and quality across a very wide range of topic areas and circumstances. They generally evolve from a wide variety of sources and are destined either to regulate technology, such as materials, devices, etc., management processes, or to provide conformance criteria for product or system development by specific interest groups, e.g. mpeg, HL7, etc., or market sectors like healthcare informatics. For many topics standards are split between specification and associated guidance notes, and auditable conformance criteria. This firstly puts in place sets of measurable guidelines for design parameters, quality and other issues, and then defines separate audit procedures and processes needed to confirm conformance. Almost inevitably the process is a reactive one following up and formalising best practice with aid of domain specialist experts. The problem with this is that is it very much a driven process catching up with current practice through the experience of those experts who can afford the time and effort required to complete the rigorous and painstaking processes involved. As a result, standards development of necessity tends to be a long drawn out process, especially where implementation of new standards are dependent on others that are further behind in this chain. This raises the risk that their final release can be so far down the lifecycle sequence that its effects are radically reduced or even nullified. One of the best ways of countering this is to switch to a more proactive approach based on establishing a rolling strategic review that not only focuses on identifying trends in the specific domain in question, but also that occurring in similar domains.
208
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
2. The Changing Healthcare Scene This approach has been adopted by the ISO TC215 Health Informatics Working Group 4.1 Task Group on Security. Its objective is to monitor the evolving continuum of care [see Fig.1] to identify emergent trends as early as possible. The aim is to get away from the traditional hospital-centric focus and consider the likely impact of the switch toward a community centred viewpoint [1] that is beginning to develop in response to the predicted growth in the elderly populations. As the expanded locus of care [2] becomes ever more apparent it is likely that the area covered by health informatics will need to expand with it. COMMUNITY
HOSPITAL
Housing
Education
Needs
Social General Practice Community Services
In-Patient Social Services
Medical
Diagnosis
Community Support
Medical Out-Patient
Circumstances Needs Voluntary Sector
Private Sector
Fig.1 Continuum of Care
One of the key drivers is the emergence from the relative backwaters of disability and rehabilitation of Assistive Technology [3] and Ambient Assisted Living which focus on the use of Smart Homes and Smart Community concepts to respond to prospective spiralling demand on a potentially shrinking professional workforce. As pro-active monitoring of patients for abnormal physiological and psycho-social behavioural patterns and signs become an integral part of this ‘arms-length’ care, the pervasive nature of the sensor based systems involved will raise significant privacy issues [4]. Inherently this centres on the invasion of privacy, intrusion of personal space, and all sorts of aspects personal behavioural freedom and liberty. However, as with most of these issues, this will come down to striking a balance between the benefits to be gained against giving up some of these aspects to continue to be able to maintain an independent lifestyle for a more protracted period. From a security perspective this will accentuate and expand the issues of mobility, access to, and content protection of, diversified multi-agency generated electronic records. These records will no longer be predominantly written records but will be a mix of medias including intrusive video that has to be treated with utmost sensitivity. Whilst the current focus on Electronic Health Records [EHR] is predominantly geared toward technical aspects, it begins to raise the wider issue of its information
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
209
content and what standards are likely to be needed to guard it appropriately. This in turn opens up a whole range of questions such as context, validity, quality, etc.
3. An Evolving Strategic Framework Identifying and responding to these influences obviously depends on maintaining close contact with political and professional innovation and related initiatives both within and beyond this domain. As with any effective operation domain intelligence is vital, so networks such as ICMCC have a vital role to play in ensuring appropriate feedback is readily available. The interlocking and evolving nature of the framework for the bulk of the ISO security standards is shown below [see Fig.2].
Fig.2 On-going Framework Process Development
As can be seen much of the current activity has been centred on Records. Whilst this has been focused almost exclusively on the EHR, it should be noted that security controls will need to extend to other electronic records held in other systems, in other agencies. The issues raised by the emergence of Assistive Technology, as discussed above, imply that there is probably a need to extend and consolidate the Clinical Intervention Consents processes used in healthcare to cover Privacy. In such circumstances it would seem sensible to incorporate these into a set of Integrity Control standards, which would provide and additional line of defence, behind that of Privilege Management and Access Control. This, however, demonstrates the inherent problems of developing interdependent standards. In both cases there are a set of four separate standards to write and test. As
210
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
this three level defence will be implemented in stages as appropriate the criticality will be less, even though the resource requirements throughout are considerable. Whilst the main access route to the records will by care professionals concerned with specific cases, there is a requirement for a parallel path for those concerned with multi-case investigations either in terms of public infectious disease tracking or specific conditions. The former require access to sets of individually targeted records, whilst the latter need to trawl for records containing specific target references. As these can be lower priority activities it is felt that these are best dealt with using a real-time dynamic back-up of the on-line records operating in accordance with Business Continuity standards. Public health access would be via the usual clinical access controls, whilst research would need to go through a fourth line of defence whereby identities would be protected using Pseudonominisation standard controls. These research results could ultimately provide input for Care Pathway and Clinical Knowledge records designed in accordance with recommended standards. Beyond this there would be a Consolidated Archive which would be an off-line version of the back-up. In this case the standard will provide a framework within which to accommodate national legislative requirements and guidelines. In view of certain aspects arising out of the human genome research, consideration is being given to including cross-generational family links/references, although this has raised a number of complex access issues that are under investigation. Each of these individual items are substantial topics in their own right and are obviously beyond the scope of this paper. However they both illustrate the complexity and interdependencies involved, together with the need to use a systemic process mapping to get the necessary strategic overview to support a more pro-active approach to standards development.
4. Combining Security, Safety and Quality In the UK the BSI – IST35 Health Informatics Working Group III covers the areas of Security, Safety and Quality. Whilst much of its early work to date has been focused predominantly on Security, it has begun to extend its activities into the areas of Safety and thence to Outcomes using a “whole-systems” approach. Inevitably this is heavily influenced by the massive £6.2 billion Connecting for Health programme which has begun the campaign to sweep away the multiplicity of stand-alone designs with limited connectivity. Its aim is to replace this with fully a seamless end-to-end clinical process focused information support service across the complete family of NHS Trusts. Whilst information security is paramount to protect privileged personal information from unauthorised access, it is evident that patient safety can be compromised all to easily if this information is incomplete, erroneous, misinterpreted or misused. Indeed in the limit, information content within the system can kill – albeit indirectly but no less to lethal effect. As a result the Group has begun to develop a similar strategic framework approach to that in place for security as the basis for extending standards into this arena. Its first move has been to produce a high level mapping of the generic information supply chain [see Fig.3]. This works back through the chain from the point of input to the clinical process as information content presented to clinicians to complement their skills and expertise in
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
211
carrying out particular procedures. This content will have been previously gathered together from a wide range of sources and media, before being processed to various degrees prior to being made available for use though a variety of information processing services. These services in turn are dependent on the availability of appropriate IT infrastructure and systems functionality.
Fig.3 Information Supply Process Chain
Although this may seen fairly obvious at first glance, its aim is to make the point that the complexity of the chain and its many components intrinsically contain a multiplicity of risk factors that could contribute or completely compromise patient safety. This “whole systems” approach has already been applied in the UK to screening for foetal anomalies [5]. This applies Safety Case methodology, already applied to complex hazardous processes, such as the petrochemical, nuclear and transportation sectors, to healthcare. The process involves a complete ‘holistic’ review of all aspects of the process chains involved, together with their resourcing, support and management. This rigorous in-depth investigation explores every facet of the operation in great detail. Its aim is to identify all potential threats to the safe functioning of the complete operation and to assess the level and sensitivity to its associated risks, and then determine the optimum countermeasures. The Safety Case analysis sequence, together with its generic constituents are outlined below [see Fig.4].
212
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
Fig.4 Safety Case Components
By definition all investigations have set in the context of a clearly delineated domain, which in turn may be sub-divided into specific project work packages. The process itself divides into three stages, comprising: x x x
Process Analysis Risk Assessment Risk Management
The Process Analysis stage focuses on determining the complete end-to-end process involved together with all it contributing sub-process and enabling resources. This provides the basis for Risk Assessment evaluation of potential threats, impacts and the probabilities that could degrade or impede achievement of each individual process step. This leads directly into the Risk Management phase, which evaluates the control options available and sets the criteria for establishing both normal and abnormal operational process delivery, control and monitoring procedures. As such it is a dynamic process that should be an integral part of on-going service delivery. In many respects the strategic development of healthcare safety standards could follow a similar path to that taken for security. Whilst the overall process is well developed in other hazardous operational sectors, it has generally been implemented under the control of regulatory bodies set up by national governments in accordance with legislation. Although national and international standards naturally play a part in this process they tend to be used as reference points within the framework of laws governing each centrally regulated sector. Whilst healthcare is subject to legal constraints as with all sectors it tends not to be regulated in the same way as others. In many ways this strengthens the case for establishing a framework for safety standards for healthcare based on combining the best of international clinical experience with that of other domains.
B.R.M. Manning / Developing a Strategic Framework for Healthcare Standards
213
5. Conclusions It is fairly evident that that ‘time to market’ delivery of health informatics standards needs to be improved. However this will be dependent on moving to a more pro-active mode of operation, together with the enlargement of the resource pool of experts who are available to commit to a full-time involvement in the preparation any new standard. Whilst radically shortening the cycle time, it could only come about with a suitable level of funding. This process would be helped by the development and maintenance of strategic frameworks closely attuned to the evolution of healthcare. Additionally it will need to take a wider and more inclusive view of the locus of care, which should then have a significant impact on the health of national populations. Now that we are well into the Information Age, the development of national and international standards need to encompass the wider aspects of information content and knowledge generation and management, without constraining innovation in any way. Whilst a very delicate task, it is particularly important in healthcare that properly validated, good quality information is presented appropriately in a timely and unambiguous fashion to those that legitimately need it. References [1] [2] [3]
[4] [5]
B.R.M.Manning Psycho-Social Needs Classification: An Aid to Identifying Best Practice. New Technology in Human Services 13(1&2), (1999). B.R.M. Manning, M. McKeon Stosuy, B.R. Layzell, K.Madani. e-Care: An Assistive Technology enabled Paradigm Shift. Proceedings 4th International Conference On Smart Homes and Health Telematics. Belfast NI June 2006 H.Steg, H.Strese, J.Hull, S.Schmidt. Europe is facing a demographic challenge Ambient Assisted Living offers solutions, VDI/VDE/IT, September 2005 www.aal169.org/Published/Final%20Version.pdf J.Cas. Privacy in Pervasive Computing Environments. IEEE Technology and Society Magazine Spring 2005. 24-33 P.J.Budgen. The development of a Management Safety Case for the laboratory serum screening process. NHS: UK National Screening Committee Down’s Syndrome Screening Programme (2005) http://www.screening.nhs.uk/downs/mngtsafe_case.pdf
N.B. Figures 2 and 3 are from unpublished working papers relating to ISO TC215 WG 4.1 and IST35/III activities developed by the author.
214
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Lowering the Barrier to a Decentralized NHIN Using the Open Healthcare Framework Eishay SMITH, James H. KAUFMAN IBM Almaden Research Center, 650 Harry Rd, San Jose, CA 95120
Abstract. In this paper, we discuss two important elements to lowering the barrier to creation of a National Health Information Network. The first element is the adoption of standards that will enable interoperability while guarantee open interfaces (and preventing vendor lock-in). The second element is the role of open source. While adoption of open standards by large EMR vendors is critically important to enterprise healthcare providers and payors, the availability of inexpensive (or free) standardized Healthcare Information Technology for small physician practices is critical. By analogy to the emergence of the World Wide Web, a framework for creating inexpensive and open source applications for physicians will be as important to realizing a National Health Information Network as availability of free browser technology was to the growth of the internet. Keywords. NHIN, Interoperability, Open Source, Eclipse, Open Healthcare Framework
1. Introduction Recently there has been a bipartisan recognition of the need to modernize the healthcare information infrastructure in the United States [1]. The US healthcare industry is by far the largest in the world in both absolute dollars and in percentage of GDP (>$1.7T – 15% of GDP). The cost of healthcare is growing faster then the economy itself suggesting. For economic reasons alone, one can expect a major transformation in the healthcare industry. While technology alone is not a solution to all problems, it can certainly play a valuable role in creating a more reliable cost effective system to deliver care. Today, the US national healthcare system is fragmented and complex. These difficulties, coupled with an antiquated infrastructure for the collection of and access to medical data, lead to enormous inefficiencies and sources of error. Consumer, regulatory, and governmental pressures have driven the growing consensus that the time has come to modernize the US Healthcare Information Infrastructure (HII), and to build a National Health Information Network (NHIN) [2] on top of it. While such transformation may be disruptive in the short term, it will in the future significantly improve the quality, expediency, efficiency, and successful delivery of healthcare while decreasing costs to patients and payers and improving the overall experiences of consumers and providers. The launch of a National Health Infrastructure Initiative in the US in May 2004, with the goal of providing an Electronic Health Record (EHR) for every American within the next decade, will eventually transform
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
215
the healthcare industry in general. Information Technology (IT) will transform the healthcare industry just as it has transformed other industries in the past. The key to this successful outcome will be based on the way we apply IT to healthcare data and to the services delivered through that IT. Like the internet, our future healthcare information infrastructure should be based on open standards that promote competition, innovation, and protects patients and consumers by preventing vendor lock-in. The backend infrastructure technologies must be interchangeable, exposing common interfaces. To facilitate the creation of new, standard based medical software, and to simplify the integration of nonstandard legacy systems, the market needs a framework and toolkit to help software developers quickly and easily implement the required standards. A national network will require embracing standard protocols and data models. Finally, inexpensive or even free standard based solutions must be made available to small physician practices in order to lower the barriers to adoption of electronic health records.
2. Overview There are few economic models for the delivery of healthcare in countries around the world. Some have a centralized or semi centralized healthcare system, and some are fully decentralized. x In centralized or semi centralized healthcare markets there are few (or sometime even one – the government) healthcare providers who runs of the Healthcare IT (HIT) infrastructure in the nation. x In other markets, there are numerous healthcare providers which scale in size from a one-physician clinic up to a network of hospitals. This is a true free market where many small and medium clinics are not dependent financially or by infrastructure on other healthcare organizations. A classic example is the US healthcare market. Different countries may require different approaches to implement a NHIN. In some countries (UK for example) the NHIN may be created by a close group of contractors who work together following government guidelines to achieve a common goal. In countries where the healthcare system is centralized, the Brazilian public, government owned healthcare system example [3], one provider (the government) with very few interoperability concerns may create a NHIN. Other countries, which have semi centralized healthcare system, are creating a NHIN by linking the few healthcare providers together. This can be done in a custom way, or in a way that implements emerging standards from organizations like HL7 and IHE. While it is not trivial, comparing to a fully decentralized market it is a relatively a simple task. The greatest challenge to realizing a NHIN is found in the fully decentralized market where there is no central authority. Emergence of a NHIN in such an environment is extremely complicated, and holds a many barriers. In this paper, we will describe a number of technical solutions and open source strategies that address some of these barrier. We suggest that a proper standardized framework for interoperability should support various business models including centralized vs. decentralized delivery systems, shared and federated data models, private and public insurance models. Technology can no prescribe the social contract for health care. These decisions must be made based on regional and national priorities. Technology can, however, support these different requirements and, ideally, dynamically adapt as the requirements change.
216
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
3. A View on the Healthcare IT Market In understanding how technology can transform the healthcare industry, it is useful to consider how other IT markets have matured in the past. A mature market is one which has reached a state of equilibrium marked by the absence of significant growth or innovation. The HIT market, though existing for quite a while, is far from being mature. The level of competition in the market is low, and the market is far from saturated. For example, only 15% of the US Small Medium Clinics (SMC) has EMR systems, while the rest use antiquated paper forms and filing systems. Let us look at two types of software products in this market: x B2B products: including PACS Image Archive, the IHE PIX, XDS Registry and Repository. x Information Consumer and Producer (ICP) products: including embedded software in medical devices, EMR, PHR, and other medical software which interacts with physicians and patients. One might argue that B2B healthcare products generate healthcare information such as electronic analysis, but we will ignore it for now. Through the trend is changing, HIT enterprises selling B2B products tend to provide holistic solutions which bundle tuned ICP and B2B systems. Such holistic single vendor system stimulate the usage of proprietary interfaces between the B2B and ICP components in order to achieve better integration and performance which gives competitive advantage. Motivation to open up the system by supplying a full interface to the system in such cases is small, and supporting a standard interface is even smaller. This makes it difficult to replace subcomponents of such a system and leads to vendor lock-in, which raises the business and technical barriers for new competitors to enter this market segment. Let us consider radiology systems. Picture Archiving Communication Systems (PACS) have been available in the HIT market from some time. Most PACS vendors provide a full set of products including imaging machines (modules), display machine, image archives, and other satellite components. The vendors provide the PACS both hardware and software in a very tight integration. Though the Digital Imaging and Communication in Medicine (DICOM) standard is well defined, and is not new to the market, the support of a full standard DICOM interface is not yet ubiquitous. It is common for PACS vendors to use proprietary protocols for internal communication (for example between the archive and the viewer). HIT today, is analogous to the early days of computing when operating systems, protocols, storage subsystems, etc were all non-standard. The technology barriers to migrating to a plug and play environment are: 1. 2.
Product complexity: since the market is not a new one, and the products requirements are very complex, reaching a good competition level of products requires years of development. Interfaces to backend: large companies which dominate healthcare B2B products have little motivation to supply full standard interfaces.
Up to now, the financial center of gravity in the HIT market was in the large healthcare enterprises. Analyst [1][4] reports shows the dynamics have shifted and that today, in the U.S., SMCs collectively spend more on HIT than large enterprises. Up to now, large products that could only be bought by the large enterprises had defined
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
217
market. The shift to SMC dominance, like the shift from enterprise computing to personal computing, suggests the time is right for a paradigm shift. To ensure competition and to enable innovation, it is desirable to encourage a shift to open standards as the market matures.
4. Towards NHIN The most critical concept confronting the adoption and implementation of enhanced HIT in the healthcare industry is interoperability [5]. Creating an NHIN requires a healthcare software ecosystem where it is relatively easy for an ISV to create a product which produce, acquire, and transfer medical information. According to the IEEE Standards Computer Dictionary, interoperability is the "ability of two or more systems or components to exchange information and to use the information that has been exchanged". This definition of interoperability makes the barriers even higher. To lower the interoperability barriers two things need to happen: 1. Appearance of publicly available Healthcare tools. 2. Standardization of healthcare interfaces, i.e. protocols, data structures and documents. 4.1. Publicly Available Healthcare Tools Appearance of publicly available healthcare tools is critical for the establishment of an NHIN in a decentralized market as in the US. Healthcare tools are typically software libraries providing functionality which utilize data structures, documents, messages, or protocols. Publicly available means any third party product can use the tool. The tool may be free or commercial. Using these tools, ISVs should be able to concentrate in integration and implementation of business logic. This way ISVs can focus on emphasizing the product competitive edge and unique solution. Since HIT is progressing in a very high rate, only large companies can afford themselves to keep the pace with changes. Small ISVs and open source groups will not be able to effectively compete with the giants of the industry if they will have to spend most of their resources developing the basic healthcare interface tooling. Let us examine another software interoperability tools, the Web Services (WS) libraries. Most products using web services take advantage of widely available open source or commercial libraries. Very few of them go down the stack to parse a SOAP messages, serialize/desterilize objects, or map soap messages to methods. There are many libraries which provide WS functionalities using a variety of technical and licensing approaches. A product team needs only to pick one and not worry about lowlevel details of the standard. If every product development group had to implement the full web services stack, many fewer products would use Web Services as the communication layer. Furthermore, standards evolve and therefore libraries must be updated to enable support of new versions of the standard. Adopting the standard is much easier when up to date third party libraries can simply be plugged in to a product. Without such tools and frameworks, maintaining a standardized solution becomes prohibitively costly. Clearly, a plug and play framework to interoperability standards in healthcare will be especially valuable given their complexity and evolving state.
218
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
4.2. Standardization of Interfaces In order for a market to grow, standards must be used. Lack of standards leads to vendor lock-in and lowers competition on the marketplace. Some of the barriers to a fully standard based HIT ecosystem include: x Legacy Products: Product which has been in existence for some time and predates the emerging standards. Migration to the new standard means throwing a lot of proprietary code (and perhaps functionality). Adjusting the existing workflow and data model to the standard might be very expensive. x Chicken and Egg syndrome: Most EMR and PHR providers will not support public standards before having a solid business case. I.e. before their clients will have B2B products supporting the standard. This is more true to small companies which do not have a large budget to bet on. For a long time, ISVs interface B2B applications on a per contract base. I.e. an ISV which wants to sell its ICP product has to check what type of B2B application the client uses. If the ISVs product does not already support the clients B2B application, the ISV needs to add the support using the interface the B2B application expose, standard or not. This drags ISVs to have multiple B2B interfaces support to their ICP products which makes them more costly. A large base of ICP products interfacing a B2B product using its proprietary interface, lowers the motivation of the B2B product provider to shift to standard interfaces is lower. Naturally, this behavior increases vendor lock-in. x Most healthcare standards are not yet mature. They are being changed at a relatively high pace. For example, if a PHR product uses a CCR document in order to export patient information, it is very probable that a third party product uses another version of the CCR. It is extremely hard for a small company to keep in pace with evolving standards which changes once in few months, or support several different version of the same standard. Using a third party libraries will make it more reasonable. x Healthcare standards (like most standards) may not fully cover a product needs. Some areas the standards cover only some of the requirements. In most cases healthcare software which does use implementation of existing standards still uses proprietary protocols. For example, a PHR system that might support CCR export or patient information, but do not use any healthcare standard messaging protocol (like the IHE XDS Source [6]). Such cases leads to a vendor lock-in just as well. An example taken from the internet browser world is the addition of none standard web components (such as ActiveX) to a mostly standard (HTML) pages. Such a deviation from the standard caused a vendor lock-in, i.e. only browsers which could handle the none standard add-ons could render the page. On the other side, development team which finds itself implementing a standard and then having to add some proprietary extensions might loose interest in standards from the first place. x Some ICP products need to use only a small portion of a standard. But when the product developers come to implement the standard they find they need to implement a lot more then it is useful to the product due to lack of standard libraries. As hinted along the list above, most of the barriers could easily be solved using publicly available libraries which implement the standards.
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
219
5. Open Healthcare Framework The Eclipse Open Healthcare Framework (OHF) [7] is a new Eclipse Foundation project which addresses part of the need to improve the levels of interoperability between applications and systems within and between healthcare organizations. The OHF project provides a set of implementations of key health informatics standards based components. The goal of OHF is not only to provide plug-in implementations of healthcare standards but to create a framework which could become the core foundation for a multitude of healthcare client applications such as EMR and PHR. The Eclipse Common Public License [8] (CPL) supports the use of this framework in both commercial and open source models. The collection of OHF components will grow over time, and as more interest groups join the project support will be added for additional standards. Interest groups joining OHF participate in various standards committees including the HL7 and IHE organizations. Naturally, standards evolvement will closely be followed by the OHF components. If there is a need, components will support several versions of a standard in order to give full computability. For example, this year two versions of the HL7 messaging standard are implemented, both the 2.5 and 3.0 versions. 5.1. OHF Bridge The HIT market has been evolving since the advent of desktop computing. Although new applications are still required, there area wide range of applications (including open source) already available. Building any application for healthcare takes a lot of time. Most of the time is not consumed by technical problems, but by the human factor. I.e. adoption of a product by the users, and understanding real life business needs by the developers. Many HIT providers use Microsoft .NET environment [9]. Other popular environments are MUMPS (mostly using the VistA derivatives, but gaining popularity in other parts of the market) LAMP (Linux, Apache, MySql, and PHP – extremely popular in the open source environment). The OHF components will be developed in the new the Eclipse Rich Client Platform (RCP) Java based environment. This new technology provides the cross platform availability of Java with the performance of native application. However, since it is difficult to migrate legacy applications to a new platform the OHF will provide a “Bridge” for older software. The purpose of the OHF Bridge is to: x Enable products working in any environment (not necessarily Java or Eclipse RCP) to make use of the OHF standards implementation using a Web Services interface. For example, one can share documents by SOAP calls to the OHF Bridge which then use one of the interoperability standards implemented by an OHF component. x Creation of services in a server side environment which adapt propriety protocols and document to standard ones. Such service may facilitate a middle tier application (such as a portal) or do an adaptation of an existing application to standards using a black box approach. For example, a proxy which intercept a proprietary protocol message from an application, convert it to a standard representation, and intercept the response in the same way.
220
E. Smith and J.H. Kaufman / Lowering the Barrier to a Decentralized NHIN
x
Simplify the complex data structure and API of the standards so existing products will not need to have to implement extensive modifications in order to use them.
6. Conclusions The U.S. healthcare market is characterized by high barriers to realization of a NHIN. The healthcare software market is far from saturated, and is still immature and diverse. Software used by small and large clinics is still not standard, and the standards to allow these systems to interoperate are only just emerging. The availability of a healthcare framework built on the new technologies such as RCP will enable the rapid development of new open source and commercial products that support the emerging standards, and will provide an open source (free) bridge that can be used to adapt legacy nonstandard applications. At the market for healthcare I/T mature, protocols and data models will certainly become standardized. Open source efforts like eclipse EOHF will accelerate this trend and enable the powerful “long tail of software” [10] paradigm in the healthcare domain. The high availability of such products will lead to an explosion of healthcare information and bring new efficiencies to medical care.
References [1] [2]
http://www.whitehouse.gov/infocus/healthcare/ and references therein; Last visited March 2006 A Strategy for Building the National Health Information Infrastructure. http://aspe.hhs.gov/sp/NHII/Documents/NHIIReport2001/default.htm ; Last visited March 2006 [3] JavaPolis 2005: The Architecture of the Brazilian Health, Fabiane Bizinella Nardon . http://www.javapolis.com/confluence/display/JP05/2006/01/28/The+J2EE+Architecture+of+the+ Brazilian+Health+care ; Last visited March 2006 [4] US Physicians:Technology Usage and Trends. eMarketer January 2005 [5] IEEE-USA: Interoperability for the National Health Information Network. http://www.ieeeusa.org/policy/positions/NHINinteroperability.html ; Last visited March 2006 [6] IT Infrastructure Technical Framework – XDS. IHE http://www.ihe.net/Technical_Framework/index.cfm ; Last visited March 2006 [7] Eclipse Open Healthcare Platform. http://www.eclipse.org/ohf/ ; Last visited March 2006 [8] Common Public License. http://www.eclipse.org/legal/cpl-v10.html ; Last visited March 2006 [9] Forrester’s Business Technographics® April 2004 North American Benchmark Study [10] "The Long Tail of Software: Millions of Markets of Dozens" (Joe Kraus, 2005): http://bnoopy.typepad.com/bnoopy/2005/03/the_long_tail_o.html ; Last visited March 2006
221
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Knowledge Management and Electronic Care Records: incorporating social, legal and ethical issues James BASSINDER1,2, Rajeev K. BALI2 and Raouf NAGUIB2 Pan Birmingham & Black Country Local Specialised Services Groups, Hosted Service for Eastern Birmingham Primary Care Trust, UK 2 Biomedical Computing and Engineering Technologies Applied Research Group (BIOCORE), Coventry University, UK
1
Abstract. Many challenges face developers of secure computer-based clinical systems but the technical problems are overshadowed by many obstacles, key amongst them being social and ethical issues. A sound Knowledge Management (KM) structure within clinical environments can recognise the responsibility of healthcare professionals to keep patient clinical data (for example, electronic care record (ECR) systems) secure. An arrangement is proposed that gives the most senior clinician in a healthcare facility the ultimate responsibility for security of clinical data held in the organisation. Ideally, the senior clinician would possess training and experience in information systems and their security. Contracts should be developed between healthcare facilities and their patients, defining the limits to the use and disclosure of clinical health data. However, we are observing increasing confusion about the term 'Knowledge Management' which may be limited both its efficacy and effectiveness. Health organisations are referring to the term in various contexts and health informatics articles frequently use the term and interpret it in diverse ways. Given the divergence of views, this paper will attempt to establish KM’s efficacy for the implementation of electronic care record systems. Keywords. Clinical Knowledge Management, Management, Electronic Care Records
Healthcare
Knowledge
Introduction The increasing interest in the application of Electronic Care Records (ECR) – known to many as Electronic Health Records (EHR) - has brought to the fore concerns about information security and social ethics. Obstacles remain over the confidentiality of personal data, availability (where and when they are required) and integrity (in terms of accuracy and completeness) of computerised clinical data. Action is required to avoid the injudicious application of information and communication technologies (ICTs) without due regard of security, social and ethical issues. Can the Knowledge Management (KM) paradigm assist despite some confusion in healthcare environments about its efficacy? One of the key requirements for shareability of the ECR is to break the nexus between the ECR and the ECR system (ie. the ECR should conform to an information
222
J. Bassinder et al. / Knowledge Management and Electronic Care Records
model independent of both the physical database schema used for local storage and the applications which create, maintain and retrieve ECRs) [1]. This ECR information model should be independent of any particular implementation technology (ie. it should be a logical information model). Technology independence is also essential to make the ECR "future proof" to enable the possibility of lifetime ECRs [1]. In order to achieve semantic interoperability of ECR information, there are four prerequisites, with the first two of these also being required for functional interoperability: x
a standardised ECR reference model - the semantics of ECR information structures
x
standardised service interface models - the semantics of interfaces between the ECR service and other services such as demographics, terminology, access control and security services
x
a standardised set of domain-specific concept models - archetypes and templates for clinical, demographic and other domain-specific concepts
x
standardised terminologies - the language of health which underpins the archetypes [1].
The US was a pioneer in advocating widespread adoption of electronic health records and the 1991 publication of "The Computer-Based Patient Record: An Essential Technology for Health Care" [2] by the US Institute of Medicine was a landmark in the history of the ECR. The next major documentary landmark was the publication of "Information for Health" [3] by the NHS in England in 1998. This was the first comprehensive national strategy and action plan for computerised health information management, including the ECR, and was followed soon after by similar reports in Canada and Australia.
1. Efficacy of Knowledge Management Different connotations of the term Knowledge Management (KM) seem to be emerging from biases inherent in the diversity and incongruity of the underlying disciplinary bases within the healthcare community. This confusion seems to have been further aggravated by a plethora of articles written in a “journalistic” style (ie. lacking academic rigour) that is often characterised by summarising and reporting the statements of diverse disciplinary experts without explicitly observing the underlying diversity of disciplines. Commercial and industrial projections of the concept of KM have further added to the 'bandwagon effect'. As KM becomes accepted practice in healthcare organisations on a global basis, we must caution against it become the “accepted buzzword” for projects in healthcare only tangentially involving the management of intellectual assets. Our viewpoint is echoed by concerns from information practitioners and consultants across the UK’s National Health Service (NHS), many of whom are concerned about “information overload” and the growth of “buzzwords” in the sector. Additionally, key academic publications in this growing area have tended to place a financial emphasis
J. Bassinder et al. / Knowledge Management and Electronic Care Records
223
on matters, concentrating on return on investment (ROI) and value for money rather than the legitimacy or accuracy of claims that a certain product or service does indeed represent good and effective Knowledge Management. There is some common agreement over what represents KM in healthcare [4,5,6]. The principles and organisation that govern the use of paper-based medical records should be equally applicable to the implementation of ECRs. Whilst there are many problems of security in common to both types of record system, there are significant differences between the two media that have a bearing on the security of the contained information. It is the objective of this paper to explore these similarities and differences and to consider ethical and professional implications of security which must precede the widespread implementation of the ECR.
2. Social, Ethical and Legal aspects The consequences of using an insecure information system in healthcare are far reaching. Patients may be embarrassed by (or even socially ostracised) following the disclosure of such sensitive information as: x x x x x
mental health sexually transmitted diseases adolescent care drug addiction and genetic fingerprints.
Clinical care may be compromised by inaccurate or missing data as a result of unauthorised modification, the cause of which may be from system malfunction or due to errors in software design. There is the potential for serious harm or death should such errors remain unrecognised. The ECR must therefore be designed, implemented and run in such a way that the potential to harm the patient is minimised. Information security is a complex and highly technical subject. Very few healthcare professionals have sufficient understanding of the principles of information security to confidently assume responsibility for security of information. Doctors carry prime responsibility for the protection of information given to them by patients or obtained in confidence from a third party about patients. They must therefore take steps to ensure that records (manual or computerised) which are kept or transmitted are protected by effective security systems with adequate procedures to prevent improper disclosure [7]. If clinicians are to assume this responsibility, they must have an appreciation of the major issues affecting the processing of healthcare records. Furthermore, those involved in the design, implementation and management of computerised health record systems must have detailed technical knowledge of information security. If properly designed, access to ECRs can be comprehensively controlled. The introduction of the ECR offers the opportunity to comply more closely with the ethical requirement to respect the individual's right to privacy; at the same time, the ECR should not impede the freedom of access to information needed by the clinicians involved in the delivery of healthcare.
224
J. Bassinder et al. / Knowledge Management and Electronic Care Records
The principal purpose of recording health data is to facilitate, or record events relevant to, delivery of healthcare to an individual or population. It is generally accepted that such data can be used for the purposes of administration, audit and performance review but patient identifiers should preferably be removed beforehand. Care must be taken to ensure that an individual's identity is not revealed by unusual combinations of apparently anonymous data. For instance, the date and time of admission and date of birth may be sufficient to identify an individual from an apparently anonymised list of cases. As the ECR becomes more comprehensive, it will enable healthcare professionals to make decisions about patients without necessarily involving that individual. It should be the patient who determines the extent of access to their records. By seeking consent, one is giving the patient the right to control how other parties may access their records. Given that patients expects high quality clinical care, it could be argued that it is unreasonable for them to deny clinical staff access to healthcare information required in order to fulfil their duties. There is no justification for access to healthcare records to be controlled by the administrative staff that own or operate the computer system holding ECRs, even though they may have the responsibility to ensure that the mechanisms controlling access are applied effectively. Personal health data collected for the sole purpose of research must be done so with the informed consent of the subject. A major attraction of the ECR is the potential that it creates for conducting records-based clinical research, epidemiological studies and quality monitoring on very large data sets. However, it is in breach of European privacy standards to use data in this way originally collected for the purpose of providing healthcare to the individual. This could be achieved by incorporating into the information charter references to use personal health records without patient’s explicit consent for the purpose of clinical audit, performance review, research, epidemiology and other activities deemed necessary for provision of high quality healthcare. It will also be necessary to identify under what circumstances the patient's consent would be sought. Another concern is how the access to health records by individuals working outside the healthcare facility should be controlled. Third parties involved in processing the ECR must abide by the same principles. This may be enforced through physical controls such as encryption but, until such technology is in widespread use, reliance must be placed on contracts that are explicit in the security procedures to be followed. We suggest that an information contract should be negotiated between the healthcare facility that controls the healthcare record and each third party requiring access to the records. These contracts should define the data items that may be made available, the purposes for which the data are disclosed, the extent to which the data may be disclosed by the third party and the minimum standards of security to be applied to the records. Regular audits of these security measures should be conducted but physical controls such as encryption may be necessary where regular monitoring is not considered feasible. The senior clinician within the healthcare facility, such as the medical director of a hospital, should take the managerial lead in ensuring the security and quality of the ECR. A nominated senior healthcare professional should assume the overall responsibility for security of personal healthcare information. This function has been called Health Data Controller, but we prefer a term such as “Information Doctor”, which emphasises the professional role. Ideally, this person should have financial and
J. Bassinder et al. / Knowledge Management and Electronic Care Records
225
managerial independence from the healthcare facility (s)he serves but, in practice, changes in security culture are likely to be most influenced if the Information Doctor has an executive role within the management of the facility. The Information Doctor must have particular interest and expertise in computing and information since many of the functions require an understanding of the ethical and technical aspects of the ECR. (S)he would lead the Information Security Group and share responsibility for the security of the healthcare records with managerial and computing staff. Other responsibilities would include: x
decisions on disclosure of personal health data for audit, research, epidemiological studies and exceptional circumstances
x
monitoring such use and unauthorised attempts to access records
x
supervising disclosure of records under data protection and access to medical records legislation
x
advising the local research ethical committee on aspects of information security
x
representation on the medical records committee of the facility.
The speciality of medical and healthcare informatics is in its infancy but, as it matures, will provide the professional accreditation and support for such professional responsibilities.
3. Discussion Every healthcare facility should prepare and implement an information security policy that clearly identifies the responsibility of all staff to maintain confidentiality of patients, staff and the organisation, and to preserve as far as possible the integrity and availability of information systems. Several frameworks for general information system security have been published that are suitable for implementation in healthcare and specific guidance is becoming available [8]. The organisation of information security management in healthcare facilities should be clarified by the creation in each healthcare facility of information security groups and posts of Information Doctors who should be given specific responsibility for the security of healthcare data. Specialist training in healthcare informatics and professional recognition of such expertise will also be necessary for the successful development of profession-led information management. Given the rapid development of the ECR, all healthcare professionals should be trained, through their professional bodies, in the principles and practices of healthcare information security. The emerging professional discipline of medical or healthcare informatics would be expected to play a pivotal role in this training and resources should be made available to establish departments of healthcare informatics in all medical institutions.
226
J. Bassinder et al. / Knowledge Management and Electronic Care Records
Consideration should be given to the introduction of an information contract between patients and the healthcare facilities they attend. This should ideally involve informed consent much as used for operative procedures but, as a minimum, the extent to which personal information can be disclosed without the individual's consent should be stated in a patients’ charter. Should the patient specify constraints on the use and disclosure of their data, these should be recorded and honoured where possible. Contracts defining the use and disclosure of personal healthcare records should be developed and set in place between healthcare facilities and third parties. These contracts should define: x x x x
the data items that may be made available the purposes for which the data is disclosed the extent to which the data may be disclosed by the third party and the minimum standards of security to be applied to the records.
Practical and useful standards for development and implementation of computer systems and the information they contain must be agreed as soon as possible in order to facilitate sharing of healthcare data between all facilities offering health services to a patient. Stringent controls must be placed upon the developers of healthcare information systems to ensure high quality development and compliance with ISO9001 should be expected as a minimum.
Conclusion and Recommendation The great potential of computerised information in healthcare will be realised only when healthcare professionals and patients alike feel confident about their personal records being held on computer. It is imperative that healthcare professions act quickly to implement measures to create a secure environment for the electronic healthcare record. We conclude with some common questions and our preliminary thoughts on possible solutions (which require further consideration and research): Is there any concern in the healthcare community in the UK about how KM is being misunderstood and misused? There is concern in the healthcare community from buyers and users of KM solutions as they often do not recognise and appreciate that their money is being spent on KM initiatives and what this means for them. How does the clarity and consistency of KM definitions and concepts affect its practice or implementation in a healthcare setting? The clarity and consistency of KM definition may be a difficult proposition at least at this point of time. It is uncertain if there is one commonly accepted definition of KM in the healthcare arena. In our view, the essence of the performance of many healthcare KM solutions and initiatives is tied to their implementation and utilisation. In other words, the effectiveness of solutions would be untested for KM before full scale implementation. We see this as a distinction between the “old” Information Management paradigm and the “new” KM paradigm. The KM paradigm's key focus is
J. Bassinder et al. / Knowledge Management and Electronic Care Records
227
on organisational strategy, while it simultaneously builds upon the advances in information technology and the creative and innovative capabilities latent in humans. What criteria can be used to gauge the degree to which a project or business initiative belongs in the knowledge management domain? There are some key aspects for determining when a project or business initiative belongs in the Knowledge Management domain: x
does it address the strategic notion of organisational survival and competence within a radically changing and unpredictable healthcare organisational environment?
x
does it go beyond providing for Information Management and KM needs?
x
what is interesting, new and valuable (in terms of organisational performance) that sets it apart from what has been generally termed data or information management?
x
does it take into consideration the human-centric notion of "knowledge" (relating to context of action and to action that leads to performance)?
x
does it provide for the integration of the creative capabilities of humans needed for innovative breakthroughs with the optimisation-based, efficiencyenhancing, capabilities of advanced information technologies?
References [1] [2] [3] [4]
[5] [6] [7] [8]
Schloeffel P (2004) Current EHR Developments: an Australian and International Perspective - Part 2, Health Care and Informatics Review Online, September 2004. Dick R, Steen E (1991) The computer-based patient record: an essential technology for health care. US National Academy of Sciences, Institute of Medicine. NHS Executive. Information for health: an information strategy for the modern NHS 1998-2005. 1998 AN Dwivedi, RK Bali & RNG Naguib (2003) "Organization Current Knowledge Design (OCKD): A Knowledge Management Framework for Healthcare Institutions", Proc of the IEEE-EMBC 25th Ann Int Conf of the IEEE Eng in Med and Biol Soc (EMBS), 17-21 September 2003, Cancun, Mexico, 1236-1239 SM Malone, Knowledge Management: White knight or white elephant?, Topics in Health Information Management. Frederick: Feb 2001. (21):3; 33. S Lutz, D Chin. “Charting the landscape of healthcare in the next decade”, Managed Healthcare. Cleveland: Nov 1999. (9):11; 29. General Medical Council. Professional conduct and discipline: fitness to practice. December 1993 London: General Medical Council. Management Executive. Information Systems Security: Top level policy for the NHS, Executive Letter EL(92)60. London: Department of Health, 1993.
228
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Integrated electronic health records management system 1
P. Di Giacomo, 2 Fabrizio L. Ricci, 3Leonardo Bocchi University “La Sapienza” of Rome – Center for Biomedical Research 2 National Council of Research – Rome (Italy) 3 University of Florence (Italy) [email protected]
1
Abstract. Computer systems and communication technologies are making a strong and influential presence in the different fields of medicine. The cornerstone of a functional medical information system represents the electronic health records management system. Due to a very sensitive nature of medical information, such systems are faced with a number of stringent requirements, like security and confidentiality of patients’ related data, different media type’s management, diversity of medical data that need to be processed etc. At present most clinical software systems are closed with little or no operability between them, and the medical information are locked in a variety of different incompatible databases. As the result of these facts, it is very hard for the developers to provide the solution for an integrated health computing environment, which would considerably improve the quality of medical care in general. This paper presents the framework for a functional EHR management system that meets these demands, but also follows the initiative taken by the Next Generation Network (NGN) approach, which includes user mobility, service transparency and common communication platform for transferring and serving different types of information, services and media.
1. Introduction Integration and development of information and communication systems in different fields of medicine represents a challenging task. Various implementations have proven the usability of such systems, which all have the same starting point – to improve patient care. Today examples like Radiology information systems or Intensive care units (ICUs) are quite often, since those departments are characterized by a number of sophisticated devices that produce a large amount of data in digital form. Caused by the rapid development in the computer science, communication technologies and especially by the growth of the Internet, telemedicine has become possible in every aspect of its’ essence. Distance in no longer a factor, and it is feasible to provide every person with high quality health care, independent of their current location. However, when studying the requirements for medical information systems, the picture is somewhat different. Despite the fact that information systems used for different medical aspects raise diverse set of requirements and are evaluated by various performance factors, there are some basic issues that characterize practically every information and communication system used in medicine:
P. di Giacomo et al. / Integrated Electronic Health Records Management System
229
x
Electronic health record (EHR) management – every medical information system has to have either its’ own implementation or a functional interface to the EHR management. x Security and data confidentiality – the system has to ensure that every piece of information is transferred, stored and retrieved in a secure way. This includes procedures like access control and the obligatory authorization at all levels in the health computing environment. Additionally, but not less important, the system has to respect patient’s legal right to privacy, by preserving ethical and legal policies required by the national regulations. x Integration with other medical systems – common goal of use of computer based communication systems in medicine is one global information system that integrates all levels of medical care independent of the current location of either a patient or a care provider. With that in mind, the system has to be able to communicate with other systems that are of interest. This also includes the need for the systems to be able to adopt important medical communication standards such as DICOM or HL7. The basic approach taken for Next Generation Networks (NGN) is one common network platform for transferring and serving different types of information, services and media. In this way it is intended to handle different media types and to use different services at the same time, with possible selection of well-defined Quality of Service (QoS) parameters. Today’s concept of separate fixed and mobile network needs to be changed; it is assumed that a user is mobile within the system, and should be able to use all the provided services in a personalized and user-friendly way. The services developed for NGN tend to be inherently transparent, by which they assume IP based transfer protocol and are independent of a user’s current position and terminal. This paper describes the framework for an EHR management system that follows the idea summarized in NGN and tries to meet all the requirements mentioned above. Problems of security and patients’ privacy as one of the most important QoS properties are closely inspected. It is organized as follows: Section 2 presents basic set of requirements for the logical schema of the EHR archive with respect to the recommendations of relevant standardization bodies; Section 3 discusses the status and characteristics of information systems currently used for medical purposes; Section 4 introduces the communication architecture principles of the developed EHR management system framework; Section 5 discuses the most important open R&D issues whose goal is to provide a complete middleware communication architecture solution; Section 6 describes details of the experimental laboratory implementation of EHR management system developed according to theoretical research and presented framework; Section 7 presents the performance results of the laboratory prototype; Section 8 gives some final remarks as well as our plans and ideas for future development.
