Information accountability and usability : are there any connections?

Availability of health information is rapidly increasing and the expansion and proliferation of health information is inevitable. The Electronic Healthcare Record, Electronic Medical Record and Personal Health Record are at the core of this trend and are required for appropriate and practicable exchange and sharing of health information. However, it is becoming increasingly recognized that it is essential to preserve patient privacy and information security when utilising sensitive information for clinical, management and administrative processes. Furthermore, the usability of emerging healthcare applications is also becoming a growing concern. This paper proposes a novel approach for integrating consideration of information accountability with a perspective from usability engineering that can be applied when developing healthcare information technology applications. A social networking user case in the healthcare information exchange will be presented in the context of our approach.

Security and privacy in eHealth : is it possible? A sociotechnical analysis

Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients’ health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.

Accountable-eHealth systems : the next step forward for privacy

eHealth systems promise enviable benefits and capabilities for healthcare delivery. However, the technologies that make these capabilities possible introduce undesirable drawbacks such as information security related threats, which need to be appropriately addressed. Lurking in these threats are information privacy concerns. Addressing them has proven to be difficult because they often conflict with information access requirements of healthcare providers. Therefore, it is important to achieve an appropriate balance between these requirements. We contend that information accountability (IA) can achieve this balance. In this paper, we introduce accountable-eHealth (AeH) systems, which are eHealth systems that utilise IA as a measure of information privacy. We discuss how AeH system protocols can successfully achieve the aforementioned balance of requirements. As a means of implementation feasibility, we compare characteristics of AeH systems with Australia’s Personally Controlled Electronic Health Record (PCEHR) sys-tem and identify similarities and highlight the differences and the impact those differences would have to the eHealth domain.

eHealth-as-a-Service (eHaaS) : towards universal stakeholder engagement

With the introduction of the Personally Controlled Health Record (PCEHR), the Australian public is being asked to accept greater responsibility for their healthcare by taking an active role in the management of personal health information. Although well designed, constructed and intentioned, policy and privacy concerns have resulted in an eHealth model that may impact future health sharing requirements. Hence, as a case study for a consumer eHealth initative in the Australian context, eHealth-as-a-Service (eHaaS) serves as a disruptive step in in the aggregation and transformation of health information for use as real-world knowledge. The strategic value of extending the community Health Record Bank (HRB) model lies in the ability to automatically draw on a multitude of relevant data repositories and sources to create a single source of the truth and to engage market forces to create financial sustainability. The opportunity to transform the beleaguered Australian PCEHR into a realisable and sustainable technology consumption model for patient safety is explored. Moreover, the current clerical focus of healthcare practitioners acting in the role of de facto record keepers is renegotiated to establish a shared knowledge creation landscape of action for safer patient interventions. To achieve this potential however requires a platform that will facilitate efficient and trusted unification of all health information available in real-time across the continuum of care. eHaaS provides a sustainable environment and encouragement to realise this potential.

1st International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

Data driven and practice-based evidence : design and development of efficient and effective clinical decision support system

Decision-making is such an integral aspect in health care routine that the ability to make the right decisions at crucial moments can lead to patient health improvements. Evidence-based practice, the paradigm used to make those informed decisions, relies on the use of current best evidence from systematic research such as randomized controlled trials. Limitations of the outcomes from randomized controlled trials (RCT), such as “quantity” and “quality” of evidence generated, has lowered healthcare professionals’ confidence in using EBP. An alternate paradigm of Practice-Based Evidence has evolved with the key being evidence drawn from practice settings. Through the use of health information technology, electronic health records (EHR) capture relevant clinical practice “evidence”. A data-driven approach is proposed to capitalize on the benefits of EHR. The issues of data privacy, security and integrity are diminished by an information accountability concept. Data warehouse architecture completes the data-driven approach by integrating health data from multi-source systems, unique within the healthcare environment.

Information Accountability Framework (IAF)

POSTER: Information Accountability Framework (IAF) to mitigate and manage the risk of data breaches and unauthorised used of medical information (e.g., Electronic Health Records)

2nd International Workshop on Secure and Privacy-Aware Information Management in eHealth

Information security and privacy in the healthcare domain is a complex and challenging problem for computer scientists, social scientists, law experts and policy makers. Appropriate healthcare provision requires specialized knowledge, is information intensive and much patient information is of a particularly sensitive nature. Electronic health record systems provide opportunities for information sharing which may enhance healthcare services, for both individuals and populations. However, appropriate information management measures are essential for privacy preservation...

Effective clinical decision-making from practice-based evidence

This is an ongoing research investigating the use of health information technologies (HIT) to improve clinical decision-making processes. Effective and timely clinical decision-making can lead to positive improvements in patient’s health outcome...

