Authors : Kehinde Agbele, Henry Nyongesa and Ademola Adesina
Abstract: This study examines issues pertinent to the rapidly evolving use of information as a currency of modern economies. Access to information has important benefits that can be achieved in many areas including, social-economic development, education and healthcare. In healthcare, for example, access to appropriate information can minimise visits to physicians and periods of hospitalisation for patients suffering from chronic conditions, such as asthma, diabetes, hypertension and HIV/AIDS. This will in turn reduce the cost of healthcare provision. This study examines theoretical and conceptual aspects of E-health as an ICT application area. Various definitions are presented in order to expound concepts associated with E-health. In the study, the links to a successful chain of trust to manage patient health records for E-health deployment are described. These are based on four technology pillars: identity management, asset management, data storage and information security. Practical solutions for integration of E-health with human, material and financial resources are explored.
Kehinde Agbele, Henry Nyongesa and Ademola Adesina, 2010. ICT and Information Security Perspectives in E-Health Systems. Journal of Mobile Communication, 4: 17-22.
INTRODUCTION
One fundamental application area, especially following the Millennium Development Goals, is the opening of health information systems based on ICT to improve the management and the quality of health care for development at lower cost. Many different types of E-government projects have been implemented around the world, as well as in developing countries. Restructuring of health information systems has become an essential trend in the entire developing world since the implementation of primary health care as a global strategy for achieving the health for all goals (Campbell, 1997). A European Commission draft report of 2008 with number 3282 held in Brussels, committed member countries to the use of E-health to provide quality healthcare, within an interoperability framework subscribing to a paradigm of common visions, common values and eventually common standards (http://www.hl7.org/). While there is no agreed consensus of the terminology E-health, there is a common understanding that it refers to more than the use of technology. E-health is generally defined as Information and Communication Technology (ICT) based eco-system involving patients and all the stakeholders, delivering health services. According to Eysenbach (2001) defines E-health as an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered or enhanced through the Internet and related technologies. In a broader sense, the term characterizes not only a technical development but also a state-of-mind, a way of thinking, an attitude and a commitment for networked, global thinking, to improve health care locally, regionally and worldwide by using information and communication technology. In addition to that Eysenbach (2001) considers that the e in E-health does not only stand for electronic but implies a number of basic e’s, such as: efficiency, enhancing quality of care, evidence based, empowerment, encouragement, education, enabling, extending, ethics and equity.
E-health is a patient-centric environment, whereby ICT will support the implementation of policies for a better management of identities, health records and secure transactions within a trusted group of actors. This combines the use of electronic communication and information technology, in the health sector. It is important to note that E-health is much more than business transactions. It encompasses everything from medical diagnostics, digital data transmission of medical signals and images, laboratory reports, patient histories, purchase orders and insurance claims (Blake, 2001). It is the convergence of wide-reaching technologies like the Internet, computer telephony and interactive voice response, wireless communications, in order to achieve direct access to healthcare providers, care management, healthcare and wellness education (Deluca and Enmark, 2001).
It is recognized that achievement of the benefits from E-health are dependent on a secure, robust and reliable organizational and technical framework (Smith and Eloff, 1999). A global observatory for E-health dedicated to understanding the E-health domain, its growth, evolution and impact on health systems in all countries has been developed by the World Health Organization (WHO). Moreover, the European Community considers telemedicine a priority initiative for chronic disease management based on home healthcare monitoring and the vision Europe 2020 is anchored on development of Integrated Telemedicine Services (Wootton and Susan, 2006). Telemedicine is defined as medicine practiced at a distance. It combines the expertise of a professional clinical staff, medical equipment and computer hardware and software and communication technology, such as video conferencing, operated through a point to point synchronous telemedicine, to examine, investigate, monitor and treat patients in distant places (Scalvini et al., 2004). A related terminology Telehealth refers to a broader scope of services that includes telemedicine, health professionals training, public health and research evaluation, among others.
Developing countries face challenges in providing accessible, efficient and equitable quality health services to their people. These difficulties are attributed to low budget allocated to the health sector and structural weakness (Bennani and Elayoubi, 2008). Despite these difficulties developing nations can benefit from emulating models adopted by European countries with respect to E-health. In particular with the proliferation of mobile phones with powerful computing capacities ICT based solutions that are less expensive can be developed to meet healthcare stakeholder demands.
MATERIALS AND METHODS
Electronic healthcare records: The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter as well as supporting other care related activities directly or indirectly via interface including evidence based decision support, quality management and outcomes reporting.