2. Development issues for EHR architecture Health information systems today suffer from a number of significant problems [1]. Current work in health standards, notably by HL7, CEN, ISO and the OMG attempts to address some of these problems, as does implementation-based work including a
230
P. di Giacomo et al. / Integrated Electronic Health Records Management System
number of policies-funded efforts around the globe. Very first efforts of EHR architecture evolution were compromised by a number of factors that strongly influence the functionality and performance of the developed systems. Most of the organizations today agree on the basic concept, which is to separate context from the content even if the data is brought out of its original context [2][3]. The primary reason behind this approach is based on the fact that patients move freely within the health system, and there is a huge diversity between data recorded in the different departments of medical care. Since a physician does not now in advance all the data for the particular patient, he or she should not depend on that prior knowledge. A clear context/content separation would provide the users the possibility of data transfer without any loss of information by straightforward extract of the parts of patients’ EHR. One of the cornerstones of the functional EHR system is the security and confidentiality of patients’ medical data. In the soul definition of EHR it is stated, “the record is under control of the consumer and is stored and transmitted in the secure way” [4], which means that the system has to respect patients’ ethical and legal rights to privacy. Security includes obligatory authorization at all levels of the system, as well as the secure transfer of information between the end points of communication. Furthermore, the developers are advised to implement access-logging routines, which store all the transactions and data flows and are retrieved for auditing and legal purposes only [5]. When considering the construction or review of good health information standards, insufficient attention was typically paid to the consequences for software construction and runtime systems. Many of the mayor problems of the past for information-intensive systems, including most EHR and related systems, have to do with the inability to deal with change. This has led to an important turning point in the architecture design, which than significantly influences the development of the EHR management systems. The EHR specifications recommended by the standardization bodies are primarily focused on the logical health record architecture or in other words, the developers are provided with the formal model of the framework and generic features of the EHR and there is no restriction regarding data formats in which the record are stored. More precisely, this means that we are free to select a communication platform and a relational database solution for EHR management system, as long as the logical structure of the records comply with the recommendations, since those features reside on different communication levels. Today there are number of associations and standardization bodies that have organized task forces for developing EHR architecture standards, some of which that were already mentioned above. In our case CEN standards and recommendations [6] have been a referral point when developing the EHR management system. ENV 13606:1999 recommendations with the title “Electronic Healthcare Record Communication” provide the principles, structures, terms, rules and formats for open and safe communication of EHRs. Since management system framework and logical structure of health records are two separate problems, and although our focus was not on the CEN recommendations them self, we have respected the specifications and the developed system offers a straightforward implementation of the ENV 13606:1999 standard.
3. Communication platform and EHR management system Parts of patients’ medical records are located in all the places where they have received clinical services (e.g. community doctors, primary care, secondary care). All of these
P. di Giacomo et al. / Integrated Electronic Health Records Management System
231
segments, which are related to personal healthcare and delivery, reside in places that are disparate and, in most cases, not directly accessible [7]. Moreover, there are a number of legal and ethical issues which sometimes do not allow personal and sensitive clinical information to be carried out of the corresponding organization’s boundaries, while the healthcare providers continue to maintain detailed and confidential notes about their cases. The communication architectures and software solutions for medical information systems depend on number of parameters, such as the vendor of the hardware and software, requirements specification set for the particular example, the complexity of the services, type of processed information etc. Advanced, large-scale telemedicine applications are usually very performance sensitive, which could influence the developers decision for hardware solutions and programming techniques that are specific to particular implementation. As the result of these facts, at present most clinical software systems are “closed” with little or no interoperability between them. Usually, clinical data are locked in a variety of different incompatible databases, in the way that the database is the part of the application and is unique to each supplier [8]. Similar problem arise with the communication infrastructure solutions, which tend to be quite diverse. Probably the best example here are the systems that use specific network devices to support desired transfer and communication protocols, such as ISDN or ATM [9][10], which are quite common in cases like tele-consultation or telesurgery. These solutions are caused by the need of such telemedicine systems for large network bandwidth reservation, since they usually include live video and audio transfer in such fashion that little or no loss of information or quality is allowed. Although these communication architectures fully satisfy their performance requirements, the services provided by the system are usually not transparent to the user, in sense that without specific equipment one is unable to use the application. In that case the application is not portable and cannot be used in other medical institutions without additional investments. Hence, framework for an integrated EHR management system should be as open as possible, in sense that it’s able to manage patient information originating from various sources, and that is accessible independent of the users’ current position and terminal. In that sense we have followed the guidelines of the communication networks convergence summarized in the NGN framework. Like stated before, this approach includes the concept of one common network platform that is able to serve different types of information, services and media, with possible selection of different QoS levels. Thus, theoretical framework, assumptions and recommendations of NGN would provide us with needed functionalities for development of high-quality EHR system with application solutions that are transparent and independent of the user’s current location. As the result of this approach, the developed EHR management system framework adopts multi-tier communication architecture with IP-based transfer and middleware layer that is able to satisfy the requirements of the NGN ideology, and the user does not require any special network equipment to access the medical data repository.
4. EHR management system framework Following the guidelines and system requirements summarized so far, we have chosen distributed network architecture based on CORBA [11] communication platform for implementation of EHR management system. The two dimensional view of the system architecture is shown in Figure 1. There are a number of advantages offered by the
232
P. di Giacomo et al. / Integrated Electronic Health Records Management System
CORBA platform, which are of great importance to the application developers. In a distributed computing environment (DCE), where all system components are introduced as objects, CORBA provides a standard mechanism for defining the interfaces between components as well as some tools to facilitate the implementation of those interfaces using the developer's choice of languages. Communication between the components is accomplished using object references in such manner that the strict client/server distinction no longer exists. In CORBA, a client is simply any application that uses the services of a CORBA object; that is, an application that invokes a method or methods on other objects. Likewise, a server is an application that creates CORBA objects and makes the services provided by those objects available to other applications. Furthermore, by taking advantage of the common distributed object computing (DOC) communication platforms such as CORBA, we are provided with some very important features such as complete platform and language independence, error handling, memory management etc. Theoretical framework for distributed systems relies not only on the definition of interfaces between components but also on the existence of various services (such as directory registration and lookup) that need to be available to an application. Following this requirement Object Management Group (OMG) specifies a wealth of standard services, such as directory and naming services, persistent object services, and transaction services. Each of these services is defined in a CORBAcompliant manner and they are available to all CORBA applications.
Figure 1 - Multi-tier communication architectural framework for EHR management system
As the result of the features provided by CORBA, multi-tier communication architecture based on this communication middleware platform is highly flexible and modular. Introduction of new features and addition of new object or modules usually does not require changes in the system in general, which is very important in case of integration with other medical information systems. Since middleware communication layer contains most of the logic, potential upgrades of the system do not include changes and delivery of new client-side modules. The problems like diversity of data and media, localization based services and personalized delivery of information are classical middleware components in this communication model and comply with the concept of NGN architecture. In respect to sensitivity of medical information, close consideration has to be paid to the security framework offered by the CORBA platform. Implemented in the form of the CORBA services, OMG among other things provides
P. di Giacomo et al. / Integrated Electronic Health Records Management System
233
additional capabilities for security routines. This framework includes features like identification and authentication of users, authorization and access control, auditing, secure communication, non-repudiation and administration of various security policies. Undoubtedly, these functionalities are of great importance to performance sensitive applications such as EHR management. However, they do not offer a complete solution in our case. Services provided by the standard DOC platforms cannot fully satisfy the legal and ethical rights of the patient and his/her medical data, and some additional measures have to be taken in order to meet those requirements. In connection to middleware layer shown in Figure 1, framework for NGN communication architecture also includes some common functions such as registration, profile management, usage recording etc, which are also not CORBA’s core functionalities. Those modules can be separated based on their orientation towards network transport layer or service layer, and together comprise a fully functional communication system for NGN architecture. Research in this area has been a subject of separate efforts conducted in our laboratory [12].
5. Open R&D issues of standard DOC communication platforms Employment of CORBA middleware communication architecture in medical information systems provides the application developers with number of advantages, especially in reference to classical client/server communication architectures. However, it still does not provide a complete solution for large-scale distributed applications. There are still some very important open R&D issues that are the subject of research in many laboratories and interest groups around the globe, two of which are of high importance for medical systems. Communication overhead – traditionally, performance results of communication between CORBA objects and the application based on the ORB core were inferior to time requirements for client/server communication in two-tier network architecture. Very first empirical studies [13][14] have revealed that for BULK data transfer, the performance overhead of CORBA implementation on high-speed network architectures such as ATM was 25-70% below that achievable using lower-level transport layer interfaces such as sockets or TLI. These facts are mostly caused by multiple read and write systems calls, which are made when establishing communication between CORBA objects. Caused by the substantial progress in the standard middleware platforms, the performance results have significantly improved over the last couple of years [15], however they still do not outperform classical client/server applications. Communication overhead can be particularly sensitive in the distributed diagnostic images management systems. To overcome this problem, the research teams have done number of interesting proposals. For example, one interesting approach has been taken in [16], where the scientists have defined two types of information traffic – one for the control data, which completely relies on CORBA middleware layer, and one for the user data which is handled by independent proxies that communicate directly with the clients. The performance results have proven the usability of this framework. QoS management – first-generation DOC middleware was not targeted for performance sensitive applications with stringent QoS requirements. Not surprisingly, its efficiency, predictability, scalability and dependability was problematic. Over the last couple of years, however, the use of CORBA-based DOC middleware has increased significantly in high performance distributed systems with real-time QoS
234
P. di Giacomo et al. / Integrated Electronic Health Records Management System
requirements, one of those being medical information systems. Advancements of CORBA 3.0 architecture model include Massaging [17] and Real-time[18] specifications that provide the control of many end-to-end ORB QoS policies such as timeouts or priority queuing, and implement standard interfaces for managing ORB processing, communication and memory resources. The most recent research have shown that common middleware solutions have matured to the point where they are no longer a dominant factor in the overhead, non-determinism, and priority inversion incurred by the distributed and real-time embedded (DRE) systems. As a result, some of the focus has shifted to the commercial operating systems and networks, which are once again responsible for the majority of end-to-end latency and jitter [19]. However, in respect to quality solutions introduced by these specifications, there are additional requirements set for QoS management framework, which together comprise guidelines for future research and development efforts: x dynamic resource management – CORBA specifications are targeted for applications using fixed priority scheduling, and do not provide a complete solution for resource management in dynamic load conditions. x portable network QoS APIs – many network-oriented QoS technologies such as IntServ or DiffServ are highly platform and protocol specific. x multiple QoS property integration – conventional QoS solutions tend to focus either on specific network signaling and enforcement mechanisms or single end-system resource allocation techniques. Beside common QoS parameters like predictable latency and jitter control it is important to keep in mind that the term QoS also includes a wide range of system properties like scalability, security and dependability. Common middleware solutions still do not provide a complete solution for those issues, and the improvements in this area has been the subject of work for number of research teams around the world. Here we can mention two separate projects whose results have been dominant in the disparate research efforts: QoO (Quality Objects) [20] is a set of open-source middleware services, which represents the extension of DOC middleware that supports adaptive QoS specification, measurement and control. The idea here is to decouple distributed real-time and embedded (DRE) middleware into two dimensions, one called functional paths and the other QoS paths. Functional paths include flows of information between client and remote server applications and ensure that this information is exchanged scalable, dependably and securely. QoS paths are responsible for determining how well the functional interactions behave end-toend with respect to the to key DRE system QoS properties. TAO [21] is an open-source Real-time CORBA compliant ORB designed to support applications with stringent end-to-end QoS requirements by allowing them to reserve and manage processor, communication and memory resources. TAO represents a mature example of distribution middleware R&D transition, having been used in dozens of DRE systems.
6. EHR management system implementation details Following the principles and the requirements summarized in the previous sections, we have designed an experimental laboratory EHR management system based on the
P. di Giacomo et al. / Integrated Electronic Health Records Management System
235
communication architecture framework shown in Figure 1. The focus of attention has been paid to the middleware services that are targeted to satisfy very strict demands set for EHR system implementation. Figure 2 depicts the laboratory system schema. The module that requires special developer’s attention is preserving security and privacy of patients’ related data. This feature is in fact common to all middleware networks, which includes secure transfer of information from one point to another in inherently insecure networks such as Internet. However, in this particular case there are some additional restrictions, which require separate design of this module. Like stated before, one of the basic requirements for EHR management system is to ensure privacy, medico-legal and ethical needs of all persons known to the system [8]. The basic principle used in medicine is that the access to patient’s information is granted to a very limited group of people, which posses the legal right to retrieve and edit patient’s data [22]. In most of the cases that means that only general practitioner (GP) chosen by the patient is allowed to browse the medical record of the particular patient. In every other case the medical staff, other GP’s or specialists have to acquire explicit patient’s permit to access his/her information. Also, it is a common practice that all the data used for scientific research has to be used anonymously, except when the process itself requires personal information. Again, in that case the project has to acquire the permit of the subjects used in the study [23].
Figure 2 - Laboratory System Infrastructure
The problems of legal rights to view, edit and transfer a part of or a complete patient’s medical record has been recognized as the cornerstone of functional EHR management system. All the standardization bodies whose fields of interest include medical informatics are addressing these requirements and some of them have introduced different sets of specifications and proposals for this purpose. Third part of the CEN’s ENV13606:1999 recommendations is called “Distribution Rules”, whose primary purpose is to provide controlling mechanism that enables access to and/or further distribution of the components to which they are attributed[5]. By adopting these proposals it is possible to define very detailed conditions when an access to patients’ data can be granted, and what operations are permitted for different cases. It is important to emphasize that this European standard does not define rules themselves, these needing to be defined and determined by the local users, national guidelines and legalization. Furthermore, as the document introduces a set of generic proposals, the developers and vendors are free to implement distribution rules as they find best suited for their systems. The solution that will be presented here goes a step further. The proposed framework provides the developers with the possibility to implement all the specifications presented in the “Distribution Rules” part of the ENV 13606:1999 document, but also introduces additional security measures against possible illegal and unauthorized access to the data repository. As it will be shown, the EHR management
236
P. di Giacomo et al. / Integrated Electronic Health Records Management System
system is regarding the data confidentiality practically completely safe against possible intruders to the system. The basic concept of the EHR framework that was developed and than integrated in the system is strict separation of patient’s personal and medical data [24]. As the result of that approach, the EHR system consists of two completely separated databases: Person Identification Service (PIDS), which contains personal information, and Healthcare Database Repository (HDR), which contains medical data only (Figure 3). The connection between those two databases is achieved through patient’s unique identifier (ID), which is stored in the PIDS database in encrypted form, opposite to HDR where it is kept as plain text. The encryption and decryption processes are following the concepts of the asymmetric cryptography [25], in which one key, called “public” is used for data encryption and the other, called “private” for decryption process. When a new account for a physician is opened in the system, the administrator creates at least two pairs of keys, one pair for encryption and decryption of data, and the other for digital signatures. After creating keys, the administrator signs these keys with his/her private key. Public keys are added to the public key ring and published on the key server that in general could use LDAP service to manage public keys, but this is not mandatory . Private keys are transferred on floppy discs or CD-ROMs that also have a copy of the fingerprint of the administrators’ signing key. These portable discs act as smart cards, without which one is theoretically unable to use the service. When we encrypt data, every key first has to be checked for the administrator’s signature. If the fingerprint on the physician’s public key matches the one on the floppy disc, key is used. Otherwise, the key is treated as untrustworthy, revocation certificate is published on the key server, and the key is no longer used. The administration of the patients goes as follows: when the patient is introduced to the system for the first time, his/her personal information is entered in the PIDS database. At the same time the patient chouses the GP, and the administrator selects corresponding public key for the first entry in the HDR database. Moreover, if the patient wants to enable more than one physician with the access rights to his/her medical information theoretically there is no limit of public keys that can be used in encryption process. Also, if the patient during lifetime changes the GP, which usually happens a couple of times, the soul procedure that needs to take place is to replace the old encrypted ID in the PIDS database with the new one. In this sense the EHR framework completely follows and fully meets the demand that the consumer, in this case the patient, is the legal owner of the health record content [1]. In combination with the selected physician’s public key the encryption process automatically also uses Master public key. The purpose of this key is a “safety net mechanism”, which is used in special situations like the loss of a private key, i.e. when there is no other way to decouple the connection between PIDS and HDR archives. Since master private key is able to unlock all the records, the size of these keys should be much bigger than standard key size and therefore harder to break. It is also very important that the private key of the pair is kept in a high security location like a safe. Another very important feature of asymmetric cryptography is the mathematical infeasibility to deduce private from public keys. Therefore public keys are freely distributed in the insecure environments and shared among all the users in the system opposite to private keys, which are to be possessed by the owners only, i.e. all the users have the ability encrypt data using other users’ public keys, but only the users in possession of the corresponding private keys can decrypt the connection between PIDS and HDR archives.
P. di Giacomo et al. / Integrated Electronic Health Records Management System
237
Figure 3 - Configuration and logical architecture of EHR system
With this model we have accomplished some very important features. First, because of the fact that all the relevant data is stored as plain text within both modules, PIDS module can serve as the primary interface to all the other modules defined on the system. It can be opened for access not only to physicians, but also to other groups of users like nurses, hospital administration staff etc. Furthermore, by storing medical data as plain text in the HDR data repository, this archive can easily be used for education or research purposes. The logical structure of the HDR database system is not limited by any means and can adopt specifications proposed in ENV 13606:1999 document, including the distribution rules that comply with the generic standard. Developed security module resides on client side of the application (Figure 2). These steps are out of the classical middleware networks framework where the clients don’t require special additions in order to be able to use the service. It is insecure to encrypt data on the server side, since the automation takes away all the control about the keys that are used in the process. Possible intruder could compromise some of the keys in such way that the server logic is unable to locate the problem. If the encryption is connected to the client side, the client has the ability to autonomously check every public key that is used in the process. Comparing the fingerprints of the public key used in the current process and the value stored on the floppy disc, the user is certain whether the public key is trustworthy or not. Decryption is even more insecure if it would be placed on the server side. In such case the server would need to have some kind of an access to physicians’ private keys, which is inherently a security leak. Figure 4 depicts the communication infrastructure of the EHR management system. The system is based on CORBA’s middleware architecture, which is responsible for object localization, naming service and communication between server and client components. By default clients access the application through their WWW browsers, i.e. using HTTP or HTTP/SSL communication protocols. System that adopts this type of communication architecture is straightforward and can be mapped to a wide variety of network access, which makes the application transparent to the details and characteristics of the client terminals. Especially if the system is being accessed from within the hospital LAN, clients can theoretically use raw CORBA’s IIOP communication protocol, but its’ efficiency from the performance point of view is rather questionable.
238
P. di Giacomo et al. / Integrated Electronic Health Records Management System
Figure 4 - Communication architecture of the EHR management system
Finally, the question that is quite expected is how secure actually are we? Unfortunately, the answer to this problem is not completely unambiguous. Implementing CORBA security services and additionally employing SSL communication protocol, all the information is transferred in the encrypted form and therefore hidden from eavesdroppers. Local hospital networks are usually protected by the firewalls, and even if an attacker breaks into the system, without the possession of the private keys he is unable to compromise the medical data repository. Regular database backups as well as the use of digital signatures for data integrity check would easily diagnose possible misuse of the system. The last potential security hole is the keys used in the encryption/decryption process. In the recent years there has been a lot of discussion and research in this area that tried to find the answer to what level of security Public Key Infrastructure (PKI) offers. The results have shown that PKI provides much higher security measures than for example standard written signatures. The size of used keys directly influences the complexity of the possible break. Private keys use additional security measures in such way that they are kept in the encrypted form on the floppy discs and protected by the pass phrase. Bottom line, the consensus of developers and researchers is that this type of security infrastructure is more profound, sophisticated and qualitative than the standard measures used in paper health record management.
7. Laboratory prototype performance results Following the system architecture illustrated in Figure 2, we have built a laboratory prototype of the EHR management system. In order to simulate a real situation environment, we have designed an interface to the image management system that was developed during our previous work [26]. Picture archiving and communication system (PACS) among other characteristics featured a diagnostic images database repository. These images complied with the DICOM standard and were taken using different image modalities. Prior to the integration the system needed some changes, because its’ data archive contained parts of patients personal information. That information was directly deleted from the database, and replaced with the newly created patients’ IDs. Details of laboratory devices, servers and terminals are as follows: x
client terminal is a PC with a Pentium II processor and 256 MB RAM, and private keys are stored on floppy discs
P. di Giacomo et al. / Integrated Electronic Health Records Management System
x x x x
239
WWW, CORBA and database servers are implemented on a single SUN Ultra 5 WS running on 400MHz RISC processor and 256 MB RAM LAN is based on Ethernet 100BaseT technology keys used in encryption and decryption process are 1024 bits of size application modules were implemented using a number of programming techniques and languages (C for encryption/decryption module, Java for GUIs and CORBA interfaces).
In order to gain a prospective about the performance characteristics we have conducted some basic measurements of time needed for different processes. The idea behind this work is to find out which module or process is most time consuming and in future could cause bad performance results. Our hypothesis was the encryption/decryption module could be the bottleneck of the application, since both processes need to access data stored on the floppy disc. Table 1 shows the average time measurements for 20 iterations.
Table 1 – Time measurements for different processes
The first column in Table 1 shows the average time needed to initialize the ORB context dependent on the number of client threads. This was measured in order to simulate more than one connection at the same time, which is usually the case in a real situation. Furthermore, in case when the connection is made over the Internet or when more clients are using the service simultaneously, the time needed to initialize the context or to retrieve and transfer images rises whereas that does not influence the time needed for encryption or decryption, since those are client-side processes. The comparison of the results has shown that initialization of the ORB context and image retrieval are the most time-consuming processes. Therefore, our assumption that the encryption/decryption of patient IDs will strongly influence the time performance of the system was not confirmed. Image retrieval was measured from the time the user sent a request for an image and until that image appeared on the screen. This performance characteristic had been recognized as one of the most important QoS parameters of the system [27]. Every image before being sent to client terminal must be additionally processed, since common WWW browsers like Netscape Communicator or Internet Explorer do not support DICOM image format. In this particular case images were formatted to PNG (Portable Network Graphics) format, which is supported by all of the standard browsers. Furthermore, at this point the laboratory prototype supports rendering only one image at the time, and therefore no image compression was used. The results for different image modalities show all the complexity of QoS problem. Namely, studies within imaging departments have shown that clinicians find it acceptable for studies to appear at workstations within 2 seconds of the images being requested, which in our case the results for CT image retrieval do not satisfy this boundary. This clearly shows that even in laboratory conditions QoS properties need to be closely monitored and studied.
240
P. di Giacomo et al. / Integrated Electronic Health Records Management System
8. Conclusion and final remarks Medical information systems require an increasingly broad range of features, which impose number of research questions on the computer and telecommunication scientists. Large-scale integrated EHR systems are faced with many very strict requirements such as security and privacy, sensitivity and diversity of data and media types that need to be processed, support of various QoS aspects etc. The framework for distributed EHR management system presented here successfully copes with most of those requirements and provides the developers with key performance factors such as flexibility, modularity and scalability. It also solves the necessity of controlling very strict access rights to patients’ medical data. Middleware communication platforms still don’t provide a complete solution for all the requirements of large-scale DRE applications. However, in the last couple of years significant advancements have been accomplished and the most recent studies have shown that standard DOC middleware communication platforms are no longer the dominant factor in overhead and nondeterminism. QoS properties are the subject of work of different R&D teams, whose efforts are targeted to provide reusable and high quality framework for controlling QoS system parameters. As it was shown our system fully respects the recommendations and proposals of standardization bodies whose field of interest include medical informatics. Special attention was given to the problem of confidentiality and privacy of medical data that is managed by the system. Our goal was to make the EHR management system secure from the unauthorized access from both outside and inside local hospital network, and at the same time to meet the demand of legal patients’ ownership of their own medical data. Our plans for further development include the design and research of the system modules according to the framework shown in Figure 1. We are planning to further investigate the performance issues of IIOP opposite HTTP/SSL communication protocol stack, based also on the results of some other research teams that show clear advantage of server-based applications and latter type of access. Parallel to that another research team in our laboratory is working on communication architecture for NGN, which includes common middleware modules such as registration, profile management, access control, session and QoS management etc, all of which are very important features of an EHR management system. References [1] [2] [3]
[4] [5] [6] [7]
[8]
T. Beale, “Health Information Standards Manifesto”, rev 2.5, Copyright 2001 Torleif Olhede, PhL: “Archiving of Care Related Information in XML-format“, proceedings of MIE2000, pp. 1146-1150, Hannover, Germany F.H. Roger France, Cl. Beguin, R. van Breugel, Cl. Piret: “Long Term Preservation of Electronic Health Records. Recommendations in a large teaching hospital in Belgium“, proceedings of MIE2000, pp. 1146-1150, Hannover, Germany National Health Records Task Force, Australia, “The Health Information Network for Australia”, July 2000. CEN/TC 251 Health Informatics, ENV 13606-3:1999, “Health Informatics – Electronic healthcare record communication – Part 3: Distribution Rules” European Standards in Health Informatics official URL: http://www.centc251.org D. G. Katehakis, S. Sfakianakis, M. Tsiknakis, S. Orphanoudakis: "An Infrastructure for Integrated Electronic Health Record Services: The Role of XML (Extemsible Markup Language)", MEDNET 2000, 5th World Congress on the Internet in Medicine, Brussels, Belgium, November 23-26, 2000, pp. 189-192 P. Schloeffel, T. Beale, S. Heard, D. Rowed, “Background and overview of the Good Electronic Health Record”, openEHR Fundation, May 2001
P. di Giacomo et al. / Integrated Electronic Health Records Management System
[9]
[10]
[11] [12] [13] [14]
[15] [16]
[17] [18] [19] [20]
[21] [22] [23] [24] [25] [26] [27]
241
I. Klapan and others, “Our Tele-3D C-FESS remote surgical procedures: real time transfer of live video image in parallel with volume rendered models of surgical field”, SoftCom 2001 proceedings, pp. 967979, October 2001 Irfan Pyarali, Timothy H. Harrison, Douglas C. Schmidt: "Design and Performance of an ObjectOriented Framework for High-Speed Electronic Medical Imaging", Computing Systems Journal, USENIX, Vol. 9, No. 3 Jeremy Rosenberger: “Teach Yourself CORBA In 14 Days“, SAMS Publishing, ©Copyright, Macmillan Computer Publishing "Mobile Multimedia Portal – Role In UMTS Services", D. Šimiand others, SoftCom2001 proceedings, Vol. II, pp. 529-535 A. Gokhale and D. C. Schmidt, “Measuring the Performance of Communication Middleware on HighSpeed Networks,” SIGCOMM’96 proceedings, (Stanford, CA), ACM, August 1996 A. Gokhale and D. C. Schmidt, “Performance of the CORBA Dynamic Invocation Interface and Internet Inter-ORB Protocol over High-Speed ATM Networks,” GLOBECOM’96, (London, England), IEEE, November 1996 G. Coulson, S. Baichoo, “Implementing the CORBA GIOP in a High-Performance Object Request Broker Environment”, ACM Distributed Computing Journal, vol. 14, April 2001 Irfan Pyarali, Timothy H. Harrison, Douglas C. Schmidt: "Design and Performance of an ObjectOriented Framework for High-Speed Electronic Medical Imaging", Computing Systems Journal, USENIX, Vol. 9, No. 3 CORBA Messaging Specification, OMG Document orbos/98-05-05 ed., May 1998. http://www.info.fundp.ac.be/~ven/CIS/OMG/domains/corba%20med%20specificaton.pdf D.C. Schmidt, M. Deshpande, C. O’Ryan, “Operating System Performance in support of Real-time Middleware”, in proceedings of WORDS’02, San Diego, January 2002. Yamuna Krishnamurthy, Vishal Kachroo, David A. Karr, Craig Rodrigues, Joseph P. Loyall, Richard Schantz, and Douglas C. Schmidt, "Integration of QoS-enabled Distributed Object Computing Middleware for Developing Next-generation Distributed Applications", ACM SIGPLAN Workshop on Optimization of Middleware and Distributed Systems (OM 2001), Snowbird, Utah, June 2001. D.C. Schmidt, D.L. Levine, S. Mungee, “The Design and Performance of Real-Time Object Request Brokers”, Computer Communications, vol. 21, pp. 294-324, April 1998 Reglementation applicable aux banques de donnes medicales automatisees, Recommandation No.R(81)1 adopte par le Comite des Ministres du Conseil de l'Europe, Strasbourg 1981. Recommendation on the Protection of Medical Data R (96) of the Council of Europe, Strasbourg 1996 – Draft Hans Schuell, Volker Schmidt: “MedStage – Platform for Information and Communication In Healthcare“, proceedings of MIE2000, pp. 1101-1106, Hannover, Germany Phil Zimmerman: "Introduction to Cryptography", copyright© 1990-1999 by Network Associates, Inc. M. Konþar and S. Lonþariü: "WWW-based image management system", MIE2000, Hannover, Germany CEN/TC 251 Health Informatics, “Quality of service requirements for health information inter-change”, Technical Report, January 2002
242
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Standards for Medical Device Communication: X73 PoC-MDC Miguel GALARRAGAa, Luis SERRANOa, Ignacio MARTÍNEZb, Paula de TOLEDOc a Electrical and Electronic Engineering Dept., Public University of Navarra, Spain b Aragon Institute of Engineering Research (I3A). University of Zaragoza (UZ). Zaragoza. Spain c Biomedical Engineering and Telemedicine Group (GBT). Polytechnic University of Madrid (UPM). Madrid. Spain
Abstract. When using a number of medical devices from very different manufacturers with different proprietary formats the problem of a lack of interoperability emerges. Connectivity and communications are then limited and the systems and users can not exploit all the possibilities that Information and Communication Technologies offer today. The use and application of standards can be the solution to bring light to this confusion of languages in this Tower of Babel. There are several standards applicable to medical information systems interoperability and, analyzing these different options, the X73 PoC-MDC (ISO11073/IEEE1073) set of standards for Point of Care Medical Device Communication is the best positioned international standard to provide interoperability in these communications. Keywords. Interoperability, medical device, plug and play, standards, X73, point of care, PoC-MDC, IEEE 1073, ISO 11073
Introduction The number and use of medical devices is increasing continuously following the advances in technology and the new possibilities arising from research in this area [1]. These devices help the health care professionals to treat or diagnose diseases. Thinking of a single patient in an Intensive Care Unit for example, it is more than possible that he has more than one device measuring his vital signs. On the other hand, the advances in Information and Communication Technologies allow sharing and communicating data from different sources [2], and these technologies could be applied to the information captured by the different medical devices, in a way that a central system could gather all the data and record them, without the need for manually writing down each measure from each device, which means time costs and is subject to human errors. In the case of a home tele-health monitoring application, there are technical systems and medical services that allow controlling parameters and biological signals of patients from a distance. It is one of the most common practices in telemedicine. The devices used most frequently in telemedicine are electrocardiography monitors (ECG), spirometers, blood pressure and heart rate meters, pulse oximeters, glucometers, digital scales, etc. They can be fixed, but it is also quite common to be wireless or “wearable” (incorporated into clothing, bracelets, etc), that makes their use more comfortable [3].
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
243
These sensors need to send the captured data to a centralized system, located at a distance, which has to gather and record them [4]. These are just two examples of the uses and needs of medical devices and show the convenience of applying Information and Communication Technologies to share and gather the data. But applying these technologies to communicate different systems and sources involves the need for standardization in order to achieve the needed interoperability. The reason is that many different manufacturers make new devices for a wide variety of medical applications, but each one has its own software and communication protocols; they build proprietary solutions that can work just alone or in a system completely designed by them and that makes very difficult to take data acquired from the different devices and try to gather it [5]. Here is where the problem of interoperability starts, because every device is speaking in a different language. This heterogeneity causes lots of integration difficulties. Moreover, these proprietary formats are usually not published. Then it is easy to find incompatibilities between the devices. When a system is built, replacement problems and consequent high costs can also arise; it is possible that a single device has to be replaced because of a failure, a change in the patient’s prescription or just because there is a new cheaper or better one, and this single change can imply complete system changes. One single replacement could mean lots of changes in the software and hardware that forms the system in order to maintain the communication. Interoperability and middleware concepts turn up to solve these problems. Interoperability means the ability of software and hardware on different machines from different manufacturers to share data [6]. The middleware technologies can be defined as the elements that allow communication in distributed systems and the tools that help to use architectures based on products from different manufacturers and multiple platforms. They provide portability (facilitate efficient interchange of vital sings and information associated to a device in all the possible clinic scenarios) and interoperability (medical application from different clinic scenarios can interchange information between devices connected to the patient). Interoperability implies plugand-play systems, what means that the health professional just has to connect the device: the system detects it automatically, configures it and communicates with it and there is no need for any user interaction. The main problem when trying to achieve the so-called plug-and-play interoperability is the following: without a communication standard that extends from the physical device connection through the applicationlanguage level, every actor must, at least, be examined to determine what physical and logical interfaces must be developed to provide effective communication (see Figure 1). There is a need for developing open sensors and middleware components that shall allow transparent integration, plug-and-play and interoperability of non-compatible monitoring devices [4]. Thus, as it could be expected from the beginning, the use of standards seems to be an efficient way to face these problems. Standardization is necessary to make devices plug-and-play. Medical information and communication standards define information representation and exchange formats, allowing interoperability between home care devices [7-9]. Therefore, a unique standard is needed, but none has been completely developed until now [10].
244
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
Figure 1. Interoperability among medical devices and remote gateways.
This paper will first enumerate some different options when trying to find a suitable standard. After that, it will explore the ISO/IEEE X73-PoC-MDC family as the most appropriate for interoperability of medical devices and will also show the main parts and concepts of this set of standards.
1. Available Standards The main European organization with authority in this field is the European Committee for Standardization (CEN) [11]. It brings together several Technical Committees (TC). Among them, the TC251 [12] is in charge of medical computer science and constitutes the only European forum for consensus and standardization of computer science applied to healthcare. It maintains international contact with International Standards Organization (ISO), the principal world body for standardization. Analyzing the standards widely applicable to the interoperability of medical information systems, the most well known are: DICOM (Digital Imaging and Communications in Medicine) [13], formed by the American College of Radiologists (ACR) and the National Electrical Manufacturers Association (NEMA). It occupies a privileged position in medical imaging since it is very widespread among the healthcare community and the manufacturers. It includes some directives for the exchange of biomedical signals, particularly ECG and has another specific standard: SCP-ECG, CEN/ENV1064 [14], but it is not applicable to the interconnection of monitoring devices.
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
245
HL7 (Health Level 7) [15], funded by American manufacturers of medical equipment and accredited by the American National Standards Institute (ANSI), it is a standard for the exchange of medical messages. It develops its own syntax, in the seven levels of the protocol stack, for representing the information in a simple structure composed of segments and field labels (each one identified by its data type). Like DICOM, it exchanges the results of observations related to vital signs and biomedical signals, but it is not applicable to the interconnection of devices. ISO11073/IEEE1073 [16]. This is a family of standards, promoted by the Institute of Electrical and Electronics Engineers (IEEE), a consortium of manufacturers and institutions, adopted as the international standard of ISO (ISO11073), and based on several works by the CEN. It groups previous CEN and IEEE standards to cover different levels of the ISO Model: MIB for the lower ISO levels, and INTERMED and VITAL for the upper levels. VITAL [17] defines the format for the representation of vital signs, INTERMED [18] establishes the models for access to the data, and Medical Information Bus (MIB) [19] completes the model with services and communication protocols for interoperability between medical devices. From now we will refer to them as X73-PoC-MDC. ENV 13606 [20]. This is the European pre-standard (ENV) on Electronic Healthcare Record (EPR) communication, developed by the CEN. It includes four main parts: (1) Extended Architecture, (2) Domain Terms List, (3) Distribution Rules, and (4) Information Exchange Messages. Its future definitive version will constitute a complete standard for all the European Medical Institutions.
2. X73 PoC-MDC The X73 PoCMDC standard, as mentioned above, is a single set of standards developed and adopted by all countries for complete connectivity among medical devices providing interoperability, plug-and-play, transparency, and ease of use and configuration. That standard is, to date, in the development phase. Indeed, many of its parts are still in draft status. In terms of chronology, the IEEE was the first developing standards in this area with the appearance of MIB in 1984. Nevertheless, the main manufacturers developed their proprietary solutions, which have not been accepted in general. Other standards have been developed for specific applications and some of them have been widely adopted. In 1993, CEN created a set of standards (PoC-MDC) that were ratified in 1999 to be able to interconnect devices and interchange data between them. In 2000/2001, the standardization organizations IEEE and ISO reached an agreement and created the “Pilot Project” to avoid competition and work together on a single set of standards. In this Pilot Project, the published IEEE standards, and those under development, were then developed jointly. Appealing to the Vienna Treaty, this joint organization was extended to include the CEN to reach international agreement in the standards. Those agreements and processes provided the basis for other standardization organizations to progress in a similar manner and work in a coordinated way with each other as the DICOM, HL7, IEEE 802, and IrDA, as described in previous sections. In 2004, the five existing standards of the 11073 standard were approved. Thus, these standards have been developed with a high level of international participation. They are being adopted as ISO standards through their technical committee of medical computer
246
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
science TC215, under the name of the 11073 standard. In addition, they are considered European standards via the TC251 of the CEN. This process of creation and joint work started to join forces carried out previously by each organization, so that they absorbed previous standards from ISO and IEEE to be able to cover all of the levels/layers in the communication with the devices. In detail, the 1073 standard absorbs ENV13734 (VITAL) for the upper layers, ENV13735 (INTERMED) for the intermediate layers, and the older 1073 standards (1073.3 and 1073.4) for the lower layers. The set is renamed 11073-x (for ISO) and 1073.x (for IEEE). The correspondence between the ISO and IEEE nomenclatures is: ISO11073xyyzz / IEEE 1073.x.y.z, where x, y, z are the numbers of each sub-part of the standard. Figure 2 shows the correspondence between the names of the documents of the standard with the levels of communication and the parts that were absorbed at the beginning of the joint work. After that, they were named 1073.x.x for IEEE, and 11073-x-x for CEN and ISO (current 1 in Figure 2), and we can also find them with the general nomenclature X73-x-x (current 2). The X73-PoC-MDC standards allow communication between medical devices and external medical systems. They provide automatic capture of data of the patient’s vital signs and of information associated with operation of the device. Its two principal objectives are: x x
Provide real time plug-and-play interoperability for patient-connected medical devices Facilitate the efficient exchange of vital signs and medical device data, acquired at the point-of-care, in all health care environments
CEN / IEEE (beginning)
ISO / OSI 7
Aplication
6
Presentation
5
Session
4
Transport
3 2 1
13734-Vital
13735-Intermed
1073.3.x
Network Data Link
CEN / IEEE (current 1) 1073.1.x 11073-10x
CEN / IEEE (current 2) X73-1x
1073.2.x 11073-20x
X73-2x
1073.3.x 11073-30x
X73-3x
1073.4.x
Physical
Figure 2. Reference Models for Medical Device Communications.
2.1 Parts of the Standard The standard includes a family of standards that can be used jointly at different levels to provide connectivity to the devices involved, giving a complete solution from the lowest levels (the wire itself and connector) to the highest levels (abstract representation of information and services). The standards are divided into the following main groups:
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
x x x x x
247
Device data (for example, object-oriented model and terminology for the representation of the data and specializations for each type of device) Services of general application (for example, services for events or polling) Transport (for example, wired or wireless) Network communication (for example, several networks interconnected) Gateway standards (for example, gateway between the representation of data and messages based on IEEE1073 and DICOM, HL7, etc)
2.1.1 Part 1.x.x – MDDL (Medical Device Data Language) The documents corresponding to the first part of the 1073.1 standard are used to establish the basis upon which we configure the rest of the standard, mainly defining the syntax, semantics and the Domain Information Model (DIM) which will be explained here. For this, they are based on definitions established by the European standards CEN ENV13734 (VITAL) and ENV13735 (INTERMED). Part 1 of the standard currently consists of the following elements: x x x
Nomenclature Generic Devices Virtual Medical Device specializations (VMD)
The 1073.1.1 standard defines a language, the Medical Device Data Language (MDDL), based on the Information Model of the domain. It specifies the syntax and semantics that must be used in the messages between the medical devices and with the computerized systems. The MDDL Standard defines the nomenclature for all the concepts where the standard is applied, as well as its encoding (a set of unique 16-bit codes used to name the elements in the Data Model), generic patterns of objects used for different applications (for example, alarm patterns) and specific standards of different devices. The nomenclature is made up of a complete set of terms used by the standard, and is known as the data dictionary. It includes several thousand terms closely connected with elements of the object-oriented model, demographic information about the patient, device descriptions, measurement values, methods of measurements, measurement localizations, alarm information, etc. Specifically, it contains terms, descriptions, and codes for the following categories: x x x x x x x
Elements of the object-oriented model from the DIM Medical devices and device systems Units of measurement Metrics (measurements and numbering) Body location (specifications for measurement localizations) Alerts External nomenclature
The DIM is an object-oriented model that represents, in an abstract manner, objects with their attributes and methods. It could be considered as an abstraction of real world entities in the domain of the communication of vital signs information. It
248
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
comes directly from the CEN VITAL standard (CEN 13734) and has two parts: the Static Model and the Dynamic Model. In the Static Model, the DIM is made up of six packages (basic components) which are depicted in Figure 3. The figure also shows the relationships between them. The set of object instances of the DIM that are available on a specific medical device make up the Medical Data Information Base (MDIB) of that device.
TOP
ARCHIVAL
Patient
PatientArchive
Patient Demographics
SessionArchive
Extended Services
Scanner System
Communications MDS Communication Controller
Medical
Alert
Control VMD
Alert
ServiceControl Channel
Metric
Figure 3. Packages (basic components) of the DIM.