Quality of information for quality of life: Healthcare big data analytics

Big data analysis in healthcare sector is still in its early stages when comparing with that of other business sectors due to numerous reasons. Accommodating the volume, velocity and variety of healthcare data Identifying platforms that examine data from multiple sources, such as clinical records, genomic data, financial systems, and administrative systems Electronic Health Record (EHR) is a key information resource for big data analysis and is also composed of varied co-created values. Successful integration and crossing of different subfields of healthcare data such as biomedical informatics and health informatics could lead to huge improvement for the end users of the health care system, i.e. the patients.

Medical Data Access Accountability in EHR Systems, A Practical Perspective

The world has experienced a large increase in the amount of available data. Therefore, it requires better and more specialized tools for data storage and retrieval and information privacy. Recently Electronic Health Record (EHR) Systems have emerged to fulfill this need in health systems. They play an important role in medicine by granting access to information that can be used in medical diagnosis. Traditional systems have a focus on the storage and retrieval of this information, usually leaving issues related to privacy in the background. Doctors and patients may have different objectives when using an EHR system: patients try to restrict sensible information in their medical records to avoid misuse information while doctors want to see as much information as possible to ensure a correct diagnosis. One solution to this dilemma is the Accountable e-Health model, an access protocol model based in the Information Accountability Protocol. In this model patients are warned when doctors access their restricted data. They also enable a non-restrictive access for authenticated doctors. In this work we use FluxMED, an EHR system, and augment it with aspects of the Information Accountability Protocol to address these issues. The Implementation of the Information Accountability Framework (IAF) in FluxMED provides ways for both patients and physicians to have their privacy and access needs achieved. Issues related to storage and data security are secured by FluxMED, which contains mechanisms to ensure security and data integrity. The effort required to develop a platform for the management of medical information is mitigated by the FluxMED's workflow-based architecture: the system is flexible enough to allow the type and amount of information being altered without the need to change in your source code.

Modelagem do padrão TISS por meio do enfoque dual da Fundação openEHR

Em 2005, a Agência Nacional de Saúde Suplementar (ANS) estabelece o padrão TISS (Troca de Informação na Saúde Suplementar), intercâmbio eletrônico obrigatório entre as operadoras de planos de saúde (cerca de 1500 registradas na ANS) e prestadores de serviços (cerca de 200 mil) sobre os eventos de assistência prestados aos beneficiários. O padrão TISS foi desenvolvido seguindo a estrutura do Comitê ISO/TC215 de padrões para informática em saúde e se divide em quatro partes: conteúdo e estrutura, que compreende a estrutura das guias em papel; representação de conceitos em saúde, que se refere às tabelas de domínio e vocabulários em saúde; comunicação, que contempla as mensagens eletrônicas; e segurança e privacidade, seguindo recomendação do Conselho Federal de Medicina (CFM). Para aprimorar sua metodologia de evolução, essa presente tese analisou o grau de interoperabilidade do padrão TISS segundo a norma ISO 20514 (ISO 20514, 2005) e a luz do modelo dual da Fundação openEHR, que propõe padrões abertos para arquitetura e estrutura do Registro Eletrônico de Saúde (RES). O modelo dual da Fundação openEHR é composto, no primeiro nível, por um modelo de referência genérico e, no segundo, por um modelo de arquétipos, onde se detalham os conceitos e atributos. Dois estudos foram realizados: o primeiro se refere a um conjunto de arquétipos demográficos elaborados como proposta de representação da informação demográfica em saúde, baseado no modelo de referência da Fundação openEHR. O segundo estudo propõe um modelo de referência genérico, como aprimoramento das especificações da Fundação openEHR, para representar o conceito de submissão de autorização e contas na saúde, assim como um conjunto de arquétipos. Por fim, uma nova arquitetura para construção do padrão TISS é proposta, tendo como base o modelo dual da Fundação openEHR e como horizonte a evolução para o RES centrado no paciente

The IGNITE network: a model for genomic medicine implementation and research.