An Electronic Healthcare Record (EHR) is defined as digitally stored health care information about an individual within time frame with the purpose of supporting continuity of care, education and research and ensuring confidentiality at all times (Wootton and Susan, 2006). The single most important characteristic of an EHR is that people can share the information stored in the EHR among different authorized users. In technical terms, this requires both the interoperability of information in the EHR and the interoperability of electronic health record systems which exchange and share this information. The sharing of patient electronic health record information between different electronic health record systems and different health organizations will almost certainly take place in a distributed processing environment. The EHR is just one of the key elements in a comprehensive health information system. Currently, this information is stored in all kinds of proprietary formats through a multitude of medical information systems available on the market. Communication with other actors within the healthcare information system is realised through HL7 and CEN standards. These standards define message content but message format is not strictly defined. However, the preferred way of the message format is XML and EHR sends and receive HL7 and CEN messages in XML format (http://www.hl7.org/). Typical formats include relational database tables; structured document based storage and unstructured document storage maintained in a classical document management system.
These result in a severe interoperability problem in the healthcare informatics domain (http://www.sanita.forumpa. it/) documenti/0/100/140/148 EHR-SwhitePaper.pdf. There are EHR standards that are under development such as CENEHR.com. HL7 Clinical Document Architecture (CDA) and Integrated Healthcare Enterprise (IHE) to address the interoperability problem (http://www.hl7.org/). Interoperability means the ability of Information and Communication Technology (ICT) systems and of the business processes they support to exchange data and to enable the sharing of information and knowledge. The term emanates from the European Interoperability Framework (EIF) (http://www.i2-Health.org/). In order to achieve interoperability, an EHR information system could be comprised of the following components: communication standards (message format) and data security and authentication where different standards may be applied to ensure an interoperable information transfer concept. The demand for better quality healthcare systems (more healthcare, better healthcare and stable resource base) is an inevitable consequence of the advances in medical science and technology and the expectations for future opportunities. The continuous expansion in demand for quality healthcare is associated, among other things, with resource limitations by adding capacity to the supply side to include: faster access, improved productivity, new clinical techniques, more staff, more assets, at a broadly stable cost. Hence, healthcare providers can use the potential of E-health to effectively expand their capacity and performance to meet increasing demand by using their resources to better outcome.
Chain of trust to manage EHR: Going much further than just how the services are delivered, the strategy and policies dealing with data management are critical when implementing tangible trust and privacy. The challenge remains to define sufficient levels of privacy and trust to address the concerns of patients. The previous standard for healthcare records was the study based transactions. That baseline is a good start but not enough to build a fair comparison since an ICT based E-health deployment introduces far more functionalities than strategies based on study trails.
In order to design a proper chain of trust, fundamental rules need to be defined and respected at all times (Iakovidis, 1998):
| • | The patient owns his/her EHR, however, his access rights exclude editing the EHR |
| • | Any query or transfer of all or part of an EHR should be done within a consent agreement that the patient is aware of |
| • | Any exception to such fundamental rules should be defined by related policies |
In addition to the patient rights, the chain of trust also includes a bond for each stakeholder in the E-health eco-system. That bond (which is implemented by technology) should cover in detail access rights, where the data is fetched from, where the data will be stored after consulting/editing, how long can the data be kept, who gets informed about the fact the data was accessed, etc. (Iakovidis, 1998). The chain of trust needs also to be designed to incorporate heuristics (which is also implemented by technology) to solve complex issues such as conflicting diagnostics, competition between E-health, service providers, legal implications of health diagnostics, data disaster recovery techniques. The implementation of E-health also brings about substantial changes in, for example, clinical processes, working practices and workflow in the healthcare, administrative and support services. It is these changes that create a sustainable E-health dynamic.
Key strategies to manage EHR: There is an emerging literature on legal aspects of EHR technologies.
Preventive measures for dealing with legal challenges include education and preventive engineering. Thus, there is need for a special training around confidentiality issues as an integral part of this prevention. In order to realize their potential, EHR there is need for greater vigilance in handling documents and electronic devices, by fully professional staff educated on Internet hygiene and information security issues. Security, integrity and privacy of personal medical data are of utmost importance and many research projects worldwide are investigating the application of new information security technologies healthcare solutions (Iakovidis, 1998). In the last few years, a number of bodies and working groups have been developing standards and guidelines specifically for medical data transmission and preservation. In essence, the main characteristics that a healthcare network security system should provide are:
| • | User authorization to permit access to data |
| • | User authentication to verify request for access to data |
| • | Assured confidentiality, non-subversion and unauthorised access to data transmitted over the communication network |
| • | Integrity of data security |
| • | Password strength |
| • | Disclosure |
| • | Protected health information |
Authorization is a process in which the system protects resources by only allowing them to be used by authorized resource consumers. Regarding EHR patients give authorization for third party access to their data (for example, health practitioners) but themselves may not have authorization to access the same information. Authentication is the process that verifies the identity of people that access personal medical data contained in the EHR. The process is initiated on the input of the system user’s identity and is completed when the identity is recognized. The system takes into account identities based on one or more factors that the user knows (for example a password), owns (for example a smart card) or is (for example biometrics). Subversion and confidentiality means that the data contained in the EHR should not be intercepted during transmission and used by an unauthorized people. This is the most important requirement that systems which handle EHR must satisfy. Integrity means that data in the EHR cannot be created or amended without the right authorization. Integrity involves both the users and systems.
