Ebook: Advanced Health Telematics and Telemedicine

After the German reunification and the opening of the former Eastern block, Saxony-Anhalt as well as its capital city Magdeburg and its universities became part of the European Union and the global network of partners. Along with the changing challenges for scientific units, great opportunities have been opened towards the involvement in European projects, the inclusion in leading activities on standardisation as well as the establishment of partnerships with other organisations, institutions, associations, vendors and providers in Europe and beyond.

Such inclusion in projects, the involvement in standardisation and development, and the aspect of establishing partnerships are always matters of mutual interest and activities. The mutual nature of relationship has been met by many friends and friendly organisations. Supported by local and regional initiatives such as the implementation of the Technology Transfer Centre (TTZ) at the Otto-von-Guericke University in Magdeburg as well as the engagement of the Ministry for Education and Arts in Saxony-Anhalt, the Magdeburg Medical Informatics Department took the opportunity of getting involved in the international scene for research and development in health informatics.

Resuming the work done and acknowledging the help of friends for enabling the success story, the Institute for Biometry and Medical Informatics (IBMI) at the Magdeburg Otto-von-Guericke University has now organised an international colloquium titled “International Collaboration to Provide Solutions for Advanced and Secure Interoperability of Health Information Systems”. As the main actors of this event, leading companions and influencing partners from many countries have been invited to present their contribution to this successful partnership, their achievements, and their visions for the future development in the health related domains like eHealth, health telematics or telemedicine. The majority of these invitations have been accepted, enabling the preparation of a more or less comprehensive view on that special part of the health informatics domain. This overview has now been transferred into a publishable form presented in this volume within the IOS Press series “Studies in Health Technology and Informatics”

Reflecting the colourful issues of our domain represented at the colloquium, the book intends to address researchers, developers and implementers in the field of health telematics and telemedicine solutions, users such as medical doctors, nurses and administrators but also decision makers and politicians at the central, regional and local level.

The editors would like to take this opportunity to thank all authors for their excellent contributions. Furthermore, they have to thank persons, organisations and companies such as HL7 Germany, the Centre for Applied Telemedicine / Federal State of Mecklenburg and Western Pomerania (“Centrum fur Angewandte Telemedizin in Mecklenburg-Vorpommern e.V.)”, the German Prorec Institute, the Medos AG, Hewlett-Packard, the Saxony-Anhalt Ministry for Education and Arts, the Medical Faculty's research commission, and last but not least, the CEO of the Magdeburg University Hospital, Mrs. Veronika Rätzel, for their inevitable support.

Magdeburg, February 2003

Bernd Blobel and Peter Pharow

Security issues during development and implementation of hospital information systems are briefly reviewed. Attention is paid to current issues as to: availability, integrity, authentication and access rights. In particular are discussed:

• some remaining risks as to integrity

• the tension between in-house acceptance of HIS access rules and standardisation needed when implementing a transmural Electronic Health Record (EHR),

• access rights needed for medical audit, law suits and evaluation with their far- reaching consequences.

The need for harmonisation of access rights is underlined and a further study of the requirements for systems from the perspective of medical audit, evaluation and juridical procedures is advocated.

Based on shared care information systems' requirements for high level interoperability, a generic component architecture has been derived. For implementing, running and maintaining acceptable and useable health information systems components, all views of the ISO Reference Model - Open Distributed Processing have to be considered. Following the Model Driven Architecture (MDA) paradigm, a reference model as well as concept-representing domain models both independent of platforms must be specified, which are combined and harmonised as well as automatically transferred into the platform-specific models using appropriate tools.

Information and Communication Technology (ICT) in healthcare represents a fundamental and highly qualifying pre-requisite for enabling the interoperability of information systems, the continuity of the caring process to the patient over the territory, the creation of an integrated electronic healthcare record, as well as the monitoring and optimisation of the organisational and economical aspects of healthcare enterprises. This paper presents a European architectural strategy for healthcare information systems, capable of facilitating the evolution of the existing procedures and their smooth integration into a homogeneous information and functional infrastructure, without requiring major modifications in already existing modules and protecting, therefore, previous investments.

This paper presents a totally generic client - server model for accessing legacy and new databases according to the three tier architecture principles It is based on an integrated environment that eases the dynamic creation and instantiation of secure web applications that access multiple database management systems. Emphasis is placed on the ability to query almost any type of relational database and queries can simultaneously address a multitude of data sources. The information is collected, assembled and presented to users depending on a possible set of user profiles. These profiles originate from work on securing the conduct of clinical studies. This has been achieved in the context of the E U funded project HARP (Harmonisation for the Security of Web Technologies and Applications). The generic character of the model is exploited through an accompanying set of development tools. This permits efficient and effective creation and maintenance of applications in several domains of health telematics and beyond. Main merit is the lightweight character of the resulting platform, whereby all necessary instantiations are accomplished through a set of related XML documents.