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
249
These objects can only be accessed through protocol services provided by what is called the Common Medical Device Information Service Element (CMDISE) which will be explained later. The different areas of the DIM are: Model for the Medical Package: It deals with obtaining and representing biomedical signals and also with the context information necessary for the interpretation of those measurements. Model for the Alert Package: It deals with objects that represent information both related to the patient and with techniques that influence the result of the measurement or in the operation of the device. The term alert is used indifferently to refer to physiological alarms, techniques and information for the user about the equipment. The Model defines three different levels of alerts with different ways of processing them and also allows determining priorities. Model for the System Package: Representation of devices that acquire or process vital signals information. The fundamental objectives of this package are: The Virtual Medical System (VMS), which is an abstraction of a Medical System, and The Medical Device System (MDS) which is an abstraction of a device that provides medical information. It is the object of the highest level in the MDIB of the device and represents the instrument itself. It is a base class and cannot be instantiated. Model for the Control Package: It contains the objects that allow remote control of the measurements and device control. The Model for the remote control allows specifying the attributes that are accessible for the remote system. In order to achieve this, the object operation is defined in a way that allows establishing how each attribute can be changed and the list of possible values. The object operation has specializations, such as SelectElement or EstablishValue. Examples of the application of the control package include the possibility of remotely modifying parameters of a measurement (e.g., sampling rate). The operation objects cannot be accessed directly, but rather, through the Service and Control (SCO) object that groups all of the operation objects of an MDS or VMD. This object supports a simple unblocking mechanism to manage simultaneous calls. Model for the Extended Services Package: It contains objects providing extended management services for medical objects that allow efficient access to medical information. That access is achieved by a set of objects that packs attributes of multiple objects in a single event message, as well as for an object that allows specifying a filter that can be configured for the messages of the generated event (Discriminator object). Model for the Communication Package: It contains the objects used to store information related to how the devices communicate. Model for the Archival Package: Objects to archive and represent biological signals, information state and context information in a file, which can be on-line or offline. Model for the Patient Package: Information about the patient being relevant for the objective of this standard but not including vital signs information (modelled in the Medical Package). This is the minimum amount of information required by medical devices, not being the complete clinical history. On the other hand, the dynamic model provides a communication services model based on the ISO concept of agent-manager that will be reviewed later within the
250
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
service/protocols context. The agent and the manager have a ‘Device Communication Controller’ (DCC) and a ‘Bedside Communication Controller’ (BCC), respectively. When two devices (agent and manager) try to work together, they follow four steps: 1connection, 2-association, 3-configuration, and 4-operation. Using finite states machine, the standard describes how the system manager (client) and agent (server) are synchronized. Information is also provided using an interaction diagram. The operation for a VMD is as follows: x x
x x x
After turning on the device, it performs the necessary local start-ups and finishes in disconnected state, awaiting connection events When a connection event is detected, the device tries to establish an association (logical connection). A system client (manager) makes a request to a system server (agent). In the association state, basic verifications of compatibility are made After the association, the MDIB structure (configuration) is exchanged using the extended services (the Context Searcher) and proceeds onto the operation state In the operation state, the medical data are exchanged using the services defined in the standard. Likewise, a dynamic reconfiguration is allowed as well The service model for communicating systems defines the basic services needed by the application layer. These services are used by the application processes to exchange vital signs information and use a set of commands for the control of devices and measurements
2.1.2 Part 2.x.x – MDAP (Medical Device Application Profiles) The purpose of this part of the standard is to define the upper application layer for exchanging data defined with the Medical Device Data Language (MDDL) format. The MDAP standards try to achieve Medical Device Communication (MDC) data exchange, based on MDDL, between a large range, by type and scale, of current and future medical devices for use in PoC-MDC. The main user of the MDAP standard is a software engineer that needs to create an MDC system or intends to establish an interface in one of them. The MDAP standard defines the collection of services that will be used to communicate information in the form of MDDL messages between medical devices, between DCC and BCC systems, in the three upper levels (application, presentation, and session) of the ISO Reference Model. Their sections cover the basic encoding and abstract syntax for those messages used by Association Control Service Elements (ACSE), Remote Operation Service Element (ROSE), and CMDISE, as well as event notifying messages (event-report messages) or protocol data units (Protocol Data Units, PDU) sent by the devices to the host, and also the services used when the host requests information from a device. The session and presentation levels are understood as inactive and they are designed to produce the minimum overload. The three subparts of this part are: x x x
Base Standard Baseline Profile Polling Mode Profile
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
251
The Base Standard provides the PDU with definitions for the different services as well as the encoding rules and the specifications for the numeric format of the medical device (Medical Device Numeric Format, MDNF) used for the communication of real numbers and the rest of the primitives of the services. The aim is to be efficient in the implementation and, for this reason, the headings that are added in each layer have a limited and fixed structure with optional elements. The communication stack (in Figure 4) is made more flexible so that other message transmission profiles can be accommodated within the structure if necessary. The protocol stack is defined with the definitions of the type of the PDU and the dynamic behavior. Thus, Figure 4 shows the upper layers of the communication stack, that is, the set of protocols and services. The following protocols are defined: x x x x x
ACSE, for association control CMDISE (CMDIP), for the basic services defined in VITAL ROSE, for the link between call messages (requests) and results (responses) Presentation Layer, to negotiate the abstract and reference syntax Session Layer, to provide support to the ACSE standard
Application processes of the AGENT
MDIB
ACSE
MANAGED MEDICAL OBJECTS
CMDISE PRESENTATION SESSION TRANSPORT
Figure 4. Upper layers of the X73 communication stack.
252
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
The Baseline Profile defines a system events manager by which the data model ("containment tree") is sent by the device (DCC) during the configuration of the communication link. All of the information exchanged subsequently is sent mainly as event reports when there is a change in the operation state or new data become available. The Polling Mode Profile defines a set of services that permit the host to interrogate (to do a “poll” or an explicit “request”), all of the data that will be sent from the device; that is, the VMD sends data only when the host (BCC) requests them. Figure 5 shows the agent-manager model. The agent will be the data provider, that can be, a sensor device that acquires the patient’s vital signs. The manager will be, on the other hand, the information system that collects and manages the data that are sent to the sensor. The application processes of the agent are those that provide functionality to the sensor, that is, the processes that allow processing the signals, obtaining measurements and waveforms. The application processes of the manager collect and file the signals that the agent provides. As depicted in Figure 5, the MDIB is the set of object requests defining the agent; this is conceptual, that is, it is not necessary for the agent to keep an object-oriented database of that MDIB. The manager makes a mirror copy once it has been associated. This mirror copy is also illustrative. In this framework, the ACSE and CMDISE protocols are used for association and for the services to access the data, respectively.
Application processes of the MANAGER
Application processes of the AGENT
MDIB
MDIB MDS VMD
ACSE
ACSE
…..
CMDISE
CHANNEL NU
RTSA
CHANNEL AL
NU
AL
CMDISE
PRESENTATION
PRESENTATION
SESSION
SESSION
TRANSPORT
TRANSPORT
Figure 5. Agent and Manager Model.
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
253
2.1.3 Part 3.x.x – Transport & Physical Profiles This part of the standard specifies the protocols and services for the connections and transport messages using existing international standards, where possible. It establishes the implementation of the transport and physical profiles, including infrared connectivity (IrDA); wired or wireless connection: Wired connection: It defines a standard for a local wired LAN network that is based on the infrared standard published by the IrDA. It tries to provide communication, services, and protocols for consistent links with IrDA specifications and conveniently adapted to 1073 applications. It defines a wire that uses RJ-45 connectors in each end and has RS-232 signal levels. The purpose was to facilitate the incorporation of the standard in devices that had already been created or designed, taking advantage of the fact that many devices have RS-232 ports, and then, avoiding big redesigns and minimizing costs. At this moment, this is debatable since it is increasingly common to find devices that incorporate other connection capacities, for example, wireless. Wireless connection: It tries to provide communication, services, and protocols oriented towards consistent connection in IrDA specification, using short-range infrared in the physical layer. The maximum speed is 4 Mb/s. In this framework, and taking the wireless trends in consideration, appears a “Technical Report: Guidelines for the use of radio frequency (RF) wireless technologies” by the RF wireless technologies working group [21]. It performs an analysis of the aspects related to the use of RF wireless technologies for the transport of medical devices communications. Since these RF technologies offer new possibilities and are becoming more important in many fields, it is more obvious that they will be an important alternative. The report studies different technologies that are applicable now, each one with different characteristics and possibilities, and in different states of development. It does not recommend any one in particular, since the purpose is to identify the requirements and the main aspects when a choice has to be made, and incorporate it in the medical devices and make a dedicated network or use the current one for correct data transmission. The goal is to allow the manufacturers of medical devices, wireless equipment, government agencies, and any other end-user of the document to be able to make reasonable judgements about the performance and practical implementation of wireless solutions in the communication of medical devices [21]. The report can be considered as a review and a seed to produce new Standardization Projects as is usually done: the IEEE 1073 General Committee identifies areas where medical device communication standards are appropriate and then submit Project Authorization Requests (PARs) for approval, and organize working groups to develop drafts and finally to submit them to ballot; for example, an IEEE 1073.3.x standard using 802.11 networking, Bluetooth, Zigbee, etc [16], [22]. 2.1.4 Part 4.x.x – Physical Profiles It corresponds to a 1994 version that has been withdrawn. The physical layer is already included in part 3.x.x. It refers to the standards of the base layer defined for use in this family of standards. These documents specify the services and protocols required by the physical layer of the ISO Reference Model.
254
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
2.1.5 Part 5.x.x – Internetworking Support This part includes some draft documents (unavailable) in development phase. All of the documents that begin with the numbers IEEE 1073.5 refer to the interconnection support between networks. An example could be to have several patients connected to the same information system using different LAN networks of medical devices, or to have a LAN of access points located in different places. It can also be of use in the case of interconnection in a hybrid network with two subnetworks, one of them wired, and the other wireless, creating in that way a gateway between them. An example of connections is shown in Figure 6.
11073.3xxxx
Agent
Manager
11073.3xxxx
11073.3xxx
11073.5xxxx
AGENT
MANAGER
Figure 6. Example of manager-agent connections.
2.1.6 Part 6.x.x – Application Gateways In this part, the documents are draft (unavailable) under development. All of the documents that begin with the number IEEE 1073.6 have to do with providing interoperability between different application-layer protocols, in addition to looking for bidirectional transparency. An example could be the case of a gateway between HL7 and 11073 (11073.60101), see Figure 7.
11073.3xxxx
11073
11073.5xxx
11073.6xxxx
OTRO
Figure 7. Example of an interconnection between a 1073 device and non-1073 device.
2.1.7 Part 9.x.x - Related – NCCLS POCT-1A This document (unavailable) describes the link between the POCT-1A and the X73 standard. POCT-1A is a standard for PoC multi-vendor connectivity based on the existing IEEE and HL7 standards and on specifications of the Connectivity Industry Consortium (CIC) approved by the National Committee for Clinical Laboratories
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
255
Standards (NCCLS). The resulting standard, NCCLS POCT1 includes an access point to the device based on IEEE 1073.3.2-2000 and IEEE P 1073.3.3. NCCLS also supports the HL7/IEEE JWG, assuring that the POCT devices interoperate well with those that use IEEE 1073 in the communication at higher layers.
3. Conclusions There is an increasing need for communication between medical devices, for both patients and manufacturers of healthcare devices. In the absence of standards for these medical devices the data is captured either manually or at considerable expense or is not captured at all. Capturing it manually is a hard work and is prone to human error. Having the need for systems with several medical devices connected and sharing data, communication has to follow a standard that is easy to use, easy to update and reconfigure, developed using common rules among all manufacturers and software designers, and that promotes interoperability. This integration by plug-and-play connectivity allows the user (patient, nurse, etc.) to use the system without in depth technical knowledge. The X73 standards include the entire range of devices from real-time to PoCT and they are the only standards addressing this area of connectivity. They provide a complete solution for medical device connectivity, starting at the physical wired or wireless connection to the nomenclature and representation of information and the services to share and communicate data. Nevertheless, it should be considered that, when developing a design for a medical device that incorporates the standard, the communication protocol that it must support would be clearly heavier, so the electronics or energy consumption may be affected. In a telemonitoring application for example, the devices usually have to be portable or wearable, what means that they have to be light and to use a long life battery. In that case the incorporation of the standard into the device keeping its desired characteristics will be a difficult task to overcome. We will have to wait and see in practice how these problems will limit its future use. In recent years, it is more and more common to find wireless equipment following standards such as Bluetooth or Zigbee. This assumes that the standard will have to include that type of communication in the lower layers and cannot only be limited to wired or infrared connections. Currently, there are several ISO/IEEE work groups concentrated on making medical devices communicate according to the standard, and they can do so by using these new communication technologies. In this way, we can expect that new documents will arise for the standard related to wireless RF communication. In addition, the collaboration between ISO and IEEE and the other standardization organizations with a high level of international participation, makes it an internationally harmonized standard adopted by ISO and CEN member countries, and suggests that there will be a high degree of interoperability between formats, medical devices, and clinical information systems. To sum up, the X73 goal is to improve the interoperability and plug-and-play capacities of the different medical devices and medical information systems.
256
M. Galarraga et al. / Standards for Medical Device Communication: X73 PoC-MDC
Acknowledgements The authors wish to thank Mr. Melvin Reynolds, convenor of the CEN TC251 WGIV, for his invaluable suggestions provided for this research. We also acknowledge the contribution of the Research Groups of the Spanish Telemedicine Research Network to the excellent results of the whole project carried out during the last three years. This research work has been financially supported in part by projects G03/117 from Fondo de Investigaciones Sanitarias, Ministerio de Sanidad y Consumo (Spanish Government); TSI2005-07068-C02-01 from Ministerio de Educación y Ciencia (Spanish Government) and 41/2003 from Departamento de Salud (Navarra Regional Government), and a personal grant to M. Galarraga from Departamento de Salud (Navarra Regional Government).
References [1] International Hospital Equipment & Solutions. www.ihe-online.com [2] Dept. of Tech. Planning. Commonwealth of Virginia, "Middleware standard. MID2001 01.1", 2001 [3] “Wear it well”, IEEE Eng Med Biol Mag, 22(3), 2003 [4] R. Kling. “Learning About Information Technologies and Social Change: The Contribution of Social Informatics”, The Information Society, 16:217–232, 2000 [5] F. Chiarugi, D. Trypakis, M. Spanakis “Problems and Solutions for Storing and Sharing Data from Medical Devices in eHealth Applications”, 2nd OpenECG Workshop, Berlin, Germany, 2004 [6] WEBOPEDIA, Computer and Internet Technology Definitions. http://www.webopedia.com/ [7] M. Galarraga, B.Ucar, S.Led, L.Serrano. "Gateway bluetooth-GPRS for ECG signal transmission: implementation in mobile phone", EMBEC’05. 3rd European Medical and Biological Engineering Conference. Prague. 2005 [8] J. Yao, R. Schmitz, S. Warren, "A Wearable Point-of-Care System for Home Use That Incorporates Plug-and-Play and Wireless Standards", IEEE. T. on Information Technology & Biomedicine, Vol.9, No. 3, pp.363-371, September 2005 [9] J. Yao, S.Warren, “Applying The ISO/IEEE 11073 Standards To Wearable Home Health Monitoring Systems”, Journal of Clinical Monitoring and Computing 19: 427–436, 2005 [10] M. Galarraga, I. Martínez, P. de Toledo, L. Serrano, J. García, S. Jiménez. “Point Of Care Medical Device Communication Standars (ISO11073/IEEE1073) In Patient Telemonitoring” EMBEC’05. 3rd European Medical and Biological Engineering Conference. Prague. 2005 [11] CEN. http://www.cenorm.be/cenorm/index.htm [12] European Committee for Standardization (CEN) Scientific Committee TC251, http://www.centc251.org [13] DICOM. http://medical.nema.org/ [14] ENV1064 - CEN/TC251. Medical Informatics - Standard communication protocol - Computer assisted electrocardiography, 1993 [15] HL7 Health Level Seven. IEEE Interoperability JWG http://www.ieee1073.org/related/hl7/jwg/hl7ieeeinterop.html [16] IEEE1073. Health informatics. Point-of-care medical device communication. Standard for Medical Device Communications - Overview and Framework. http://www.ieee1073.org [17] IEEE13734 - CEN/TC251. VITAL Health informatics - Vital signs information representation, 1999. http://www.medicaltech.org [18] ENV 13735 - CEN/TC251. INTERMED. Health informatics - Interoperability of patient connected medical devices, 1999. http://www.medicaltech.org [19] MIB. Medical Information Bus. Standard for Medical Device Communications. Framework and Overview. ANSI/IEEE Standard 1073, 1996 [20] ENV13606 - CEN/TC251. Electronic Healthcare Record Communication. Parts 1, 2, 3 and 4. Prestandard, 2000. http://www.medicaltech.org [21] IEEE1073. Technical Report. Guideline for the use of RF wireless technologies. http://ieee1073.org. [22] S. Led, L. Serrano, M. Galarraga. “Wearable Wireless Monitoring System Based On Bluetooth Technology: A Tutorial", EMBEC’05. 3rd European Medical and Biological Engineering Conference Prague 2005
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
257
A Standard Ontology for the Semantic Integration of Components in Healthcare Organizations I. Román a, L.M. Roa b, G. Madinabeitia a and L.J. Reina c Group of Telematic Engineering, University of Seville, Spain b Biomedical Engineering Group, University of Seville, Spain c Dept. of Signal Theory and Communications, University of Seville, Spain Escuela Superior de Ingenieros. C. de los Descubrimientos, s/n 41092 Sevilla (Spain) [email protected] a
Abstract. In this paper we introduce an ontology that covers all the terminology involved in the ODP standard. This ontology has been extended with concepts taken from the prEN12967 in order to apply it in the healthcare domain. Describing components formally and using this ontology, their semantic integration can be eased together with the benefits derived from the assistance to the automatic discovery, selection, invocation and composition of components facilities. Keywords. ODP, ontologies, semantic management, integration
Introduction The large number of applications, mutually isolated and incompatible, that are already available in the market, installed, and operational in healthcare organizations, effectively supporting specific needs of users cannot be underestimated [1,2]. The concepts of openness and modularity applied to this scenario of heterogeneous systems could improve the effective reutilization of existing applications and the development of new ones to offer more complex and advanced services. The cost-effectiveness of the solutions, especially when projected on the scale of the whole organization, represents another crucial aspect to be evaluated carefully [2]. This critical issue explains why several research groups and standard organizations are making efforts to solve integration and interoperability problems [3-6] within healthcare systems. The correct distinction between interfacing, integration and interoperability is essential in the design of the optimum strategy for the management of information and communication technologies (ICT) solutions in the healthcare organization. The interface is the boundary at which interaction occurs between two systems, processes, etc. The design of a specific interface between two particular systems is the most basic way of enabling them to work together. However, when the number of systems increases, the task becomes difficult or even impossible because of the great number of interfaces to be developed and maintained. Interoperability is the way to help several heterogeneous subsystems to collaborate harmoniously to deliver a specific service. Full sharing of information requires that two
258
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
levels of interoperability are reached: functional; how to access processes and services, and semantic; common understood of the exchanged information. Integration is the technique to permit that a variety of components work together in a seamless way, as if were a single system. The use of fully interoperable components greatly facilitates the integration process. Under the present circumstances, a critical issue is to make possible the integration and interoperability of already existing applications thereby securing investments already made and allowing continuity of the service whilst facilitating a gradual migration of existing proprietary, monolithic systems towards the new concepts of openness and modularity. In this paper we introduce an open language to describe healthcare facilities in order to improve the integration mechanism using semantic management.
1. Material and methods 1.1. Distributed components architecture in the healthcare domain Integration and interoperability solutions are often based on the decomposition of tasks inside the healthcare organization and the design of a specialized components-based architecture [7-9]. Components can be aggregated to a higher level of composition in order to offer services that are more complex. The purpose of the three-part draft European standard prEN 12967-1,2,3 [2,10,11] for a healthcare service architecture, is to identify a set of information services used within healthcare information systems, supporting specific requirements of the target organization, as well as being capable of co-operating and interworking according to the requirements of the organization as a whole. This allows describing the architecture of any generic healthcare information system as a federation of heterogeneous applications, interacting and co-operating through a set of components and information services. An important basis for the production of this service architecture standard, is the methodology of ODP [12] (Open Distributed Processing). The objective of ODP standardization is the development of standards that allow the benefits of distributing information processing services to be realized in an environment of heterogeneous IT resources and multiple organizational domains. ODP provides a five layered approach to the definition of information services. However, only the three upper levels, Enterprise viewpoint, Information viewpoint and Computational viewpoint are used to produce this standard. The two lower levels are certainly useful but should be considered in a specific implementation context.
− The enterprise viewpoint shall provide a guideline for the definition of the −
requirements for information exchange within a healthcare enterprise, with a focus on the purpose, scope and policies of the system. The information viewpoint is concerned with the kinds of information handled by the system and constraints on the use and interpretation of that information. It provides a methodology for detailing the semantics of the information to be processed as an information model and considering those provided by other standards for health informatics. This viewpoint supports the solution of semantics conflicts in the integration of systems.
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
259
− The computational viewpoint shall give guidance on the distribution through functional decomposition of the system objects that interact at defined interfaces. This is the basis for the solution of functional integration of systems inside the healthcare organization. Any architectural solution inside the European context should be compliant with prEN12967-1, 2, 3 and, consequently, with ODP methodology. 1.2. Semantic technologies for distributed processing Integration models for components or agents, supported by semantic management, are based on a formal and machine-computable description of the behaviour, requirements and interaction mode of the system agents. At the same time it is necessary to use a common ontology between components to represent the managed domain concepts and the methods to make the mappings between the local and the federated ontology. Once the target of an agent is specified, the use of a semantic description of the other system components eases the automatic search, selection and invocation of interfaces for the target resolution. . This integration method is very “open” in the sense that it is not necessary a normalized knowledge of the offered services and of the interaction procedures with the deliverer agent to make use of its facilities. This knowledge could be learnt in the moment when the agent needs it and through the formal interfaces definition. This way, the scalability of the solution is ensured. The development of middlewares based on this integration paradigm, supported by semantic management, is a high priority and a relevant research line at this moment. Semantic Web [13-15] and semantic grid [16,17] technologies are examples of those with more number of research groups involved. The requirements of components specification to be used compliant with this paradigm are completely compatible with the traditional distributed processed model introduced in ODP standard. This means that the concepts managed in ODP are just those needed for a complete semantic specification of the system components. 1.3. Formal languages for viewpoints representation The ODP reference model [12,18,19] defines the concepts for a formal specification of the distributed system but does not specify a concrete language for representation. The language selected for the description of the enterprise, information and computational viewpoints should be independent from the lower viewpoints, if a really open and technology-independent design of the architecture is needed, and therefore it has to be expressive enough to faithfully represent all its concepts. Otherwise, they tend to suffer from a lack of formal support [20]. Formal specification languages, as UML, have been used traditionally to represent architecture viewpoints. The possible lack of these open languages to represent some ODP concepts has been studied in several previous research works aimed at representing the ODP semantics more exactly [20-22]. All these works are centered in a specific ODP viewpoint and the formal representation of relations between them is not a main objective.
260
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
2. Results In this paper we introduce a language for the formal specification of ODP-based architectures and its extension to healthcare systems compliant with prEN12967. We have represented ODP concepts and relations as an ontology written in OWL language [23,24]. This ontology facilitates the formal representation of any system using the whole ODP terminology in a very straightforward way, by simply using an editor as Protégé to create instances of the ontology concepts [25]. The main benefits with respect to previous formal languages are summarized as follows:
• • •
• •
Relations between viewpoints are easily managed. Every concept related to distributed processing and included in the ODP framework is considered and can be used to describe components. Reasoners can be used for the management of ontology instances, to make the publishing, discovery, invocation and composition of components functionality in an automatic way. The management of proactive behaviour in the architectural components is facilitated too. The mapping to existing languages for specification of services, like WSDL or OWL-S [26,27], is very easy and this facilitates the development of the lower viewpoints that are technology dependent. The extension of the ontology with domain-specific concepts is straightforward. Those concepts used for interface and service classification could be extended with the particular needs of the domain and this can ease the semantic management of distributed components inside a domain-specific architecture. This idea has been validated with the extension for prEN12967 based systems.
This ontology is mainly based on X.960 (type repository function) [28] and X.950 (Trading function) [29]. Figure 1 depicts some classes and relations applied to the specification or interface signatures, as an example of the grade of precision that this ontology yields in the specification of open distributed components. The figure shows that not only traditional client/server interactions are described, because signals and flows are considered in ODP too. In this work we introduce an extension to ODP ontology based on prEN12967, applied to the healthcare environment. In particular, figure 2 shows the description of a service and figure 3 displays the corresponding operational interface description, detailing the operation the operation to list entities only. Our approach improves the discovery and selection of interfaces and methods to make the interaction of components more automatic. For example in figure 2 the Entity_Management_ Service_Characteristic parameter allows the classification and selection of the service based on prEN12967. This parameter, like all the others, is described compliant with ODP standard.
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
261
Fig. 1. Ontology concepts for the description of interface signatures.
262 I. Román et al. / A Standard Ontology for the Semantic Integration of Components
Fig. 2. Example of a service description with ODP and service characteristics for classification purposes based on prEN 12967.
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
Fig. 3. Example of operational interface.
263
264
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
3. Discussion Applying the method introduced in this work to the definition of interfaces of services inside the healthcare organization, the integration of middleware federated systems is easier and more scalable. First, we follow the ODP methodology, and therefore system components could be easily compliant with the European standard. Second, this approach eases the extension of the architecture and its accommodation to future requirements. For instance, it is possible to extend or modify the expression of environment contract when it is desired to introduce new parameters to represent the requested quality of service to establish a binding Third, mapping to lower viewpoints, technology dependent, is also easier because there are many tools for ontology management that include facilities to perform ontology mappings, and alignments. This is especially useful when languages as OWLS are used in the lower viewpoints, because these are formulated as OWL ontologies too. Finally, the use of existing techniques for semantic management applied to components integration is improved, because the formal specification, publication, discovery, selection, invocation and composition of components is facilitated thanks to the richness of expression in the introduced language.
References [1] CEN/ISSS e-Health Standardization Focus Group, "Current and future standardization issues in the eHealth domain: Achieving interoperability (Final Version)," Mar. 2005. [2] CEN /TC 251 Secretariat: SIS, "Health Informatics - Service Architecture (HISA). prEN 12967-1 Part 1: Enterprise viewpoint," 2005. [3] OMG, "Healthcare Domain Task Force standards" URL:healthcare.omg.org/Roadmap/corbamed_roadmap.htm. Last visited Dec. 2005. [4] B. B.Wein, M. Eichelberg, A. Ihls, and E. Poiseau, "IHE Integrating the Healthcare Enterprise-an update for Information Technology Infrastructure for 2005," International Congress Series 1281, pp. 169-174, 2005. [5] CEN /TC 251 web site. URL:www.centc251.org Last visited Dec. 2005. [6] HL7 web site URL:www.hl7.org Last visited Dec 2003. [7] M. Tsiknakis, D. G.Katehakis, and S. C.Orphanoudakis, "An open, component-based information infrastructure for integrated health information networks," International Journal of Medical Informatics, vol. 68, pp. 3-26, 2002. [8] K. Bernstein, M. Bruun-Rasmussen, S. Vingtoft, S. K. Andersen, and C. Nohr, "Modelling and implementing electronic health records in Denmark," International Journal of Medical Informatics, vol. 74, no. 2-4, pp. 213-220, Mar. 2005. [9] R. Neame, and M. J. Olson, "Security issues arising in establishing a regional health information infrastructure," International Journal of Medical Informatics, vol. 73, no. 3, pp. 285-290, Mar. 2004. [10] CEN /TC 251 Secretariat: SIS, "Health Informatics - Service Architecture (HISA).prEN 12967-2 Part 2: Information viewpoint," 2005. [11] CEN /TC 251 Secretariat: SIS, "Health Informatics - Service Architecture (HISA). prEN 12967-3 Part 3: Computational viewpoint," 2005. [12] ITU-T, "Rec. X901-Information technology – Open distributed processing – Reference Model: Overview," 1997.
I. Román et al. / A Standard Ontology for the Semantic Integration of Components
265
[13] E. Sirin, J. Hendler, and B. Parsia, "Semi-automatic Composition of Web Services using Semantic Descriptions," Web Services: Modeling, Architecture and Infrastructure workshop in ICEIS, 2003. [14] E. K. Neumann, E. Miller, and J. Wilbanks, "What the semantic web could do for the life sciences," Drug Discovery Today: BIOSILICO, vol. 2, no. 6, pp. 228-236, Nov. 2004. [15] The OWL Services Coalition, "OWL-S: Semantic Markup for Web Services," 2005. URL:www.daml.org/services/owl-s/1.0/owl-s.html Last visited Oct. 2005. [16] C. Goble and D. de Roure, "The Semantic Grid: Myth Busting and Bridge Building," 16th Eur. Conf. Artificial Intelligence (ECAI), 2004. [17] D. de Roure, N. R. Jennings, and N. R. Shadbolt, "The Semantic Grid: Past, Present, and Future," Proc. IEEE, vol. 93, no. 3, pp. 669-681, Mar. 2005. [18] ITU-T, "Rec. X.902-Information Technology-Open distributed processing-Reference model:foundations," 1995. [19] ITU-T, "Rec. X903-Information technology – Open distributed processing – Reference Model: Architecture," 1995. [20] R. Romero, and A. Vallecillo, "Formalizing ODP Computational Viewpoint Specifications in Maude," 2005. [21] B. Bordbar, J. Derrick, and G. Waters, "Using UML to specify QoS constraints in ODP," Computer Networks, vol. 40, no. 2, pp. 279-304, Oct. 2002. [22] M. W. A. Steen and J. Derrick, "ODP enterprise viewpoint specification," Computer Standards & Interfaces, vol. 22, no. 3, pp. 165-189, Aug. 2000. [23] W3C, "OWL Web Ontology Language, Guide," 2004. URL:www.w3.org/TR/owl-guide/ Last visited Sep. 2005 [24] W3C, "OWL Web Ontology Language. Overview," Feb. 2004. [25] "The Protégé ontology editor and knowledge-base framework page". URL:http://protege.stanford.edu/ Last visited May 2005. [26] D. Martin, M. Burstein, J. Hobbs, O. Lassila, D. McDermott, S. McIIraith, S. Narayanan, M. Paolucci, B. Parsia, T. Payne, E. Sirin, N. Srinivasan, and K. Sycara, "OWL-S: Semantic Markup for Web Services (Version 1.1)," 2005. URL:www.daml.org/services/owl-s/1.1/overview Last visited Nov. 2005 [27] D. Martin, M. Burstein, O. Lassila, M. Paolucci, T. Payne, and S. McIIraith, "Describing Web Services using OWL-S and WSDL,"Oct. 2005. [28] ITU-T, "Rec. X.960-Information Technology . Open Distributed Processing. Type Repository Function," 1999. [29] ITU-T, "Rec. X.950-Information technology - Open distributed processing – Trading function: Specification," 1997.
266
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
A Novel Management Database in Obstetrics and Gynaecology to Introduce the Electronic Healthcare Record and Improve the Clinical Audit Process a
Khaled EL HAYESa,1, Conor HARRITYa, Tahani ABU ZEINEHa Daisy Hill Hospital, 5 Hospital Road, Newry, Northern Ireland, BT35 8DR
Abstract.: Objectives. To design a system capable of recording complete and accurate electronic patient records with respect to obstetrics and gynaecology, with the ability to perform instant statistically summaries of data. Backgorund: Electronic patient records have been shown to provide numerous benefits for the clinician, with respect to patient consultation, accurate recording of data, medical audit and statistical analysis. In Northern Ireland there is no database designed to cover all the major clinical aspects of obstetrics and gynaecology. This project incorporates all aspects of obstetrics and gynaecology into a single database. Methods: Database designed using Filemaker pro 7, Macromedia Fireworks 8, and Microsoft photodraw. Problems specific to obstetrics and gynaecology included recording multiple pregnancy data, and the lack of a unique patient number (the current system in Northern Ireland gives patients a unique hospital number, and a separate maternity number for each pregnancy). Limking all of these sources was a major component of this database. The database contains many intrinsic tabulations, relationships, programming scripts and calculations to combine files and calculate important statistical information for clinicians automatically. Results: A successful audit of delivery statistics for December 05 was performed using the system. Several additional audits are currently under completion using the database. The major audit, completion date end April 06, is a 5 month summary of delivery data (Dec-April) based on mode of delivery, Robson groups, and Caesarian -Section rate among specified patient sub-groups. Conclusion: The system has been successful in its initial stages with obvious improvements to the medical audit process already apparent. The system should prove to be a valuable addition to the department and ultimately improve patient care. The ability to provide instant access to clinical data and statistics will simplify and improve the audit process, improving clinical governance. The management of the OB/GYN department should benefit greatly. Keywords: Medical Informatics, Electronic healthcare record, Audit, Obstetrics, Gynaecology, Database
1
Corresponding Author: Khaled El Hayes. 56 Forest Hills, Newry, N. Ireland, BT3 42FJ, UK [email protected].
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
267
Introduction The electronic health record (EHR) is becoming increasingly important in modern healthcare systems. Numerous clear advantages over paper records have been demonstrated. Any form of medical record, either paper or electronic, needs to be accurate, consistent, legible, complete, and simply presented[1]. The use of information technology in health care records allows the user to improve the quality of information, organize presentations of the data, convey accurate information quickly, meet specific needs, access a patient's data whenever and wherever it is needed, and to enable the rapid extraction of data to improve overall patient care[2,3]. Currently, in Northern Ireland, there is no electronic database designed to cover all aspects of Obstetrics and Gynaecology. Some systems exist which incorporate individual elements of either specialty, for example operative gynaecological details, ante-natal booking information, normality USS findings, and labour ward delivery records. There is no system available to correlate and record patient data for both specialties. The aim of this project was to design a system which combines all the major clinical areas of both specialties, and provide the clinician with a valuable source of electronic patient data with direct linkage between obstetric and gynaecological details, with the ultimate aim of improving patient management and the clinical audit process. There are wide variations in the amount of clinical data recorded during practice. The depth of operative notes for similar Cesarean sections by two different clinicians may vary dramatically, even though the procedures were quite similar. A system could be beneficial, where the user must enter data according to a set layout for the corresponding procedure, with set fields created to ensure that key data is entered and not overlooked. When performing audits to assess clinical practice, the deficiencies in paper record keeping become more apparent. An electronic system could be designed to ensure complete recording of patient information, and consistent data entry. Existing systems have been designed, aimed at administrative staff, with a corresponding bias in the type of information coded. This database is primarily a clinician-based system containing information that medical staff will require for both patient management and also audit of medical practice. Although the system was designed by clinical medical practitioners, the wide range of data coded in this database allows it to be used for administrative purposes, and fulfill department managerial roles provided by existing and alternative systems. Another important factor is the ability to work with existing systems. This database has been designed to allow automatic upload of existing information from previous data already entered on existing systems. This important feature allows a patients past obstetric and gynaecological history to be transferred onto the database, if it already exists on an alternative system.
1. Materials and Methods 1.1. Software Used Filemaker pro v7.0 Macromedia Fireworks 8
268
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
Microsoft PhotoDraw 1.2. System Design Database design was established using Filemaker Pro 7. Internet compatibility was a major concern in the design process, so it was vital to ensure that all of the files designed were xml compatible, eventually allowing possible internet publishing. To improve the appearance of the layouts, and give the database a professional design, backgrounds were designed using Macromedia Fireworks, and imported into the corresponding file. Microsoft PhotoDraw was used to design additional logos, icons and buttons. Major areas within both specialties are identified and files created to record data. The use of separate files rather than multiple tables within a single file allowed the user more freedom when choosing which aspects of the database have priority, and the ability to use individual units separately. Layouts were designed within files based on data required by the clinician. Lists of fields were created to enter and record necessary clinical information, and value lists were produced for appropriate fields. Drop down lists were applied to fields if suitable, in order to ease data entry and ensure consistent record keeping. A main menu file was created to ease navigation around the database, and maternity and gynaecology menu files were created to improve navigation around respective files and provide a site to link all aspects for each specialty.
Fig 1: Screenshot of the main maternity menu allowing access to obstetric components
Within the maternity database a novel concept was established to improve data storage, statistical analysis, and database navigation. A central delivery index file was created to record key information of every delivery, irrespective of the method. This file was linked to further files for each delivery method by table relationships and scripts,
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
269
allowing data transfer and preventing unnecessary repetition of data entry. The delivery index file was designed to look up any data previously entered from its corresponding file, but it was also created as a point from which other files automatically look up data.
Fig 2: Screenshot of Delivery Index file, central to the recording of patient delivery details and statistical calculations, linking aspects common to all modes of delivery.
Complex database tabulations and relationships were designed to link database files according to selected fields, and a large number of scripts were designed to allow movement between files only if necessary criteria had been met. For example, a multiple pregnancy can only be entered if the gestational order is higher than singleton (ie twin, triplet or high order), and the particular baby has not already been entered previously.
270
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
Fig 3 Screenshot of Caesarian Section “Procedure” layout, demonstrating facilities for recording operative details. Additional layouts are displayed in the menu bar.
1.3. Patient Number In Northern Ireland, all patients have a standard hospital number which is unique to the patient, and used for every admission, procedure, clinic review and hospital contact for every specialty (including gynecology), except obstetrics. Obstetric patients are issued with a maternity number which is specific to that pregnancy, and issued at ante-natal booking. A patient may therefore have a single hospital number, and several maternity numbers, one for each pregnancy. A major problem encountered in the database design was the need to link information from different settings with different numbers together for the same patient. 1.4. Multiple Pregnancy A major problem specific to obstetric databases involves the data entry, storage and statistical analysis of multiple pregnancy. Depending on the mode of delivery, and number of babies delivered, there can be variations in the coding of data depending on the denominator to be considered. For example, if a triplet pregnancy results in three babies delivered by vaginal delivery, this will be classified as 3 delivery procedures, and 3 babies delivered. If triplets are delivered by Cesarean section, this will be recorded a 1 delivery procedure, and 3 deliveries. The solution to this problem required extensive thought, and was achieved by programming a network of complex scripts along several files, using the presence or
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
271
absence of criteria to decide if a new record should be created, and existing record should be accessed. The central delivery index was designed to record a new entry for every baby delivered. The corresponding delivery details would then be entered into the respective files, as the correct number of procedures, as a result of the scripts and delivery information. 1.5. System Evaluation Initial evaluation of the system was preformed using retrospective data entry of 50 random patient charts that had already delivered. The initial data entry was by the authors only. This process allowed an initial evaluation of the system to be performed. Changes could be made to layouts, design, scripts, tables, value lists and files according to problems encountered during this process. The secondary evaluation of the system is in the form of a system audit based on data entry of patients who delivered during December 05. A range of health care professionals would perform the data entry. The audit involved assessing the amount of clinical data recorded by the system, the completeness of value lists for each field, the scripts used for linkage and navigation between layouts and files, automatic look up of selected fields to prevent repetition of data entry, and the statistical analysis of the system. The third evaluation involves assessing user satisfaction with the system. A questionnaire was designed to record the impression of the database in the following key areas: design, ease of use, amount of patient data stored, statistics, comparison to existing databases, and overall impression. The results of this questionnaire could be used to consider if any further changes need to be made before the final package is decided.
2. Results Initial data entry demonstrated that overall layout and structure of the system was satisfactory. With the use of actual clinical data, the value lists were updated to contain more complete information and fine changes to layout designs could be completed. Scripts function could be tested to ensure correct performance. By assessing the range of findings recorded by clinicians in patient medical records, the value lists for drop down menus in the database were expanded to cover most potential scenarios. The audit of delivery details for Daisy Hill Hospital during the month of December 2005 was completed, and the system was found to have performed this task quickly and successfully. A further audit has now been developed to provide data from deliveries for a 5 month period- December 2005- April 2006. The system will automatically calculate the Robson group from each delivery, then calculate the Caesarian Section rate for each Robson group. The third analysis was an assessment of user satisfaction with the system in the form of a questionnaire. The results are summarized in Table 1. Each topic was assessed by a quantitative assessment score with 1 being the lowest value and 10 the highest. An increasing score corresponded with higher user satisfaction. The results confirmed user satisfaction with the system, both with medical staff and also within midwifery and nursing staff.
272
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
TOPIC 1
2
3
4
5
6
Medical Staff Database design a Fonts, colours, text styles b Use of graphics c Clarity of information d Overall layout design Ease of use a Navigation through system b Quality of Help files c Ease of data entry d Ability to use system Patient data a Amount of information coded b Relevancy of data to clinical practise c Completeness of clinical data d Retrieval of data Statistics a Quality of statistical data b Completeness of statistical data c Usefulness of data Comparison to existing systems a Design b Ease of use c Information contained d Statistical data Overall Impression
Midwifery & Nursing
7 8 8 9
8 8 8 7
9 8 9 9
8 9 9 9
8 8 7 7
7 6 8 8
9 9 9
9 8 8
7 8 9 8 9
9 7 8 9 8
Table 1: Results of user satisfaction survey with database using a scoring system ranging from one (poor) to ten (excellent), demonstrating opinions of medical and midwifery staff.
3. Discussion Electronic patient records account for an important section of medical informatics work, and have significant benefits over paper records. The records can be accessed from several workstations simultaneously, by different personnel at different sites. This is a major advantage over standard paper records. Searching for patient notes can also be time consuming, particularly during out-of-hours periods. The immediate access achieved by an electronic data system has obvious advantages. Performing calculations is a major part of obstetric work, eg calculating EDD, gestational age, converting fetal measurements into size and weight. This system has addressed several problems users have encountered with previous and current databases used in obstetrics and gynaecology. A user friendly interface has been developed which staff have found to be more efficient, easier to navigate and both types of patient number have been integrated, and system testing has proven that patient data can be easily accessed with either number, and previously separate sets of information can now be linked regardless of the respective type of hospital number. A future development in this area will be the introduction of a standard NHS healthcare
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
273
number, specific to each individual. This database has allowed for this creation, with the capacity to record this information, and expand the linkage based on this format when it becomes used in widespread practice. Testing also proved the multiple pregnancy format to be a valuable innovation. Some previous work in this area has been confusing with either unnecessary duplication of data, additional layouts, extra database tables, or altering the overall statistics for obstetric data. By coding each baby delivered as a separate entry within a delivery index, and each procedure as a single entry in its respective file, correct total counts are achieved and Dating of pregnancy has been controversial, particularly when the patient is unsure of the LMP, there has been recent COCP use, or the menstrual cycle is irregular. Correct estimation of gestation age is vital, as inaccuracies can lead to problems with the timing of induction of labour, or monitoring fetal growth for IUGR. A special feature of this database is the ability to compile dating from several key stages of pregnancy- early pregnancy scans, booking USS, 20-24 week normality scan, and antenatal ultrasound. The data obtained from these scans can help the user decide if the LMP provides the most accurate gestational age and EDD, or if a revision needs to be made. The database was designed with web compatibility as a major consideration. Using a secure password protected network allows multiple authorized users to access the system at any time regardless of their location. A hospital intranet has been the standard network for systems of this type, but the internet can expand the potential use of a system. A secure system which protects confidential patient data, yet allows clinicians to access information outside the hospital network has many benefits. Peripheral outpatient clinics, where access to hospital paper based notes is not possible are another area which would benefit. Additional benefits could be in the private sector, as medical staff would be able to immediately access the hospital records from their patients at distant sites including private centres. The openness of the internet and security issues are major obstacles to overcome. As electronic health care records contain sensitive data, it is vital that the confidentiality and integrity of information are maintained. Potential ways of solving this problem include the use of secure web servers or virtual private networks (VPNs). The applications used for internet data security fall into three broad categories: cryptography applications, access authorization security and secure network protocols[5]. Cryptography applications prevent unauthorized data access by encrypting data, and only people in possession of the relevant encryption key can retrieve the original version[4,7]. The European Advanced Informatics in Medicine/Secure Environment for Information Systems in Medicine (AIM/SEISMED) project was initiated to address a range of healthcare related issues, and provides practical guidelines for health-care centres regarding security aspects[4,5]. A vital part of any electronic database system is ensuring that all of that data is accurate and correct. Improper data can have severe consequences in terms of patient management, audit, and medico-legal issues. The accuracy of electronic data is dependent on the user responsible for data entry. Several measures exist to ensure the integrity of electronic patient healthcare information. Electronic signatures, based on asymmetric cryptography, can be applied to ensure the integrity and accuracy of data stored in a cross-institutional electronic patient record system[8]. Accountability of data on EHR can be using audit trail logs or file logs, which store information
274
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
including user identification, session date and time, documents used, and changes made to files or documents[8,9]. An Australian study demonstrated that the accuracy of the reporting of the obstetric complications by computer systems has been doubted due to the inconsistency and confusing coding categories available in different coding systems[4]. This study emphasized the difficulty of existing obstetric databases in recording maternal medical conditions during pregnancy. In this system a separate antenatal file was created to allow detailed coding of any maternal medical problems during the antenatal period. The key advantage of this database over systems designed to monitor a particular pregnancy related complication is the amount, and variety of data that can be accessed regarding any patient; delivery details, gynaecological procedures, early pregnancy scanning, outpatient gynaecological data, and much more.