Personal health care data represent sensitive information that should be viewed and processed only by authorised health care professionals. Taking into account high sensitivity of patient medical data, EHR guarantees data confidentiality and privacy. Moreover, EHR can satisfy legal and ethical security requirements through secure handling of medical data, user authentication, role based access and audit trial service.
Privacy patient data
Genetic non-discrimination: Recent advancements in genetic research and
clinical screening have enabled health care providers to test patient for a
growing number of genetic diseases and predispositions to diseases. Along with
the many benefits provided through genetic testing, ethical issues arose about
the use and privacy of an individual’s genetic information. This information
is stored in a person’s health records. Because a health record is not
always private, the information has the potential of being used by an employer
or insurer to deny insurance coverage or employment (Anderlike
and Rothstein, 2001).
A proposed way to prevent discrimination of genetic information in the workplace and in the health insurance is to enact federal laws banning such practices and enforce stiff penalties to violators. With the current trend for patients to be more involved in their own healthcare. Personal health records are playing a greater role in healthcare in many countries. Personal health records should be an essential part of EHR.
RESULTS AND DISCUSSION
Electronic health records in the developing world: The restructuring of health information systems has become a trend in the developing world since the adoption of primary health care as a global strategy for achieving the health for all goals (Campbell, 1997). This is driven towards achievement of the Millennium Development Goals. Key to this re-orientation is the need to develop a process that undertakes the appropriate activities and tasks. Furthermore, these should be supported by the relevant human, organizational and financial resources. Developing countries are poor countries with low standards of living, industrialization and technology but trying to be more advanced in these capacities. Implementation of EHR in these countries is very important because of the low health status but at the same time many challenges may face its implementation.
Challenges facing the implementation of EHR: From Jaspers (2009)’ views, the implementations of EHR were hampered as a result of:
| • | Users adoption and usage of interactive health care applications often have been held back by their poor design |
| • | This variety of usability inspection and testing methods makes it difficult to decide on usability assessment plans which depend on success of interactive clinical information system |
In addition, Sood et al. (2008) and Oak (2007) observed that the following are the challenges confronting the implementation of EHR:
| • | Infrastructure needs large investments, funding but in developing countries such investment are not available. Governments in these countries can’t fund health care infrastructure |
| • | High salaries offered by developed countries attract health care expertises and this cause shortage of workforce in developing countries |
| • | Training facilities is very important in the area of ICT and developing countries lack many technological advances |
| • | EHR is designed in English Language and can’t be implemented in non-English speaking regions |
| • | Connectivity is unstable and poor and this may adversely affect download process. Wireless connection between health organizations is lacking |
Internet based EHR
Benefit cost: Given the ubiquitous use of the internet and the growing use
of electronic patient data a natural home for the EHR may be the internet. This
would allow the EHR to be available to all providers, all patients at anytime
from anywhere. In 2003, an estimated 93 million Americans used the internet
to search for health related issues, a 27% increase over 2002. It’s likely
the EHR will transition to the internet in the near future. According to Roy
and Charles (2000), the following are the benefits of Internet based EHR:
| • | Immediate access of the entire health record by consulting or referred clinicians |
| • | Patient access to a portion of the health records, otherwise known as the PHR (Personal Health Record) |
| • | Promotion of disease surveillance practices |
| • | More informed patients can lead to better treatments and encourage preventive medicine |
| • | Reduce cost of hardware and software as opposed to client-based software |
| • | Effective gathering of health information for planning and optimization of health care practices |
| • | Open platform that can integrate and enable collaboration among all stakeholder involved in health care |
| • | Patient and doctor agree which clinical content is worth risking for the benefit of making it available when needed |
| • | Patient self-reporting or monitoring of conditions |
Moreover, the following according to Roy and Charles (2000) are the costs and risks of internet based EHR:
| • | Patient and provider identification, security requirements, contents issues, format and language are hindrances that have prevented implementation of EHR |
| • | Determining where patient data is stored and questions of data ownership |
| • | Determining who would operate and house patient data in regional primary or secondary databases |
| • | Rely on internet infrastructure, which may be slow and uncontrollable |
| • | Internet based security concerns |
| • | Challenge of adopting uniform medical terminology or codes for all patient records |
| • | Questions of patient privacy if secured are breached |