BACKGROUND: Patients, clinicians, researchers and payers are seeking to understand the value of using genomic information (as reflected by genotyping, sequencing, family history or other data) to inform clinical decision-making. However, challenges exist to widespread clinical implementation of genomic medicine, a prerequisite for developing evidence of its real-world utility. METHODS: To address these challenges, the National Institutes of Health-funded IGNITE (Implementing GeNomics In pracTicE; www.ignite-genomics.org ) Network, comprised of six projects and a coordinating center, was established in 2013 to support the development, investigation and dissemination of genomic medicine practice models that seamlessly integrate genomic data into the electronic health record and that deploy tools for point of care decision making. IGNITE site projects are aligned in their purpose of testing these models, but individual projects vary in scope and design, including exploring genetic markers for disease risk prediction and prevention, developing tools for using family history data, incorporating pharmacogenomic data into clinical care, refining disease diagnosis using sequence-based mutation discovery, and creating novel educational approaches. RESULTS: This paper describes the IGNITE Network and member projects, including network structure, collaborative initiatives, clinical decision support strategies, methods for return of genomic test results, and educational initiatives for patients and providers. Clinical and outcomes data from individual sites and network-wide projects are anticipated to begin being published over the next few years. CONCLUSIONS: The IGNITE Network is an innovative series of projects and pilot demonstrations aiming to enhance translation of validated actionable genomic information into clinical settings and develop and use measures of outcome in response to genome-based clinical interventions using a pragmatic framework to provide early data and proofs of concept on the utility of these interventions. Through these efforts and collaboration with other stakeholders, IGNITE is poised to have a significant impact on the acceleration of genomic information into medical practice.

Access to medical records for research purposes:Varying perceptions across research ethics boards

Introduction: Variation across research ethics boards (REBs) in conditions placed on access to medical records for research purposes raises concerns around negative impacts on research quality and on human subject protection, including privacy. Aim: To study variation in REB consent requirements for retrospective chart review and who may have access to the medical record for data abstraction. Methods: Thirty 90-min face-to-face interviews were conducted with REB chairs and administrators affiliated with faculties of medicine in Canadian universities, using structured questions around a case study with open-ended responses. Interviews were recorded, transcribed and coded manually. Results: Fourteen sites (47%) required individual patient consent for the study to proceed as proposed. Three (10%) indicated that their response would depend on how potentially identifying variables would be managed. Eleven sites (38%) did not require consent. Two (7%) suggested a notification and opt-out process. Most stated that consent would be required if identifiable information was being abstracted from the record. Among those not requiring consent, there was substantial variation in recognising that the abstracted information could potentially indirectly re-identify individuals. Concern over access to medical records by an outside individual was also associated with requirement for consent. Eighteen sites (60%) required full committee review. Sixteen (53%) allowed an external research assistant to abstract information from the health record. Conclusions: Large variation was found across sites in the requirement for consent for research involving access to medical records. REBs need training in best practices for protecting privacy and confidentiality in health research. A forum for REB chairs to confidentially share concerns and decisions about specific studies could also reduce variation in decisions.

A telematic platform towards regional connected healthcare

As tecnologias de informação e comunicação na área da saúde não são só um instrumento para a boa gestão de informação, mas antes um fator estratégico para uma prestação de cuidados mais eficiente e segura. As tecnologias de informação são um pilar para que os sistemas de saúde evoluam em direção a um modelo centrado no cidadão, no qual um conjunto abrangente de informação do doente deve estar automaticamente disponível para as equipas que lhe prestam cuidados, independentemente de onde foi gerada (local geográfico ou sistema). Este tipo de utilização segura e agregada da informação clínica é posta em causa pela fragmentação generalizada das implementações de sistemas de informação em saúde. Várias aproximações têm sido propostas para colmatar as limitações decorrentes das chamadas “ilhas de informação” na saúde, desde a centralização total (um sistema único), à utilização de redes descentralizadas de troca de mensagens clínicas. Neste trabalho, propomos a utilização de uma camada de unificação baseada em serviços, através da federação de fontes de informação heterogéneas. Este agregador de informação clínica fornece a base necessária para desenvolver aplicações com uma lógica regional, que demostrámos com a implementação de um sistema de registo de saúde eletrónico virtual. Ao contrário dos métodos baseados em mensagens clínicas ponto-a-ponto, populares na integração de sistemas em saúde, desenvolvemos um middleware segundo os padrões de arquitetura J2EE, no qual a informação federada é expressa como um modelo de objetos, acessível através de interfaces de programação. A arquitetura proposta foi instanciada na Rede Telemática de Saúde, uma plataforma instalada na região de Aveiro que liga oito instituições parceiras (dois hospitais e seis centros de saúde), cobrindo ~350.000 cidadãos, utilizada por ~350 profissionais registados e que permite acesso a mais de 19.000.000 de episódios. Para além da plataforma colaborativa regional para a saúde (RTSys), introduzimos uma segunda linha de investigação, procurando fazer a ponte entre as redes para a prestação de cuidados e as redes para a computação científica. Neste segundo cenário, propomos a utilização dos modelos de computação Grid para viabilizar a utilização e integração massiva de informação biomédica. A arquitetura proposta (não implementada) permite o acesso a infraestruturas de e-Ciência existentes para criar repositórios de informação clínica para aplicações em saúde.