4. Conclusion The use of medical informatics is gaining increased importance, with obstetrics and gynaecology representing one area where electronic information can provide valuable assistance. Electronic patient records have numerous benefits for the clinician, with respect to patient consultation, accurate recording of data, medical audit and statistical analysis. Sharing patient data between medical staff providing care, at different locations, is another area which electronic records will enhance. It is vital in this area that the confidentiality and integrity of health-care information is protected, whilst ensuring it is available to authorised health-care providers . Hospital management can be greatly improved. Instant access to vital statistics like Caesarian section rates can be achieved, and these can be automatically standardized to set criteria, eg Robson group, to allow direct comparison between hospitals and regions. This database will be a valuable addition to the Obstetrics and Gynaecology department, improving patient care, standardizing medical records and aiding the clinical audit process.
Acknowledgements Thank you to the Consultants in obstetrics and gynaecolgy, Daisy Hill Hospital, for their support and asistance with this project. Additional thanks to our SHO collegues for their help in data entry, especially Dr B Smyth and Dr S Fatima..
References [1] [2] [3]
Bradbury A. Computerized medical records: the need for a standard, J. Am. Med. Rec. Assoc. 19(3) (1990) 25–37. Collins B , Wagner M. Early experiences in using computerized patient record data for monitoring charting compliance, supporting quality initiatives and assisting with accurate charging at Allina Hospitals & Clinics. Int. J. Med. Inf. 74(11-12) (2005) 917-925. Elliott B. To computerize or not to computerize the patient care record: that is the question. Del. Med. J. 74(11) (2002) 435–441.
K. El Hayes et al. / A Novel Management Database in Obstetrics and Gynaecology
[4] [5] [6] [7] [8] [9]
275
Thornton C, Makris A, Ogle R, Hennessy A. Generic obstetric database systems are unreliable for reporting the hypertensive disorders of pregnancy. Aust N Z J Obstet Gynaecol; 44(6) (2004):505509. Smith E , Eloff1 JHP. Security in health-care information systems—current trends. Int. J. Med. Inf. 54(1) (1999) 39-54. Barber B, Garwood D, Skerman P. In: Security in Hospital Information Systems, Security and data protection programme presented at the IMIA WH10 Working conference, Durham. 1994. Carter G, Clark A, Dawson E, Nielsen L. Analysis of DES Double Key Mode, In: Proceedings of the IFIP TC11 eleventh international conference on information security, Chapman and Hall, 13– 127, 1995. Van der Haak M , Wolffa AC, Brandnera R, Dringsb P, Wannenmacherc M, Wettera T. Data security and protection in cross-institutional electronic patient records. Int. J. Med. Inf. 70(2-3) (2003) 117-130. Baker DB, Masys DR, PCASSO: a design for secure communication of personal health information via the Internet. Int. J. Med. Inf. 54 (1999) 97–104.
This page intentionally left blank
EFMI Session
This page intentionally left blank
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
279
SNOMED-CT: The Advanced Terminology and Coding System for eHealth Kevin DONNELLY 1 SNOMED International, College of American Pathologists, Northfield, Illinois, USA ®
Abstract. A clinical terminology is essential for Electronic Health records. It represents clinical information input into clinical IT systems by clinicians in a machine-readable manner. Use of a Clinical Terminology, implemented within a clinical information system, will enable the delivery of many patient health benefits including electronic clinical decision support, disease screening and enhanced patient safety. For example, it will help reduce medication-prescribing errors, which are currently known to kill or injure many citizens. It will also reduce clinical administration effort and the overall costs of healthcare. Keywords. SNOMED, Terminology, Coding Systems, Interoperability
Introduction Clinicians and information technology specialists have made steady progress toward developing fully electronic health information systems, in hospitals and health systems. National healthcare IT systems are now being implemented in countries such as the UK, Denmark, the United States and Australia. However, as more countries standardise their national health IT infrastructure, a standard clinical terminology or reference set of clinical concepts will be required to represent clinical information in that infrastructure, drive clinical decision support and support clinical workflow 2 . Electronic healthcare records will not interoperate without the standardised data structure found in clinical terminology. Language is not used uniformly in medicine. Clinicians often use different phrases to mean the same thing or the same phrase to mean different things. Standardisation, using a concept-based clinical terminology, largely resolves this situation by creating a common platform for practitioners to deliver enhanced patient care while allowing a basis for comparison and communication. Relevant clinical information concerning a citizen will need to be consolidated from many different clinicians and from different care settings to ensure that the citizen’s care is coordinated and continuous. The variety and diversity of health information technology currently employed within and across care settings presents an added problem which is overcome by using a standardized clinical terminology to enable system interoperability, i.e. the ability for unambiguous data to be exchanged between systems, regardless of the technology used. Without 1 2
Corresponding Author: Kevin Donelly, SNOMED® International, College of American Pathologists, Northfield, Illinois, USA. Email: [email protected] Hieb, Barry; Controlled, Medical Vocabulary in CPR Generations. Gartner Note Number TU-20-1272. November 5, 2003.
280
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
such standardisation, specially built interfaces and other workarounds become necessary, creating the potential for errors, costly additional administration and compromising the care of citizens. In 1964, the College of American Pathologists (CAP) developed its first terminology, the Systematized Nomenclature of Pathology (SNOP), which provided pathologists with a clear and consistent set of terms and codes for use in storing and retrieving medical data. The first version of SNOP contained about 11,000 terms and set a new standard for medical terminologies. Over the last 42 years, the CAP has continued to improve and expand its healthcare terminologies, providing the framework for clear and accessible medical records. Some of the key advances in the CAP’s healthcare terminology during this period include: x
x x x
x
Broad Scope – in 1974, the scope of SNOP was expanded into the Systematized Nomenclature of Medicine (SNOMED), including a broad array of terms encompassing the full range of medical specialties and healthcare environments; Computerization – the CAP was an early proponent of computerized medical systems, producing an electronic version of SNOMED in 1977 for newly introduced mainframe medical information systems; Dedicated Staff – in 1997, SNOMED International was created as a distinct division within the CAP, providing SNOMED with a dedicated staff to support the development and improvement of the terminology; Comprehensive – in 1999, SNOMED RT (Reference Terms) was completed; this fifth major revision of the CAP’s healthcare terminologies was the first to be released in electronic form only and included more than ten times the content of the original SNOP; Standards Development – the next year, the CAP received recognition from the American National Standards Institute (ANSI) as an accredited standards developer for the SNOMED RT terminology model.
1. Supporting Electronic Health Records SNOMED RT introduced a number of key innovations that revolutionized the value of the terminology for computerized healthcare applications. Working in collaboration with Kaiser Permanente, advances in medical informatics and computer science were incorporated into the design and structure of SNOMED RT. These advances, such as the use of description logic and relational database structures, enabled healthcare application developers to begin to offer features that allow users of electronic health records to identify, aggregate, share and retrieve information based on a wide variety of criteria.
2. The Evolution of SNOMED CT In 1999, the College of American Pathologists (CAP) and the Government of the United Kingdom formed a strategic alliance to create a convergence of SNOMED®
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
281
Reference Terminology (SNOMED® RT) and Clinical Terms Version 3 (CTV3). The resulting work, SNOMED Clinical Terms® (SNOMED CT®) combines the robust strength of SNOMED RT in the basic sciences, laboratory and specialty medicine with the highly granular primary content of CTV3 (formerly known as the Read Codes). The result is a comprehensive and precise clinical reference terminology that provides unsurpassed clinical content and expressivity for clinical documentation and reporting. SNOMED CT terminology enables clinicians, researchers and patients to share comparable data worldwide, across medical specialties and sites of care. SNOMED CT was developed based upon four basic principles that have guided development activities related to the distribution table structure and clinical content, and will continue to guide the future directions of SNOMED. These guiding principles are: 1. 2. 3. 4.
Development efforts must encompass broad, inclusive involvement of diverse clinical groups and medical informatics experts. The clinical content must be quality focused and adhere to strict editorial policies. The quality improvement process must be open to public scrutiny and vendor input, to ensure that the terminology is truly useful within healthcare applications. There must be minimal barriers to adoption and use.
The design of SNOMED CT has been driven by the expressed needs of clinicians and software developers for features that improve their ability to develop useful applications. In response to these needs, the design adds unique numeric identifiers, includes links to legacy codes, supports a sustainable migration and maintenance strategy, permits adaptability for national purposes, and fosters alignment with other terminologies and standards such as HL7, XML, LOINC, and DICOM. SNOMED CT delivers on a promise of standardized quality clinical terminology that is required for effective collection of clinical data, its retrieval, aggregation and re-use as well as the sharing, linking and exchanging of medical information. This three-year project created SNOMED CT (Clinical Terms), the most comprehensive healthcare terminology in the world, which provides the essential foundation to support full electronic health records. Since its initial release in 2002, SNOMED CT has established itself as the leading contender for an international healthcare terminology standard. With more than twice the content of SNOMED RT and a greatly expanded structure of logical definitions and relationships, it can provide a common language for global electronic health records that transcends culture and geography.
3. SNOMED CT Components 3.1. Concepts SNOMED CT contains representations of over 300,000 healthcare-related concepts. Each concept is identified by a unique ConceptId and is distributed as a row in the Concepts Table. Each Concept includes alternative identifiers of the same concept using:
282
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
x x
The five-character code used in Clinical Terms Version 3 (and earlier Read Codes versions). The six to eight-character code used in SNOMED International.
3.2. Descriptions A Description associates a human-readable term with a Concept that it describes. A Concept may be associated with multiple alternative Descriptions that represent the Preferred Term, Synonyms, or Fully Specified Name for the Concept in a particular language or dialect. A Description may be a preferred name in one language and a synonym in another. This is indicated by references to the Description from an appropriate Language Subset. Each Description is identified by a unique DescriptionId and is distributed as a row in the Descriptions Table. 3.3. Relationships A Relationship represents an association between two Concepts. Each Relationship is identified by a unique RelationshipId and is distributed as a row in the Relationships Table. A Relationship contains identifiers of two logically associated Concepts and the identifier of another Concept that indicates the Relationship Type by which they are associated. x For example, a Relationship may assert that “arthritis” (first related concept) “is a” (relationship type) “joint disorder” (second related concept). A Relationship contains an indication of its CharacteristicType. This distinguishes between: x x x
Defining characteristics, which state things that are always true about a Concept. Qualifying characteristics, which offer options for qualifying a Concept. Context specific characteristics, which may vary according to place or time.
A Relationship has a Relationship group attribute which links interrelated defining characteristics. x x x
For example, “removal of a foreign body from the stomach by gastrotomy” involves: “removal” of the “foreign body” (not to the stomach) “incision” of the “stomach” (not the foreign body)
A Relationship may itself be represented in a hierarchical structure called a role hierarchy. x
For example, Direct Device and Indirect Device are both subtypes in the Procedure Device role hierarchy.
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
x x
283
Concepts can have relationships defined with Direct Device, Indirect Device, or Procedure Device. Data retrieval can be constructed to recognize the role hierarchy membership and collect all concepts with descendants of Procedure device. Table 1. Tabular view of the “is a” relationships for an example concept3
Supertypes of bacterial pneumonia bacterial pneumonia is a bacterial infectious disease bacterial infectious disease is a infectious disease infectious disease is a disease disease is a SNOMED Clinical Terms Concept bacterial pneumonia is a infective pneumonia infective pneumonia is a pneumonia pneumonia is a disease of lung disease of lung is a disease of respiratory system disease of respiratory system is a disease disease is a SNOMED Clinical Terms Concept infective pneumonia is a infectious disease infectious disease is a disease disease is a SNOMED Clinical Terms Concept
SNOMED Clinical Terms Concept disease
disease of respiratory system infectious disease disease of lung
pneumonia infective pneumonia
bacterial infectious disease
bacterial pneumonia
Figure 1. Graphical representation of the “is a” relationships of an example concept.
3
Note that the Relationships shown in the table and diagram are not the definitive released Relationships of these Concepts. They have been simplified to illustrate particular points in the text.
284
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
4. Top-level Concepts 4.1. Role of top-level concepts The top-level of the subtype hierarchy contains Concepts that represent broad semantic types. These include: x x x x x x x x x
Attribute Body structure Context-dependent category Environments and geographical locations Event Clinical Finding Observable entity Organism Pharmaceutical / biologic product
x x x x x x x x x
Physical force Physical object Procedure Qualifier value Social context Specimen Staging and scales Substance Special concept
A Concept can have more than one supertype parent. However, each Concept is a subtype descendant of one and only one top-level Concept. Thus a Concept that is a “disease” cannot also be a “procedure.” In Figure 1 there are three distinct routes between the Concept “bacterial pneumonia” and the root concept. However, all of these routes converge at or below the top-level Concept “disease.”
5. SNOMED CT Quality Development Process The SNOMED CT development process incorporates the efforts of a team of internal and external modelers. A documented scientific process is followed which focuses on understandability, reproducibility and usefulness (URU). Content is defined and reviewed by multiple clinician editors. Conflicts between editors are resolved through an iterative process, based on achieving agreement and consensus, before being entered into the terminology. As necessary, additional experts are consulted to review the scientific integrity of the content.
6. Expert Input The heart of SNOMED CT quality is the involvement of key stakeholders at each step of the process. Over 350 individuals have had input into the original work. The role and credentials of each group is summarized in the table below.
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
285
Table 2. Roles of College Committees, Staff and Volunteers in Development and Review of SNOMED-CT
Entity SNOMED International Authority
SNOMED International Standards Board
SNOMED Working Groups
SNOMED International Clinical Terms Design Teams
Role Within the governance structure of the College of American Pathologists (CAP), the SNOMED International Authority has the direct responsibility for terminology related activities. It establishes strategic direction for CAP’s medical terminology activities, current and future terminology projects, strategic alliances, and support requirements. The Authority consists of CAP leadership, the SNOMED Scientific Director who serves as Chair of the SNOMED International Standards Board, key internal staff directors and external stakeholders from within and outside the U.S. These individuals bring expertise in the following areas: national and international standards, medical informatics, software, database licensing, biotechnology, clinical and academic medicine, and managed care. The SNOMED International Standards Board is responsible for the scientific direction, editorial processes, and scientific validity of terminology. The Standards Board, composed of voting members and organizational liaisons, recommends guidelines for external input and field-testing. It oversees the quality assurance process. The Standards Board consists of both clinical content experts and medical informatics experts, half of who come from the United Kingdom’s National Health Service. In addition, liaisons from numerous associations reflect the vision of an integrated clinical vocabulary useful for dentistry, nursing, veterinary medicine, radiology, ophthalmology, public health, and other clinical specialties, and compatible with standards such as HL7 and DICOM. Participation of liaisons ensures scientific input from a range of clinical specialties and government agencies. Chaired by the SNOMED Scientific Director, this group provides scientific direction for and supports the work of a multidisciplinary team of modelers and data administrators. The SNOMED Working Groups utilize the quality standards to structure terminology related to specific clinical domains. The Working Group for Nursing, for example, is comprised of domain experts external to CAP and supported by the SNOMED International operations team. The groups advise the SNOMED Standards Board regarding scope of coverage, creation of hierarchies, semantic terminology definitions and scientific accuracy of the concepts and terms within a specific clinical domain. The SNOMED International Clinical Terms Design Teams were responsible for the technical and content development of this combined work. They were composed of subject matter and technical experts from the United States and the United
286
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
SNOMED Team: Operations, Terminology Modelers, Consulting and Licensing
Kingdom. They reported to the SNOMED International Standards Board and interacted with end-users in the United States and the United Kingdom. SNOMED International brings extensive experience in development and use of SNOMED. Its multi-disciplinary team in the US and UK comprises individuals with backgrounds in medical informatics, clinical medicine, laboratory medicine, pharmacy, nursing, education as well as database services. This core group is backed by the expertise of the College of American Pathologists including more than 400 staff and approximately 70 standing CAP committees. The external terminology modeling team includes physicians and nurses at Kaiser Permanente, the American Academy of Ophthalmologists and the American Veterinary Medical Association, long time supporters of controlled medical terminology.
7. Extent of Review for Creation of SNOMED CT x x x x
x
x
The quality processes used in the development of SNOMED CT were complemented with external review. Technical review: The technical specifications for SNOMED CT were published for comment on both the SNOMED and NHS websites. Alpha test review: Forty-two organizations in six countries tested the SNOMED CT alpha test file and completed a structured assessment instrument. Alpha test feedback: Debriefing sessions were conducted in the U.S., in the U.K. and in Australia, at which time test sites shared their positive experiences and recommendations for improvement. Peer review: The methods used in developing SNOMED CT were presented in 6 scientific papers at the 2001 American Medical Informatics Association (AMIA) meeting, the largest association of leaders in medical informatics in the world. SNOMED CT was also part of an additional three papers and six posters at the 2002 AMIA meeting and additional posters for AMIA 2003. SNOMED CT was also the subject of papers in the American Health Information Management Association (AHIMA) Journal in 2001-2003, posters at 2001 and 2002 annual meetings, and presentations at the 2003 annual meeting. Early adopters of SNOMED RT (a structure that mirrored SNOMED CT core tables) were debriefed on their implementation experience in order to identify the key issues to be addressed in the SNOMED CT Technical Implementation Guide.
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
287
8. Ongoing Development The SNOMED CT team follows a process of continuous quality improvement. Updates are published on a semi- annual basis, updating the breadth and scope of the content to reflect changes in clinical care and advances in medical science; refining the content to deliver greater precision for data collection, retrieval and aggregation; and enhancing the functionality to serve r users better. Also included: x
x x x x
x
An electronic web-based application has been developed for licensees to enter terminology requests and track the status of those requests online. In addition, the application provides for email notifications are mailed to requestors at significant milestones in the completion of those requests. The SNOMED CT documentation is reviewed with each release to reflect content, structure and process improvements. The SNOMED Working Groups recommend direction and specific actions to the SNOMED International Standards Board. Cross Mappings – the cross mapping structure has allowed the creation of mappings from SNOMED CT concepts to existing classification and coding schemes, such as ICD-9, ICD-10 and ICD-O3; Subsets – while the broad scope of SNOMED CT is one of its principle strengths, it can sometimes be overwhelming for users; the subset mechanism allows a set of concepts suitable for a specific purpose or application to be defined; Integration – when established and validated vocabularies for specific domains have been identified, such as LOINC or the various nursing vocabularies, they have been integrated directly into SNOMED CT’s content
9. SNOMED Clinical Terms – applications and services SNOMED Clinical Terms is a terminological resource that can serve many roles in healthcare software applications. User-requirements vary according to the roles for which it is used. Healthcare software applications usually address a particular set of requirements associated with one or more clinical and/or business processes. Detailed requirements for integrating SNOMED CT into a particular application inevitably depend upon intended uses, the perceptions of users and the available technical environments. The following examples illustrate a few possible types of implementation: x A SNOMED CT enabled clinical record system incorporating clinical data entry, decision support, links to knowledge bases, sophisticated analysis, order-report message interfaces, support for record communication or sharing, etc. x A data warehouse storing and analyzing records expressed with SNOMED CT encoded concepts. x A diagnostic departmental system sending reports that include SNOMED CT encoded concepts to other systems. x A hand-held data collection device used for input of a limited range of frequently used coded concepts.
288
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
x x
A decision support system using SNOMED CT concepts to represent guidelines and protocols for distribution to other systems. A system designed to enable the creation of queries for use in analysis of data held by various other systems, some of which contain SNOMED CT encoded data.
10. SNOMED CT Adoption SNOMED CT is the most comprehensive healthcare terminology currently available in the world, an assertion that has been validated by numerous independent studies. In breadth of scope and depth of knowledge, it provides the necessary foundation for electronic health records (EHR) across the entire spectrum of clinical healthcare – from direct patient-practitioner interactions, to laboratory testing and reporting, statistical analysis and billing systems. SNOMED CT has built a strong reputation among clinical practitioners established by its predecessors, previous versions of SNOMED and the READ Codes, and has been solidified by the positive support that SNOMED CT has received from a variety of sources. In addition to being selected by the UK as the NHS’ core terminology, the US National Library of Medicine (NLM) chose to license SNOMED CT in order to make it freely available for use within the US. In addition, numerous groups have recommended SNOMED CT as the core health terminology standard for the US, including both the National Committee on Vital and Health Statistics (NCVHS) and the Consolidated Health Informatics Initiative (CHI). No other terminology has been as highly rated or come close to receiving the same level of support. Internationally, SNOMED CT has been translated into both Spanish and German, and is currently being translated into Danish. This is proof that the terminology can become a genuine international standard, which has contributed to its growing base of knowledgeable users and supporters.
11. Global Need for SNOMED CT The one key issue driving healthcare agendas throughout the world is the rising cost of its provision. Managing and controlling the costs of healthcare have become a necessity for patients, providers, third-party payers and governments, who are increasingly looking to information technology to provide answers and solutions. As a result, massive amounts of money are being budgeted and spent on Health IT (HIT), and particularly on systems to implement electronic health records (EHR). Overall, the total expenditure on HIT has doubled from $15 billion worth of goods and services in 19974 to an expected $30 billion in 2006. While only a fraction of that total relates to areas within which SNOMED CT is relevant, the overall interest in this area is clear. If a standard on international clinical terminology is not adopted nations will risk billions of dollars in electronic data conversion in the future. For example if a country who decided to switch over to the international standard later and convert citizen data to this standard (estimated cost: approximately 500 dollars per citizen) would run the 4
Doug Johnston, Eric Pan and Blackford Middleton; Finding the Value in Healthcare Information Technologies (2002)
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
289
genuine risk that data will be lost or not converted at all, and thousands of citizens will be put at risk. With no data conversion the harm caused by prescribing errors alone would be: 832 injuries per 100,000 citizens taking up 3% of hospital beds; and 20 deaths per 100,000 citizens5. While these projects are largely focused on the unique requirements of each country, there are broader opportunities that are demanding international solutions that consolidate competing, and often contradictory, healthcare standards to simplify implementation and provide interoperability among national healthcare systems. One instance is the European Union, which is in the process of defining its healthcare policies for the coming decades and will require systems and standards that operate seamlessly and accurately across borders. The free movement of persons is one of the four fundamental rights for citizens of the EU, and gives citizens the opportunity to live, work, establish a business, and study in all EU Member States. Health policy makers must ensure that healthcare is available for EU citizens who move and are on the move. The Dutch citizen on holiday in Spain must have access to care at least equal to that in the Netherlands and of equal quality and economy. They must provide emergency services for people traveling on shortterm stays for tourism non-emergency services for those residing mid-term or longterm. How can this be accomplished without an electronic record with a clinical terminology able to be translated from Dutch to Spanish with meaning retained? On a national or international basis, a standardized clinical terminology makes healthcare knowledge more usable and accessible. Core terminology enables a consistent way of capturing, sharing and aggregating health data across specialties, healthcare settings and sites of care. It is difficult, if not impossible, to drive significant improvements in nations’ health outcomes, costs and quality without a standardized clinical terminology. The increasingly widespread practice of people moving between nations and continents, and the emerging momentum for the implementation of electronic healthcare records, means that there will be a greater need for the sharing and exchange of citizens’ electronic healthcare records between nations. This can only be achieved if there is a common international standard underpinning healthcare systems. Multiple practitioners can share important patient information, trigger effective treatment guidelines, and improve patient outcomes with the assurance that, descriptions of diagnoses and treatments are represented consistently across all health care providers. Clinical care, decision support, and research, in addition to patient safety initiatives, rely on the same information: diseases, treatments, aetiologies, clinical findings, therapies, procedures and outcomes all become digitized. To foster efficiency, users can record data just once, at the level of specificity they choose, and then search it repeatedly for knowledge support, statistical reporting, outcomes measurement, evidence-based medicine, performance data and cost analysis. This means that, at a national level, governments will be able to extract key statistical data to provide information for areas such as disease surveillance to assess trends in the health of a nation; provide facilities to manage disasters. For example, the ability to administer the health records of displaced citizens such as those caught up in Hurricane Katrina in the southern USA; be able to recognise epidemic situations much earlier enabling governments to be more proactive and respond faster to minimise the harm to citizens and reduce the associated national costs. 5
Extrapolated from British Medical Journal, Jul 2004; 329: 15 – 19
290
K. Donnelly / SNOMED-CT: The Advanced Terminology and Coding System for eHealth
There are other benefits relating to the funding of care, even to the level of payment of clinicians for the quality of care when using a standardised clinical terminology. In the UK General Practitioners (community doctors) using Read codes, which form part of SNOMED CT, are now being paid on the quality of care they provide, rather than the quantity. This is only made possible by the use of a standardised clinical terminology in their system.
12. Conclusion A clinical terminology is essential for Electronic Health records. It represents clinical information input into clinical IT systems by clinicians in a machine-readable manner. Use of a Clinical Terminology, implemented within a clinical information system, will enable the delivery of many patient health benefits including electronic clinical decision support, disease screening and enhanced patient safety. For example, it will help reduce medication-prescribing errors, which are currently known to kill or injure many citizens. It will also reduce clinical administration effort and the overall costs of healthcare. Clinical Terminologies enable effective secondary use of the clinical data for performance management and the evaluation of resources to patient outcomes without the need for time consuming and costly separate data collection. Creating SNOMED CT as the global clinical terminology will enable nations to effectively share clinical data and collaborate on health issues, for example to act quickly in a coordinated manner in the event of a pandemic.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
291
EHR in the Perspective of Security, Integrity and Ethics Ragnar NORDBERG 1 JMP Research & Development AB, Sweden
Abstract. Success stories of modern applications in healthcare and welfare, like the electronic health record, are always linked to end user awareness, confidence, and acceptance. Reports and surveys have given proof of these dependencies. Knowing about existing and emerging concerns and weaknesses right in advance allows to taking actions on an ethical, social, and societal level. This paper gives a review of specific observations regarding security, privacy, authentication, integrity and ethical aspects when operating an electronic health record (EHR) system in a hospital, an open care department and in a wider community of the health care sector. A reference is given to existing and emerging international standards related to the aforementioned aspects. Keywords. Security, Integrity, Ethics, Certificate, Log, Audit
Introduction Generally, an electronic health record (EHR) is considered the core application of modern healthcare and welfare processes. Regarding a life-long coverage of almost all aspects related to a person’s health, a lot of requirements with regard to security, safety, privacy, and ethics need to seriously be taken into consideration. In Sweden, a variety of EHR systems have been introduced and used during the last ten years. The systems have been improved over the time without having any national policy or a national goal in place for the structure of the information. The differences in the systems and a relatively low computer maturity level of typical medical end users are some of the causes for the security, safety, and privacy hazards, which have resulted in a series of unwanted and unexpected situations and incidences. The author of this paper has focused his ideas on some of the most relevant examples of the hazards and how they can be avoided in the future. 1. System The EHR systems themselves must have a number of basic features in order to be able to meet the requirements for a safe and secure EHR system. Some of these most fundamental requirements are: 1
Corresponding Author: Ragnar Nordberg, PhD, JMP Research & Development AB, Nordängsgatan 18, SE-43169 Mölndal, Sweden; Email: [email protected]
292
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
a.
b.
c.
d.
There is a need for a permanent possibility to read and write items of the EHR from all parts of the hospital and health centers as well as from the private practitioners [1] If the information about the patient is spread in different local electronic record systems it results in a variety of problems some of which fall within the security category. If for instance the patient has been treated with a certain medication in one hospital and then appears in another hospital for some other reason, the second hospital may use a conflicting medication because they do not have the information recorded and stored by the first hospital. There may be other reasons like over-sensitivity or allergy for special treatments and so on. From an ethical point of view, there is also a problem with separated information sets since it is disturbing for the patient to have to repeat the information every time they are visiting a care center or a hospital. This is especially true if the information is of traumatic nature. There is a need for a permanent possibility to import information (data) from other systems like laboratory systems, X-ray systems, etc. or to have automatic connection possibilities to these systems which make it possible to read these data items directly from the EHR system [2]. Keeping the same data in different systems is always associated with serious problems. There is a need for a permanent possibility to immediately correct information in the EHR system if mistakes have been occurred. However, it must, in most cases, be possible to see that a correction or an update has been made, what the correction or the update was all about, and eventually who provided it. There is a need for a permanent possibility to handle situations where, by mistake or due to misjudgment of the diagnosis by the clinician, wrong information of an embarrassing nature has been written to the system. In such cases, the information has to be completely locked or even be removed with or without any trace depending on the policy. The EHR systems shall therefore have support and routines for such situations.
2. Technical and Software Quality The technical quality of an EHR system is very important for its functionality as system failures may result in a damage or even loss of information, which in turn can result in danger, harm, and security as well as safety risks for the patient [3]. Also system stops due to the insufficient quality of the servers, the communication network and/or the quality of the system software including applications creates security and safety risks since the personnel cannot access vital information and has therefore to take notes by hand and then enter the notes into the system later on when the system is up and running again. In case more serious failures do occur, for instance a hard disc or storage media crash, it is of outmost importance that back-ups on a regular time base have been made. Tests of the back-up files have to be performed regularly as well to see that the back-up procedure itself is correct, to see that the recorded files are good, and to learn how to restore the system and the respective data files. Since loss of patient data is definitely intolerable, the time intervals between two back-up sessions have to be covered with additional safety precautions. This is normally done by running mirroring systems
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
293
reducing the risk to lose data and making it possible to continue to run the system also if one of the system components should fail.
3. Patient Identification Patient identification and verification is a very important parameter for the security and patient integrity in each and every single EHR system [4]. It is more important in an EHR system than in a paper-based health record. The reason for this is simply that virtually any information in an EHR system is gathered automatically from different specialist systems in which the patient has to have the same identity in order to link the information. Sweden has become one of the leading countries in this respect as it has established by law a system for person identification common for social welfare, health care, tax collection, and other official governmental functions. It has also developed a fairly smooth system to give unique identifiers to immigrants and visitors.
4. Authorization EHR access authorization can be assigned in many different ways. The most common one is to give different access rights to different categories (groups) of the hospital staff according to their functional and structural roles which reflect both their profession and their specialty [5]. A common problem that often arises is that of one person having two or even more roles making the assignment of access authorization rather complex as it requires an advanced access control and administration system of the access ruling authorities. It is therefore not uncommon that instead of assigning detailed access authorizations, a widely used access needs to be created that covers all the roles of one person. In the worst case, “group access authorizations” or “group logons” are used in order to make it easier for the staff to use the same EHR terminal without having to sign on and off every time they need access to the EHR. The way to reduce the need for group logons is to use automatic log off when the terminal not has been used for a specified time. When the user returns to the terminal and logs on again with his password afterwards he will immediately be back in the program where he was logged out. Experts do call this system a “frozen desktop”. In order to secure the control of the access to the EHR information, the system has to have a logging facility which registers every single logon transaction with parameters like date and time, identity of the respective person, and type of action, e.g. read, write, update, lock, etc. that has been carried out including even the data items that have been read, written, updated, or locked respectively. This type of logging creates an enormous quantity of data. It is not possible to analyze all that data without special software program tools. These tools should be an essential part of the EHR system and available to the auditors for their regular inspections. There are some intelligent logging systems detecting illegal access and alarming the responsible person when an illegal access occurs. In practice it has been shown that it is very difficult to maintain these systems. It is more realistic to make up some schedule for how these controls shall be carried out with a normal analysis program.
294
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
The typical way to check the procedure is to randomly select some employees and figure out what EHRs they have accessed and whether they have had the right to do so. Normally, health professionals do have the right to access the EHRs for all patients under their direct care in their ward. If an illegal access is detected it is very important that there are policies and rules made up in advance on how the case shall be handled. This is also an important confidence and acceptance feature for the patients. In case patients suspect that an unauthorized person has read their EHR they shall have the right to see the log and get help to analyze the log data. The administration part of the access authorizations shall also have features that check the use of passwords, the respective password rules (numeric and alphanumeric characters) and the periodic changes of the employees’ passwords. The most important feature, nonetheless, is the fact the system is easy to use. If not, the users try to find ways around the security features in order to speed up the process, which then often ends up in an insecure system. Generally speaking, both the security and the safety of a system depend on the behavior of the human end users. The higher the levels of awareness, confidence, and acceptance of a medical system, the higher are the security and safety of that system. All measures, rules, procedures, and guidelines need to be clearly defined in the forehand. This is generally done in a respective security and safety policy. Policies can be defined for applications, systems, persons, components, procedures, and more. Policies are generally linked, or dedicated, to a certain domain. Linking domains does mean linking (or bridging) policies. Among others, a way on how to perform policy management and policy bridging can be found in [1, 5].
Figure 1. Process Model of Policy Agreement [1]
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
295
5. Policies and Policy Bridging Following the ISO technical specification TS 22600 on privilege management and access control [1] as well as other definitions, a security policy describes all the legal, ethical, social, organizational, psychological, functional and technical implication of an application. A common situation today is that hospitals are supported from several vendors providing different applications, which are not able to communicate authentication and authorization since each has its own way of handling these functions. To achieve an integrated scenario an organization has to spend a huge amount of resources to get users and organizational information mapped before starting communication. Resources are required for development and maintenance of security functions, which grow exponentially with the number of applications. If, on the other hand, this organization looks on authorization from the healthcare organization point of view, a flexible bridging model is needed due to the fact that organizations change continuously. Units are closing down, opening and merging. The situation becomes even more complex when communications across security policy domain boundaries are necessary. The policy differences between these domains then have to be bridged through policy agreements between the parties. Another complexity is found in roles when it comes to users. A user can adopt different roles related to different periods of time and even have two or more roles simultaneously. For example, a user may work as a nurse for two months and as a midwife for the next two or just have both roles within the same time period. Moreover, different responsibilities can be identified in the healthcare organization depending on the role and activities of the users. Moving from country to country or even from one healthcare centre to another, different types or levels of authorization may be applied to similar types of users, both for execution of particular functions and for access to the information. A third most important issue today is how to improve the quality of care by using ICT, without infringing the privacy of the patient. To allow medical professionals to have more adequate information about the patient the organization needs to have a kind of a ”virtual electronic health care record” which makes it possible to keep track on all activities belonging to a single patient regardless of where and by whom the data items have been documented. With such an approach, a generic model or specific agreement is needed between the parties just for authorization. Besides the needs for supporting a diversity of roles and responsibilities, which are typical in any type of large organization, additional critical aspects can be identified such as ethical and legal aspects in the healthcare scenario due to the particular type of information that is managed. The need for restrictive authorization already exists today but is going to dramatically increase over the next couple of years. The obvious reason for that is the increase of exchange of information between applications in order to fulfill the demands of medical professionals on having access to more and more patient related information to ensure the quality and efficiency of patient treatment. The situation, with respect to healthcare and its communication and application security services has changed during the last decade. Reasons for that are, for example: x
Moving from mainframe based proprietary legacy systems to distributed systems running in local environments
296
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
x x
More data are stored in information systems and are therefore also more valuable to the users Patients are more ambulant and in need of their medical information at different locations.
From this follows that advanced security is required in communication and use of health information due to the sensitivity of person-related information and its corresponding personal, social, and societal impact. Those security services concern both communication and application security. Regarding communication security services, such as authentication, integrity, confidentiality, availability, accountability (including traceability and non-repudiation), and control of access to entities as well as notary’s services, it is authentication that is of crucial importance for most of the other services. This is also true for application security such as access control to data and functions of applications running at the aforementioned entity, integrity, confidentiality, availability, accountability, audibility and the notary’s services. The implementation of the respective ISO technical specification 22600 [1] will be very complex since the involved parties will already have legacy systems in operation, and will therefore not be willing to update their system immediately to newer versions or even completely new systems. It is therefore very important that a policy agreement needs to be written between the parties involved that states that they intend to progress towards this future standard when any change in the systems is intended The policy agreement itself shall also contain defined differences in the security systems and agreed solutions on how to overcome the differences. For example, the authentication service, rights and duties of a requesting party at the responding site, have to be managed according to the agreed policy written down in the agreement. For that reason, information and service requester, as well as information and service provider on the one hand, and information and services requested and provided on the other hand, have to be grouped and classified properly. Based on that classification, claimant mechanisms, target sensitivity mechanisms and policy specification and management mechanisms, can be implemented. Once all parties have underwritten the policy agreement the communication and information exchange can start with the existing systems if the parties do not see any risks. If there are risks which are of such importance that they have to be eliminated before the information exchange starts they shall also be recorded in the policy agreement together with an action plan for how these risks shall be removed. The policy agreement shall also contain a time plan for this work and an agreement on how it shall be financed.
6. Information, Education, and Training Education and training of human end users is always very important, but it is especially important for the use of EHR systems. If the systems are used in a wrong way it can create mistakes that generates wrong information and misleading interpretations. The system can then be hazardous for the safety of the patient. A situation, which became more and more common, is to hire personnel from organizations outside the hospital or the clinic, sometimes even from a different country. The personnel are often not familiar with just this EHR system, and are therefore a security and safety risk in case they do not receive a good education and a comprehensive training before they start using the system. Considering hired staff from
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
297
third party countries, additional risks concerning different language and different legal background may occur. Education and training measures are of special importance in case the EHR system is linked to other systems and information is automatically imported when needed. In case the user has not achieved a proper understanding of how to retrieve the data from the partner systems this can for sure generate a security risk for the patient. In all situations the users have to have an ethical mind. If the ethical behavior in general were perfectly established it would not be necessary to implement any access rights and logging systems. This is unfortunately not the situation all over the world, and therefore there is a need for ethical training as well.
7. A System Easy to Use An EHR system must be able to fit with the processes of the care of the patient. Human-readable and understandable intuitive user interfaces containing the necessary information for every single step in the care process in a well-defined way to be understood by medical professionals in their own language are very important for a system’s success story in order to avoid having additional paper notes and records beside the original EHR system. If this occurs it is easy to fail to transfer the paper notes into the EHR system, and again a really hazardous situation has been created for the patient. The easy-to-use system creates in addition a level of confidence that allows the end users to make extensive use of all components and functions of the whole system rather than using additional system causing the aforementioned risks and hazards for both medical professionals and patients.
8. Conclusions It is important to note that certain system requirements need to be met in order to establish a secure, safe, and reliable EHR system: x x x x x x x x
All information about a specific patient can be retrieved from the EHR system in order to avoid mistreatment and other risks for the patient due to missing information. The system itself has solid routines for the correction and the update of such information that has been added by mistake or in a pre-version. The system’s hardware and software is of high quality and certified by regional or national authorities. Safety routines like regular periodic back-up and restore routines must exist; they must be tested under real conditions. A well-defined patient identifier and staff functional and structural roles identifiers must exist. All users are well educated and comprehensively trained in the use of the specific EHR system as its sub-systems. The EHR system in general is easy to use. Existing international standards are used when building, selecting or modifying national, regional, or local EHR systems.
298
R. Nordberg / EHR in the Perspective of Security, Integrity and Ethics
Acknowledgement The author is in debt to the European Commission for the funding of several successful European research projects that have lead to the aforementioned results. He would also like to thank all national and international partners and organizations (including ISO TC 215, CEN TC 251, EFMI WG SSE; EFMI WG EHR, CEN/ISSS eHealth Standardization Focus Group, etc.) for their support and their kind co-operation.
References [1] [2] [3] [4] [5]
ISO/PRF TS 22600 -- Health Informatics -- Privilege management and access control. Part 1 and 2. CEN prEN 13606 -- Health Informatics -- Electronic health record communication. Parts 1 to 4. ISO TC 215 TR Assuring patient safety of health informatics products V3.0 CEN TC 251 WG III NWIP Technical Report on patient identification and cross-referencing in the process of care ISO/CD 21298 -- Health Informatics -- Functional and structural roles
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
299
Personal Health – the Future Care Paradigm Thomas NORGALL a 1, Bernd BLOBEL b and Peter PHAROW b Image Processing and Medical Engineering, Fraunhofer Institute for Integrated Circuits IIS, Erlangen, Germany b eHealth Competence Center, University of Regensburg Medical Center, Germany a
Abstract. Demographic, economic and social conditions developed countries are faced with require a paradigm change for delivering high quality and efficient health services. In that context healthcare systems have to turn towards individualized of patient’s care, also called personal care. Interoperability requirements for ubiquitous personalized health services reach beyond current concepts of health information integration among professional stakeholders and related Electronic Patient Records (“e-Health”): Future personal health platforms have particularly to maintain semantic interoperability among systems using different modalities and technologies, different knowledge representation and domain experts’ languages as well as different coding schemes and terminologies to include home, personal and mobile systems. The paper introduces the evolving paradigm related to personal health information systems. Keywords. eHealth, Health Telematics, Communication Standards, Body Area Network, Micro-systems, Personal Health
Introduction All industrial countries are faced with the challenge for ensuring efficiency and quality of health care independent of constraints in time, location and resources of principals involved. According to the Object Management Group’s definition, principals are any actors in the health systems including its informational support such as persons, organizations, systems, devices, applications, components, etc. [1]. The challenge must be met despite of demographic developments towards aging population, increasing expectations on quality of life and lifestyle, growing demands for health services, rising costs for diagnostic and therapeutic procedures and decreasing insurance funds. The solution out of this dilemma is seen in specialization and decentralization combined with extended communication and collaboration, also called shared care paradigm. This is bound to a paradigm change for providing health services from organization-centered to process-controlled care. In the future, the level of specialization and decentralization will grow up to individualized care according to health status and process needs of the single citizen, i.e., personal health (pHealth). In this context, prevention and monitoring especially chronic diseased patients play an increasing role. Shared care at any level 1
Thomas Norgall, Fraunhofer Institute for Integrated Circuits, Image Processing and Medical Engineering, Am Wolfsmantel 33, D-91058 Erlangen, Germany; Email: [email protected], URL: http://www.iis.fraunhofer.de
300
T. Norgall et al. / Personal Health – The Future Care Paradigm
needs comprehensive support by information and communication technology ICT). Those ICT systems have to be specialized and decentralized too. For providing seamless care, the systems have to be closely connected in an intelligent and comprehensive way. For implementing the new care paradigm, eHealth, i.e. the connection of advanced health telematics and telemedicine is introduced at regional, national and global level.
1. Materials and Methodology Intensive collaboration between persons and institutions directly or indirectly involved in the citizens’ care requires semantic interoperability of supporting information and communication systems. Hereby, domains bound to specific rules or policies are connected at different hierarchical level and therefore at different level of system granularity. Domains and their policies concern legal, ethical, social, organizational, functional and technical aspects. Following, semantic interoperability includes agreed structure and content of communicated information and its appropriate use independent of time, legal, organizational, functional or lingual boundaries. For guaranteeing a connection of domain and for enabling the individualization of processes to respond to special needs and conditions of clients without limitations and restrictions -increasingly even at international level-, the supporting health information systems have to be highly flexible and dynamically bound the corresponding policies. Furthermore, all spheres of life and all media/modalities for diagnosis, therapy and care have to be included.