Technolgy descriptions: In order to have a successful E-health plan, there is need to further improve the perception of privacy and trust for citizens, new policies will need to be in place to define EHR life cycle management and access rights. (Khalid et al., 2008) demonstrates with the help of a case study, a framework for designing mobile E-health applications deployment. The study demonstrates the power of using user centred design to create applications that align users mental models and capabilities with their work environment. Analysis of the study shows that an E-health application can only diffuse into constrained environments, if its interface does not hinder the workflow of the users; rather it should provide quantifiable benefits to the users in efficiently executing their tasks. Amina et al. (2009) discusses, Remote Patient Monitoring System (RPMS) especially targeted at providing healthcare to remote areas of Pakistan. Based on advances in ICT, this system enables specialist doctors to provide remote healthcare to the patients. This system is an important step towards providing better health facilities virtually either in situations where appropriate care is either non-existent or insufficient. The system has comprehensive development and evaluation strategy and it is intended to augment the existing healthcare infrastructure targeted at reducing maternal and infant mortality rates. This study also reveals from the user’s perspective that the evaluation of usability of interactive healthcare computer applications.
Adoption of wireless communication devices in healthcare: Wireless computer devices allow healthcare professionals to perform various routine tasks all while at the point of care. Wireless technology in the health care environment is possible by combining a secure wireless network infrastructure with one or more wireless communication devices. Using handheld devices or mobile computers, healthcare professionals can have real time access to various applications in a clinical information system, while mobile or at a patient’s bedside. There are various types of wireless communication devices viz: Personal Digital Assistant (PDA), Smart phone, Enterprise Digital Assistant (EDA), Tablet computers, Mobile computer and Voice activated badge. (Dee et al., 2005); describes Personal Digital Assistant (PDA) as a handheld device which may provide the ability to access and update patient’s EHR, barcode scanning, capture vitals, view laboratory results, or access a web-based clinical information systems with a built-in web browser. Moreover, PDA has the potential to improve a healthcare professional’s clinical decision making and may allow for more timely review of urgent radiological result.
CONCLUSION
Because of the promise of improved quality and efficiency through better maintenance and availability of personal patient data, the potential of EHR is considerable. ICT-based system offers many advantages over the study records since information can be more standardized, permitting faster retrieval and review. Incompatibility between different databases and systems can be lessened with the adoption of consistent technology and standard data even as effective management between general practitioners and patient to record historical data could also be improved. EHR empowers patients and clinicians to share decision making and clinical outcomes and improving continuity of care and efficiency especially for the chronically sick. As the ever-changing healthcare industry advances, one key topic within the EHR is privacy. It is equally important to protect the processing and free movement of personal data, for purposes of healthcare and set guidelines that all healthcare organization will have to comply with in regards to electronic health transactions. Finally, healthcare providers can use the E-health to effectively expand their capacity and performance to meet the increasing demand by their resources to better effect. The availability of human, material and financial resources is an indicator to implement the opportunities offers by ICT to take healthcare delivery to the next level.
A number of issues are identified that could be explored as advancement of this study. There are two interesting directions for future research concerning mobile healthcare. The first is that researchers can further develop factors affecting the behavior of healthcare stakeholders so as to more deeply understand their right needs in this mechanism and to determine which actions can be envisaged. The second issue is the use of the right technology showing how the real benefit of electronic prescription systems will be achieved when they are supported by clinical decision systems accessing the full EHR of a patient. The ultimate goal is to contribute to enabling the provision of a means of authorized healthcare professionals to gain managed access to essential health information about patients, subject to the patients consent and with full regard for data privacy and security requirements. Such information could include patient’s electronic health record and emergency data.
Consequently, to achieve a vision of good healthcare delivery, E-health services providers and other providers will no longer research entirely in isolation but will need to collaborate as teams; by developing an interactive relationship with patients. E-health can facilitate this cooperation. Policy makers, healthcare providers and other actors must ensure the right mix of E-health applications in order to achieve the goal of increasing benefits at stable costs. Therefore, supporting investment in E-health results in the significant and sustained positive economic impact possible, hence benefiting society.
ACKNOWLEDGEMENTS
The researcher greatfully acknowledge the Professor Henry Nyongesa for providing his useful and fruitful suggestions on an earlier draft of this study. Also, I appreciate cooperative remarks from my colleagues in the research group.