Electronic communication of healthcare related information (in the framework of Regional Healthcare Information Networks), introduces a number of security risks with regard to confidentiality, integrity and availability, which can become quite crucial taking into account its sensitive nature. Public Key Infrastructure (PKI) is acknowledged as an appropriate means for dealing with such risks, as long as all the involved critical factors are first practically assessed. This paper presents a best-practice approach for secure regional healthcare networks in Europe, examining all the identified crucial parameters (technical, organisational, legal/regulatory, medical and business). Our approach is conducted at two levels (the regional and the European), including the integration of PKI-aware security mechanisms (strong authentication, encryption, digital signature, time-stamping) in three regional pilot sites in Greece, Finland and Germany and demonstrating their interconnection in a pan-European architecture. Following the above approach, some major conclusions are excluded, pointing out existing open issues and possible steps forward.

Maturing telemedicine technologies, struggling mobile networking revenues and increased personal healthcare awareness have provided the foundations for a new market niche that of ‘3G Medicine’ . During the last 5 years, telemedicine (based on internet and web technologies) is becoming a reality both in terms of developing technologies and supportive legislation. Within Europe wireless infrastructures (3G Networking) has received a huge investment and although not well defined in how it will be achieved healthcare has been identified as a major stream of revenue with personal healthcare (e.g. EHCR on the handset) being a key issue especially for the handset manufactures. Combined with an increased awareness not only for outpatients but also for the “well-worried” (healthy and health conscious) 3G Medicine Services will play an important role in personal healthcare management. Subsequently, the development of supportive 3G Medicine products and services will also create a new niche market economy for companies, especially SME’s , to develop a range of collaborative technologies.

Since 1999, the Open Source movement has aroused the interests of different players of the Information Society. M. E. Liikanen, European Commissioner for Enterprise and Information Society, has publicly expressed an interest for more security through the use of Open Source software. Municipalities deployed desktops and servers based on Open Source software in Spain, France, Austria and Belgium. Some health professionals see in this movement a way of obtaining better software, more secure and interoperable. This presentation explores the context and economical considerations at the basis of the Open Source movement, its rationale in a research programme publicly financed and some of the challenges ahead. It concludes on the observations that Open Source is high on several agendas but needs to quickly become an economical activity to deliver its promises.

Within the European HARP project, a Java™-based Open Platform has been specified and implemented to support trustworthy distributed applications for health. Emphasis was put on security services for enabling both communication and application security. The Open Platform is Web-based and comprises the Client environment, Web/Application server, as well as Database and Archive servers. Servlets composed and executed according to the user’s authorisation create signed XML messages. From those messages, user-role-related applets are generated. The technical details of the realisation are presented. Possible future enhancements for user-centric, adaptable services based on next-generation mobile service environments are outlined.

PICNIC is a pioneering project to develop an architecture for next generation regional healthcare networks. This paper gives an overview of the project and some of the reasoning behind the interrelated technical and business choices.

The issues of Safety and Security are closely intertwined in Health information Systems. The paper explores the development of interest in these issues and looks to the next steps in the development of Safety standards. These efforts are compatible with the wider activities aimed at avoiding “adverse incidents” in the delivery of Healthcare.

Healthcare Establishments (HCE) have are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portability and interoperability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the existence of several stakeholders may lead to ineffective or inefficient security measures. Policies of a special category, named Generic Security Policies (GSPs), should be developed to provide policy-level harmonisation and guidance to policy-makers within HCEs. Five such policies are comparatively reviewed herein.

In this paper the issue of security policy development for health information systems is addressed. Security policy development involves the definition of the policy content, the analysis of the social, organisational, and technical contexts, as well as the organisation of the policy development process. We present the structure of security policies, analyse the characteristics of the HIS context, and analyse the different categories of methodologies, which can be used towards this end.

Introducing the technological step into this new 3^rd millennium, advanced communication means like global networks including the Internet become more and more important for a fast and convenient information exchange across regional and even national borders. Concerning the sector of public and private healthcare and welfare, new health information system, or citizens’ information systems in general, are coming up to meet the needs of the whole information society. Thus, developing and implementing those systems is one of the most important aims of the present and the near future. Access to, and communication of, relevant patient-related administrative and medical information items always means a secure and trustworthy way of dealing with data. Concerning the main aspects of specific legal, social, ethical, technical, organisational, and even political requirements for secure access and secure communication of health data in terms of data protection, data security, privacy, safety and quality using unprotected networks as, e.g., the Internet, there is a strong and even growing need for the fundamental technology of Trusted Third Parties to meet the whole range of the security categories as integrity, confidentiality, availability, accountability, and access control.

This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.