2. Results The aforementioned requirements for semantically interoperable health information systems and health networks can be formally modeled with the Generic Component Model which has been developed at the Magdeburg University Medical Informatics Department in the mid-nineties already [2]. This component model can manage any system in any domain. So it allows for modeling physical processes, information systems, or devices from medical, technical, legal, administrative, financial, securityrelated or other domains. On the basis of a unified process for business process modeling, requirements analysis, design, implementation, test, evaluation, certification and deployment, the complex system under consideration will be simplified in three dimensions. First, the domains a system is touching have to be separated. Second, the system can be decomposed and then composed again using specialization or generalization relationships, respectively. Finally, a system can be considered using different viewpoints on the system according to the ISO Reference Model – Open Distributed Processing [3]. Here, the business process expressed by the Enterprise View, the informational expression of this process expressed by the Information View and the functional aggregation of algorithms and services expressed by the Computational View are described through platform independent models of the system. Platform-specific implementation details are described by the engineering View and the Technology View. The system’s architecture (i.e. the system’s components, their functions and relationships) is characterized through the components’ concepts and their aggregations. The representation of concepts and association rules is provided by
T. Norgall et al. / Personal Health – The Future Care Paradigm
301
constraint models, which are derived from reference models. The knowledge representation is performed by using meta-languages. For ensuring semantic interoperability, reference terminologies and ontologies have to be defined, using the aforementioned methods for knowledge representation in the Generic Component Model’s context too. By this way, different systems deploying different modalities, belonging to different domains and different business areas, using different domain languages, can be harmonized and bound to policies. From this modeling, the specification of invocation calls and the development of XML messages can be derived. The connection of biomedical devices for patient monitoring and care is provided using the CEN ISO/IEEE 11073 standards set (which is based on ENV 13734/13735 “VITAL” and IEEE 1073-x) [4] as well as CLSI (formerly NCCLS) POCT-1A [5]. Thereby, biomedical devices can be aggregated and replaced like any other component. This is especially true for future mobile, modular, personal systems for individually caring patients. Such systems can be deployed in clinical setting and in homecare as well. By that way, patients’ transfer between both settings can be facilitated. Typical system components at different level of development and accentuation are: x x
x
x
Highly integrated sensor and human-machine interface components at the body or wearable in clothing (e.g. intelligent wireless sensors; wearable devices; PDA); Components and infrastructure enabling communication between the aforementioned systems and components on the one hand and stationary systems and services on the other (e.g. Body Area Network; mobile phone/mobile network; wireless LAN; workstation with gateway function in patient’s home; appropriate middleware); Distributed functions for sensor signal processing, state recognition and state monitoring up to person- and situation-related information and intervention offered (e.g. qualified management of emergency calls; cumulated multiparameter records, processing and presentation using PDA or workstation); Information and expert systems for recognizing and managing emergency cases, for informing the patient as well as decision support for healthcare professionals (e.g. localization of principals; access to reference data; personspecific support for interpretation of data, secure access to patient’s personal information / Electronic Health Record).
The provided system functions realize proper escalation strategies, while the system components next to the patient are relatively autonomic for minimizing communication and maintenance effort, energy consumption and on the other hand communicating with external stationary system components in certain cases (exceeding of thresholds / recognition of exceptional situations, emergency cases, alerts, but also for routine communication). Following, some of standards specifying the integration of medical devices in health information systems for enabling person al health systems are presented in some detail.
302
T. Norgall et al. / Personal Health – The Future Care Paradigm
2.1. Standards for Medical Device Interoperability In contrast to other clinical communication standards, the CEN ISO/IEEE 11073 family of standards provides real-time “plug-and-play” interoperability to facilitate the efficient adding and swapping of acute and continuing care devices, such as patient monitors, ventilators, infusion pumps, ECG devices, etc in critical environment settings. To fulfill real-time requirements, a highly efficient “Medical Device Encoding” scheme is used. Conversion to alternative XML encoding reduces real-time capabilities, but enables use of XML-specific concepts and tools [6] promising dramatic cuts of development time and effort for interoperability component implementation. “Plug-and-play” practically means that all the clinician has to do is make the connection – the systems automatically detect, configure and communicate without any subsequent human interaction, maintaining both functional and semantic interoperability. Health informatics and clinical communication standards are often generally interpreted as relating to ISO/OSI Level 7 based on the assumption of generally available LAN-infrastructure to build upon. A prominent example for this approach is the HL7 communication standard accordingly named [7]. For medical devices, interoperability explicitly implies all ISO/OSI Levels. While 11073 defines/modifies standards in ISO/OSI levels 7 – 5, it chiefly references to other standards (such as 802.x, IrDA, Bluetooth, etc.) in levels 1 – 4. For systems in homecare, even more for mobile systems which provide personal health services in dynamic environments, equivalent considerations apply. In order to enable functional interoperability using different (wired, IR and RF wireless) network technologies, CEN ISO/IEEE 11073 provides standards for internetworking in the 11073.5 branch of the 11073 standards family. In that context, the 11073 specification for “Agent Device”, e.g. an infusion pump, pulse oximeter, or ventilator, and the corresponding 11073 specification for “Manager System” – a patient monitor or device manager have to be mentioned. Both are situated in different sub-networks using different network technologies. Other typical applications are wired-to-wireless transport gateways or LAN/IR access points. Based on CEN preparatory work [8], CEN ISO-IEEE 11073-60101 defines an 11073/HL7 “Observation Reporting interface” (ORI) enabling device-to-HIS-level interoperability. It is the first standard in the 11073.6 “Application Gateway” branch of the 11073 standards family which is intended to provide interoperability among different application protocols. The 11073 coding scheme is a registered HL7 Coding Scheme since 2003, permitting its use in HL7 messages. 2.2. Body Area Networks The Body Area Network (BAN) concept specifies wireless communication between several miniaturized, intelligent Body Sensor (or actuator) Units (BSU) and a single Body Central Unit (BCU) worn at the human body. It is characterized by a maximum range typical for human body dimensions, e.g. 2m. The BCU concentrates the BSUoriginating data streams, performs intermediate storage and processing as well as communication to the outside world using standard wireless technology like DECT, WLAN or Bluetooth. The Network Access Unit (NAU) can be implemented as a medical gateway hosting an embedded web-server.
T. Norgall et al. / Personal Health – The Future Care Paradigm
303
Both NAU and BCU may provide standard interfaces, particularly implementing ISO-IEEE 11073 “Agent” functionality. From a communication perspective, a BAN can thus be regarded equivalent to a 11073-compliant modular medical device, implying semantic interoperability between BAN and remote professional or clinical systems. 2.3. IMEX – a Micro-System Perspective for Interoperability As development of micro-sensors and micro-systems particularly for homecare and personal health-related applications is progressing, acquisition of multiple bio-signals, for instance blood pressure (BP), ECG, respiration, urine flow etc. can be performed by means of miniaturized patient-worn equipment. Utilizing the BAN concept for collection and communication of data to enable multi-parameter monitoring, microsensors can also be integrated into BSU units. The German IMEX project [9] aimed at communication among micro-systems and with external device systems analyzing possible interfaces and their communication requirements. Accordingly a Micro System Data format (MSD) was defined which enables the use of standard health Telematics coding schemes for semantic core elements on micro-system-level, minimizing processing overhead for preparation of micro-system-generated data for external standard-based communication [10]. Thus the “semantic interoperability chain” is extended to the micro-system level. Figure 1 shows smart micro-systems as the other end of the healthcare interoperability chain.
Figure 1. Smart micro-systems as the other end of the healthcare interoperability chain
3. Specification and Implementation Process Apart from formal standardization activities increasingly addressing cross-standard interoperability issues, the IHE (“Integrating the Healthcare Enterprise”) initiative [11] initiated in 1998 by HIMSS (Healthcare Information and Management Systems Society) and RSNA (Radiological Society of North America) embarks on a complementary strategy to “promote and support the integration of systems in a healthcare enterprise (hospital)“. Motivated by the obvious lack of interoperability among available HIS, RIS or PACS systems, clinical workflow optimization (e.g. to provide continuity and integrity of patient information, to foster communication among information systems from different vendors, to avoid repeating tasks like typing patient names, to eliminate data redundancy etc.) is maintained by a set of “Integration
304
T. Norgall et al. / Personal Health – The Future Care Paradigm
Profiles” which specify the use of existing standards. Part of the IHE work on DICOM/HL7 interoperability is equivalent to the CEN ISO/IEEE 11073-60101 ORI standard. Ongoing IHE work aims at integrating Laboratory/Point-of-Care Testing and ECG communication. For describing a unified process, the Rational Unified Process [12] or the HL7 Development Framework can be used. For domain-specific specializations, existing models such as HL7 Domain Message Information Models (D-MIMs), HL7 Refined Message Information Models (R-MIMs), HL7 Common Message Element Types (CMETs) [7], but also GEHR Archetypes [13] can be re-used. Also other knowledge representation means can be deployed [14]. The future advanced eHealth architecture for individualized healthcare with region-crossing or European characteristics has been defined in the eHealth Action Plan of the European Commission and the EU Member States. The Electronic Health Record (EHR) is the core application of any eHealth platform; different countries are differently approaching to. The variants cover a medication file as starting point for eHealth in The Netherlands and the UK, the Sharable Record approach in favor in Finland up to a comprehensive record architecture modeled and implemented within the national programme. E-Letter E- Consultation
E H R
Specialist
DICOM CT R MR I X-Ray S Radiology
Hospital IHE
General Practitioner
H I S
ECG Ultrasound
HL7
Intensive Care Units Monitor
... Electronic Health Record
Pharmacy
IC U Manager
Pump
Respi rator
Agent
Agent
Analyser Analyser
POCT 1-A Lab
...
... 11073 / VITAL PDM S
...
L I S
PoC
PoC
...
E-prescription Pharmacies
Insurance Companies
Labs, Care services etc.
?
b
Home / mobile
Figure 2. Typical “e-Health” stakeholders, systems, interaction and integration paths
Finally, all developed countries are seeking for a lifelong, comprehensive Electronic Health Record. Beside the EHR, the improvement of quality and safety of patient’s care facilitated through evidence-based medicine and knowledge management providing decision support is in the main focus of all approaches. In that context, in Europe and in all other regions around the globe as well, ePrescription will be combined with ePrescribing. For implementing eHealth, an advanced security infrastructure and privacy services are prerequisites for distributed health information systems and health networks. Identification and authentication of all principals involved as well as security services and privacy services such as confidentiality, integrity, accountability, traceability and availability, but also privilege management, authorization, access control and audit have to be mentioned here. Application of security tokens (e.g. smart cards bearing keys and certificates), a Public Key Infrastructure (PKI), directory services and ID-Management structures and services including Master Person Index (MPI) and Person Identification Services are essential.
T. Norgall et al. / Personal Health – The Future Care Paradigm
305
In any environment but especially in personal health settings, acting principles cover not only persons and organizations, but also devices, systems, applications, components, etc. Figure 2 is summarizing the personal health environment.
4. Discussion Interoperability implies a number of different concepts, e.g. functional interoperability and internetworking, semantic interoperability and application gateways. Health information integration (eHealth) established a demand for interoperability between clinical and healthcare-related stakeholders, systems and processes or workflows. Domain-specific communication and interoperability standards are well established, but have to be supplemented for trans-domain use. Interoperability concepts for medical devices as well as for personal and/or mobile systems need to involve all 7 ISO/OSI reference model layers and particularly have to include terminology/coding aspects. The advanced concept of pHealth extends eHealth by the inclusion of smart sensors, body-worn mobile systems and situation-specific activation of applications and human health professionals, thus providing personalized ubiquitous health services. Body Area Networks and micro-systems are building blocks of future personalized health telematics infrastructures that extend existing interoperability concepts. Figure 3 provides examples for sensor and actuator systems for personal health developed by the Fraunhofer IIS, Erlangen.
Figure 3. Micro-systems for monitoring patients
The transfer to personal health information systems with process-controlled, service-oriented, context-sensitive, semantically-interoperable information and communication architectures requires open, highly flexible, regarding the cared as well as the caring party individually tailored application systems. Such applications cannot be pre-manufactured anymore, but must be dynamically created and adapted to the actual requirements and needs. By that way, beside the already established technology paradigms of Mobile Computing for realizing accessibility (e.g. tele-consultation) and Pervasive Computing for realizing independency of a location while providing services (e.g. telemedicine), the paradigm of Autonomous Computing for realizing self-
306
T. Norgall et al. / Personal Health – The Future Care Paradigm
organizing systems will be introduced. The combination of the aforementioned technology paradigms leads to Ubiquitous Computing, which is bound to other paradigms and trends such as health grids. Personal health also requires an adequate legal framework and the new orientation of traditional organizational patterns.
Acknowledgement The authors are indebted to the colleagues from HL7, ISO TC 215 and CEN TC 251 for kind support.
References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
Blobel B: Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Series “Studies in Health Technology and Informatics” Vol. 89. IOS Press, Amsterdam 2002. Blobel B: Assessment of Middleware Concepts Using a Generic Component Model. Proceedings of the Conference “Toward An Electronic Health Record Europe ’97”, pp 221-228. 20-23 October 1997 London. ISO/IEC 10746 “Information technology – Open Distributed Processing, Part 2 – Reference Model”. http://www.ieee1073.org http://www.nccls.org or http://www.clsi.org http://www.w3.org http://www.hl7.org CEN SSS-HIDE (2001): Health Informatics-Strategies for harmonisation and integration of device level and enterprise-wide methodologies for communication as applied to HL7, LOINC and ENV Becks T, Dehm J.: IMEX – A New Knowledge Platform for Microsystems in Medicine. http://www.vde-mikromedizin.de http://www.iec.ch/ http://www.rsna.org/ihe IBM. Rational Unified Process. www.ibm.com/software/awdtools/rup/ Beale T, Heard S: Archetype Definition Language. openEHR Foundation, Ocean Informatics Australia 2004. Blobel B. Concept Representation in Health Informatics for Enabling Intelligent Architectures. Submitted to the MIE 2006
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
307
Formal Policies for Flexible EHR Security Bernd BLOBEL 1 and Peter PHAROW eHealth Competence Center, University of Regensburg Medical Center, Germany Abstract. State of the Art methodologies for establishing requirements and solutions to securing applications are based on narrative descriptions about the use of available system, sometimes also dedicated to system components. Even nowadays new developments to ruling application security services by the use of predicate logic suffer from being administered manually. Therefore, security and privacy requirements cannot be properly met resulting in restrictions and fears for allowing the use of sensitive data and functions. Because of the sensitivity of personal health information and especially of genetic data with its wider implications beyond the original subject of care, weaknesses in guaranteeing finegrained security and privacy rules lead to less acceptance or even the avoidance of essential information transfer and use. To overcome the problem, security and privacy have to become properties of the architectural components of the respective health information system. Embedding security into the systems architecture allows for negotiating and enforcing any security and privacy services related to principals, their roles, their relationships, further contextual information as well as other regulations summarized in formally modeled policies. The paper introduces the evolving paradigm of the model-driven architecture, first time also comprehensively deployed for security and privacy services in bio-genetic and health information systems. Keywords. Model-Driven Architecture; Meta-languages Security; Privacy; Policy; Authorisation; Access control
1. Introduction Establishing an eHealth environment, organizational, legal, functional, social, ethical, and technical requirements must be met. In that context, security and safety are important challenges influencing the user acceptance and specifying the risk a healthcare establishment is faced with. Performing security analysis, risk assessment, policy specification, Continuity of Business (CoB) management, etc., narrative or semiformal methods are widely used. This is true in the context of classical medical informatics, but also and even stronger in the context of bioinformatics. The increased challenge in the genetic domain results from the implication of persons from outside the care process as well as the informational and functional consequences of genetic knowledge. Describing the situation and setting the requirements, standards and methods such as Cobit, KonTraG, ISO 15408, ISO/IEC 17799, ISO 13335, ISO 9000, Basel 1 und Basel 2, ITIL-based processes, NIST SP-800-53 as well as many others are very good tools not supporting the implementation and the enforcement of the security services needed, however. Taking this into consideration, the discrepancy between 1
Bernd Blobel, Ph.D., Associate Professor, University of Regensburg Medical Center, eHealth Competence Center, Franz-Josef-Strauss-Allee 11, D-93042 Regensburg, Germany; Email: [email protected]; URL: http://www.ehealth-cc.de
308
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
programme and reality, between challenges and practical disasters are growing. Especially in the health care domain with its highly sensitive information on one hand and on the other hand the traditional and important doctor-patient relationships, job sharing procedures, and the complex system model regarding both the delivery process as well as the subject of care, weights of security are sometimes underestimated in relation to patients health and safety or process requirements. Defining policies, requirements, procedures, and solutions narrative, the realization of principal interoperability including non-human beings provides an obstacle which has to be overcome. Regarding the basic principles of security and related models and solutions, see [1]. The answer to meeting the aforementioned challenges is to embed security services into the architecture as one domain’s aspect of the architectural components. System architecture is the set of the system’s components, their functions and relationships. Application security deals with the trustworthiness of the application’s behavior. Therefore, application related security services have been put in the centre of an architectural approach to security.
2. Related Work In many real implementations, the classical lattice-based mandatory access control (MAC) model has been implemented sometimes enhanced by an owner-based discretionary access control (DAC) model allowing for privileging others up to privilege for assigning privileges [2]. Such approaches couldn’t be managed in healthcare establishments such as hospitals or health networks with hundreds or even thousands of users. Over the last decade, the role-based access control (RBAC) paradigm has been developed and stepwise enhanced as a way to managing authorization and access control (e.g. [3]). Permission assignment is based on the role a principal is assuming during a work session. Early work of the author has been confirmed meanwhile (e.g. [4]). The policy is bound to the role and not to the principal, thereby forming rather stable (static) relationships. For mutually exclusive sets of roles, simple rules or constraints have been defined. For meeting additional constraints, the temporal RBAC, the environmental RBAC have been used to manage more complex coarse grained and rather simple security policies. Richer security policies can be handled by the generalized RBAC defining ordered groups of subject roles, object roles, and environmental roles. Another refinement considers the conditional assignment of permissions depending on context constraints. For considering context-related constraints (e.g. temporal, object specific, location related), also other models using first-order predicate logic have been developed. The weakness of all currently available RBAC models is the definition of simplified policies without ways for implementing and controlling them. If some enforcement has been realized, it has been borrowed by the inclusion of assumptions about the underlying technology abstracting from application structure and functionality. In any case, security services and functionalities are defined completely different and independent from the application functions, therefore not being part of the applications behavior. The only way of combining security services and application functions is the integrated enforcement of security. As a solution, security services have to be designed as integrative part of the application system’s architecture.
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
309
3. The Generic Component Model
Technology View
Engineering View
Computational View
Component Decomposition (Granularity)
Information View
Component View
Enterprise View
Modeling a system aims at simplification of that system regarding both its structural decomposition and its functional focus [5]. The framework for future-proof health information system architecture is based on the Generic Component Model developed in the mid-nineties (e.g. [5, 6]). Basis of that architecture are a Reference Information Model (RIM) and agreed vocabularies enabling interoperability. Referenced to them, domain-specific constraint models will be specified which represent domain-specific knowledge concepts considering both structural and functional knowledge. The corresponding components have to be established according to all views of the ISO Reference Model 10746-1 – Open Distributed Processing (RM-ODP), i.e. enterprise view, information view, computational view, engineering view, and technology view [7]. A view focuses consideration on one single aspect abstracting from all others. Developing the different domain concepts and their view representation is not a task of programmers but of domain experts. Because a healthcare process comprises different domains, the bunch of models must be aggregated properly. For that reason, they will use appropriate expression means such as specific graphical representation (e.g. UML diagrams) or sometimes even verbal templates expressed in XML. The use of the aforementioned meta-languages UML and XML respectively enables unambiguous expressions by defining the specification, the language used, the rules for establishing the language as well as how to setting up those rules, all done in a unified way. The components can be aggregated to higher levels of composition. Contrary to the ISO definition of primitives and composition, in the Generic Component Model at least four levels of composition/decomposition have been defined (Figure 1).
Business Concepts Relations Network
Basic Services/ Functions Basic Concepts
Figure 1. Generic Component Model
The proposed approach allows for expressing constraints at different level of a system’s composition: at the basic concept level of all views deployed in the RM-ODP, at the aggregation level following business rules (enterprise view) or logical constraints (expressed in the information view and in the computational view as well).
310
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
4. Formal Security Modeling The crucial point of the advanced and future-proof approach is the formal modeling of the policy, i.e. the specification of the legal, organizational, social, ethical, functional, and technical implications of a system and its component. This definition clearly goes beyond a technical consideration. Belonging to a special domain -the policy domainsuch a policy has to follow the generic component approach and represent all the views of RM-ODP. The formally specified policy models must be aggregated to the other models describing medical, administrative, or technical aspects of the health information system in consideration and also complying with RM-ODP and the development process defined. After developing the generic component model, this paradigm has been applied to policies and security requirements fitting into the standard-based eHealth environment including HL7’s Reference Information Model (RIM) [9] as well as the Model-Driven Architecture (MDA) and the Service-Oriented Architecture (SOA) combined with the corresponding Unified Process, which is absolutely new [10]. The result is a hierarchical model of a security policy and its basic components, subcomponents, etc. Policy policy_identifier : SET policy_name : CS policy_authority_ID : OID policy_authority_name : ST policy_domain_identifier : SET policy_domain_name : EN policy_target_list : LIST
BasicPolicy policy_subject_ID : OID policy_subject_name : ST target_identifier : SET target_name : EN target_object : II operation_code : CE permission_policy : CD constraint : OCL
CompositionPolicy event : CV policy : CD mpolicy : CD policy_group : SET constraint : OCL
MetaPolicy meta_expression raised_action : CE
Group group_identifier : SET group_name : CS group_description : CD
RefrainPolicy action : CE Obligation Policy event : CV exception : Exception
Management Structure roles : Role rels : Rel mstructs : Mstruct
Role subjectDomain : OID role_identifier : SET role_name : CS role_description : CD
AuthorisationPolicy Delegation Policy grantee : OID accessRights : CE Auth+ action : CE
Authaction : CE Deleg+
Relationship roles : Role
Deleg-
Figure 2. Policy Class Diagram (after [8], changed)
311
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
The generic policy entity2 covering the comprehensive set of attributes according to the aforementioned policy aspects is specialized into basic policies, meta-policies, and composite policies. Starting with atomic concepts of security services such as authorization step, delegation step, or control step at transactional level, those will be aggregated to the generalized services policies such as the authorization policy, delegation policy and control policy. Other basic policies are those for obligation and refrain. At that level, the model describes the rule for aggregation, i.e. the rule for applying a set of basic security services within a functional or business process. Both the generalized and by that way generic basic policies and their meta-model (the metapolicy) defined will be aggregated to composite policies, reflecting specific business rule set up within an organizational framework. In that context, grouping of rights and duties, the definition of organizational roles as well as the related role management has to be modeled. This is the level of relation and provides the basis for the enterprise policy needed to achieve the business objectives and business goals. Figure 2 above shows the policy class diagram (after [8], changed). The resulting policy model types or profiles as instances of the generic policy model have to be introduced into the component composition forming the aimed system. This system model describes the interaction between two principals in a specific structural role performing an action (the activity associating the interacting principals) by playing the action-specific functional role [11]. Therefore, a policy can be assigned to a role instead of an entity, allowing the separate management of both entities (users) and roles. The rules for controlling the permitted access to information and functionalities of systems are established by the policy-mediated role-based access control (RBAC) model as shown in figure 3, which has some relation to [12]. Role_Hierarchy
SR_Policy 1
Structural_Role
Target_Policy
1..*
FR_Policy 1 1 1..*
User_Assignment
Principal 0..*
Functional_Role 0..*
1..* Permission_Assignment 0..*
0..*
Target_Component
0..*
1 Session_Role
User_Session 1..*
1..*
Session
Process_Policy 1..*
1
Figure 3. Policy-mediated role-based access control model
5. Policy Languages Policy languages are used to formally express security-related knowledge, i.e. policies (concepts, rules, inter-relationships). One way for knowledge representation is the socalled frame. Constraint languages such as OMG’s Object Constraint Language (OCL), 2
Referring to the HL7 RIM, there are also roles, participations and acts related to security requirements and services expressed through policies.
312
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
the Security Mark-up Languages developed by the Organization for the Advancement of Structured Information Standards (OASIS) (see next section), or the language PONDER employed in the context of the policy model shown in figure 2 [13] are typical examples for frame-oriented high-level policy languages. Other examples for such policy languages are KeyNote [13], SDSI/SPKI [14], Lithium [15], QCM [16], SD3 [17], Binder [18], RT [19], and Oasis [20]. 5.1. OASIS Security Mark-up Languages According to the Generic Component Model, healthcare and its supporting information systems are dealing with other domains beside medicine and biology. In that context, finance, technology, legislation and security, etc. have to be mentioned. Regarding the latter one, legal and policy concepts have to be modeled. A policy covers all implications on health and health information systems such as legal, social, organizational, psychological, functional, and technical ones. The Organization for the Advancement of Structured Information Standards (OASIS) is developing advanced standards for secure communication and collaboration in modern distributed information systems [21]. For formally modeling policies and ruling access control, the Extended Access Control Mark-up Language (XACML) has been developed by OASIS with the XML meta-language. XACML defines three top-level policy elements: , and [22]. 5.1.1. Security Assertion Mark-up Language OASIS’ Security Assertion Mark-up Language (SAML) defines security services assigned to entities in a header-body-reference structure using XML. SAML provides security assertions, protocol requests, and protocol responses. These constructs are typically embedded into other structures for transport, such as HTTP form POSTs and XML-encoded SOAP messages [23]. Figure shows an example of a SAML assertion.
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
313
Figure 4. SAML Assertion (after [22])
5.1.2. eXtensible Access Control Mark-up Language OASIS’ eXtensible Access Control Mark-up Language (XACML) V 2.0 defines three top-level policy elements: , and . The element contains a Boolean expression that can be evaluated in isolation, but is not intended to be accessed in isolation by a PDP. So, it is not intended to form the basis of an authorization decision by itself. It is intended to exist in isolation only within an XACML PAP, where it may form the basic unit of management, and be re-used in multiple policies. The element contains a set of elements and a specified procedure for combining the results of their evaluation. It is the basic unit of policy used by the PDP, and so it is intended to form the basis of an authorization decision. The element contains a set of or other elements and a specified procedure for combining the results of their evaluation. It is the standard means for combining separate policies into a single combined policy. 5.2. First Order Logics Mathematical languages or logics are a grammar alternatively to frames for representing security-related knowledge or policies. For specifying policies, the predicate logic and first-order logics have been, and are still, under deployment. Based on languages for constraint logic programming, some tools allow for easy handling of those expression means. Cassandra derived from Datalog is such an intuitive tool allowing for policy specification and negotiation of trust [24]. Apart from user-defined predicates, Cassandra has six special predicates, namely canActivate,
314
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
hasActivated, canDeactivate, isDeactivated, permits and canReqCred that are used by the access control engine to handle role activation and deactivation as well as action and credential requests. Figure 5 gives a policy example for an NHS-clinician’s rights management. This policy has been expressed using Cassandra [24]. canActivate(cli , Clinician(org, area)) ra.is-certified-NHS-clinician-cert(cli , org, area, start , end), is-registration-authority(ra, org), no-main-role-active(cli), Current-time() 2 [start , end] Figure 5. Cassandra-Originated Policy Statement (after [25])
Figure 6 demonstrates a policy for exclusion of competitive user roles expressed in predicate logic (after [26]). u:user, rij:roles, izj urolememberships(ri) urolememberships(rj) orjmutuallyexclusiveauthorisation (rj) Figure 6. Policy for Exclusion of Competitive User Roles (after [26])
While frames provide the grammar used in the context of system architecture specifications directly allowing for the obvious integration of security services into them, first-order logics have to be transferred in that grammar. This can be automatically done. Some frames also use first-order logic for concatenating logical constraints (e.g. OCL). In other approaches, the logic has been embedded into frame components.
6. Embedding Security Having solved the problem of formally modeling the security domain, the outcome must be integrated into the other domain models, e.g., medical concepts expressed through imported archetypes, the care workflow, based of a set of structural and behavioral constraint models. The proposed approach allows for automatic decision making and for negotiating the security policies and thereby the flexible organization of the appropriate trustworthy environment needed in distributed and interoperable health information systems and health networks. Following the MDA approach, the platform-independent models are automatically transferred into platform-specific models, which can be automatically profiled. All transformations as well as the final generation of processable code are realized at runtime.
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
315
7. Results and Conclusions The way of designing and implementing future-proof, scalable, flexible, intelligently interoperable and trustworthy health information systems is to model the system following a unified process and a multi-model approach. Because of the complexity of the domain, the model-driven and service-oriented architectural approach is a new approach for health information systems. On the other hand, the healthcare domain is based on a long-term establishment of terminology and ontology. Realizing this, several newer projects are following the MDA and SOA approach at different levels of maturity (e.g. [27]). All of them have so far ignored the special challenge for privacy and security in the health and genetics domains, however, not having dealt with in a formal way based on meta-models. This open issue has been solved in the first MDA for EHR systems provided by the European HARP project and demonstrated in the authors’ environment. Within HARP, an open and component-based HARP Cross Security Platform (HCSP) has been established [28]. In that context, platform-specific models have been developed including their implementation at run-time. The next step of the platform-independent models and their transformation to platform-specific models has meanwhile been solved by the authors’ team. The further evolvement of the approach presented here is essential part of projects for introducing national health telematics platforms such as the US National Health Information Infrastructure (NHII) Initiative and the German bIT4health Architectural Framework and Security Infrastructure, but it will also be reflected in several other projects.
8. Acknowledgement The authors are in debt to the European Commission for funding and the HARP project partners, the members of ISO TC 215 WG 4, CEN TC 251 WG 3 as well as ASTM Committee E 31 for kind co-operation.
References [1] [2] [3] [4] [5] [6] [7] [8] [9]
Blobel B, Roger-France F: A Systematic Approach for Analysis and Design of Secure Health Information Systems. International Journal of Medical Informatics 62 (2001) 3, pp. 51-78. Castano S, Fugini M, Martella G, Samarati P: Database Security. Addison-Wesley Publishing Company, Wokingham 1995. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Computer 29 (2) 2001, 38-47, Febr. 1996. Neumann G, Strembeck M: A Scenariodriven Role Engineering Process for Functional RBAC Roles. Proceedings of SACMAT’02, June 34, 2002, Monterey, California, USA. ACM 1581134967/02/0006 Blobel B. Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Series Studies in Health Technology and Informatics, Vol. 89. Amsterdam: IOS Press, 2002. Blobel B: Assessment of Middleware Concepts Using a Generic Component Model. Proceedings of the Conference “Toward An Electronic Health Record Europe ’97”, pp. 221-228. London 1997. ISO/IEC 10746 “Information technology – Open Distributed Processing – Reference Model”. Damianou N, Dulay N, Lupu E, Sloman M. Ponder: A Language for Specifying Security and Management Policies for Distributed Systems. The Language Specification, Version 2.3. Imperial College Research Report DoC 2000/1. 20 October, 2000. Health Level Seven Inc.: www.hl7.org
316
B. Blobel and P. Pharow / Formal Policies for Flexible EHR Security
[10] Siegel J: Quick CORBA® 3. John Wiley & Sons, New York, Chichester, Weinheim, Brisbane, Singapore, Toronto 2001. [11] Blobel B: Authorisation and Access Control for Electronic Health Record Systems. International Journal of Medical Informatics 73 (2004) pp. 251-257. [12] Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R: Proposed NIST Standard for RoleBased Access Control. ACM Transactions on Information and system Security, Vol. 4 No. 3, August 2001, pp. 224-274 [13] Blaze M, Feigenbaum J, Keromytis AD: The KeyNote trust management system, RFC 2704, September 1999. See http://www.ietf.org/rfc/rfc2704.txt. [14] Ellison CM: SPKI requirements, RFC 2692, September 1999. See http://www.ietf.org/rfc/rfc2692.txt. [15] Halpern JY and Weissman V: Using first-order logic to reason about policies. In CSFW, pages 187– 201, 2003. [16] Gunter C and Jim T: Policy-directed certificate retrieval. Software - Practice and Experience, 30(15):1609–1640, 2000. [17] Jim T: SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106–115, 2001. [18] DeTreville J: Binder, a logic-based security language. In IEEE Symposium on Security and Privacy, pages 105–113, 2002. [19] Li N, Mitchell JC, Winsborough WH: Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130, 2002. [20] Bacon J, Moody K, Yao W: A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security, 5(4):492–540, 2002. [21] OASIS Inc.: http://docs.oasis-open.org [22] OASIS Inc.: http://docs.oasis-open.org/xacml/2.0/ [23] OASIS Inc.: http://docs.oasis-open.org/saml/ [24] Becker MY and Sewell P: Cassandra: distributed access control policies with tunable expressiveness. In IEEE 5th International Workshop on Policies for Distributed Systems and Networks, pages 159–168, 2004. [25] Becker MY: Information Governance in NHS’s NPfIT: A Case for Policy Specification. Proceedings of the IMIA Working Conference “Secure eHealth: Managing Risk to Patient Data”, 27-19 April 2006, Dijon, France. [26] Barkley JF, Kuhn DR, Rosenthal LS, Skall MW, Cincotta AV: Role-Based Access Control for the Web. http://hissa.ncsl.nist.gov/rbac/cals-paper.html. [27] Beale T. An interoperable knowledge methodology for future-proof information systems, 2001 [28] Blobel B, Hoepner P, Joop R, Karnouskos S, Kleinhuis G, Stassinopoulos G: Using a privilege management infrastructure for secure web-based e-health applications. Computer Communications 26 (2003), pp. 1863-1872.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
317
Citizen Empowerment Using Healthcare and Welfare Cards Paul CHESHIRE 1 Atos Origin (UK); Chair EFMI WG Cards Abstract. Cards are used in health and welfare to establish the identity of the person presenting the card; to prove their entitlement to a welfare or healthcare service; to store data needed within the care process; and to store data to use in the administration process. There is a desire to empower citizens - to give them greater control over their lives, their health and wellbeing. How can a healthcare and welfare card support this aim? Does having a card empower the citizen? What can a citizen do more easily, reliably, securely or cost-effectively because they have a card? A number of possibilities include: Choice of service provider; Mobility across regional and national boundaries; Privacy; and Anonymity. But in all of these possibilities a card is just one component of a total system and process, and there may be other solutions - technological and manual. There are risks and problems from relying on a card; and issues of Inclusion for people who are unable use a card. The article concludes that: cards need to be viewed in the context of the whole solution; cards are not the only technological mechanism; cards are not the best mechanism in all circumstances; but cards are very convenient method in very many situations. Keywords. Smartcards, Healthcare, Welfare, Personal identity, Privacy, Data Sharing
Introduction The notion of a token that grants the holder some rights or privileges has been around since pre-history. A modern-day globally recognised token is the passport. In the United Kingdom, the origin of the passport is the "Safe Conduct", first recorded at the beginning of the 15th century. This was initially little more than a note signed by the monarch asking that the person who held it be allowed to travel freely. The modern international passport system began at the time of the First World War when states began to issue passports as a way of distinguishing their own citizens from those they considered to be foreign nationals. It rapidly evolved into a mechanism for the state to control who may or may not cross a frontier. The technology underpinning the passport system remained based on humanreadable paper until the end of the 20th century, when machine-readable data was included. The passport is at the point of transition from purely optical to electronic machine readability. Machine-readability also marks a fundamental shift from the passport being effectively a stand-alone document - it is already a window into a 1
Corresponding Author: Paul Cheshire, Atos Origin, 4 Triton Square, Regents Place, London NW1 3HG, England. Email: [email protected]
318
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
comprehensive and readily accessible network of computer systems. Driving forces behind the changes include the ability and desirability for increasingly more sophisticated frontier controls. The freedom to travel, once more of a privilege than a right, needs to be supported by a system that both empowers citizens to exercise their right and allows administrations to ensure that the system is not abused. Similarly in many developed countries, healthcare and welfare is an incontrovertible right and is no longer a privilege available only to those who can pay for it. Administrations need to ensure that such privileges are not abused; and they want to give citizens a greater voice in managing their own healthcare and wellbeing. Is a welfare and healthcare card a viable mechanism to implement such a system that achieves a good balance between freedom and control? Are the full consequences of citizen empowerment understood by and acceptable to all the stakeholders? Where is the point of balance between empowerment and control, such that the citizen can take more responsibility for assessing the costs, risks, and likely benefits of treatment and care 2 , but can be protected from danger?
1. Background on Healthcare and Welfare Cards Public sector health cards are not steeped in the same long and colourful history as the passport and their origins are not always based on citizen empowerment; rather they are seen by administrations primarily as a mechanism to manage and control provision of treatment and care but which nonetheless offer benefit to the citizen. However, actual empowerment of the holder has been rare despite a growing desire from citizens and administrations alike to involve citizens more in decisions on their wellbeing. With any token, irrespective of the technology used to create it or the regime in which it is to be used, there is a question of trust - is the bearer who they say they are? Is the issuer recognised and trusted by the acceptor? Is the token genuine and valid? Privileges and rare or expensive resources and services are not given freely to just anyone. Entitlement needs to be established - either by virtue of who you are, your affiliation or financial status. And as the value of the facilities that can be unlocked with a valid token increase, so increases the level of criminal activity intent on defrauding the system: this is converse of the "target devaluation" strategy for reducing crime [1]. The core issue of ensuring that care is given to those who need it has not changed, but the solutions have changed in order to increase confidence that the system is not being abused. Acknowledging that there are activities elsewhere, this paper takes a broadly European focus. Within Europe different administrations have different priorities and principles, and they have made differing degrees of progress towards empowering their citizens and making use of healthcare and welfare cards. It might be argued that there are better ways to fund, administer and deliver care than by requiring people to carry a card that is presented at the point of care delivery, but for many citizens this is the reality. This paper addresses cards in this context - a regime that requires personal identity or entitlement to be established when interacting 2
The term "care" as used throughout this paper, refers to all forms of preventive and remedial treatment and interventions, long term and short term medical and social care. The detail of administration and delivery of care varies considerably, but the questions surrounding citizen empowerment in these different care domains are sufficiently similar not to warrant differentiation.
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
319
with a care provider. Yet even in such a regime there are many, usually emergency, scenarios when a card is not available. For example: the house fire at night when someone is alive but injured, and their card is not in their night clothes; the robbery in the street with the victim left for dead and their wallet stolen; the road crash involving three injured persons with three cards found, but there is uncertainty about which card is whose. Such situations, despite being thankfully rare, nonetheless need to be considered when designing a card-based care system.
2. Stakeholders and Power Base
2.1. Stakeholders in the continuum of care This paper treats welfare and healthcare as a single continuum. Physical, mental and socio-economic problems are manifestly different; and each can again be subdivided into multiple specialisations each requiring different practitioners with focused expertise. But, from a person-centric view all these conditions are interrelated, and wellbeing depends not only on the intervention of individual specialists but in their coordinated efforts. Risk identification and assessment
Education and awareness
Preventive measures
Service personalisation and delivery
Problem diagnosis
Treatment and recovery
Incapacity support
End of life care
Figure 1. The relationship between healthcare and welfare services
Figure 1 illustrates the cycles of preventive and remedial intervention [2]. Within this overall regime there are three broad classes of stakeholder: The citizen, the care provider and the care administrator. The detail of how these stakeholders interact varies greatly. The balance of power is also different in different circumstances. For example, in some countries private sector services tend to be more responsive to customer (citizen) demand than the public sector service; in others the public sector has already recognised the importance of giving their citizens more control over care choices and decisions. The challenge is to empower the citizen. The landscape is one in which there are multiple actors - care providers and care administrators – with each of whom having historically needed and exerted control over their fragment of the whole care process. This hampers the coordination of care for an individual. Empowering the citizen means
320
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
transferring the balance of control from each of the individual points of care to the citizen. An immediate benefit is not just that the citizen has increased control over a particular point of care, but that they are now better placed to play an active role in the continuity and coordination - and thus increased effectiveness - of their own care. It is important to ensure that citizen empowerment remains inside the bounds within which control can reasonably be delegated. Particularly in wellbeing and social care, but becoming more visible in remedial medical care, there is a need to achieve a balance between control and support [3]. Individuals, particularly those with chronic or acute mental problems or behavioural difficulties, or perhaps precipitated by a severe medical condition suffered by a loved one can feel empowered to step outside the bounds of what is regarded as acceptable behaviour. They will challenge professional opinion; they will demand certain interventions that fall outside normal practice; they may insist on judicial review; they may resort to crime. Some such challenges may conflict with some practitioners' established professional etiquette but they are not outside the limits of socially acceptable behaviour. Control dimensions that may reasonably be delegated to the individual, and thus the dimensions in which the citizen can be empowered fall into four classes: x x x x
Financial Access to care providers and choice of care regime Information of a personal nature The right to anonymity
2.2. Financial Empowerment A critical question is this respect is the ethical and moral issue of using purchasing power to achieve the desired outcome of citizen empowerment. Viewed in the financial dimension, the Care Administration will have limited budget - whatever proportion of GDP is allocated to the cause, their budget is still finite. Can empowerment be achieved by allocating to a citizen a budget [4], calculated according to their diagnosed condition and robust ethical principles, which they can then spend on their care? What constitutes "care" in this respect - is the correct remedy for workplace stress a long vacation paid for by medical insurance? Should citizens be allowed to use their own funds to gain access to care services that are not offered by the Administration? These are questions that this paper will not attempt to answer. They are relevant, however, because a card-based system will need to exist in a society that will use personal wealth to secure care services that are not otherwise offered or available. The question for the card-based system is: will it directly support such use of personal wealth, will it allow another payment system to coexist, or will it be used to try to deter or prevent the provision of services regarded as care services bought outside its remit? Policy decisions on the care services available to the citizen within or outside a care system are the province of individual administrations and will be enshrined in the laws, regulations and common practice of the individual nation. Similarly the financial regime is a matter for individual administrations. If there is no general requirement for payment at the point of care delivery, then a card used to manage the finances of care delivery will be of benefit to the care provider and administration but will be irrelevant to the citizen. In contrast, a system such as the French SESAM Vitale health smart card [5] enables all stakeholders in the healthcare
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
321
equation to conduct secure and authorised electronic transactions, such as insurance claims speeding reimbursement to the citizen. 2.3. Freedom of Choice Choice is less relevant in an emergency situation when speed of access to a first point of care is usually of the essence. However there are many situations where a citizen might exercise freedom to choose where, when and by whom care is delivered. In some situations choice of the type of care can be informed by dialogue with practitioners but ultimately taken by the citizen. At the heart of choice is access to information about the individual and about the care providers. Access to and sharing of personal information within and outside the formal care services is discussed elsewhere in this paper. Information about the services offered by care providers can be made publicly available. It is of questionable merit to restrict access to such information only to those who may be entitled to use the provider, but a card-based system could support this. Of potentially greater value would be a mechanism that offers proof that online information presented by a care provider is current and valid, but such a system need not rely on a citizen card. In their present form most health and welfare cards are valid only within facilities operated by the authority that issued the card. An initiative is in progress to enable citizens to use care facilities made available by another administration [6] but at present this is restricted to emergency care. Lange [6] describes the challenge as either attempting to implement a common system across all the care providers or ensuring interoperability. Such a problem has already been solved by the financial industry with the EMV card standards [7] which specify the contents and functionality of the card, how it interacts with the card reader and the dialogue with (but not, per se, the exact design of) the "back office" system. The data content of machine-readable passports is also the subject of a globally agreed standard [8]; and the specification of the content and layout of the European Health Insurance Card is also standardised [9]. Choice of care provider, including receiving care from providers other than the card issuer, can readily be enabled by use of a card: the technical challenges to global interoperability of machine readable tokens have long since been solved. To enable full freedom of choice the care providers need to reach agreement on how the system is to be administered. 2.4. Information Empowerment Many separate organisations, public and private sector, can be involved in providing the total service horizontally (simultaneously) across organisations at the same point in time and longitudinally (sequentially) over time. To take a single illustration that addresses both these dimensions, the family of a child with a debilitating genetic disorder will draw on resources from education, long term medical and social care and probably acute medical care. Coordinating all the different departments, ensuring that they are all in possession of the necessary facts to cooperate and deliver the right care at a given point in time and in the long-term turns many such parents in warriors. Can a card enable secure sharing of highly sensitive information between multiple actors, many of whom cannot be identified at the time that the information is created? Fundamental to this question are the issues of ownership and custodianship of information. Whether public or private sector, historically care information has been
322
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
kept within the institution that created it. Where data was shared it was by personal message from one practitioner to another. Much progress has been made to allow ready and online sharing of data between authorised practitioners, for example in England healthcare staff with valid reason to gain access to patient data can use a smartcard key to unlock the data irrespective of where it is stored [10]. There are also more general provisions for individuals to access their personal data, often with the caveat that any release of information will not have detrimental consequences. Citizen access to personal data remains largely in the form of a request to the data custodian, even though their right of access is ensured by law. But if a citizen could access their data using a card, would this be a valuable empowerment? What safeguards need to be built into the system? Should a citizen give positive and informed consent every time a third party requests access to their personal data? Do people caring for a permanently or temporarily incapacitated person have right of access to their personal data? Do parents have an absolute right of access to their minor children's health and welfare data? Here the English High Court has ruled that they do not [11]. Empowerment also means including citizens in decisions about their own welfare and healthcare. This must be more than Manipulation, Informing or Consultation that simply allows the established power-holders the continued right to decide a course of action [12]. But to enable the highest level of participation it is essential that information is accessible to and understandable by the citizen, which potentially implies the need to provide narrative in plain language rather than in clinical terms, abbreviations and encodings. Further, and particularly in the realm of rare conditions, the ability to pass on shared, sensitive and clinically precise information within a selforganised support group can help a citizen provide practitioners who have not gained deep understanding of a rare condition with significant additional knowledge to help improve their own treatment regime. If the goal is to empower a citizen by giving them control of their personal health and welfare data then it will be necessary to review the roles, responsibilities and obligations of all the stakeholders. Having done so, a smartcard as part of an overall system of governance can readily enable the necessary access controls. 2.5. Anonymity If a citizen is empowered to manage disclosure of their own medical information should they also be allowed to remain anonymous in selected encounters with care services? If they remain anonymous, salient information might not be disclosed. But in the same way as a practitioner can currently refuse to allow access to data that they consider would cause harm, should the citizen be allowed to keep data that they think may cause them harm or prejudice a diagnosis in a "sealed envelope", for example when requesting a second opinion? What are the risks to a citizen's health and wellbeing if they refuse or fail to disclose essential facts? Who is liable for the direct or indirect cost that might arise from a misdiagnosis when information was knowingly withheld? What is the risk if a practitioner fails to discover a relevant but previously never recorded fact? What is the best use of a practitioner's resources: searching a possibly incomplete history of a citizen's health and welfare record for relevant material, or conducting examinations to establish the exact current state of health? Where the citizen has an established and current relationship with a practitioner it would be ridiculous for information about a continuing condition to be withheld, but if
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
323
a citizen deliberately withholds information should they be required to accept the consequences and absolve the practitioner of their duty of care? However, consider the situation where a citizen can not be identified - they are not able to identify themselves because of physical or mental trauma, and they are not carrying anything to assist with identification. In such a situation they must receive treatment "as seen" and the records of this can subsequently linked to their true identity. The principle is, therefore, that a citizen may need a "temporary" pseudonym. The implications of needing a pseudonym surround the circumstances under which information collected under the pseudonym is subsequently associated with a true identity; and the right of a citizen to obtain and use a pseudonym - in effect to use this as a mechanism to create a "sealed envelope". The sealed envelope is not a new concept: it is routinely used, with the active participation of care providers, to secure information that is best forgotten. Empowerment must include accepting commensurate responsibility. Mechanisms must be provided that are appropriate and proportionate to the freedoms given and the risks thereby accepted. If the legal, moral and ethical regime allows people to block out encounters with the care services that they would rather forget and never share then mechanisms to do this must be provided. A card based system will support this. 2.6. Freedom, Empowerment and Anarchy To succeed, a card-based system must fulfil the objective of empowering citizens and also support good management and delivery of the health and welfare services. Empowerment is not about offering citizens unlimited access to care services, but is about encouraging and enabling responsible behaviour. The preceding sections have illustrated some of the edge-conditions of a card-based system as well as its core themes. To succeed, the card-based system must increase freedom as well as support a reduction in irresponsible or criminal behaviour. Freedom
Anarchy
Empowerment
Rule of Law
Repression Figure 2. Citizen Empowerment - more than just freedom to act
Figure 2 illustrates that Empowerment is a simultaneous increase in freedom and the rule of law. Importantly it must not be a veiled attempt to restrict a citizen's freedom, nor must it encourage or precipitate crime. A consequence, or perhaps prerequisite, is that the rules must be transparent, understandable, incorruptible and equitable.
