Consolidated List of Requirements

This document is a consolidated catalogue of requirements for the Electronic Health Care Record (EHCR) and Electronic Health Care Record Architecture (EHCRA), gleaned largely from work done in the EU Framework III and IV programmes and CEN, but also including input from other sources including world-wide standardisation initiatives. The document brings together the relevant work done into a classified inventory of requirements to inform the on-going standardisation process as well as act as a guide to future implementation of EHCRA-based systems. It is meant as a contribution both to understanding of the standard and to the work that is being considered to improve the standard. Major features include the classification into issues affecting the Health Care Record, the EHCR, EHCR processing, EHCR interchange and the sharing of health care information and EHCR systems. The principal information sources are described briefly. It is offered as documentation that is complementary to the four documents of the ENV 13606 Parts I-IV produced by CEN Pts 26,27,28,29. The requirements identified and classified in this deliverable are referenced in other deliverables

Security and confidentiality approach for the Clinical E-Science Framework (CLEF)

CLEF is an MRC sponsored project in the E-Science programme that aims to establish policies and infrastructure for the next generation of integrated clinical and bioscience research. One of the major goals of the project is to provide a pseudonymised repository of histories of cancer patients that can be accessed by researchers. Robust mechanisms and policies are needed to ensure that patient privacy and confidentiality are preserved while delivering a repository of such medically rich information for the purposes of scientific research. This paper summarises the overall approach adopted by CLEF to meet data protection requirements, including the data flows and pseudonymisation mechanisms that are currently being developed. Intended constraints and monitoring policies that will apply to research interrogation of the repository are also outlined. Once evaluated, it is hoped that the CLEF approach can serve as a model for other distributed electronic health record repositories to be accessed for research

Towards A Well-Secured Electronic Health Record in the Health Cloud

The major concerns for most cloud implementers particularly in the health care industry have remained data security and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the various cloud providers, hacking to comprise the cloud platform and theft of vital patients’ health data.An overview of the diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to health data privacy and security of eHR in health care cloud

The NPFIT strategy for information security of care record service

The National Programme for IT in England doesn’t have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents

NEOREG : design and implementation of an online neonatal registration system to access, follow and analyse data of newborns with congenital cytomegalovirus infection

Today's registration of newborns with congenital cytomegalovirus (cCMV) infection is still performed on paper-based forms in Flanders, Belgium. This process has a large administrative impact. It is imortant that all screening tests are registered to have a complete idea of the impact of cCMV. Although these registrations are usable in computerised data analysis, these data are not available in a format to perform electronic processing. An online Neonatal Registry (NEOREG) System was designed and developed to access, follow and analyse the data of newborns remotely. It allows patients' diagnostic registration and treatment follow-up through a web interface and uses document forms in Portable Document Format (PDF), which incorporate all the elements from the existing forms. Forms are automatically processed to structured EHRs. Modules are included to perform statistical analysis. The design was driven by extendibility, security and usability requirements. The website load time, throughput and execution time of data analysis were evaluated in detail. The NEOREG system is able to replace the existing paper-based CMV records

Plan Now for Managing Electronic Data and Avoid Tomorrow’s Legal Risks

[Excerpt] In a world where the use of electronic data is rapidly increasing, companies must find ways to manage data now so that they effectively control compliance risks. The proliferation of electronic data is both astonishing and overwhelming. Given the storage power of average computers today, even the most modest mom-and-pop business may have electronic storage capacity equivalent to 2,000 four-drawer file cabinets. The task of managing electronic data is further compounded by the fact that the data is no longer just tangible pieces of paper, but rather are bytes of information that are constantly being edited, changed, and updated from different people and sources. Proper archiving, retention, monitoring, filtering, and encryption of electronic data are no longer optional: they are imperative

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms