230 likes | 242 Views
Learn about the Be-Health platform, its building blocks, and the objectives to optimize healthcare delivery, patient safety, and policy-making. Explore existing validated sources and value-added services, as well as critical success factors.
E N D
Be-Health as a driving forceof electronic cooperationin the Belgian health care sector,based on the experiencein the social sector Frank Robben General manager Crossroads Bank for Social Security CEO Smals Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be Website CBSS: www.ksz.fgov.be Personal website: www.law.kuleuven.ac.be/icri/frobben
Structure of the presentation • objectives • building blocks • Be-Health platform • existing validated authentic sources and value added services • critical success factors
Objectives • what ? • to optimize the quality and the continuity of health care delivery • to optimize patient safety • to avoid unnecessary bureaucracy for all actors in the health care sector • to support policymaking in health care • how ? • through a well organized electronic information exchange between all actors in the health care sector • with the necessary guarantees for information security and privacy protection
Building blocks • a platform for secure electronic exchange of information about patients, provided care and the results of the provided care, and for the exchange of electronic care prescriptions between all relevant actors in the health care sector • network • basic services • exchange standards • access channels for the users • no central storage of information !!! • an institution, managed by representatives of the several actors in the health care sector that • manages the exchange platform • organizes electronic information exchange between the actors in the health care sector
Building blocks • a Sectoral Committee of the Privacy Commission regulating (electronic) exchange of personal health data in cases not regulated by law • a standardized content, format and methods for the exchange of electronic care prescriptions • a minimal content of health care files that can be exchanged electronically • gradually, a permanent, decentralized availability and accessibility of the minimal electronically communicable content of health care files • an appropriate legal framework
PortaHealth SVA SVA SVA FPS-SS AVS SVA SVA SVA AVS Be-Health Be-Health platform Patients and care providers Portal SS SVA SVA SVA AVS Portal RIZIV PortalBeHealth MyCareNet SVA SVA SVA AVS SVA SVA SVA AVS Users Platform with basic services VAS VAS VAS VAS VAS VAS Suppliers
Be-Health platform • basic service • a service that has been developed and made available by Be-Health and that can be used by the supplier of an added value service • added value service (AVS) • a service put at the disposal of the patients and/or the health care providers • the entity that develops and offers an added value service can use the basic services offered by Be-Health for this purpose • validated authentic source (VAS) • a database containing information used by Be-Health • the administrator of the database is responsible for the availability and (the organization of) the quality of the information made available
Platform with basic services • use of the existing network infrastructure (internet, social security extranet, FedMAN, ...) with end-to-end encryption of the information (concept of virtual private network (VPN)) • basic services • integrated user and access management • logging • orchestration of electronic processes • reference directory • coding and anonymizing • time stamping • portal environment including a content management system and a search engine (https://www.behealth.be) • personal electronic mailbox for each health care provider
User and access management • authentication of the identity: according to the required security level • electronic identity card • user number, password and citizen token • user number and password • verification of statuses and mandates : access to validated authentic sources • authorization to use an added value service: management by service supplier • elaborated on the basis of a generic policy enforcement model
Action on Action application on Policy DENIED application User Enforcement Application PERMITTED ( PEP ) Action on application Decision Decision request reply Information request/ Policy Decision Policy reply retrieval (PDP) Information request/ reply Policy Policy Administration Policy Information Policy Information management ( PAP ) ( PIP ) ( PIP ) Manager Policy repository Authentic source Authentic source Policy Enforcement Model
WebApp XYZ Role Mapper DB PDP Role Provider Role DB Provider PIP PIP PIP Attribute Attribute Attribute Provider Provider Management DB RIZIV XYZ VAS Architecture Non social FPS (Fedict) Be-Health Social sector (CBSS) USER USER USER APPLICATIONS APPLICATIONS APPLICATIONS Authen - Authorisation Authen - Authorisation Authen - Authorisation tication tication tication PEP PEP PEP WebApp WebApp Role Role Role XYZ XYZ Mapper Mapper Mapper Role Role Mapper Mapper DB DB PDP Role PAP PDP Role PAP PAP Provider Role Provider ‘’Kephas’’ Role ‘’Kephas’’ ‘’Kephas’’ DB Provider DB Provider PIP PIP PIP PIP PIP PIP Attribute Attribute Attribute Attribute Attribute Attribute Provider Provider Provider Provider Provider Provider Provider Management DB DB Management Gerechts- deurwaar- ders DB DB DB DB UMAF XYZ XYZ Mandaten Mandaten XYZ VAS VAS
Existing validated authentic sources • register of health care providers • administrator: FPS Public Health • contains information about the diploma and the specialization of a health care provider identified through his social security identification number (SSIN) • database with recognitions of the National Institute for Sickness and Invalidity Insurance (RIZIV) • administrator : RIZIV • contains information about the RIZIV recognition of health care providers identified through their SSIN • database with persons authorized to act on behalf of a health care institution • administrator : NOSS (division user management for companies) • contains information about which persons, identified through their SSIN, are authorized to use which applications on behalf of a health care institution
Existing added value services • third party billing • Medic-e: entering the evaluation of disabled persons electronically into the information system of the FPS Social Security • input into and consultation of the cancer register • Medattest: on-line ordering of care prescription forms • support of electronic care prescription in hospitals • electronic registration of birth
Third party billing • supplier: National College of Sickness Funds • users: nurses, their groupings and representatives • functionality: send the third party billings electronically to the sickness funds • basic services used • identification and authentication of the identity of the user (eID or user number-password-citizen token) • verification of the status of nurse with RIZIV recognition • verification of the mandate • electronic mailbox (publication of documents) • logging
Medic-e • supplier: FPS Social Security • users: medical doctors who evaluate disabled persons • functionality: enter the evaluation of the disabled persons electronically into the information system of the FPS Social Security • basic services used • identification and authentication of the identity of the user (eID or user number-password-citizen token) • verification of the status of medical doctor with RIZIV recognition • electronic mailbox (publication of documents) • logging
Input in cancer register • supplier: Cancer Register • users: oncologists in health care institutions and labs • functionality: electronic input of information into the cancer register and access to the registered information • basic services used • identification and authentication of the identity of the user (eID) • verification of the status of medical doctor with RIZIV recognition • electronic mailbox (publication of documents) • logging
Medattest • supplier: RIZIV • users: medical doctors, dentists, physiotherapists, nurses, speech therapists, orthopedists, health care institutions and their mandataries • functionality: on-line ordering of care prescription forms • basic services used : • identification and authentication of the identity of the user (eID or user number-password-citizen token) • verification of the status of users • verification of the mandate • logging
Electronic care prescription in health care institutions • analysis of required functionalities • functionalities before a prescription can be processed • authentication of the identity of the person who writes the prescription • verification of the status of the person who writes the prescription • system to ensure that the prescription cannot be modified unnoticeably after applying the methods to guarantee the integrity and the electronic time stamping • authentication of the identity, verification of the status of the person who has written the prescription, guaranteeing the integrity and electronic date for each individual prescription • the time necessary for authenticating the identity, verifying the status and guaranteeing the integrity must not exceed ¼ of a second per prescription • a person that writes prescriptions must be able to switch between prescription places without overhead • local validation that the prescription has not been modified after applying the methods to guarantee the integrity and the electronic time stamping
Electronic care prescription in health care institutions • analysis of required functionalities • functionalities during the processing of the prescription • the electronic time stamping must be requested immediately after applying the method to guarantee the integrity and must be placed within 30 seconds after the request • organizational requirements • velocity of replacing an authentication tool when useless • traceability of who has done which processing at which moment for the creation of a prescription (must be kept during a certain period) • traceability of the content and of the exact date and time of each request and processing of a request to revoke an authentication tool • point of special interest • avoid that care institutions have to work with different systems for the authentication of the identity, the verification of the status, the guarantee of the integrity of documents, electronic time stamping, … for different types of processes
Electronic care prescription in health care institutions • possible solution • the authentication of the identity and the verification of the status are performed on the local level using at least a user-id, a password [and something one possesses], on condition that each person that writes prescriptions signs a document that stipulates that he is responsible for everything that is authenticated in terms of identity and status through his user id, his password [and the possessed element] • the prescriptions are hashed • the hashing results (not the content of the prescription itself !) receive an electronic time stamp from Be-Health • clear organizational rules concerning the management of user-id’s, passwords [and the possessed elements], based on the results of Elodis, are incorporated in an royal decree in implementation of article 21 of the royal decree n° 78 • a regulation is being elaborated that indicates under which conditions postscriptions are possible
Critical success factors • cooperation between all actors in the health care sector, based on a division of tasks rather than on a centralization of tasks • trust of all stakeholders in the preservation of the necessary autonomy and the security of the system • firstly the development of the exchange platform and the creation of the necessary institutions (management organization for exchange platform, Sectoral Committee, ...) and then further elaboration of processes between these institutions • quick wins in combination with a long term vision • legal framework
More information • portal Be-Health • https://www.behealth.be • website Crossroads Bank for Social Security • http://www.ksz.fgov.be • personal website Frank Robben • http://www.law.kuleuven.ac.be/icri/frobben