324
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
3. The Card in a Context to Succeed To embark on a description of the context in which a card will succeed in empowering citizens, it is vital to stand back and consider the whole. Marx [1] reminds us that "technology’s narrowing of focus may come at a cost of failing to see larger systemic contexts, alternatives and longer range consequences". There is a risk that solving one problem can lead to a cascade of unforeseen issues with endeavours hindered by "… a negative image of personal dignity and the danger of the means determining, or becoming ends." A card-based system for citizen empowerment must be designed from the outset to achieve this as its primary goal, with all other objectives and consequential benefits taking secondary relevance. This means ensuring that the legal, regulatory and cultural environment is one in which the citizen may be empowered. The design must also take into account all of the "edge conditions" and secondary objectives that, unless properly tackled, might weaken the intended impact. By implication, if full citizen empowerment is to be achieved the scope must extend beyond the confines of a single care provider with universality as the ideal aim. Whilst data storage capabilities are increasing rapidly, most of the current success stories use a card as a key with the consensual minimum dataset stored thereon: interoperability, rather than single common system, is the way forward. The card needs to be part of the end-to-end information management process. Figure 3 illustrates a top-level view of this. About the person About the environs
About the subject matter
For delivery of personal care
To manage the working of the care service To improve the care process
For statistics and research
Policy setting
Figure 3. Top-level view on information management process
As a personal token, a card can be used to manage access to all personal data and to personalise access to generic data. A card may be used as part of a system to help find and access welfare or medical subject matter that is relevant to the individual such as identifying benefit entitlements, selecting care providers, making appointments. Used in conjunction with a Care Professional Card, it can provide a "dual signature" system as typically needed for secure financial transactions [5]. Cards need to be linked to their owner to prevent others from making unauthorised access to data or services. This is quite different from suggesting that a card needs to contain full personal identity details. A card issuing process that validates a person's
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
325
entitlement and then records a reliable biometric on the card need not also record all details of a person's identity; indeed a pseudonym or secondary identity may be acceptable in some circumstances. The fundamental requirement is to prove entitlement by proving ownership of the card and not by proving identity. Proof of ownership of the token enables two different parts of the overall process: secure and controlled access to the holder's information space, and a link to the relevant funding authority.
4. Conclusion A healthcare and welfare smartcard will support citizen empowerment. A smartcard will also enable providers and administrations to make efficiency gains. There are many successful smartcard implementations in health and welfare applications [13]. Amongst the reasons for their success are well defined and sensibly bounded objectives - there was no attempt to "be all things to all men". Whilst many implementations offer benefits to the citizen, their goal was often to provide efficiency and effectiveness gains to the administration and citizen without necessarily granting greater power to the citizen. There are essential prerequisites for implementing a card-based system that is designed to empower the citizen. Of paramount importance, and not an issue of technology, is to understand what power the citizens lack then how, and to what extent, this is to be assigned. To this end, each administration needs to engage its stakeholders in dialogue to understand the priority areas where empowerment is both needed and viable. Possibilities include: privacy and anonymity; freedom of choice; financial empowerment, access to and control of personal information. Stakeholder commitment from the outset is essential. The next step is to review the relevant legislative and regulatory framework and if necessary to update it, especially to remove ambiguities and obsolescence. An essential focus must be on defining objective and evidence-based criteria to ensure that the rules are understandable, transparent, incorruptible and equitable. To accept empowerment implies an acceptance of responsibility and risk: how and under what circumstances decisions and the consequences of those decisions are shared needs also to be clearly and fairly defined. The environment into which the card will be introduced needs to be considered as a holistic entity. This includes: physical processes for card management and providing the care service; the purposes for which the card will be used; actions to be taken if a card is lost, destroyed or unavailable when needed; and security of information and physical locations. The card is a fragment of the means to an end - it is not an end in itself. People, Processes and Technology must work in harmony.
References [1] [2] [3] [4] [5]
T Marx: Technology and Social Control: The Search for the Illusive Silver Bullet International Encyclopedia of the Social and Behavioral Sciences, (2001) P Cheshire: Lifelong health records Global Forum (2005) K. Juhila et al: The Dilemma between Control and Support in Social Work Practices. (2004) I. Peijer et al: Personal budget: a new approach in Dutch mental health care (1999) GIE SESAM-Vitale: Cahier des Charges SESAM-Vitale (2003)
326 [6] [7] [8] [9] [10] [11] [12] [13]
P. Cheshire / Citizen Empowerment Using Healthcare and Welfare Cards
M. Lange et al: Electronic Health, Social and Identity Cards in Europe. EHTEL (2005) EMVCo LLP: Common Payment Application Specification. (2005) ICAO: Document 9303 Machine Readable Travel Documents (2003) European Commission: Decision No 190 of 18 June 2003 concerning the technical specifications of the European health insurance card (2003) UK NHS Connecting for Health Data Spine R (Axon) v Secretary of State for Health English High Court (2006) S.R. Arnstein: A Ladder of Citizen Participation JAIP (1969) EFMI WG Cards: Repository of project details maintained on http://mirc.gsf.de/wgcards/index.php
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
327
BioHealth – The Need for Security and Identity Management Standards in eHealth Claudia HILDEBRAND a 1, Peter PHAROW b, Rolf ENGELBRECHT a, Bernd BLOBEL b, Mario SAVASTANO c, Asbjorn HOVSTO d a GSF – Research Centre for Environment and Health, Neuherberg, Germany b eHealth Competence Center, University of Regensburg Medical Center, Germany c IBB-CNR - National Research Council of Italy, Napoli, Italy d ITS-Norway - Norwegian Association for Multi-modal Transport Services, Norway Abstract. The experience gained in these last years and the several lesson learned have clearly shown that eHealth is more than just a simple change from paper records to electronic records. It necessitates a change of paradigms, on the one hand and the use of new technologies and introduction of new procedures on the other. Interoperability becomes a crucial issue. Security and confidentiality are vital for the acceptance of the new approaches and for the support of eHealth. Shared care and across-border interactions require a reliable and stable normative framework based on the application of standardized solutions, which are often not yet sufficiently known, diffused and implemented. Feeling this gap, a group of international experts in the medical area proposed to the EC the BioHealth project whose main aim is to create awareness about standardization in eHealth and to facilitate its practical implementation. The project will address all the stakeholders concerning their respective domain. It will evaluate the socio-economic and cultural aspects concerning eHealth with particular reference to the growing introduction of emerging technologies such as health cards, biometrics, RFID (radio-frequency identification) and NFC (Near field communication) tags. By providing information and expert advice on standardization and best practices it will raise the acceptance on standardization. Furthermore, the project will deeply approach the ethical and accessibility issues connected to identity management in eHealth, which -together with privacy- represent probably the most significant obstacles for the wide diffusion of eHealth procedures. Keywords eHealth, Standardization, Security, Interoperability, Biometrics, Patient Records, BioHealth, RFID, NFC, Identity Management
Introduction Presently healthcare is changing dramatically and in many ways. Some of the main keywords are citizen-centered healthcare, eHealth, shared care and integrated healthcare. While presently the healthcare systems and medical services evolve around the patient-doctor relationship, in the near future this correlation will be just one part of a more holistic approach which involve, in a framework of compliance with privacy issues, healthcare centers, monitoring, and results being used for research, e.g. 1
Corresponding Author: Claudia Hildebrand, Institute for Medical Informatics, GSF – Research Centre for Environment and Health, Ingolstädter Landstraße 1, D-85764 München-Neuherberg, Germany. Email: [email protected]
328
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
epidemiological surveys. Social services are getting linked to health services. The technological advances offered by new approaches (e.g. telemedicine) and -amongst others- necessitated by the lack of public funding or changing demographic factors, open unexpected scenarios in the data management of a population of patients which will override the national contexts. The increased movement of the citizen asks for administrative changes, but also for patient records that can be accessed ubiquitously in real time and also across boarders. Thorough and adequate administrative changes are required. Another important issue which promotes the adoption of new technologies is the increasing complexity of the medical systems and the consequent growing need for security. The US Institute of Medicine stated in 2000 in the report “To Err is human, building a safer health system” [1] that up 98.000 deaths / year in the USA were due to medical errors. In the Netherlands approximately 10.000 people are admitted to hospital each year after taking the wrong medication and as a result several hundred of them die [2]. The missing communication between the carers, low incentives on achieving quality standards, treatment errors and on the citizen’s side little incentive to preserve one’s health account for these figures. eHealth and electronic patient records can contribute to solving these problems. They offer the possibility to share patient records and medical information with other health professionals via the net, provided they are interoperable. This does, however, require extensive security and privacy measures. In order to analyze the premises on which BioHealth has been proposed, we have to first look at eHealth and what evolves around it.
1. eHealth eHealth is a term that originated in the 1990s when the boom of the internet set in. In those years eHealth was mainly indicating the change from paper-based records to digital records and the beginning of electronic data transfer from one health professional/health related institution to another using electronic media. Electronic communication and digitalized records are, however, only part of eHealth [3], [4]. In this publication we will be using the term according to the definition by G. Eysenbach [5] "eHealth is an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered or enhanced through the Internet and related technologies. In a broader sense, the term characterizes not only a technical development, but also a state-of-mind, a way of thinking, an attitude, and a commitment for networked, global thinking, to improve healthcare locally, regionally, and worldwide by using information and communication technology”. eHealth is, therefore, a way to treating patients in a collaborative effort, integrating information from heterogeneous domains, e.g. bio-informatics, public health, but also sharing knowledge gained within those domains. It necessitates a paradigm change; preventive care plays a larger part. This means that the citizen’s role is changing from someone receiving care, i.e. a recipient, to someone actively contributing to the care process. Telemedicine including telemonitoring and homecare are part of modern healthcare. Mobile systems enable the citizens to stay at home and continue their lives in their well-known surroundings. This is only possible if the citizen is actively contributing.
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
329
This approach requires the introduction of new technologies, for example technologies for monitoring such as specific sensors, front-end terminals or special monitors or for communication media, for example, chip cards, the internet, wireless and mobile technologies and specific eHealth servers to handle the data. eHealth requires the involvement of all stakeholders (including educational institutions), a functioning and, at the same time flexible and adaptable infrastructure and a standardized framework at all levels (from data to application). The privacy and data of those involved has to be protected. On top of that quality standards have to be defined and established. A tight quality control system has to make sure that the established quality standards are being kept. This asks for an increased awareness of all players, the knowledge of what is available and where it is available, and secure and reliable systems.
2. Security and Data Protection Data protection, (data) security and privacy are key aspects to ensure the acceptance of eHealth and the new technologies. According to the Alliance for Telecommunications Industry Solutions (ATIS) [6], data protection is “the implementation of administrative, technical, or physical measures to guard against the unauthorized access to data”, while data security can be defined as “the protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure”. Privacy, on the other hand, is the subjective condition a person experiences when two factors are in place firstly, he or she must have the power to control information about himself/herself and secondly, he or she must exercise that control consistent with his/her interests and values. eHealth systems must be secure and privacy compliant at all times. They have to be based on trustworthy and reliable communication and application security services.[7]. Confidentiality, authenticity, data integrity and accountability are the columns the system relies on. The threats and risks towards these have to be analyzed in detail. Confidentiality is at risk while data is being generated, transferred or stored. A classical threat is the illegal capture of personal information e.g. information on the person’s health status can be gained by intruding on the communication channels. This can be avoided by encrypted communication protocols at the different levels of communication and encrypted storage. Another serious problem is caused by the assessment of the authenticity of data. Authenticity including non-repudiation are threatened by hampering the data at the front-end, for example the mobile terminals, at the end-user’s application or at the Health server. If altered the information cannot be attributed to the sender or the authorship of the information is being denied. Reliable safeguards are offered by Message Authenticity Codes (MAC). Data Integrity is at risk during transmission or during storage. In this case an intruder changes the data. Countermeasures consist in addition to the data of redundancy codes, the so called Message Integrity Codes (MIC) to the data. Accountability means that the users can rely on the information provided. It implies that all the actions are traceable. This does, of course, require ethical standards and legal regulations.
330
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
Additionally, the systems in an electronic surrounding have to be failsafe and available at all times. Reference [8] gives an in-depth report on the threats and risks concerning eHealth.
3. Standardization and Standardization Initiatives Interoperability and standardization are main issues in eHealth. This also concerns security and data protection. Looking at the above mentioned threats we recognize the following areas that have to be considered concerning security and data protection in eHealth: the access to the information, its transfer and the recording/archiving. Legal and ethical aspects have to be considered as have technological ones. Organization and financing are concerned. Regional differences have to be taken into account and a lot of the areas touch political issues. Needless to say almost all European countries have their own national standardization body issuing their own national standards. These standards need to be harmonized with European and international ones in order not to cause inconsistencies within the standardization domain. For certain application domains, European standards are mandatory to be followed. For others, international standards are the only ones to be taken into consideration. Harmonizing eHealth applications world-wide is thus a real challenge. Standardization has a long history in Europe and the European Commission has been supporting activities for many years. CEN TC 251 is the European Standards Developing Organization (SDO) for the Health Informatics domain. Beside other projects such as the revision of CEN ENV “Health Informatics – Security for Healthcare Communication”, the major activities are currently directed to the 5-part standard “Health Informatics – EHR communication (EN 13606 rev) including a first approach to EHR-related security services (Part 4) . In addition to that, the CEN ENV 13927 “Health Informatics – Secure User Identification – Strong Authentication Using Micro-processor Cards” will be reviewed and updated. Established in 1998, ISO/TC 215 (Health Informatics) -a Technical Committee of the International Standards Developing Organization ISO - has been focusing on eHealth-related standards activities extensively. The most relevant working groups from the BioHealth’s point of view are security (WG4) and cards (WG5). Some of the most important standardization activities currently performed are “Security Management in Health using ISO 17799” (ISO 27799), “Privilege Management and Access Control” (ISO/TS 22600), “Public Key Infrastructure “(ISO 17090), and “Functional and Structural Roles” (ISO/TS 21298). The CEN/ISSS eHealth Standardization Focus Group [9] was set up to investigate standards’ requirements in the area of "eHealth", in connection with the eEurope 2005 action line [10]. In March 2005 the Focus Group finalized the Report "Current and future standardization issues in the eHealth domain: Achieving interoperability" [11] which contains proposals and recommendations for future priorities for eHealth standardization activities in support of the eEurope 2005 Action Plan. The eEurope Smart Card Initiative [12]] (now EFMI WG CARDS [13]) has helped identify and solve many of the problems hampering the introduction and progress of IT solutions in eHealth, especially concerning health cards and IT networks. Major improvements have been made in respect to security, on organizational issues and on legal regulations. Some of the relevant standards are ISO 14443 Identification cards Contactless integrated circuit(s) cards - Proximity cards [14] and ISO 15693
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
331
Identification cards - Contactless, integrated circuit(s) cards [15]. ISO/DIS 21549 Health informatics - Patient health card data specifies the Patient Health card data and consists of 8 parts. ISO/IEC JTC1/SC17 Card technology hosts working groups on ePassports, driver license and health. ISO 7816 Identification cards -- Integrated circuit(s) cards with contacts provides the basic smart card specification. Its defined parts 1 to 11 and 15 do contain all basic functions related to contact card technology. Other groups dealing with eHealth standards are the International Telecommunication Union (ITU) [15], DICOM [15] and ETSI (the European Telecommunications Standards Institute) which is a not for profit organization whose mission is to produce the telecommunications standards that will be used for decades to come throughout Europe and beyond. ETSI plays a major role in developing a wide range of standards and other technical documentation as Europe's contribution to world-wide standardization in telecommunications, broadcasting and information technology [18]. Presently one of the main priorities of the European standardization activities -confirmed also as work items by CEN TC224- concerns the harmonization of identification and authentication of the European citizen. The CEN/ISSS Focus Group concentrated on biometric issues, with the objective to improve information flow and to compare notes about the global progress. In June 2002, the Joint Technical Committee 1 of ISO/IEC established a new Subcommittee 37 on Biometrics [19]. The goal of this new JTC 1 SC is to ensure a high priority, focused, and comprehensive approach worldwide for the rapid development and approval of formal international biometric standards. These standards are necessary to support the rapid deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defense and the prevention of ID theft. However, the acceptance, use and implementation of standards do not meet expectations and a lot of stakeholders do not even know of relevant standards and/or standardization activities.
4. Obstacles concerning the Use of Security Standards Standards are often unknown and information on a standard not easily accessible. eHealth, a multi-stakeholder with different area of interests, strongly requires standards that are being accepted by the user and procure tangible benefits. While the industry might be seeking information on international standards for acquisition and implementation of communication security for telemedicine applications, the health professional will appreciate information on easy and secure identification methods. eHealth means -as pointed out in the preceding chapters- a change of paradigms this requires the involvement of politicians and administrations. The involvement of various groups of European citizens -including elder, minors, immigrants, and disabled- with different societal, ethical, cultural and religious habits and speaking different languages imposes the need for interoperable modules with multi-language capabilities. This problem needs to be addressed at European level. Many security standards are available at a regional national or international level, but they are often differing from and competing with each other. There are a number of
332
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
successful national initiatives and implementations in healthcare which fail when moving to the European level. Reasons are, amongst others, the lack of trust chains at the European level. Digital signatures of healthcare organizations and citizens need to be recognized along the European continent. Public organizations have to be involved to solve this problem. A European solution discussed and agreed will benefit the European industry and the users. Citizen and patients will have to play a major part in the eHealth process. Therefore, awareness -achieved by a respective level of information-, education and training measures, confidence, and acceptance become crucial terms to eHealth. New technologies, such as the card technology and the possibilities of authentication and applications like the electronic signature -as a first step towards a real multi-application card- can foster these processes [20].
5. BioHealth BioHealth (Security and Identity Management Standards in eHealth including Biometrics-Specific Requirements having an Impact on the European Society and on Standardization) a project funded by the European Commission as a Coordinating Activity. It aims at promoting, in a European framework, the diffusion, the knowledge and the understanding of existing and emerging security standards in the area of eHealth. 5.1 Objectives BioHealth will particularly emphasize privacy rules, id management and implementation of biometrics as a Privacy Enhancement Technology. By being actively engaged in the organization of targeted trials, domain workshops, and by contribution to relevant conferences, for example in the Electronic Government, Smart Cards, Biometrics, and Public Key Infrastructure, Digital Economy Society, Security, Legal & Regulatory domains the project’s achievements and results will be of benefit to a wide range of audience. Ethical issues -especially regarding biometrics and id management are major issues. One of the reasons standardizations in eHealth is not being used is that it is not meeting the requirements of the stakeholders. Many of the project partners are actively involved in standardization. BioHealth will create a European forum to collect the requirements of the users to be directed to the relevant organizations (Standardization Bodies, Political Bodies,) in order to solicit the adoption of new recommendations and standards both at European and on national level. 5.2. Identification Management Many people consider information about their health to be highly sensitive and then, deserving of the strongest protection under the law. Shared care means that various health professionals will be sharing a patient record. In order to trace a patient record across different health systems, to link health records in different institutions and to be able to update the information on the patient locally and adequate Identity Management (IdM) is required.
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
333
IdM consists of the secure management of identities, of the identification process during which an entity may be authenticated, and of the information associated with the identification of an entity within some context. The entities might be anything that can be uniquely recognized and may have multiple identities that may be used in different contexts. The context for the identification process might be within an organization’s boundaries, or federated across organizations and will cover the life cycle of identities and identity information as they are established, modified, suspended, terminated or archived. Information associated with identities may change over time and must therefore be carefully managed. While some parts of an entity might be informal and change frequently, others might be formal, specific relationships, such as people, policy-based organizational roles, and financial accounts that remain stable over time. Identity attributes are often securely stored within tokens, directories, access devices, or data base management systems. Identities may be associated with policy-based roles, and these roles may be associated with duties, responsibilities, privileges, and permissions to access resources. An Identity Management System (IdMS) also needs to interact with other information systems that require or generate identity information. ISO/IEC 24760 is a standard that aims to provide a framework for the definition of identity and the secure, reliable, and private management of identity information. This framework should be applicable to individuals as well as organizations of all types and sizes, in any environment and regardless of the nature of the activities they are involved in. 5.3 Biometrics Biometrics is an automated method of identifying a person or of verifying his/her identity based on a physiological (face, fingerprints, hand geometry, iris,…) or behavioral characteristic (handwriting, voice,..). Biometric technologies are seen as a key technology for secure identification and for personal verification all over the world. The new portal launched by the European Commission [21] aims to encourage the development of consistent government policies regarding the use of biometrics and the consideration of interoperability and privacy. Its content principle is to be open to scientific and policy contributions from governments, industry and civil society authors, working according to a ‘Wikipedian’ (open knowledge sharing) spirit offering access and membership free of charge. BioHealth will use this service for information exchange, coordination and community-building activities between stakeholders in Europe On the other hand, biometrics raises some concerns. These range from the accessibility which can lead to the exclusion of a person because he/she is unable to prove his/her identity (e.g. a person without any hand can not identify him-/herself by fingerprint) to threats posed by a centralization or even misuse of the data. Differing legal regulations also cause problems. BioHealth will address these issues and carry them to the public.
334
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
5.4 Emerging technologies Emerging technologies like radio frequency identification (RFID) and near field communication (NFC) hold the promise of improving patient care. They may be used to follow up a patient in an emergency setting or to monitor and locate patients and enable them to continue living at home and leading an active lifestyle. RFID tags make it possible to track medical drugs in hospitals. Other than for outof-stock situation the use of RFID may increase the patients' safety in assuming the correct drug in the correct quantity as prescribed by the medical staff and, by means of single-item tagging and temperature-enabled RFID tags, by being certain of the integrity of the drug (e.g. that the drug has not been exposed to temperature higher than allowed). RFID Standardization activity in Europe is managed by Task Group 34 (TG 34) of the European Telecommunications Standards Institute (ETSI) and, at the ISO level by JTC1 / SC31 /WG2. NFC (Near field communication) technology is gaining increased attention through its adoption by the mobile communication industry. It is based on the ISO 18092 standard, evolved from a combination of RFID and interconnection technologies. Tagging raises a number of significant legal, ethical and psychological questions and one of the tasks of BioHealth will be also the discussion of a possible prevention of tagging misuses. Particular attention will be paid to involve in the discussion the stakeholders and communicating these issues to the public.
Conclusion The experience gained so far in eHealth clearly demonstrate that the changes induced by the introduction of a new system involves are often underestimated. eHealth is more than just a simple change from paper records to electronic records. It means a new way of thinking. Some issues appear to be fundamental: the citizen has to take on more responsibility; new technologies have to be evaluated as it attains their impact; the quality of communication and data access needs to be assured. Therefore, systems have to be secure and reliable at all levels. This will decrease apprehension and perplexities and to convince the various stakeholders involved to accept and support the eHealth systems. This means that systems have to be interoperable and this requires the use of standards. Strong identification methods, on the other hand, have to ensure that the information can only be accessed by the entitled person. Furthermore eHealth involves many different stakeholders whose expectations but also fears may differ. These have to be analyzed and addressed. In recent years significant work has been done on standardization, but many of the results are not known to the user nor has their usability been fully evaluated. Additionally, the standardization bodies are urging input from the users. Identity management and new technologies like biometric sensors, RFID or NFC for tracking or are on the verge of being introduced. Their relation with privacy issues when involving people is a very delicate issue and the eventual objections raised in terms of risks for data protection should be taken into the right account. Patient free mobility is strictly correlated to the access and retrieval of medical data and this is one of the more delicate issues in terms of data protection. The adoption of high security protocols, procedures and technologies, such as biometrics, should be encouraged in order to
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
335
guarantee the required level of privacy but, it is clear from now, that the crucial point remains a fruitful relationship with Data Protection Commissions and with Consumers’ associations. In this complex context BioHealth aims to offer a sounding contribution to a harmonized and correct diffusion of eHealth in Europe.
Acknowledgement The authors are in debt to the European Commission for the funding of several successful European research projects (among others “RESHEN”, “DIABCARD”, “TrustHealth”) and of the newly started BioHealth project. They would also like to thank all other partners and organizations (including ISO TC 215, CEN TC 251, EFMI WG SSE; EFMI WG CARDS, EFMI WG EHR, CEN/ISSS eHealth Standardization Focus Group, HL7, etc.) for their support and their kind co-operation.
References [1] [2] [3] [4] [5] [6] [7] [8]
[9] [10]
[11] [12] [13] [14] [15] [16]
Institute of Medicine: To Err is human: Building a safer health system( 2000). The National Academies Press. URL: http://www.nap.edu/books/0309068371/html/ accessed: 27-03-2006. Intercai Telematics Consultants (eds.) Chipcards - applications and opportunities (Enschede: Telematics Research Centre), 1993. H. Oh et al.:What is eHealth (3): A systematic review of published definitions. Journal of Medical Internet Research, 7 (1), e1, 2005. C. Pagliari et al.: What is eHealth (4): A scoping exercise to map the field. Journal of Medical Internet Research, 7 (1), e9, 2005. G. Eysenbach: What is eHealth? J Med Internet Res 2001;3 (2):e20, URL: http://www.jmir.org/2001/2/e20/ - accessed: 27-03-2006. Alliance for Telecommunications Industry Solutions URL: http://www.atis.org/tg2k/_data_protection.html - accessed: 27-03-2006. Blobel B: Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Series “Studies in Health Technology and Informatics” Vol. 89. IOS Press, Amsterdam 2002. P. Ramsaroop, R. Stull, R.J.; Rodrigues, A. Hernandez: Cybercrime, Cyberterrorism, and Cyberwarfare: Critical Issues in Data Protection for Health Services. Information System Technology and Health Services Delivery, Health Services Organization Unit (THS/OS), Pan American Health Organization, Washington, DC, 2003. CEN/ISSS - Information Society Standardization System, eHealth Standardization Focus Group., URL: http://www.cenorm.be/isss - accessed: 27-03-2006. Communications of EC: Challenges for the European Information Society beyond 2005. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions. Commission of the European Communities 2004. URL: europa.eu.int/information_society/eeurope/2005/doc/all_about/ new_chall_en_adopted.pdf - accessed: 27-03-2006. CEN/ISSS eHealth Focus Group: Current and future standardization issues in the eHealth domain: Achieving interoperability. URL: ftp://ftp.cenorm.be/PUBLIC/Reports/eHealth/ - accessed: 27-03-2006. seEurope Smartcard charter, Trailblazer 11 Healthcare Smartcards as Enabling Technology for FutureProof Healthcare. A requirement study. URL: http://www.eeurope-smartcards.org/Download/01-4.pdf - accessed: 27-03-2006. EFMI WG CARDS. URL: http://mirc.gsf.de/wgcards/ - accessed: 27-03-2006. ISO 14443. Identification cards - Contactless integrated circuit(s) cards -Proximity cards. URL: http://www.jayacard.org/14443/ - accessed: 27-03-2006. ISO 15693 Identification cards - Contactless, integrated circuit(s) cards – Vicinity cards. URL: http://en.wikipedia.org/wiki/ISO_15693 - accessed: 27-03-2006. International Telecommunication Union, ITU. URL: http://www.itu.int - accessed: 27-03-2006.
336
C. Hildebrand et al. / BioHealth – The Need for Security and Identity Management Standards
[17] Digital Imaging and Communications in Medicine, DICOM. URL: http://medical.nema.org/ - accessed: 27-03-2006. [18] European Telecommunications Standards Institute. URL: http://www.etsi.org/ - accessed: 27-03-2006. [19] ISO/IEC JTC1 Subcommittee 37. URL:http://isotc.iso.org/livelink/livelink?func=ll&objId=2263033&objAction=browse&sort=name - accessed: 27-03-2006. [20] The European Electronic Signature Standardization Initiative (EESSI) – an Industry Initiative in Support of the European Directive on Electronic Signature. URL: http://www.ictsb.org/EESSI_home.htm - accessed: 27-03-2006. [21] European Commission, Directorate General Justice, Freedom and Security, B-1049 Brussels, Belgium, Office No LX-46 01/43. URL: http://europa.eu.int/comm/justice_home/fsj/privacy/index_en.htm accessed: 27-03-2006.
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
337
Formal Design of Electronic Public Health Records Diego M. LOPEZ 1 and Bernd BLOBEL eHealth Competence Center Regensburg, University of Regensburg Medical Center, Germany Abstract. EHR systems have evolved from management of medical and patient records to the management of comprehensive health records including information about any observed health states e.g., social, economic and environmental conditions; and process such as public health surveillance, health promotion, prevention, education, etc. The paper discusses the analysis and design of Electronic Public Health Records (EPHR) according to the advanced state of knowledge in methodologies, models, techniques and tools for the specification of EPHR systems. A formal component-based architectural approach, based on internationally agreed terminologies, healthcare standards and software engineering de facto standards is presented. Keywords. Computerized Medical Records Systems, Public Health, Software Design, HL7, Rational Unified Process, UML
Introduction For establishing efficient and high quality care of citizens, comprehensive and accurate information about states and processes directly and indirectly related to individual’s health must be provided and managed. The Electronic Health Record (EHR) goes beyond patient's healthcare, recognizing the concept of “health” as a general term implying, social, economic and environmental conditions which influence individual and collective well-being. From the health and medical informatics discipline point of view, the above multidisciplinary nature of EHR has not yet been completely accepted. In this context, the emerging discipline of Public Health Informatics (PHI) comes into scene. PHI recognizes the need for information architecture for Public Health Information Systems (PHIS), and it is driving some efforts in this direction. Currently, both disciplines are evolving separately, but the knowledge generated in the other, should be mutually acknowledged. The specification of EHR differencing the Electronic Healthcare Record (EHCR) -oriented to healthcare systems-, and the Electronic Public Health Record (EPHR) -oriented to public health information systems- is a key for the integration/cooperation between the healthcare (clinical healthcare) and the public health domains. 1
Corresponding Author: Diego M. Lopez., ETSI Telecommunication. Universidade de Vigo. Vigo. Spain, Email: [email protected]. The corresponding author is Ph.D. student affiliated to the University of Vigo and supported by the EU Programme Alban, identification number E03D16197CO” and the University of Cauca under contract number 136 October 2003.
338
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
In the paper, the analysis and design of EPHR according to the advanced state of knowledge in methodologies, models, techniques and tools for the specification of EHCR systems is discussed. The approach is a formal component-based architectural methodology, based on internationally agreed terminologies, healthcare standards and also software engineering de facto standards.
1. Formal Design of EHCR Systems Developing EHCR systems is not a simple task. From the software development team perspective, it requires the acknowledgement of advanced state of knowledge about methodologies, models, techniques and tools from systems analysis, software engineering, information sciences, etc. The software development process involves the participation of not only software developers, but also end-users, analysts, system integrators, project managers, etc., which have different views on the systems and the problem domain. It also requires a wide experience and knowledge about the healthcare “business” and the particularities of the healthcare domain. From the EHCR requirements perspective, advanced EHCR systems have to cope with the challenge of openness, scalability, flexibility, semantic interoperability, portability, distribution at Internet level and conformity with international standards. Furthermore, they have to be trustworthy and driven by the business process. A component-based architecture is the most appropriate means for approaching the specification of EHR systems with the aforementioned requirements. Using component-based architectures provides a number of solutions to the root causes of software development problems [1][2]: 1. 2. 3.
4. 5. 6.
Components facilitate resilient architectures. Modularity enables a clear separation of concerns among elements of a system that are subject to change. Controlling the iterative and incremental development of a system throughout its lifecycle and the different perspectives on the system from the involved stakeholders supports acceptability and usability. Reuse is facilitated by leveraging standardized frameworks (such as COM+, CORBA, and EJB) and commercially available components. Components provide a natural basis for configuration management. Visual modeling tools provide automation for component-based development.
The Generic Component Model (GCM) [2] provides an architectural framework for designing advanced EHR systems, able to integrate EHCR-oriented systems to clinical care systems on one hand and EPHR-oriented systems to public health systems on the other. This abstraction model considers the systems in three dimensions, as shown in figure 1. The first dimension reduces the complexity of really inter-relating domains by separating them. In the figure, the model shows the separation between the healthcare domain and the public health domain, necessary for mutual interoperability and collaboration. The second dimension reduces the structural complexity of systems by decomposing them. As a result, the granularity of the system can be increased from business concepts over relationship networks and basic services/functions up to details such as basic concepts. The third dimension reflects the viewpoints of ISO 10746
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
339
“Information Technology – Open Distributed Processing. Part 2: Reference Model” (RM-ODP) [3]: Enterprise, information, computational, engineering, and technology.
D o m a in s
Figure 1. The Generic Component Model.
2. Approaches on Designing EPHR Only recently, with the emerging of the Public Health Informatics discipline, the need for information architecture for Public Health Information Systems was formally acknowledged. The IMIA National Agenda for Public Health Informatics [4] has recommended the definition of an information architecture that included longitudinal, person-based, integrated data repositories; similar to those defined by current EHR systems but somewhat broader including the requirements for public health activities. In this direction, some related efforts are currently underway: the definition of the public health reporting domain in the HL7 v3 standard, the HL7 Special Interest Group on Public Health and Emergency Response (PHER SIG), and the respective Public Health Data Standards Consortium (PHDSC) Ad Hoc Task Force on Electronic Health Record - Public Health (EHR-PH). 2.1. HL7v3 Public Health Reporting Domain The public health reporting domain information model (PORR_DM100001) is part of the HL7 v3 standard defined in the HL7 version 3 normative edition 2005 [5]. The PORR_DM100001 includes messages and documents that are specifically designed to support reporting and investigation in the public health context. The public health reporting domain is organized in three topics:
340
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
− Individual case safety topic specified in the individual case safety report (ICSR): HL7/ANSI approved standard. − Case investigation topic dealt with through case reporting: HL7/ANSI approved standard. − Structured product labeling topic managed by structured product labeling, release 1: HL7/ANSI approved standard. − Structured product labeling, release 1 implementation guide: HL7 approved informative document. The use of this domain information models (DIM) in the specification of E-PHR systems is illustrated in section 4. 2.2. HL7 Interest Group: Public Health and Emergency Response (PHER SIG) The PHER is an interest group within the HL7 Consortium and pursuits the development of standards for the exchange of population-based health information, concretely messages for public health and emergency preparedness warrants. Specific areas of interest include event detection, outbreak investigation, human and animal population health monitoring, disease/condition case reporting, environmental observations related to health issues, emergency coordination, and legal issues including chain of custody and isolation/quarantine [6]. The PHER is currently in the process of being balloted towards a standard for the public health reporting domain: The investigation request topic (PORR_INVRQO), under the umbrella of the HL7 Patient Care Technical Committee. The investigation request topic covers messaging requests for investigation of exposures and other public health events. It also covers communication of investigation subject demographics, exposure information, and data regarding the specifics of the public health event. 2.3. PHDSC Ad Hoc Task Force on Electronic Health Record-Public Health (EHR-PH) The EHR-PH committee is part of the Public Health Data Standards Consortium [7], a non-for-profit organization founded by a confederation of public health agencies, professional associations, public and private sector organizations and individuals primary in the US, with the overall goal of promote data standards in public health. The purpose of the corresponding task force was to describe and evaluate the public health perspectives on the EHR initiatives, concretely on the HL7 EHR functional model [8]. The task force achieved an across-mapping between the HL7 EHR functions and the well-known core public health functions (assessment, policy and assurance). The crossmapping demonstrated that, at high level of abstraction, the core public health functions are well represented in the HL7 EHR functional model. However, a more granular level of cross-mapping is needed to assure the ability of the model to support public health work and data flows. Some use cases and future projects are suggested in the initiative. Methodological approaches or real E-PHR systems have not been developed, however.
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
341
3. Formalizing the Design of E-PHR A methodological approach for the analysis, design and implementation of E-PHR based on the GCM presented in section 3, is described in figure 2. The E-PHR system is specified according to the RM-ODP viewpoints. For each ODP perspective, a set of models is defined in order to describe, with different levels of granularity, the system’s components. The process of composition and decomposition of components is guided by the Rational Unified Process (RUP) [1]. The models to describe components are defined using models from the Unified Modeling Language UML 2.0 standard [9] and the HL7 Development Framework (HDF) specifications [10].
Figure 2. The proposed modeling process.
The Rational Unified Process is a software development process that provides guidance about the “who”, “what”, “how” and “when” in the context of system’s components. The RUP covers the entire software development lifecycles by the definition of workflows. A workflow is configured by a set of roles (who), activities (how), and artifacts (what) necessary to transform the user requirements into a software system. The unified process identifies six core workflows (technical workflows): Business modeling, requirements, analysis and design, implementation; test, and deployment. To define how the process rolls out over time, the RUP identifies four iterative phases (inception, elaboration, construction, and transition) [1]. Each phase is implemented as a set of workflows where, according to the requirements of the EPHR system to be developed and the software development team involved; the number of iterations, roles, activities and artifacts are configured and extended. In the approach, all technical workflows are used in the different viewpoints but changing the emphasis depending on the viewpoint, the iteration and the phase of the RUP process. The emphasis in the enterprise viewpoint is on the business modeling workflow, both the Information viewpoint and the Computational viewpoint are stressed on the Requirements, Analysis and Design workflows, and the emphasis in the Engineering and Technology viewpoints is on the Implementation, Test and Deployment workflows. System architecture can be represented as a set of artifacts describing the different levels of granularity of the system’s components. The modeling approach in Figure 2 describes the main artifacts to touch each of the RM-ODP viewpoints. UML is used
342
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
because it is the facto standard for the specification, visualization, and documentation of software systems models. In the approach, the UML Class Diagrams, Object Diagrams, Component Diagrams, Package Diagrams, Deployment Diagrams, Use Case Diagrams; Activity Diagrams and Sequence Diagrams are deployed. Furthermore, the composition and decomposition of components is also supported by the models defined in the HDF specification. HDF is an emerging standard proposed by the HL7 Modeling and Methodology Technical Committee. It documents the processes, tools, actors, rules, and artifacts relevant to development of all HL7 standard specifications, not just messaging as its predecessor the Message Development Framework MDF. Our approach re-uses some of the HDF artifacts and HL7 version 3 specifications (RIM, D-MIM, R-MIM, CMET). Some activities and artifacts defined in HDF Chapter 2 (Requirements Gathering and Analysis) and HDF Chapter 3 (Modeling Analysis and Harmonization) will be used as reference for the design of the Static Domain Model, the Dynamic Domain Model and the Glossary in the Enterprise viewpoint. Furthermore, those activities and artifacts are used as reference for the design of the Models of static and views Models of dynamic views in the Information and Computational viewpoints as shown in Figure 2.
4. A Use Case in Public Health Surveillance In this section, the specification of an EPHR system is illustrated by the development of a scenario in public health: the reporting of measles diseases. Measles accounts as one of most infectious diseases and one of the principal causes of Infant Mortality in developing countries. The requirements for this scenario are elicited from the WHO recommended standard for measles surveillance [11] and the Surveillance Program for communicable diseases (SIVIGILA) in Colombia [12]. The main models and artifacts in the Enterprise Viewpoint are detailed below. 4.1. Models in the Enterprise Viewpoint The RM-ODP Enterprise Viewpoint offers a perspective on the EPHR system and its environment, describing the system’s purpose, scope and policies. In terms of the RUP workflows, it constitutes a Business Modeling process where the processes of the public health organization in charge of the reporting of measles diseases are modeled. 4.1.1. Scope Definition The reporting of measles events flows through three main levels in a National health system: The local, regional (states or provinces) and national level (Federal level). Considering that the information flows are quite similar, the scenario is centered on the first one: •
The reporting from the Local Public Health Authorities to the Regional Health Authorities
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
343
4.1.2. Business Uses Cases Figure 3 shows the high-level use cases for the selected scenario. The use cases Receive Case and Deliver Report are described below.
Measles Reporting Receive Case
Healthcare Provider
Deliver Report
Regional Public Health Authority
Figure 3. High-Level Use Cases.
Use Case: Receive Case Actor: Healthcare Provider Description: This use case is initiated by an actor Healthcare Provider. The healthcare provider (hospital, clinic, health centre, health post, etc) in a district (city, county, municipality or town) sends to the Local Public Health Authority an aggregated report of clinical cases of measles in its institution. The reporting is achieved on monthly bases and the deadlines and reporting forms are defined in advance by the Local/Regional/National Public Health Authorities. Use Case: Deliver Report Involved actors: Regional Public Health Authority Description: This use case is initiated by a Report Receiver. The Local Public Health Authority sends, monthly and after to a fixed deadline, a consolidated report of measles cases in its locality to the Regional Public Health Authority. The report contains aggregated data of number of cases during the last month. 4.1.3. Dynamic Domain Model The Dynamic Domain Model visualizes the dynamic aspects of the business process that the E-PHR system supports. UML 2.0 activity diagrams are typically used for business process modeling. Figure 4 describes the activity diagram for the use case Deliver Report. In the diagram, the flow of activities and objects involved in the process of request, generate and send a consolidated measles report is detailed. An analogous Activity diagram is designed for the use case Receive Case.
344
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
Request report
[Consolidated cases Report ]
Vaccine coverage report
[completeness/timeless report ]
[Incidence rate report ]
Request consolidate data to vaccination program Montly before the deadline
Request demographic data
Consolidate cases data
Consolidate data Calculate incidence rate
Generate Report
Generate vaccine coverage report
Consolidate data
Generate completeness/ timeless report
Send Report to the Report receiver
Receive confirmation
Figure 4. Activity Diagram for Use Case Receive Case.
4.1.4. Static Domain Model The purpose of the Static Domain Model is to identify the key concepts in the domain. According to the Business Modeling workflow, it corresponds to the Business Object Model and is normally represented as a UML Class Diagram. The UML Class Diagram could be designed in a simpler way, based on the objects identified on the Activity diagram and the entities from the Uses Cases descriptions. However, in the example, the enterprise concepts are harmonized with the classes (concepts) defined in the HL7 information models (D-MIM, R-MIM and CMET). This process is adapted from the HL7 normalization process proposed in HDF Chapter 3 (Modeling Analysis and Harmonization). The advantage of this earlier HL7 harmonization process is the facilitation of subsequent semantic interoperability. The process is developed as described in the following.
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
345
4.1.4.1. Initial identification of the domain concepts Domain concepts are initially identified from the use cases, actors’ descriptions and the activity diagrams. Afterwards, the domain concepts are classified according to the RIM core classes (act, entity and role) in order to facilitate the further mapping to HL7 classes. The classification of the main concepts identified in the measles scenario is shown in table 1. Table 1. Main concepts identified in the Measles scenario Identified Domain Concepts
Act
Entity
Role
Health Care Provider
x
Local Public Health Authority
x
Regional Public Health Authority
x
Locality Receive Report
x x
Clinician
x
District Reporting to the Local Public Health Authority Generate Report
x x x
4.1.4.2. Identification of Reusable HL7 Specifications The second step in the process of harmonizing the Domain Information Models (DIM) is to identify the HL7 information models which better describe the domain under specification. The HL7 information models are identified by comparing the system’s scope with those ones defined in the HL7 Standard specifications. The reusable HL7 information models to re-use are D-MIM, R-MIM and CMET. The HL7 domain that better matches the scope of the Measles Reporting system is the Public Health Reporting Domain Information Model (PORR_DM100001), defined in the HL7 Version 3 normative edition 2005 [5]. The topic within the domain that best fits the E-PHR systems scope is the Case Investigation Topic (Case Reporting – HL7/ANSI approved standard). 4.1.4.3. Specialization of HL7 models The selected case notification topic defines R-MIM: the Notifiable Condition Report RMIM (PORR_RM100001UV01). That R-MIM captures the information needed to support case reporting between different jurisdictional levels within the public health system. The last step in the harmonization process is the specialization (cloning) of classes from this R-MIM. For the sake of specialization, a cross-reference is created between the domain concepts in the scenario and the R-MIM. Each domain concept (based on the initial classification in Table 1) is matched against the R-MIM model elements. Candidate elements from the R-MIM model may include classes, attributes, relationships, datatype, datatype property, vocabulary domain, value set, or coded terms. Cross-reference MS Excel spreadsheets as proposed in HDF Chapter 3 are used.
346
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
The Domain Information Model is finally designed and refined using HL7 tooling set (R-MIM Designer). The R-MIM Designer allows to specialize (clone) the Notifiable Condition Report RMIM and to generate a Visio Model for the scenario. The resulting Domain Information Model for the reporting of measles diseases scenario is shown in figure 5. 4.1.5. Glossary The glossary is obtained from the HL7 vocabulary defined in the RMIM (PORR_RM100001UV01). To facilitate this task, the HL7 v3 standard documentation provides a navigable HTML documentation hyper-linked to the graphic representation of the HL7 models. The HL7 compliant vocabulary should facilitate the use of other HL7 models and further semantic interoperability.
5. Discussion and Conclusions Designing EHR systems is a complex process that requires an extensive knowledge about the health domain but also about Information and Communication Technologies, essential to address the eHealth systems requirements of openness, scalability, flexibility, semantic interoperability, portability, distribution at Internet level and compliance of international standards A methodological approach for the analysis, design and implementation of EPHR has been shown. The design model uses the Generic Component Model as architectural framework, by differentiating the domain of the EPHR systems from the health Care domain; and abstracting their components according the RM-ODP viewpoints. For each ODP perspective, a set of models are defined in order to describe, with different levels of granularity, the system’s components. The process of composition and decomposition of components is guided by the Rational Unified Process and the models to describe those components are defined using models from the Unified Modeling Language UML 2.0 standard and the HL7 Development Framework specifications. Information Architectures for public health Information Systems are also discussed. A critical need for the definition of information architectures and methodological approaches – similar to those defined by current EHR systems but somewhat broader including the requirements for public health activities – is identified.
InvestigatedEntity
CaseReport
InvestigatedPerson
(PORR_RM100001)
This message is used for the reporting of Measles diseases on the part of public health authorites and involved healthcare providers and BT response teams.
InvestigatedPlace classCode*: <= PLC determinerCode*: <= INSTANCE id: code: CV CWE name: EN [0..1] addr: directionsText: positionText: gpsText:
InfomationSystem classCode*: <= DEV determinerCode*: <= INSTANCE code: CE CWE [0..1] <= SYSTM telecom: BAG [0..*] softwareName: SC CWE [0..1] <= SoftwareName lastCalibrationTime: TS [0..1] 0..1 maintainedInfomationSystem
MeaslesInvestigation classCode *: <= ACT moodCode*: <= EVN id*: SET [1..*] code*: CE CWE [1..1] text: ST [0..1] statusCode: CS CNE [0..1] effectiveTime: IVL [1..1]
0..1 identifiedInvestigatedInvestigatedEntity
IdentifierIssuer classCode *: <= ORG determinerCode *: <= INSTANCE id: name: EN [0..1] 0..1 assigningIdentifierIssuer
MaintainedEntity
0..* asMaintainedEntity
0..* assignedRegionalAuthority
authorOrPerformer
AssignedRegionalAuthority classCode*: <= ASSIGNED
Place
typeCode*: <= x_ParticipationAuthorPerformer time:
classCode *: <= PLC determinerCode *: <= INSTANCE code*: <= EntityCode name*: TN [0..1] 0..1 territory
StatementSubject 0..* caseRelatedStatement
IdentifiedEntity classCode*: <= IDENT
component
0..* identifiedEntity
CaseRelatedStatement
recordTarget typeCode *: <= RCT contextControlCode: <= ContextControl
0..1 roleName
ManufacturedMaterial
CMET: (SPEC) R_Specimen [minimal]
classCode *: <= MMAT (COCT_MT080100) determinerCode *: <= INSTANCE id: code: <= EntityCode quantity: 0..1 manufacturedMaterial desc: existenceTime: formCode: <= MaterialForm lotNumberText: ManufacturedProduct expirationTime: classCode *: <= MANU
0..* statementSubject
subject typeCode*: <= SBJ functionCode: CV CWE time:
ClinicalObservation
typeCode*: <= COMP contextControlCode: <= ContextControl contextConductionInd:
consumable
(COCT_MT090002)
classCode *: <= ORG 0..1 scopingAssociatedOrganization determinerCode *: <= INSTANCE id: II [0..1] code: <= EntityCode locationRole 0..*0..* locationRole name: ON [0..1] LocationRole location addr: AD [0..1] classCode*: <= ROL typeCode*: <= LOC id*: code: <= RoleCode addr: AD [0..1] 0..* asLocationRole
typeCode*: <= PERT 1..1 measlesInvestigation
AssociatedPlace classCode*: <= PLC determinerCode *: <= INSTANCE code: <= EntityCode name: TN [0..1]
classCode *: <= SBADM moodCode*: <= x_ActMoodIntentEvent id: SET [0..*] code*: CE CWE [1..1] text: ST [0..1] statusCode*: CS CNE [0..1] <= ActStatus effectiveTime: GTS [0..1] repeatNumber: IVL [0..1] reasonCode: SET CWE [0..*] <= ActReason routeCode: CE CWE [0..1] doseQuantity: PQ [0..1]
Encounter
0..* caseRelatedStatement 0..1 playingAssociatedPlace
classCode *: <= ENC moodCode*: <= EVN statusCode*: <= ActStatus activityTime: IVL [1..1]
sourceOf typeCode*: <= ActRelationshipType contextControlCode: <= ContextControl contextConductionInd: sequenceNumber:
classCode *: <= TERR 0..* territorialAuthority
0..* assignedRegionalAuthority 0..* measlesReport
pertinentInformation / pertainsTo
VaccineAdministration
typeCode*: <= CSM 0..* assignedEntity CMET: (ASSIGNED) authorOrPerformer R_AssignedEntity typeCode *: <= x_ParticipationAuthorPerformer [identified/confirmable]
0..1 scopedRo leName
TerritorialAuthority
Note: Assigned Authority is author and receiver at the same time. Author when reporting from the local to the regional level Receiver when receiving from the local level
classCode *: <= OBS moodCode*: <= x_ActMoodIntentEvent id: SET [0..*] code*: CE CWE [1..1] text: ST [0..1] statusCode*: CS CNE [0..1] <= ActStatus effectiveTime: IVL [0..1] activityTime: IVL [0..1] repeatNumber: IVL [0..1] value: ANY [0..1] interpretationCode: CE CWE [0..1] methodCode: CE CWE [0..1] targetSiteCode: CE CWE [0..1] <= ActSite
0..* manufacturedProduct
AssociatedOrganization
0..* maintainedEntity
classCode *: <= MNT
typeCode*: <= RCV classCode *: <= DOC 0..* measlesReport moodCode*: <= EVN 0..* assignedRegionalAuthority id: SET [0..*] author / origination title: ED [0..1] completionCode: CE CWE [0..1] <= DocumentCompletion typeCode*: <= AUT 0..* measlesReport storageCode: CE CWE [0..1] <= DocumentStorage
trigger typeCode*: <= TRIG contextControlCode: <= ContextControl contextConductionInd:
PrimaryCaseNotification 1..* publicHealthCaseMeasles
PublicHealthCaseMea sles
classCode *: <= CASE moodCode*: <= EVN code: CE CWE [0..1] <= ActCode text: ED [0..1] typeCode*: <= PERT contextControlCode: <= ContextControl effectiveTime: IVL [0..1] detectionMethodCode: CE contextConductionInd: CWE [0..1] <= CaseDetectionMethod transmissionModeCode: CE CWE [0..1] <= CaseTransmissionMode diseaseImportedCode: CE CWE [0..1] <= CaseDiseaseImported
receiver / receiverOf
MeaslesReport
0..* caseRelatedStatement
classCode*: <= OBS moodCode*: <= EVN id*: II [1..1] code*: CE CWE [1..1] title: ST text: statusCode: <= ActStatus effectiveTime: IVL
0..1 maintainingScopingOrganization
ScopingOrganization classCode *: <= ORG 0..1 representedScopingOrganization determinerCode *: <= INSTANCE code*: <= EntityCode name*: ON [0..1] addr: AD [0..1]
Investigator
0..* assignedRegionalAuthority 0..1 assignedInvestigator
receiver / receiverOf1 typeCode*: <= RCV 0..* primaryCaseNotification
classCode *: <= PSN determinerCode *: <= INSTANCE id: name: PN [0..1]
Organization
pertinentInformation2
0..* primaryCaseNotification
pertinentInformation1 typeCode*: <= PERT contextControlCode: <= ContextControl contextConductionInd:
Person
0..1 assignedEntity
author typeCode *: <= AUT contextControlCode: <= ContextControl
0..1 scopedRoleNa me
CMET: (ASSIGNED) R_AssignedEntity [identified/confirmable] (COCT_MT090002)
classCode *: <= ORG determinerCode *: <= INSTANCE code*: <= EntityCode name*: ON [0..1] addr: AD [0..1]
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
classCode *: <= PSN determinerCode *: <= INSTANCE id: name: telecom: administrativeGenderCode*: [1..1] <= AdministrativeGender birthTime*: [1..1] deceasedInd: deceasedTime: addr*: [1..*] maritalStatusCode: <= MaritalStatus educationLevelCode: <= EducationLevel raceCode*: [1..*] <= Race ethnicGroupCode*: [1..*] <= Ethnicity
Figure 5. Domain Information Model for the reporting of measles diseases scenario.
347
348
D.M. Lopez and B. Blobel / Formal Design of Electronic Public Health Records
Acknowledgments The authors are in debt to their colleagues from HL7, ISO TC 215, CEN TC 251, and OMG/CORBA for kind co-operation.
References [1] [2]
Kruchten P. “The Rational Unified Process. An Introduction”. Second Edition. Addison Wesley. 2000. Blobel B. Analysis, design and implementation of secure and interoperable distributed health information systems. Stud Health Technol Inform. 2002;89:1-329 [3] ITU-T Recommendation X.902 | ISO/IEC IS 10746-2, Information technology - Open Distributed Processing –Reference Model: Foundations, 1996. [4] Yasnoff WA, Overhage JM, Humphreys BL, LaVenture M. A national agenda for public health informatics: summarized recommendations from the 2001 AMIA Spring Congress. J Am Med Inform Assoc. 2001 Nov-Dec;8(6):535-45. [5] HL7, Inc.: HL7 Version 3. Interoperability standards. Normative edition 2005. [6] HL7, Inc.: Public Health and Emergency Response Special Interest Group. http://www.hl7.org/Special/ committees/pher/ [7] The Public Health Data Standards Consortium, Inc. http://phdatastandards.info/ [8] HL7, Inc.: HL7 Electronic Health Record (EHR) Technical Committee. http://www.hl7.org/ehr [9] Object Management Group, Inc.: UML 2.0 Specification. http://www.uml.org [10] HL7, Inc.: HL7 Development Framework. http://www.hl7.org [11] WHO recommended surveillance standards. Geneva, World Health Organization, 1999 (Document WHO7EMC7DIS7/97.1) [12] Ministerio de la Protección Social. Decreto 6 de 1999 por el cual se reglamenta el Sistema de Vigilancia en Salud Publica en Colombia. República de Colombia, Bogotá. Last Acceded. January 2005. http://www.disaster-info.net/desplazados/documentos/sdsvalle/Capitulo3_2.htm
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
349
Specific Interoperability Problems of Security Infrastructure Services Peter PHAROW 1 and Bernd BLOBEL eHealth Competence Center, University of Regensburg Medical Center, Germany Abstract. Communication and co-operation in healthcare and welfare require a well-defined set of security services based on a standards-based interoperable security infrastructure and provided by a Trusted Third Party. Generally, the services describe status and relation of communicating principals, corresponding keys and attributes, and the access rights to both applications and data. Legal, social, behavioral and ethical requirements demand securely stored patient information and well-established access tools and tokens. Electronic signatures as means for securing integrity of messages and files, certified time stamps and time signatures are important for accessing and storing data in Electronic Health Record Systems. The key for all these services is a secure and reliable procedure for authentication (identification and verification). While mentioning technical problems (e.g. lifetime of the storage devices, migration of retrieval and presentation software), this paper aims at identifying harmonization and interoperability requirements of securing data items, files, messages, sets of archived items or documents, and life-long Electronic Health Records based on a secure certificate-based identification. It’s commonly known that just relying on existing and emerging security standards does not necessarily guarantee interoperability of different security infrastructure approaches. So certificate separation can be a key to modern interoperable security infrastructure services. Keywords. Security Infrastructure, Security Services, Security Mechanisms, Cards, Certificates, Interoperability, Harmonization, Standardization
Introduction An inevitable prerequisite for high quality and efficient care in the 21st century is welldeveloped and established job sharing as well as extended communication and cooperation between all partners within the healthcare and welfare domain – medical and non-medical ones. This healthcare system paradigm is generally called the “Shared Care” principle. Communication and collaboration relationship has to be provided in a trustworthy and secure way based on an established infrastructure. Security is therefore important, but it is just one of the aspects all modern information systems need to deal with. Others are quality, safety, and privacy. A more detailed description of security concepts, services, mechanisms, algorithms, and data items as well as their dependencies will be given in section 1 and figure 1 below. Trustworthiness and reliability is closely related to concepts, communication security and application security. 1
Corresponding Author: Peter Pharow, University of Regensburg Medical Center, eHealth Competence Center, Franz-Josef-Strauß-Allee 11, 93053 Regensburg, DE. Email: [email protected].
350
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
This paper intends to specifically deal with certain basic requirements for security infrastructures, the different security services provided on top, electronic signatures and qualified time stamps for integrity, accountability, traceability, and auditability reasons in terms of data storage, standardized infrastructure elements, harmonization between different infrastructures, and interoperability problems that occur despite of existing and emerging standards issued by ISO TC 251, CEN TC 251, and ETSI just to name a few of them. A more detailed description of the mentioned security categories as well as related – and partly implemented – standards and solutions can be found in [1, 2].
1. General Security Infrastructure Services Communication security generally addresses strong mutual authentication procedures (identification and verification) of communicating principals and integrity of messages exchanged. Interoperability in identity and role management plays a major role hereby. But it also addresses confidentiality of the content of these messages and availability of information communicated as well as accountability of principals (including nonrepudiation services) for both data and actions provided. Eventually, different notary’s services will be tackled. Application security services concern specific authorization of principals accessing the system, integrity of data within databases, Electronic Health Record Systems or electronic archives and confidentiality of stored data. This set of security services also concerns the availability of information recorded, stored, and processed, and accountability of principals (including non-repudiation services and auditability) acting within the system. Several notaries’ services are also part of application security as a whole (see figure 1). security
quality
communication security
identification
authentication
integrity
confidentiality
accountability
non-repudiation
notary’s functions
availability
services
concepts
safety
application security
authorisation
access control
confidentiality
audit
accountability
non-repudiation
notary’s functions
availability
access control
fire protection
DES
IDEA
RSA
DSA
SHA-1
MD5
...
ELGAMAL
data
keys
certificates
mechanisms
...
multiple comp.
algorithms
encryption
hashing
data
digital signature
accuracy digital signature
hashing
key recovery
key escrowing
encryption
multiple comp.
...
DES
IDEA
RSA
DSA
SHA-1
MD5
...
ELGAMAL
data
keys
certificates
fire protection
Figure 1. Concept-Service-Mechanism-Algorithm-Data Dependencies (after [2])
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
351
The majority of security services nowadays is based on a Public Key Infrastructure using asymmetric cryptographic algorithms (e.g. the well-known RSA and DSA algorithms as well as emerging algorithms based on elliptic curves) [1, 3]. In that particular context, a Trusted Third Party is needed to assure correctness and validity of statements about communication status and relation of the involved principals. Such assurance is normally provided via certificates and certificate revocation lists issued by the Trusted Third Party, and is of rather static nature. Certificates themselves can generally be grouped into Public Key Certificates including an asymmetric key, and key-less Attribute Certificates. The different structure and meaning of the certificate types as well as the reliable (and liable) linkage between them is a source of interoperability concerns and problems as shown later on. Information exchange and related processes in the context of harmonization and interoperability in the healthcare and welfare domain are often highly dynamic. There is a strong need for categorizing the (informational) workflow. Among others, this includes the informational context, the role of the principal, the identification of information and messages as well as the time and partly also the location of the informational process. Such “information about information” is very important especially in scenarios enabling shared care interoperability, privilege management, authorization, and access control. Additionally, the secure audit trail of correct management and use of information needs to be provided. In order to be able to support a high quality logging time stamping is necessary. All information transactions need to have a qualified time stamp [4].
2. Security Infrastructure Authentication Service A secure authentication procedure consisting of an identification step (“who is this person”) followed by the verification step (“is this person the one he or she claims to be”) is the obvious basis for all other security services like accountability, confidentiality, authenticity, etc. (see figure 2).
Legal & E thic al F ram ewor k
P olic y
P olic y C ounc il
A c c ess C ontrol Rules
Infor mation
S y stem Ad ministra tor
P r ivileges
A c c ess C ontrol
TTP
A uthentic ation
P atient C onsent A udit
Inform ation A c c ess
Figure 2. Complex Structure of Security Services
User
352
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
Legal and technical interoperability for “managing” identities is a major challenge in securely accessing and exchanging information between different organizations, regions and countries. It’s more or less the management of identity-related roles and privileges as the pure identity of a human being can’t be managed; it’s exiting. The technical identity management based on, e.g., Public Key Certificates with their rather stable structure and a life-time of about 5 years or even more is rather simple if based on existing standards like X.509 version 3 [5, 6]. In case the identityrelated information in a certificate is accompanied by a more dynamic type of information, e.g. authorization information, roles, and access rights, it’s a more demanding challenge. In case identity-related information can be separated from access-related one, it might be possible to overcome several harmonization and interoperability problems by sticking back to a basic level of interoperability, as far as internationally exchangeable identity information items are concerned, and leave the challenging part of the authorization up to local and regional authorities. In the following, this approach shall be explained in more detail. A Public Key Certificate can be considered like a passport – it identifies the certificate holder, tends to last for a rather long time, and should not be trivial to obtain. An Attribute Certificate, on the other hand, is more like an entry visa – it is typically issued by a different authority and does not necessarily last for a long time [7]. As acquiring an entry visa normally requires presenting a valid passport, getting a visa itself can be a simpler process. In other words, an Attribute Certificate is normally not valid without an internationally verifiable, secure, liable, and reliable linkage to the respective Public Key Certificate. An Attribute Certificate certifies that a particular user as specified by a Distinguished Name possesses a value for a given attribute. The Attribute Certificate issuer signs the certificate and posts it to designated Web or LDAP servers [8]. Typically, an Attribute Certificate contains the Distinguished Name of the user, a named attribute and its value, and one (or more) optional condition(s) controlling the attribute validity. Attribute Certificates themselves may be used in a wide range of applications and environments covering a broad spectrum of harmonization and interoperability goals and an even broader spectrum of operational and assurance requirements. The goal of using Attribute Certificates is to establish a common baseline for generic applications requiring broad interoperability as well as limited special purpose requirements. The paper places emphasis on certificate separation support for achieving interoperability of security infrastructure services and applications. Of course, authorization information may be placed in a Public Key Certificate (standard) extension as well. The placement of this type of information in such a certificate is usually undesirable for at least two reasons. First of all, authorization and access right information often does not have the same life-time as the binding of the person, the identity and the public key themselves. When authorization information is placed in a Public Key Certificate extension, the general result is both the shortening of the Public Key Certificate useful life-time and the lack of interoperability as authorization parameters vary from application to application, from organization to organization, and from country to country. Second, the issuer of a Public Key Certificate is not usually authoritative for the type of information needed for authorization. This results in additional steps for the Public Key Certificate issuer to obtain authorization information from the authoritative source.
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
353
3. The Need for Certificates in General Initially, both Public Key Certificates and Attribute Certificates are needed for a Public Key Infrastructure. As explained, there are several reasons for a need of different certificates, especially with regard to the separation of public keys as well as userrelated static information on the one hand and attributes for authorizations, roles, privileges, and qualifications on the other. Different kinds of certificates can help overcoming the typical interoperability problems when information needs to reliably cross regional, national or even domain borders.
User Identification
User
User Authentication
TTP
User Identifier
Figure 3. User Authentication Service
3.1. The Need for Public Key Certificates In most cases, cryptographic mechanisms like ciphers, digital signatures, and authentication protocols are realized by Public Key Crypto Systems [5, 8]. In comparison to (typically symmetric) Secret Key Crypto Systems, the (typically asymmetric) Public Key Crypto Systems are based on the use of key pairs, whereby each key pair consists of a private key and a public key that is corresponding to the private one. Each user of a Public Key Crypto System owns several key pairs as it is recommended that different cryptographic mechanisms are supported by different asymmetric key pairs (at least three pairs). Given a public key, it is computationally infeasible to find the corresponding private key. Accordingly, each private key must strictly be kept secret by its owner, and the corresponding public key is usually published. The use of Public Key Crypto Systems may raise the following problems: x
x
With respect to ciphers: The public key of the recipient is used for the encryption of either the plain text or the symmetric key in a hybrid algorithm. In neither care, it can be ascertained whether or not the public key actually belongs to the designated entity. With respect to digital signatures and signature-based authentication protocols: The public key of the signer is needed for the verification process. By the use of the public key it can be checked whether the signature to particular data was generated by the corresponding private key or not. Thus, the authenticity of data can be proven. However, it is not provable whether or not a certain entity owns the public key.
354
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
Obviously, an authentic link between public keys and its owner is needed. Such a link is provided by Public Key Certificates. Since each public key corresponds to a particular private key, a binding of the private key to its owner is given indirectly. By the use of certificates, a lot of attacks fail like the man-in-the-middle attack, replay attack, masquerade, repudiation, spoofing, and Trojan horses. Since 1986, different versions of Public Key Certificates specified in ASN.1 notation have been defined and even standardized [3, 5, 8]. During the past, the practice has shown the need for additional granularity of the specification of certificates. Today, the current version v.3 of X.509 certificates allows to use a lot of extensions, where some of them can be used for propriety purposes, e.g. for defining attributes of an entity like roles, rights or authorizations. The disadvantage of these degrees of freedom leads to incompatibilities with respect to private extension fields. For example, usually distinctive applications do not recognize the meaning of extensions in each case. If the extensions are marked to be non-critical, the application ignores them. Otherwise they are set to critical, and therefore, the verification must fail. However, in any case the extensions get useless. Additionally, in some circumstances there is a need to sign these extensions separately. Attribute Certificates can alleviate all these problems. 3.2. The Need for Attribute Certificates In specific situations it is necessary to separate attributes, which are designated to an entity, from their Public Key Certificate. A certificate containing such attributes is called Attribute Certificate. An Attribute Certificate does not exist autonomously – it is rather bound to its base certificate, the Public Key Certificate of the entity. Particularly, its validity period must be within the validity period of the Public Key Certificate but typically it can also be valid for a short term only. With respect to applications, an entity may possess different Attribute Certificates related to different validity intervals or even different purposes. Public Key Certificates and Attribute Certificates are linked together either by the serial number of the Public Key Certificate or by the Distinguished Name of the certificate holder, which represents the dedicated entity. After a successful verification process of the certificate, attributes are extracted and handed over to the application, which uses them e.g. for authorization purposes. Exemplarily, attributes describe some of the following characteristics: general authorizations, international or national specific data, delegations for other persons like kinds of permissions and admissions, temporary rights and access control mechanisms, and, to certain extend also structural and functional roles [3, 9, 10]. Attribute Certificates are specified in a first version v1 [8]. Because of the standardized specification, Attribute Certificates are appropriated to support interoperability just as good as Public Key Certificates do. They are structured similar to Public Key Certificates and are typically also noted in ASN.1. Due to the different purposes of the attributes, Attribute Certificates are often specified in more detail and also named more precisely, e.g. Attribute Certificates for qualifications, specialties, roles, and attribute certificates for authorizations and privileges. 3.3. How to Bind Attributes and Identities An Attribute Certificate may be used with various security services, including access control, data origin authentication, and non-repudiation. For these and other reasons, it
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
355
is recommended to separate authorization information from Public Key Certificate. Yet, authorization information also needs to be bound to an identity. The procedure of linking both certificate types can be manifold. On the one hand, authorization and role information provides this binding simply being a set of respective attributes digitally signed (or certified) within the document – as part of a document. On the other hand, the Attribute Certificate itself, signed by an authority, can be stored as part of the signed electronic document. As mentioned before, Public Key Certificates can provide an identity to access control decision functions. However, in many contexts the identity is not the criterion that is used for access control decisions, rather the role or a group membership of the accessor is the criterion used. Such access control schemes are called role-based access control [9]. When making an access control decision based on an Attribute Certificate, an access control decision function may need to ensure that the appropriate Attribute Certificate holder is the entity that has requested access. One way in which the linkage between the request or identity and the Attribute Certificate can be achieved is the inclusion of a reference to a Public Key Certificate within the Attribute Certificate and the use of the private key corresponding to the Public Key Certificate for authentication within the access request (see above). 3.4. Summary of Reasons for Certificate Separation With regard to applications in healthcare, main reasons have been shown why different certificates shall exist. Particularly, the reasons for the separation into Public Key Certificates and Attribute Certificates have been described already. Considering Public Key Certificates, for security reasons each security measure must apply an individual key pair. If only one single key pair is used, the following attacks may succeed. If the same key pair is used for both security measures, digital signatures and digital signature based authentication protocols, signing a challenge within the authentication protocol is similar to the generation of a signature to specific data within the digital signature scheme. Assuming the RSA scheme [5] is used for security measures, digital signatures and ciphers; the decryption of a specific data is similar to the generation of a signature to these data. Therefore, different key pairs must exist, whereby each key pair is applied to a single security measure. Due to that, different Public Key Certificates have to be generated with each certificate containing a different public key dedicated to a corresponding private key. Furthermore, a security measure might also be supported by different key pairs or even algorithms. That also increases the number of Public Key Certificates. With respect to those three security measures mentioned above, at least three different key pairs and therefore, at least three different Public Key Certificates are needed. Regarding Attribute Certificates, an entity may use distinctive applications for different purposes, even in a business or private context. Here, the entity must usually prove in an authentic manner that it possesses specific attributes e.g. the right to perform particular actions. Furthermore, an entity may decide to have -assuming it has the permission to do so- the opportunity to choose which Attribute Certificate it wants to apply in specific circumstances, by that way deciding upon specific roles to be played in the respective circumstances. Due to that all and similar to Public Key Certificates, the number of different Attribute Certificates related to a single entity might be rather large. Concerning the
356
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
management of certificates in general, different trustworthy authorities like Trusted Third Parties are needed for distinctive purposes. Each Trusted Third Party operates under its own security policy. A security policy regulates for example the identification process of an entity, the generation of keys, the generation and distribution of certificates, the validity interval of certificates, and also how to ensure the availability of the services. More precisely, a key generating authority generates key pairs and a certification authority authenticates the link of entities to their designated data like public keys or attributes by issuing certificates. Other parts of a Trusted Third Party provide and support further security services like non-repudiation, revocation handling, time stamping, auditing, and directory service. To establish proper and practical security infrastructures for Public Key Certificates and Attribute Certificates, some important topics concerning practical, legal and validity aspects have to be taken into account. These topics indirectly contribute reasons for the separation of certificates and have additionally encouraged different projects to decide for splitting. Initially, existing bindings between institutions and also individuals, particularly established trustworthy ones, should be exploited. Therefore, these entities should be involved into the security infrastructure. Due to that, the issuer of different kinds of certificates can be in compliance to existing connections, functions, responsibilities, and also liabilities and even legal requirements. Consequently, this leads to the existence of various registration, naming and certification authorities, which are operating under different security policies. Unfortunately, usually their policies do not match. Nevertheless, different authorities can interoperate if they accept each other’s security policy (in terms of a Bridge Certification Authority). Exemplarily, the registration process of entities can be performed by a single appropriated authority if its security policy concerning the registration is accepted by all authorities that need such a registration for entities. Commonly, the validity periods of public keys and attributes are also different. Especially the validity of public keys might strictly be regulated by law. Furthermore, certification paths, certification hierarchies, availability of the directory services, revocation reasons, and particularly the revocation methods may have different requirements. Due to that, it is possible to derive important reasons for separating Public Key Certificates from Attribute Certificates.
4. Electronic Signatures and Time Signatures An electronic (more specifically a digital) signature allows ensuring integrity, authenticity and accountability of information whereas encipherment (encryption) of data is foreseen to ensure the confidentiality of information. The combination of both services eventually allows ensuring data security, safety, and privacy for all involved principals including patient and health professional (see figure 4). This is an important security aspect not only for the healthcare and welfare domain. An electronic signature simply means data in an electronic form that is attached to, or logically associated with, other electronic data in a unique way being able to serve as a method of authentication. A qualified electronic signature is uniquely linked to a signatory and is capable of identifying that signatory. It needs to be created using means the signatory can maintain under his sole control, e.g. a secure signature creation device and a security token. The qualified electronic signature is always linked to the
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
357
data so that any subsequent change of data is detectable. This specific feature of electronic signatures has both a technical and a legal meaning [5]. Sender signs checksum with his private key
Sender signs
Sender Recipient
Hash Function
Checksum
Signature Plain Text
Plain Text
Digital Signature
Recipient checks
Recipient decodes signature with sender's public key
Sender Checksum
Recipient Signature Plain Text
For equivalence Checksum Hash Function
Checked Plain Text
Figure 4. General Description of Digital Signature Creation and Verification
Cryptographic algorithms – any type of them including symmetric and asymmetric ones – periodically face a specific problem: their validity or at least their strength related to their parameters (e.g. algorithm, key length) might weaken or even “technically” expire. This would require the application of new algorithms. With regard to both signature and existing hash algorithms, the life time of signatures is normally restricted to a 5 years interval in most of the respective application areas [4]. This restriction is not related to the validity of the cryptographic algorithm itself but rather to its current key length and to the fast development of new methods of attack. Before the expiration date of a signature linked to data items, files, or messages this content needs to be signed again in order to ensure the required level of security. This can be done by re-signing the data. Another method to extend the life time of the document’s integrity is adding a second hash value to the document calculated by a different hash algorithm. A time stamp is a data field in which is recorded (typically with a resolution of 1 millisecond) the cumulative variable queuing delay experienced by a packet in traversing the network. With respect to a recorded network event, a time stamp is also considered a data field in which is recorded the time (time of day or other instant of elapsed time) at which the respective event took place. A time signature is consequently a time stamp with a qualified electronic (digital) signature attached. The time stamp provider signs its time stamp electronically by that way increasing the level of its trustworthiness. In figure 5, the (still unsigned and unstamped) document needs to be time stamped for reasons of, e.g., storing it in an electronic archive. A hash value will be calculated using a reliable hash algorithm like, e.g., SHA-1 or RipeMD-160. The time stamp is then attached to the respective hash value, and signed by the time stamp provider. The resulting “wrapped” document consists of the document content (text), the hash value and the signed time stamp – the time signature.
358
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
Hash with Current Time
Document Hash Value MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003
Time Stamp Service
&&$$§§Ac7/9?=#:,Gh >
&&$$§§Ac7/9?=#:,Gh >
2003-05-06, 09:00:01
MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003 MIE2003
Timestamped Document Figure 5. Creation of a Qualified Digital Time Signature
All aforementioned aspects of electronic (digital) signatures, time stamps, and qualified time signatures require a specific security policy. This policy needs to incorporate several aspects including awareness and confidence. Without such a security policy, implemented solutions are “just” a simple piece of technology. The security infrastructure services described above all rely on a secure and trustworthy authentication. Strong mutual authentication procedures themselves rely on cryptographic algorithms, and these rely on keys stored in certificates. So certificate handling is one of the basic requirements of a security infrastructure. Interoperability is its key factor. Identity management needs to be handled across organizational, regional and even national boundaries whereas specific authorization, privilege management and access control rules and related roles can often be managed within a hierarchical structure of an organization. Different role policies along with different role interpretations in terms of responsibilities cause different legal liability levels. Respective standards are required to at least allow communication partners at both end of the line to know about role and responsibility level of each other.
5. Secure Applications: Electronic Health Record Systems Electronic Health Records, Electronic Health Record system and electronic archives are inter-connected systems depending on a high level of interoperability. For any lawful ethical communication and co-operation within or even between medical and non-medical healthcare and welfare establishments, beside principal-related characteristics also information-related characteristics of interoperability must properly be considered. In that context, the categories of integrity, accountability, and auditability are especially important for electronic communication of person-related administrative and medical data. From the comprehensive Electronic Health Record point of view, data collection shall contain all person-related information with regard to health including diagnosis, treatment, rehabilitation but also aspects and recommendations of prevention, rehabilitation, healthy life style, and diet. There is no
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
359
reliable Electronic Health Record System without a reliable authentication and authorization of the respective users involved in data collection, data storage, data retrieval, and data usage. 5.1 Infrastructure Security Aspects of Electronic Health Record Systems Generally, there exists no single sufficient definition for an Electronic Health Record. Nonetheless, it is widely accepted in the meantime that an Electronic Health Record is simply a comprehensively structured set of health-related clinical, demographic, environmental, social, and financial data items in electronic form, documenting the life-long healthcare and welfare activities (diagnosis, treatment, prevention, rehabilitation, etc.) given to a single individual. Two different Electronic Health Record types are under discussion in different countries around the globe: the comprehensive Electronic Health Record completely accompanying patient’s care and welfare on the one hand and communicable, structured, digitally signed Electronic Health Record extracts or basic information sets forming legally valid archives on the other hand. By the latter way, fears of centralized databases containing personal health information in a Big Brother scenario as well as professionals’ concerns regarding their Intellectual Property Rights could be reduced and interoperability at least for that constraint information could be realized. This approach diminishes the flexibility of applications and services and the comprehensiveness of co-operation, however. Therefore, efforts have been undertaken to standardize structured Electronic Health Record architectures and communication in the sense of virtual distributed Electronic Health Record systems [11]. In that case, the Electronic Health Record is the active part as well as communication platform and the archive is the passive part of patient’s documentation. Normally, legislation does not distinguish between Electronic Health Record and archives regarding their legally binding properties. For combining the flexibility of EHR components’ aggregation and the issues of accountability for information, policies for reusing information and the definition of basic units to be signed as valid information set must be established. Modern Electronic Health Record standards consider concepts as such basic units to be signed by the author providing authentication of origin. Apart from new approaches, specific legislation requires certain storage intervals for liability reasons (e.g. X-ray or data items related to social security). This could mean that a certain item of information might be accessed even more than 30 years after it was stored. It needs to be kept unchanged all that time, and it needs to be accessible. So, both the technical integrity of the information items (proven by the hash value) and the accountability of the information items (proven by the signature created by the person or system that has stored the information long time ago) need to be verifiable. This requires specific electronic signature mechanisms and procedures that are long-lasting and long-verifiable ones. In several countries and pilot regions in, e.g., Australia, Denmark, Sweden, Finland, UK, and the USA specific Electronic Health Record applications have been designed and implemented so far [12, 13]. 5.2. Infrastructure Security Aspects of Electronic Archives An electronic (digital) archive in the context of healthcare and welfare can be considered an organizational structure or system that intends to preserve health-related
360
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
data (e.g. health records) for access and use by an identified group of consumers (health professionals). Electrical archives preserve information in digital format. Currently, a few different types of archives are under discussion and use. An independent archive is a closed systems aimed for the designed purposes of a restricted group of users. A co-operated archive has common standardized import and export methods. Federated archives are based on the fact that different organization have interest in the holdings of several archives. Their motivation is the sharing of some expensive resources [14]. Archiving is therefore definitely more than just securely storing the respective paper documents, microfilms, microfiches, and files – regardless whether they are written or printed on paper, or represented by a stream of bits. The electronic (or digital) archive is a structure that intends to preserve information for quite a long time – up to 30 years and more. From that particular point of view, the archive needs to be instantiated according to the rules of data preservation and accessing policy, security policy, data migration policy, information management, information description methods, and storage media technology. In other words, both the content and the way how to access it technically need to be preserved. Generally, an archive needs to have the technical features of making information available in a correct and independently understandable form over quite a long time. In order for the information to be both technically accessible and understandable for the health professional needing it, even after a long time, other than the actual healthrelated data will also have to be stored. Archives have to store also representation, description and content information of data along with details related to requirements of a well-functioning security infrastructure, e.g. expired certificates and validity (revocation) information.
6. Interoperability Hurdles and Barriers As explained above, interoperability and harmonization of existing and emerging security infrastructure frameworks in different countries and in Europe as such require both standardization and easy-to-use technical solutions. In terms of standardization, a lot has been done in the last few years to overcome barriers and hurdles by establishing a set of respective ISO and CEN standards as well as ETSI and ASTM technical reports and specifications intending to harmonize several national approaches like in Germany, Sweden, Finland, Denmark, UK, and the USA just to name a few of them. Now it’s up to other domains to undertake several different activities. Among those are legal, political, social, societal, and ethical ones. A key element is the involvement of all major players (citizens, patients, professionals) right from the beginning to establish a trustworthy framework of awareness, confidence, and acceptance for eHealth and telemedical solutions. Respective health policies need to establish a framework of making use of enhanced security infrastructure services for each and every single application in the healthcare and welfare domain. Patients, citizens and health professionals need to be empowered to take over their specific role in the overall framework. On the other hand, the management of existing identity schemes and the attached roles schemes needs to be harmonized as well [15]. A lot of work has already been done establishing a generic European security infrastructure for the healthcare and welfare sector. But of course the existing problems should not be underestimated, as there are:
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
x x x x x x
361
unequal jurisdiction with respect to the borders; related to the latter: different systems for accounting, billing, and reimbursement of treatment procedures crossing national borders; national health policies which are still contrary to the European perspective from an administrative point of view; both centralized and decentralized healthcare systems in the different European countries, and more than one actor (group concepts) in terms of diagnostic or therapeutic teams, teams within a pharmacy, or teams within a department of a clinic, as well as the lack of existing applications using Attribute Certificate based security infrastructures.
At least a few aspects need to be discussed in a more detailed manner, and the intention is to start with the legal basis. There is a huge difference in the viewpoints between the Internet technology mainly used and the established laws and regulations. Internet means a global market place in the world of bits and bytes based on multimedia techniques whereas laws are always (and still) related to a national situation in the material world of papers using unimedia techniques. Several European countries have already adopted and adapted existing European law (e.g. Sweden, Norway). From this point of view they do not distinguish between electronic communications within a country or between countries. At least for all kind of data storage and exchange the consent of the patient is requested by law. To overcome these gaps, Europe has started several initiatives, with some that should be mentioned here. First it is the European Electronic Signature Standardization Initiative [16] to be illuminated, and furthermore it is the European Data Protection Directive [17]. In addition to that, another Directive ruling electronic commerce [18] by liability of intermediaries, codes of conduct, and the out-of-court settlement of disputes is already in place. They all have in common that they reflect European law with national implementations. The European Electronic Signature Standardization Initiative has been established in 1998. It is technology independent and tries to serve a free market for products and services. A legal recognition is provided by specifying requirements for signature products and related services. On the other hand, the Data Protection Directive of 1995 directly affects the exchange of medical information as it rules the protection of individuals with regard to the processing of any personal data and on the free movement of such data [17]. To conclude from the aforementioned it has to be said clearly that Europe is still characterized by a diversity of different national rules slowly developing towards a harmonized European legal framework. This includes both the necessity of such a legal framework and a highly developed threat and risk management.
7. Comparison and Conclusions Security infrastructures are increasingly used in the healthcare and welfare sector, particularly for providing security services, like authentication, confidentiality, authenticity, integrity, non-repudiation, authorization, and auditing. Especially within the healthcare sector, there is a strong and increasing need for strong authentication
362
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
(identification and verification) procedures based on different kinds of certificates, namely Public Key Certificates and Attribute Certificates. This necessity is caused by the huge range of processes and procedures deriving from different application areas within healthcare. This leads to a large amount of specific and different roles, rules, access rights, qualifications, privileges, and permissions for each health professional. An important security token within healthcare is represented by the smart card, provided either as a card for professionals – then called Health Professional Card – or as a card for patients. In the latter case, it is called Patient Identity Card, Patient Data Card or Health Insurance Card. Existing solutions e.g. the national card solutions in France and Germany, European and international standardization activities on cards, infrastructure prototypes, and European as well as national projects, activities, and initiatives reflect the state of the art with respect to certificates. Finally, unsolved problems regarding security infrastructures, jurisdiction, data protection, and advertising via Internet should be pointed out. But regardless whether the users intend to access an electronic archive or an Electronic Health Record, the access rights need to be well-defined. A specific task force of ISO TC 215 WG 4 “Security” is currently working on those issues [9, 10]. The most critical point indeed seems to be the applications aspect (even if some of the problems related to definition, specification, development, implementation, and installation of an strong authentication based security infrastructure are already solved) as one of the key issues for any kind of installation of new services is the user awareness and acceptance issue. Both awareness and acceptance can only be achieved by providing all partners of the security infrastructure with up-to-date services and with applications which really focus on their daily work including improvement of time consuming processes. The most challenging application will definitely be the Electronic Health Record Systems and its requirements as well as the electronic archive to be considered a subset (extract) to be used as long as the Electronic Health Record is not yet implemented comprehensively. Life-long Electronic Health Record Systems are going to take over the current role of archive systems as the main preservation structures for health-related data. Storing data items life-long does surely mean keeping these items readable and accessible for more than 100 years whereas typical archive applications need to deal with storage intervals of about 30 years. The requested infrastructure security services remain the same but the security level has to be higher, and the life time of the respective underlying algorithms has to be longer as well.
Acknowledgement The authors are in debt to the European Commission for the funding of several European research projects as well as to other regional, national and international partners and organizations (e.g. ISO TC 215 WG 4, CEN TC 251 WG III, ETSI, HL7, DIN, GMDS Germany) for their support and their kind co-operation during the course of the aforementioned projects, activities, and beyond [19].
P. Pharow and B. Blobel / Specific Interoperability Problems of Security Infrastructure Services
363
References [1]
[2]
[3]
[4]
[5] [6] [7] [8]
[9]
[10] [11] [12] [13] [14] [15] [16] [17]
[18] [19]
Pharow P, Blobel B: Public Key Infrastructures for Health. In: Blobel B, Pharow P (Edrs.) Advanced Health Telematics and Telemedicine. The Magdeburg Expert Summit Textbook. Series Studies in Health Technology and Informatics, Vol. 96. IOS Press, Amsterdam (2003). Blobel B. Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems. Series Studies in Health Technology and Informatics, Vol. 89. Amsterdam: IOS Press, 2002 ISO FDIS 17090 Health Informatics -- Public Key Infrastructure: Part 1: Overview of digital certificate service; Part 2: Certificate profiles; Part 3: Policy management of certification authority. ISO 2006. http://www.iso.org/iso/en/CombinedQueryResult.CombinedQueryResult?queryString=17090 Pharow P, Blobel B: Electronic Signatures for Long-lasting Storage Purposes in Electronic Archives. In: Baud R, Fieschi M, LeBeux P, Ruch P (Edrs.) The New Navigators: From Professionals to Patients. Series Studies in Health Technology and Informatics, Vol. 95. IOS Press, Amsterdam (2003). Rivest RL, Shamir A, Adleman LA: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, Vol. 21, Nr. 2, Feb 1978, pp. 120-126. Public-Key Infrastructure (X.509) (pkix). http://www.ietf.org/html.charters/pkix-charter.html (last modified 2005-12-16) Simon G. Laing: Attribute certificates – a new initiative in PKI technology. Baltimore Library Whitepapers 1999. ISO/IEC 9594-8 | International Telecommunication Union: ITU-T Recommendation X.509 (1997 E): Information Technology – Open Systems Interconnection – The Directory: Authentication Framework, 6-1997. ISO PRF TS 22600 Health informatics -- Privilege management and access control -- Part 1: Overview and policy; Part 2: Formal models; Part 3: Implementation. ISO 2006 http://www.iso.org/iso/en/CombinedQueryResult.CombinedQueryResult?queryString=22600 ISO CD 21298 Health informatics -- Functional and structural roles. ISO 2006 http://www.iso.org/iso/en/CombinedQueryResult.CombinedQueryResult?queryString=21298 CEN EN 13606rev “Health Informatics – Electronic Health Record Communication”, 1999. Revision by CEN TC 251 in 2006 The Australian EHR-GEHR Project, available at http://www.openehr.org/projects/t_aus_gehr.htm The openEHR Consortium, available at http://www.openehr.org Ruotsalainen P: Archiving Data: How to do it? Who has to access ?, Tutorial SP6, 6th Annual European Health IT Conference and Exhibition (TEHRE 2001), 11-14 November 2001 CEN/ISSS eAuthentication for smart-cards and eGovernment applications initiative. http://www.cenorm.be/CENORM/BusinessDomains/businessdomains/isss/cwa/eauthentication.asp European Electronic Signature Standardisation Initiative (EESSI). Established by ICTSB in 1999, work finished in 2004. http://www.ictsb.org/EESSI_home.htm Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 of 23/11/1995. http://www.datenschutzzentrum.de/material/recht/eurecht/eudsrlen.htm Electronic Commerce Directive of the E. C. COM (1998) 586 final, O.J. 1999/30/04. http://www.opsi.gov.uk/si/si2002/20022013.htm Blobel B, Pharow P (Edrs.) Advanced Health Telematics and Telemedicine. The Magdeburg Expert Summit Textbook. Series Studies in Health Technology and Informatics, Vol. 96. IOS Press, Amsterdam (2003).
364
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Sharable EHR Systems in Finland a
Kari HARNO a,1 and Pekka RUOTSALAINEN b Helsinki University Central Hospital, Hospital District of Helsinki and Uusimaa, Finland b National Research and Development Centre for Welfare and Health, Finland
Abstract. In Finland, the shared record is a virtual electronic health record (EHR). It consists of health data generated, maintained and preserved by different health care service providers. Two different kinds of technologies for integrating regional EHR-systems are applied, but mainly by using a common middleware. Services provided by this middleware are EHR location services using a link repository and combining EHR-viewing services with security management services including consent management and identification services for health professionals. The Regional Health Information Organization (UUMA) approach is based on a stepwise implementation of integrated regional healthcare services to create a virtually borderless healthcare organization - a patient centered virtual workspace. In the virtual workspace multi-professional teams and patients collaborate and share information regardless of time and place. Presently the regional health information network (RHIN) is comprised of three integrated services between primary, secondary and tertiary care within the county of Uusimaa. The regional healthcare modules consist of an (1) eReferral network, (2) integrated EHR service between health care professionals and (3) PACS system. The eReferral between primary and secondary care not only speeds up the transfer, but also offers an option for communication in the form of eConsultation between general practitioners and hospital specialists. By sharing information and knowledge remote eConsultations create a new working environment for integrated delivery of eServices between the health care providers. Over 100 000 eReferral messages (40 %) were transferred between health care providers. Interactive eConsultations enable supervised care leading to the reduction of outpatient visits and more timely appointments. One third (10/31) of the municipal health centers are connected to the clinics in the Helsinki University Central Hospital by the eReferral system. The link directory service extends the dimensions of networking between organizations by combining legacy systems within regional primary and secondary care. The link directory is an interface to diverse patient information systems, like HUSpacs, containing links pointing to the actual patient data located in remote information systems. The original data including images can be viewed with a web browser, but data can be accessed only with the patient’s informed consent. Currently the reference data base includes 9.5 million links from 1.4 million patients with over 2.000 daily users. We aim to create a new working environment for professionals by incorporation of innovative information and communication technology, new organization of work and re-engineering of workflows. In the near-future, the citizen will have an active role participating in decisions on his care, carrying out guided self-care and taking steps of pro-active prevention. Keywords. Shared EHR Service, RHIO, RHIN, Link Directory, eReferral
1
Corresponding Author: Kari Harno, MD, PhD, Helsinki University Central Hospital, Hospital District of Helsinki and Uusimaa. Stenbäckinkatu 9, POB 440, 00029 HUS, Finland. E-mail: [email protected]
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
365
Introduction All nations feel the pressure of an increasing demand for health care services. This is mainly due to an aging population and associated with uncontrolled medical costs. Basic healthcare costs could decline as aligned consumer/purchaser incentives toward self-care, prevention and health maintenance emerge. Many attempts have been undertaken to shift a major emphasis onto health promotion and prevention of manifest diseases. Tele-radiology has evolved from a point-to-point application to a universal network closely resembling the Internet. The picture archiving and communication system (PACS) that uses digital data held in a single or distributed database and is accessible through a network, offers new interfaces and gateways to healthcare facilities. This enables hospitals and clinics to reengineer new seamless clinical processes both within hospitals and between remote health care institutions. The necessary cultural change to achieve a transformation of health care work by integrating primary and secondary care with information technology may be deeper than it sounds (1). First of all, the different actors in health care must be actively networking together. The care between them must be genuinely seamless so as to allow a global assessment of the clinical condition. In addition, the responsibility to orchestrate the care must be defined clearly. Incentives must be adapted along these functional requirements. Unnecessary clinic (and hospital) visits should simultaneously be reduced to a minimum.
1. The present state of the Finnish shared EHR system The governance and funding of the Finnish health care system is very decentralized. This has resulted into a distributed EHR-architecture and challenges for interoperability between different systems. 1.1 Public sector There exist more than 400 EHR installations and also many networks. In practice the situation is even more complex, because there exist both public and private networks. Therefore the Finnish shared EHR should be understood as a virtual EHR. Regional middleware just links local records in such a way that users can view a virtual EHR at regional level. 1.2 Private sector The largest private health care network covers the whole country, but also smaller exists. In most cases inside a private service provider physicians are not employed, but rather affiliated as independent contractors within the private health care organization.
2. Next Steps Towards a Shared EHR System The updated strategy and communication architecture for health care drawn by the Ministry of Social Affairs and Health has set the following targets:
366
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
x x x
For semantic interoperability all Finnish EHR-systems should implement a common core data set. Communication between EHR-systems should be based on a standardized message system (e.g. HL7CDA-messages. XML-formats and SOAP envelopes). All patient records will be archived into a logically single national archive.
This national EHR-archive will disclose records by itself if necessary legal and other conditions exist. The centralized eArchive forms the basis of the future collection for citizens’ life-life long health history. In the future the eArchive will be the point of record sharing in Finland. The eArchive based record sharing needs careful security and data protection planning. For identification of health professionals the national PKI infrastructure applying health professional cards is in the implementation phase. Later a PMI-system and role based access control services will be implemented. The data structure of data sent to the eArchive should include a new metafile with multi-faced security policy. This metafile should consist of the following information: x x x x x x
security policy information unique identification of data producer, patient and organization context and purpose information of the data the nature of data information for purposes data can be disclosed information when patients consent is required for disclosure of data
It has been also planned that patient will get unlimited right to check who, when and why has access his or her data. This checking can be done also using the WEB. There exist two ways to implement the middleware. In the case of multi-vendor environment the middleware is a separate service which communicates using standardized messages with different legacy systems inside the region. The second possibility is that all service providers inside the region are using common software provided by a single vendor. In this case all middleware function are imbedded to the common software
3. Services of the RHIN The Hospital District of Helsinki and Uusimaa (HUS) cover 21 hospitals and over 60 health centers. These health care organizations serve over 1, 4 million citizens, whose patient data may be accessed online irrespective of its origin. The Regional Health Information Organization (UUMA) has provided means for modern, innovative eHealth services. At present, the service portfolio of UUMA with the RHIN consists of several modules.
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
367
3.1 eReferrals and eConsultations – electronic referrals and interactive remote consultations We have set up a wide-area referral network between primary care and three university hospitals. This network was initially launched in 1990. In the university hospitals all specialties are involved. In 2002 there were 67,000 e-referrals transferred between the Helsinki University Hospitals and primary care. The solutions extend from the initial VPN use (Vantaa) to EDIFACT standard (Espoo) and HL-7 (Helsinki). A transition to standardized HL7 messages utilizing C-way message transfer systems (HUSway) through a single Network Access Point (HUSnap) is in progress. There were over 100.000 eReferrals in 2005. 3.2 Navitas Link directory – for locating and viewing patient data from diverse information systems The link directory is a central reference database containing links to patient data stored in their legacy systems. The upgrading of the legacy systems is made possible by application integration across the extended regional infrastructure. Provider access is possible by web browsers and patient information includes (primary care/hospitals) visits, critical data, EOE (laboratory and imaging), images and reports, laboratory results, referrals and discharge letters. All data is sorted according to social security coding, which is standard procedure in Finland. Standard API connections between primary care information systems and the reference data are installed. The documents are produced in CDA format and messages transferred in a standard pattern (XML/HL 7). The service was launched in 2003 and presently half of all (15/31) the municipalities, as well as hospitals, are connected to the RHIN and apply the link directory for regional exchange of information. Currently there are over 2.000 professional users.
4. Application of Services Present health care systems are hospital oriented and there is both sustained growth in demand for these services and increase in their costs. Efficient support for the work of the primary care physician is needed to manage the demand and also for cost containment. Communication by surface mail is slow and not interactive. The use of telephone is hampered by the interruption it causes, the difficulty to get hold of the specialist and the lack of access to the medical records by the hospital doctor. 4.1 eReferrals and eConsultations One promising area of eHealth is the electronic referral, which not only speeds up the transfer but also offers an option for communication between the primary care physician and the hospital specialist. By sharing information and knowledge remote eConsultations between primary and secondary care physicians evolve into a new working environment for integrated delivery of eservices between the health care
368
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
providers. Besides transferring data or information between providers, networking partnerships have to be structured by mutual agreements. The underlying model of the electronic referral process is: x x x x
the referrer initiates an e-request; the organization receives it; the organization allocates it for reply, and the responder replies to the initiator.
The eReferral module has been in production for over ten years and has gone through extensive assessment studies by us (2-6) or analyzed by third parties (7-8). In these studies the eReferral system has decreased the need for secondary care services by reducing first visits to outpatient clinics by 36 % and in less urgent cases by 50 %. The system allows more patients to be treated at less expense. Because all patients are thoroughly examined beforehand, the numbers of repeat visits as well as direct costs remain lower. We have shown convincingly that the interactive use of an eReferral system improves access to an adequate level of care and even large scale use results in more timely appointments. By prospective follow-up studies we have been able to prove that the quality of health care using remote eConsultations is consistent with outpatient face-to-face visits. 4.2 Navitas link directory Navitas is a regional service designed to overcome the organizational and interoperability barriers restricting the use of clinical information between secondary and primary health care. Navitas is provided as a fully hosted ASP (application service provision) service to HUS and the municipalities in the joint authority of the Hospital District by a consortium of three private companies. The system was originally developed as a part of an EU funded InterCare project together with HUS and the participating companies. It has been originally in use since 2001, but the present version was implemented in 2003. In the past patient information located in different organizations was inaccessible online for the professional. The only way to access information was to order the papers by mail. In addition to the costs and long delivery time, the difficulty was to know which systems contained relevant information. The Navitas service has been designed to overcome these barriers and to enable a seamless, cross-organizational access to patient records in the HUS region. The core of the regional Navitas service is the Navitas Link directory. It is a service which maintains a regional directory of links pointing to patient and treatment information located in any of the connected health care information systems in the region: each participating organization has its own patient information system in addition to the 11 presently stand-alone patient information systems in HUS. HUS has also many other clinical information systems e.g. the laboratory system and HUSpacs, which have all been connected to the link directory. At the moment there are 15 patient information systems connected to the Link directory. Specific adapter software has been installed locally into each of the systems through which links are fed into the Link directory. Links are HL7 (Health level 7)/ CDA (clinical document architecture) compliant messages containing the identification
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
369
of a patient and a short description of the contents of the particular patient record. No actual records are stored into the Link directory. Navitas has a regional user database and centralized authentication and authorization services; this enables the participating organizations to have complete control over their own users. The health care professionals can access Navitas from their personal workstations using a web browser. The data transfer is encrypted and only private, dedicated networks are used to transmit the data. Viewing of the patient data through the links requires the patient’s informed consent. When clicking a link, a window will open up to display the actual clinical information. The information is queried by the Navitas Link directory from the patient information system itself. The view provided by the Link Directory is a read-only view, structured in a user-friendly and visual way. The Navitas Link directory service is available today for the health care professionals in the Hospital District. The directory contains information from 1.4 million citizens. Currently there are about 9.5 million links in the database. The number of links has been minimized in order to make it easier for the professional to get a holistic view on the patient’s medical history. In HUS, for example, several visits are grouped into one care period.
5. Summary The initial benefits from the eservices have emerged in relation to access to care, quality of care and economics. Studies on the assessment of the eservices have been launched in the hospital district to reveal new information that may be used to develop the services further. Supervised disease management care by clinicians using eConsultations sent to primary care physicians’ targets the aim for an equal quality of care to be available in all parts of the Hospital District. As a result, eReferrals and eConsultations have resulted in more timely appointments at the outpatient department. Wide-area PACS supports all care chains, in which radiological images are produced or the patients’ previous images are viewed. The clinician and the radiologist may perceive what examinations have been performed and avoid recurrent overlapping examinations. As a result, unnecessary radiation exposure has been reduced. Shared radiological consultations between secondary and primary care in patients with conservatively treated fractures has been initiated to allow follow-up of fracturetreatment to be shifted from hospital to primary care. The eReferral system has decreased the need for secondary care services by reducing first visits to outpatient clinics. The system allows more patients to be treated at less expense. Because all patients are thoroughly examined beforehand, the numbers of repeat visits as well as direct costs remain lower. Fewer examinations are needed and by avoiding overlapping examinations, costs have been reduced. With filmless imaging the regional PACS has brought savings of 5.6 M€ in 2002.
370
K. Harno and P. Ruotsalainen / Sharable EHR Systems in Finland
References [1]
Harno K, Grönhagen-Riska C, Pohjonen H, Kinnunen J, Kekomäki M. Integrated regional services: are working process changes desirable and achievable? Journal of Telemedicine and Telecare 2002; 8 (suppl 3):26-28. [2] Harno KSR. Telemedicine in managing demand for secondary care services. Journal of Telemedicine and Telecare 1999; 5:189-192. [3] Lillrank P, Paavola T, Harno K, Holopainen S. The impact of Information and Communication Technology on Optimal Resource Allocation in Healthcare. International Conference on TQM and Human Factors – towards successful integration. Linköping,Sweden 1999. [4] Harno K, Paavola T, Carlson C, Viikinkoski P. A prospective study of an intranet referral system between primary and secondary care on clinical effectiveness and costs. 3rd Nordic Congress on Telemedicine, Copenhagen, Denmark 2000:64. [5] Harno K, Paavola T, Carlson C, Viikinkoski P. Improvement of health care process between secondary and primary care with telemedicine – assessment of an intranet referral system on effectiveness and cost analysis. Journal of Telemedicine and Telecare 2000; 6:320-329. [6] Harno K, Arajärvi E, Paavola T, Carlson C, Viikinkoski P. Patient referral by telemedicine and videoconferencing in orthopaedics – effectiveness and cost analysis. Journal of Telemedicine and Telecare 2001; 7:219-225. [7] Wootton R. Recent advances: Telemedicine. BMJ 2001; 323(7312):557-60. [8] Roine R, Ohinmaa A., Hailey D. Assessing telemedicine: a systematic review of the literature. Canadian Medical Association Journal 2001; 165(6):765-71. [9] Pohjonen H. Image fusion in open-architecture PACS-environment. Computer Methods and Programs in Biomedicine 2001; 66: 69-74. [10] Kinnunen J, Pohjonen H. PACS in Töölö hospital. Computer Methods and Programs in Biomedicine 2001; 66: 31-35. [11] Harno K, Roine R, Pohjonen H, Kinnunen J, Kauppinen T. A framework for systematic assessment of the regional HUSpacs after the reengineering of hospital and external processes. CARS 2002, Computer Assisted Radiology and Surgery; 618-622. Lemke MW, Vannier K, Inamura AG, Farman KDoi K & Reiber JHC (editors). Springer-Verlag Berlin Heidelberg 2002 and CARS.
Invited Paper
This page intentionally left blank
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
373
Information therapy: The strategic role of prescribed information in disease self-management Molly Mettler, MSW1; Donald W. Kemper, MSIE, MPH2 Healthwise, Incorporated3
Abstract: Imagine this: evidence-based medical information specifically written for and prescribed to a patient with chronic illness, targeted to that patient’s specific “moment in care” and designed to help that patient manage his or her illness. Imagine “information therapy” built into every clinical encounter that a patient has with a physician or other health care service. Information therapy is defined as the timely prescription and availability of evidencebased health information to meet individuals’ specific needs and support sound decision making. [1] Information therapy is a new disease management tool that provides cost-effective disease management support to a much larger portion of the chronically ill population than is generally reached. This paper is a practical presentation of information therapy, its role in predictive modeling and disease self-management, and its potential for improving the outcomes of chronic care.
1. The Rising Economic Burden of Chronic Illness The steady and inexorable aging of the world’s population has been likened to an “age wave” that will engulf and forever change the landscape of health care. Our lengthening lifespan will bring with it an escalating incidence of chronic disease and disability, and an unbearable burden on the economic ability of nations to respond. Currently in the United States, it is estimated that 99 million people have at least one chronic condition, be it arthritis, asthma, depression, diabetes, heart disease or other. [2] By 2020, it is estimated that 157 million Americans will have a chronic condition, and 81 million of those people (25% of the population) will suffer from multiple chronic conditions. [3] This promises to be very expensive. Those with chronic conditions account for 76% of hospital admissions, 88% of all prescriptions filled, and 72% of all physician visits. The costs associated with treating the suffering and disability caused by chronic
1 2 3
[email protected], Tel: 208-331-6910, Fax: 208-345-1897 [email protected], Tel: 208-331-6908, Fax: 208-345-1897 2601 North Bogus Basin Road, Boise, Idaho 83702, U.S.A.
374
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
diseases account for 78% of total U.S. medical care costs, including almost 80% of Medicaid expenditures. [4] One chronic illness, arthritis, is of special concern worldwide. According to data from the charity “Arthritis Care” on World Arthritis Day in 2002, “At least 103 million Europeans, 100 million Chinese, and 43 million Americans are all living with one of the most under-rated incurable diseases in the world….The pain and disability associated with the disease has far-reaching consequences for families, employers, governments and society generally.” [5]
2. One Response to the Crisis: Involving Patients Directly in Care Private and public health care sectors are painfully aware of the looming crisis in arthritis and other chronic illness care. Health care organizations, especially those designed for acute care, are wrestling with the realities of the impending overload of aging patients with multiple chronic conditions. “Improving Chronic Illness Care”—a national program of the U.S-based Robert Wood Johnson Foundation—has identified the following problems in the current management of chronic diseases: [6] x Rushed practitioners not following established practice guidelines x Lack of care coordination x Lack of active follow-up to ensure the best outcomes x Patients inadequately trained to manage their illnesses One response that is gaining momentum is increasingly involving patients in their own care. The “Chronic Care Model” that has been developed by “Improving Chronic Illness Care” places emphasis on “the informed, activated patient” and on “self-management support” to help patients succeed in that role: “When informed patients take an active role in managing their health and providers feel prepared and supported with time and resources, their interaction is likely to be much more productive. This interaction leads to better glycemic control for patients with diabetes, fewer emergency room visits for patients with asthma, and reduced symptoms among those with depression. In short, it leads to healthier patients, more satisfied providers, and lower costs.” [7]
This concept of disease self-management is gaining increasing traction. Selfmanagement programs systematically and supportively help train patients to care for themselves by helping participants learn health management skills and develop confidence in their ability to manage their health. The Stanford Patient Education Research Center in California has developed a set of chronic disease self-management programs (including one specifically for arthritis.) These programs have demonstrated that costs go down, outcomes improve, and health satisfaction goes up when people with arthritis and other chronic illnesses participate in their own care. [8] Clearly, for both quality and economic reasons, chronic disease self-management must be supported. The technological advances shown by the Internet and e-health are supporting this movement.
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
375
3. The Role of Information in Care For most patients, especially those coping with chronic illness, getting good health care information is as important to their good health as the surgeries, medical tests, and drugs prescribed to them. And yet, there is no systematic, thoughtful way of delivering highquality information directly to the patient. Consumers and patients have increasingly turned to the Internet for health information. Approximately 93 to 109 million Americans have looked for health information online, and for 45 million Americans, the Internet has improved the way they take care of their health. [9, 10]. The Internet is also an important tool for those with chronic conditions; over 50 million consumers with chronic diseases actively use online health information and services. [11] Why are millions of patients turning to the Internet?—because most health care providers and systems are ill-equipped for giving people the health information they need. Most clinical encounters are too rushed, and doctor-patient exchanges are too hurried. Even if there is time in the clinical encounter to impart important information to the patient, most health care providers still rely on the spoken word to transfer that information. As a result, most of what the clinician says is forgotten instantly, and even less is remembered by the patient over time. Without ready or easy access to health education or high-quality and targeted information from their providers, patients are left to search for information on the Internet. Yet, even when they do find good information, it can be so disconnected from their professional care that it often disrupts more than helps the clinical process. The harrowing story of “Patricia”, who was diagnosed at age 48 with scleroderma, describes a patient experience troubled by no timely information from the provider: “I was told, over the phone, by the rheumatologist I had met once, that I had CREST, a subset of scleroderma. The doctor assured me that it was a “much better version” of scleroderma and I'm being diagnosed at an older age, so don't panic and I'm going on vacation, see you in a month. She may have told me a little more, but I was so panicked (despite her blithe order) by the news that I didn't hear it. Scleroderma was a strange, rare disease of which I had only a vague TV movie idea of, so, since I was at work when I spoke to the doctor, I immediately went on the Internet. Within half an hour I was sobbing and getting ready to suffer deeply for a short period and then die. I went to several sites, but I was unable to distinguish one piece of information from another. Since I had no doctor to talk to, I could not discriminate and of course, assumed the worst.. I needed information when first getting the diagnosis. I had no ability to discriminate the usefulness of one sort over another, especially given my emotional state on receiving the news. Information, in a package that I could consume both in first panic and then with more reflection, would have been incredibly useful. Instead, when I described my reaction to both the news and the way the news was delivered and then to the overload of information, all I got from doctors was, “Don't go on the Internet!” I know why they say that, but they’re wrong. We need information, and we're going to go on the Internet no matter what they say, so we might as well go to the accurate places. I understand the doctors’ frustration with misinformation, but they left me with no choice. Who wouldn't go on the Internet, given the diagnosis of a rare disease and nothing else? The days
376
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
of passive patients are over. And support groups are helpful, but limited, as well. We need both the science and the support of people going through the same thing.” [12]
4. Prescribed Information: A Key Resource for the Patient Patients like Patricia should not have to be either heroic or lucky to get the information they need to better manage their care. And they should not have to force their clinicians to accept the information they do find. With an information therapy program installed at her doctor’s clinic, Patricia could have received, on paper, by phone, online or all three, the information she needed to allay her fears and give her guidance on what next steps she could take. Information therapy is the timely prescription and availability of evidence-based health information to meet individuals’ specific needs and support sound decision making. [13]
With information therapy, Patricia’s post-diagnosis information prescription could include a description of the illness, the pros and cons of various treatment options, selfmanagement guidelines, and access to community-based and online resources such as support groups. For rare disorders like scleroderma, to everyday health concerns like lowering cholesterol, targeted information prescriptions can help meet the needs of the patient. How is information therapy different from the patient education that nurses and physicians have always done? Information therapy serves the same purpose but differs in technology and effectiveness. Until now, we’ve used “mouth to ear” to get information to patients. The clinician speaks and the patient listens—but little is remembered by the time the patient gets home. Now, technology allows us to deliver personalized, targeted, documented information to patients electronically—in a way that better supports selfmanagement and shared decision making.
5. Right Information, Right Person, Right Time Information therapy, simply stated, is getting the right information to the right person at the right time: 5.1. The right information For medical information to be considered therapeutic, it must meet a set of rigorous criteria that assures its quality and its relevance to the patient’s moment in care. Quality information that is therapeutic for the patient must be: x Decision-focused. If information does not help a person make a better a decision or achieve a needed behavior change, it doesn’t have therapeutic value.
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
x x x x x x
377
Evidence-based. Prescribed information much be based on a complete assessment of the best medical research on the specific topic or question involved. Reviewed by experts. To be “prescription-strength,” each piece of information therapy content must be reviewed by medical specialists with expertise in that specific topic. Referenced. Prescribed content should be clearly referenced regarding both the source of the evidence on which it is based and the credentials of the medical specialists who have reviewed it. Up-to-date. Content used in information prescriptions should be periodically reviewed with the dates of the last review and update clearly indicated. Free from commercial bias. Content for information therapy should not be developed or influenced by organizations or individuals who would receive benefits from the sale of any drug, product, or services described in the content. User-friendly. Information prescriptions must be understandable by the person to whom it is prescribed.
5.2. The right person Information prescriptions are written specifically for a specific patient and/or the caregivers directly involved in making a health decision or changing a specific health behavior. This may be the patient alone or may include the patient’s spouse or family member, a close friend, or any other invited advocate. Each health care professional on the provider team may also be a “right person.” The right person concept also means that the information is tailored to the special needs and learning style of the patient. Tailored messaging addresses the patient’s individual motivations, needs, personal resources, and barriers for change. Tailored messaging has been shown to increase motivational effectiveness, promote and support behavioral change, and improve medical outcomes. [14] 5.3. The right time The right time is “just in time” to make a health decision. Presented too early, the information may go unused and be forgotten. Presented after the decision is made, it is usually too late. For maximum effectiveness, the information must be presented during the time all options are being considered. The right time can also mean in a time sequence so that complex information can be presented a little at a time, with each new piece of information built on top of a foundation of previous information prescriptions. Interactive assessments can help determine when to move to the next step of the sequence. Timing is usually determined by a combination of human factors and “information triggers.”
6. How it Works: Information Therapy has Three Components x
“Information triggers” predict the patient’s “moment in care”
378
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
x x
The patient’s moment in care defines the questions that they likely have and the decisions they are likely facing as well as the information and support most likely to help. The “information prescription” delivers the identified information within a message targeted and tailored to the individual.
6.1. Information Triggers Information triggers are the data elements that allow a system to predict an individual’s moment in care. In the United States, patient data most often comes in the form of standardized codes, such as: International Classification of Diseases (ICD-9) codes: the ICD-9 classification system arranges diseases and injuries into groups according to established criteria with separate classification for pediatric and adult levels. These codes help identify a diagnosis, cause of injury, or intervention. Current Procedural Terminology (CPT®) codes: The American Medical Association’s CPT system is the code or language the health care industry uses to communicate clinical service information for administrative and financial purposes. National Drug Codes (NDC): Every drug is assigned a unique number that identifies the labeler/vendor; product including the specific strength, dosage form, and formulation for a particular firm; and trade package size. NDCs are used by retail pharmacy chains and hospitals for purchasing drugs and maintaining inventory control. There are other information triggers, as well. Hospital and medical device codes, dates of discharge, admission, length of stay, or findings from either nurse or self-administered assessments can also be used to trigger information specific to an individual’s moment in care. Because these information triggers are already collected in standard medical transactions, they can be used to identify, categorize, and describe the diagnosis, treatments, and characteristics of a specific patient. 6.2. Moments in Care ICD-9, CPT, and NDC codes can also predict the patient’s “moment in care”—any specific and identifiable point in the diagnosis or treatment of a condition. Predicting the patient’s current moment in care is critical to the success of an information therapy application. Even within the same diagnosis, patients who are at different stages of diagnosis and treatment have vastly differing information needs. For example, a person just diagnosed with osteoarthritis has different questions, decisions to make, and information needs than someone who has lived with arthritis for decades. Likewise, someone whose condition is stable has different needs than one who is currently experiencing a setback or relapse and whose symptoms are poorly controlled For each specific moment in care, there is a set of questions and concerns that most patients and their caregivers have and a set of both clinical and non-clinical decisions that
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
379
they might be facing. For the patient newly diagnosed with osteoarthritis a likely set of questions includes: x What medications will work best for me, and what risks do they bring? x What’s the course of the illness? x What lifestyle changes should I make first, and how do I stick with them?
7. Information Prescriptions These questions and concerns can be addressed through information prescriptions, which convey evidence-based medical information useful to patients and caregivers. As information therapy becomes more sophisticated, the information prescription will be further tailored to match the learning style and readiness for change of the individual patient. From trigger to moment in care and then to a specific information prescription, the result is that patients and caregivers receive a targeted information prescription as an integrated part of their health care experience.
Figure 1: An Information Therapy prescription delivered electronically
380
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
8. Adding Information Therapy onto Existing Technology Information therapy will become a mainstream part of medical practice only when it can be delivered without disruption to the clinical workflow. If physicians had the time to look up and deliver good information to every patient and support ongoing behavior change, they would probably be doing so already. They don’t have time, so if it is not easy, they just won’t do it. Fortunately, information therapy technology can be built on top of other business-critical technology infrastructures, such as scheduling and billing, which the clinic or health plan most likely already has in place. By linking information therapy applications to other pre-existing information systems, health care organizations can implement information therapy at a low cost. Linking information therapy applications to e-prescribing, electronic health record systems (EHR) and electronic order entry (EOE) systems is particularly compelling. And for those systems that have a Web site and patient portal, it can also take advantage of patient-portal technology.
9. The Economic Case for Information Therapy within Disease Management Until recently, a majority of disease management programs have typically been structured around call center nurses working with patients known to be both chronically ill and in a frail or declining condition. Although the labor-intensive nurse intervention is expensive, the savings achieved by better monitoring and better management of these very ill patients has been sufficient to reduce overall costs. On the other hand, to assure cost-effectiveness, these nurse-based disease management programs have typically addressed only a small percentage of the chronically ill population. Disease management today has changed largely because of two factors, predictive modeling and the trend toward disease self-management. Information therapy has a role to play in each. Predictive modeling in disease management, is “a process that applies available data to identify persons who have high medical need and are 'at risk' for above-average future medical service utilization.” [15] Using sophisticated modeling tools, health care organizations can, with fair accuracy, predict which patients are likely to be high cost patients in the next year and plan interventions accordingly. The concept behind predictive modeling is to stratify a population according to the risk of a future outcome but in time for interventions that might prevent that outcome from occurring. By focusing on predictably high-cost patients, disease management organizations are able to cost-effectively use their nurse call centers to help a larger percentage of the chronically ill population. However, because even good predictive modeling can accurately predict only about fifty percent of high-cost patients, [16], opportunities remain for reaching the other half of this very important population. Predictive modeling and the chronic care model discussed earlier can now work together to distinguish between patients who would cost-effectively benefit from intensive call center support and those who might just need informational support and
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
381
encouragement to implement their own self-management plans. Properly supported, disease self-management can significantly shift the number of people in “controlled” phases of chronic disease who are at risk to slip into the much more expensive to treat “uncontrolled” phases of the diseases. Information therapy is an effective tool for reaching out to 100% of the chronically ill population with self-management support. Using current claims data or EMR entries, the same technology that predicts who is likely to be hospitalized for congestive heart failure over the next 12 months can just as easily predict who will be considering a hip replacement or back surgery in the next 30 days. For hundreds of such predictions, information therapy could then prescribe the right information to the right person just in time for them to make a more informed decision.
10. The Quality Case for Information Therapy within Disease Management Information therapy can provide significant advantages for improving quality in health care delivery. 10.1. Building Relationships Information therapy can help a physician or health care facility establish and strengthen good working relationships with patients and their families. It increases a sense of access and contact with the physician without adding to the work burden of the physician. 10.2. Cost Efficiency Most health care organizations have figured out that it costs far, far less to provide administrative services on-line rather than on the phone or by mail. When profit margins are low, the difference between online services can be the difference between a red or a black bottom line. The routine use of information prescriptions enables the patient and caregivers to accomplish their business with the provider, facility, or plan using on-line efficiency. 10.3. Proficiency The costs of educating patients and caregivers about self-management actions and treatment decision options create a significant challenge for providers and facilities; physicians have little time and patients have many needs. While some systems have implemented nurse care counseling programs that respond to patient needs, that resource is also an expensive one, and budgets are invariably tight. Targeted information prescriptions, both in advance of and following a clinician visit, and triggered by events recorded in the patient’s medical chart, can improve communication and help clinicians successfully stick to their schedules.
382
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role
10.4. Patient Safety Medical errors are all too common. The complexity of patient medical conditions, combined with staffing shortages, staffing turnover, and communication challenges with patients and families, creates an environment that is prone to error. Information prescriptions regarding medication dosages, contraindications, and possible side effects to patients and caregivers can help to prevent medication errors or catch them early before they inflict harm. 10.5. Assuring high-quality medical care and patient medical decisions By far, the greatest potential value of information therapy for chronic disease management comes in the improved health outcomes obtained through improved decision making and self-management. Shared decision-making, grounded in evidence-based medical information, can better align the needs of the patient and caregiver with the treatment plan.
11. Information is Care The key and strategic resource for delivering these improved outcomes for each patient is information: evidence-based information that both supports good medical decision making and patient preference. A good information prescription can be as important to care as a medication, a lab test, or a surgical procedure. Information can guide a patient’s decisions and change a patient’s behaviors. It can increase the patient’s adherence to the treatment plan. With good information, patients can self-monitor and, often, self-manage their conditions. Without it, they can do themselves harm, overlook effective cures, and undermine the best-laid clinical plans. The acceptance of this reality will play a vital role in the design of the effective programs for disease management and long term care. Integrating information therapy programs within disease management systems can help individual patients and their caregivers optimize patient independence and medical quality while avoiding the costs associated with inappropriate care, medical errors, and decision making outside of the patient’s best interests. Good medical information isn’t just “about” medical care—it is an essential part of medical care. Care delivered without it is incomplete.
References [1] [2]
[3] [4]
Kemper DW, Mettler M. Information Therapy: Prescribed Information as a Reimbursable Medical Service. Boise: Healthwise, Incorporated; 2002. Improving Chronic Illness Care (homepage on the Internet). Princeton: The Robert Wood Johnson Foundation; c2004 (cited 2004 Sept 10). Available from: http://www.improvingchroniccare.org/change/index.html Faulkner L. Disease Management: The New Tool for Cost Containment and Quality Care. Issue Brief, National Governor’s Association Center for Best Practices. 2003 Feb: 2. Ibid.
M. Mettler and D.W. Kemper / Information Therapy: The Strategic Role [5] [6]
[7] [8] [9]
[10] [11] [12] [13] [14] [15] [16]
383
Betterridge N. Arthritis: The Under-Estimated Epidemic. Press release. Arthritis Care. 2002 Oct 12. The Chronic Care Model (homepage on the Internet). Improving Chronic Illness Care. Princeton: The Robert Wood Johnson Foundation; c2004 (cited 2004 Sept 8). Available from: http://www.improvingchroniccare.org/index.html Ibid. Available from: http://www.improvingchroniccare.org/change/model/patient.html Lorig KR, Sobel DS, Stewart AL, et.al. Evidence suggesting that a chronic disease self-management program can improve health status while reducing utilization and costs: A randomized trial. Med Care. 1999, 37(1):5-14. Fox S, Fallows D Internet Health Resources: Health searches and e-mail have become more commonplace, but there is still room for improvement in searches and overall Internet access. (report on the Internet) 2003 Jul 16 (cited 2004 Sep 9) Pew Internet and American Life Project. Available from: http://www.pewinternet.org/PPF/r/95/report_display.asp Fox S, Rainie L. Vital Decisions: How Internet users decide what information to trust when they or their loved ones are sick. (report on the Internet) 2002 May 2 (cited 2004 Sep 9) Pew Internet and American Life Project. Available from: http://www.pewinternet.org/PPF/r/59/report_display.asp Manhattan Research, LLC. 56.3 million U.S. adults finding freedom from chronic health conditions online. (report on the Internet) 2003 Apr 16 (cited 2004 Sep 10) Available from: http://www.manhattanresearch.com/ePharma%20AIM%20Release%20041603.pdf Mettler, personal communication, also cited in Mettler M, Kemper DW. Information therapy: Health education one person at a time. Health Promot Pract. 2003 Jul;4(3):214-7. Kemper D Mettler M. op.cit p.3 Kreuter MW, Strecher VJ, Glassman B. One Size Does Not Fit All: The Case for Tailoring Print Materials. Ann Behav Med. 1999 21 (4): 276-283 Weiner, J (interview) with Carlson B. Predictive Modeling: Sharp Lens on Near Future. Manag Care Q, 2003 Jul;12 (7):1. Meek, J. Predictive Modeling 101: The Nuts and Bolts of Selecting, Implementing and Ensuring a ROI in Predictive Modeling. Proceedings of Advanced Strategies for Predictive Modeling; 2004 Jun 21; Boston, Massachusetts.
This page intentionally left blank
385
Medical and Care Compunetics 3 L. Bos et al. (Eds.) IOS Press, 2006 © 2006 The authors. All rights reserved.
Author Index Abu Zeineh, T. 266 Arochena, H. 191 Ayo, C.K. 36 Bali, R.K. 191, 221 Baskaran, V. 191 Bassinder, J. 221 Benton, S. 7 Bhatia, J.S. 22 Biniaris, C. 108 Blobel, B. vii, 198, 299, 307, 327, 337, 349 Bocchi, L. 70, 228 Bos, L. vii Cheshire, P. 317 Chiarugi, F. 108 Conforti, D. 108 Costa, P. 176 Costanzo, D. 108 Costa-Pereira, A. 176 Cristaldi, M. 1 Cruz-Correia, R. 176 de Lusignan, S. 86 de Toledo, P. 242 Delprato, U. 1 di Giacomo, P. 70, 228 Donnelly, K. 279 Eckhardt, R. 126 Ehikioya, S.A. 36 El Hayes, K. 266 Engelbrecht, R. 327 Ferreira, A. 176 Fisher, B. 162 Fitton, R. 162 Fontanelli, R. 108 Galarraga, M. 242 Gamberger, D. 108 Gibbons, M.C. 62 Graschew, G. 168 Greenlaw, R. 1 Guerri, D. 108 Harno, K. 364 Harrity, C. 266 Heinzlreiter, P. 168
Hildebrand, C. 327 Honkela, T. 183 Hovsto, A. 327 Ikhu-Omoregbe, N.A. 36 Karkaletsis, V. 183 Kaufman, J.H. 214 Kawecka-Jaszcz, K. 108 Kemper, D.W. 373 Kopec, D. 74, 126 Kostkova, P. 86 Kranzlmüller, D. 168 Labský, M. 183 Leis, A. 183 Levy, K. 74, 126 Lohi, M. 42 Lopez, D.M. 337 López-Ostenero, F. 183 Madani, K. 42 Madge, B. 86 Madinabeitia, G. 257 Manning, B.R.M. 7, 138, 207 Marsh, A. vii, 108 Martínez, I. 242 Mayer, M.A. 183 McCofie, T. 74 McKeon Stosuy, M. 138 Mettler, M. 373 Naguib, R.N.G. 191, 221 Nordberg, R. 291 Norgall, T. 299 O’Connell, B. vii Oliveira-Palhares, E. 176 Parati, G. 108 Perticone, F. 108 Pharow, P. 198, 299, 307, 327, 349 Poirier, C. 162 Poortinga, R. 47 Popovich, M.L. 151 Prado, M. 96 Rakowsky, S. 168 Reina, J. 96, 257 Ricci, F.L. 70, 228 Roa, L.M. vii, 96, 257
386
Robinson, J. Roelofs, T.A. Román, I. Ruotsalainen, P. Salden, A. Salvettis, O. Sanyal, I. Savastano, M. Schlag, P.M. Serrano, L. Shagas, G. Sharma, S. Smith, E. Stables, D.
86 168 257 364 47 108 15 327 168 242 126 22 214 162
Stamatakis, K. Stratakis, M. Tamang, S. Thomeczek, C. Tsiknakis, M. Valentini, M. Vieira-Marques, P. Villarroel, D. Volkert, J. Wallis, M. Watkins, T. Wheaton, M. Yogesan, K.
183 108 74, 126 183 108 108 176 183 168 191 151 191 vii