Architectural approaches for HL7-based health information systems implementation.

OBJECTIVE: Information systems integration is hard, especially when semantic and business process interoperability requirements need to be met. To succeed, a unified methodology, approaching different aspects of systems architecture such as business, information, computational, engineering and technology viewpoints, has to be considered. The paper contributes with an analysis and demonstration on how the HL7 standard set can support health information systems integration. METHODS: Based on the Health Information Systems Development Framework (HIS-DF), common architectural models for HIS integration are analyzed. The framework is a standard-based, consistent, comprehensive, customizable, scalable methodology that supports the design of semantically interoperable health information systems and components. RESULTS: Three main architectural models for system integration are analyzed: the point to point interface, the messages server and the mediator models. Point to point interface and messages server models are completely supported by traditional HL7 version 2 and version 3 messaging. The HL7 v3 standard specification, combined with service-oriented, model-driven approaches provided by HIS-DF, makes the mediator model possible. The different integration scenarios are illustrated by describing a proof-of-concept implementation of an integrated public health surveillance system based on Enterprise Java Beans technology. CONCLUSION: Selecting the appropriate integration architecture is a fundamental issue of any software development project. HIS-DF provides a unique methodological approach guiding the development of healthcare integration projects. The mediator model - offered by the HIS-DF and supported in HL7 v3 artifacts - is the more promising one promoting the development of open, reusable, flexible, semantically interoperable, platform-independent, service-oriented and standard-based health information systems.

Semantic interoperability adheres to proper models and code systems. A detailed examination of different approaches for score systems.

OBJECTIVES: Achieving semantic interoperability requires not only the use of communication standards like HL7 with its underlying models and specifications, but also to constrain those models to instances including permitted attributes, data types, values and code systems. Even the application of both strategies may lead to different modeling approaches and therefore incompatible results, however. METHODS: This paper analyzes the different ways to create a model exemplified at score and assessment systems. RESULTS: The different approaches have advantages and disadvantages. The presented results allow for transmitting the same basic information facilitating HL7 v2.x and V3 in a way reducing implementation efforts. CONCLUSIONS: Establishing a generic approach to communicate the details of score systems driven by an appropriate set of codes is the best solution for implementers.

Architectural approach to eHealth for enabling paradigm changes in health.

OBJECTIVES: For improving safety and quality of care as well as efficiency of health delivery under the well-known burdens, health services become specialized, distributed, and therefore collaborative, thereby changing the health service paradigm from organization-centered over process-controlled to personal health (pHealth). METHODS: Personalized eHealth services provided independent of time and location have to be based on advanced technical paradigms of mobile, pervasive and autonomous computing, enabling ubiquitous health services. Personalized eHealth systems require a multidisciplinary approach including medicine, informatics, biomedical engineering, bioinformatics and the omics disciplines but also legal and regulatory affairs, administration, security, privacy and ethics, etc. Interoperability between different components of the intended system must be provided through an architecture-centric, model-driven, formalized process. RESULTS: In order to analyze, design, specify, implement and maintain such an interactive environment impacted by so many different domains, a formal and unified methodology for system analysis and design has been developed and deployed, based on an overall architectural framework. The paper introduces the underlying paradigms, requirements, architectural reference models, modeling and formalization principles as well as development processes for comprehensive service-oriented personalized eHealth interoperability chains, thereby exploiting all interoperability levels up to service interoperability. A special focus is put on ontologies and knowledge representation in the context of eHealth and pHealth solutions. Furthermore, EHR solutions, security requirements, existing and emerging standards, and educational challenges for realizing personalized pHealth are briefly discussed. CONCLUSION: For personal health, bridging between disciplines including ontology coordination is the crucial demand. All aspects of the design and development process have to be considered from an architectural viewpoint.

[IT standards for applications in telemedicine. Towards efficient data interchange in medicine]. / IT-Standards für telemedizinische Anwendungen. Der Weg zum effizienten Datenaustausch in der Medizin.

Many health informatics IT-standards are already available to support future health telematics solutions. Establishing an infrastructure for secure and reliable communication is fundamental and turns out to be a mainly organizational issue. This article highlights the importance of consensus regarding the application concepts, which often takes a backseat compared to technical questions regarding transfer and representation. The article therefore focuses on the challenges of formalizing medical concepts and relationships. Examples for applicable standards are given and new developments are analyzed.

Educational challenge of health information systems' interoperability.

OBJECTIVES: As health care develops from an organization-centered via service-centered (disease management) towards a person-centered system (favored homecare, patient monitoring, body area networks), information systems involved have to be semantically interoperable, process-related, decision-supportive, context-sensitive, user-oriented, and trustworthy. METHODS: The aforementioned paradigm shift requires highly flexible solutions based on knowledge concepts, provided by a service-oriented and model-driven approach. RESULTS: Information systems' design, implementation and maintenance have to be realized based on formal grammar. This is true for all considered aspects and views of the system and its components, using metalanguages and reflecting all domains touched. CONCLUSIONS: For meeting the challenge, involvement of, and close collaboration between, experts from different domains as well as knowledge and tooling regarding formal modeling and model interchange are required.

Semantic interoperability--HL7 Version 3 compared to advanced architecture standards.

OBJECTIVES: To meet the challenge for high quality and efficient care, highly specialized and distributed healthcare establishments have to communicate and co-operate in a semantically interoperable way. Information and communication technology must be open, flexible, scalable, knowledge-based and service-oriented as well as secure and safe. METHODS: For enabling semantic interoperability, a unified process for defining and implementing the architecture, i.e. structure and functions of the cooperating systems' components, as well as the approach for knowledge representation, i.e. the used information and its interpretation, algorithms, etc. have to be defined in a harmonized way. Deploying the Generic Component Model, systems and their components, underlying concepts and applied constraints must be formally modeled, strictly separating platform-independent from platform-specific models. RESULTS: As HL7 Version 3 claims to represent the most successful standard for semantic interoperability, HL7 has been analyzed regarding the requirements for model-driven, service-oriented design of semantic interoperable information systems, thereby moving from a communication to an architecture paradigm. The approach is compared with advanced architectural approaches for information systems such as OMG's CORBA 3 or EHR systems such as GEHR/openEHR and CEN EN 13606 Electronic Health Record Communication. CONCLUSION: HL7 Version 3 is maturing towards an architectural approach for semantic interoperability. Despite current differences, there is a close collaboration between the teams involved guaranteeing a convergence between competing approaches.

Advanced EHR architectures--promises or reality.

OBJECTIVES: Forming the informational reflection of the patients and their care, the Electronic Health Record (EHR) is the core application of any complex health information system or health network. Such an ideally lifelong history file must be reliable, flexible, adaptable to new concepts and technologies, and robust, to allow for sharing knowledge over its lifetime. A sophisticated architecture must be chosen for meeting this challenge. METHODS: An advanced EHR architecture for designing and implementing future-proof EHR systems must be a model of generic properties required for any Electronic Patient Record to provide communicable, comprehensive, useful, effective, and legally binding records that preserve their integrity over the time, independent of platforms and systems as well as of national specialties. the resulting approach is based on the ISO Reference Model-Open Distributed Processing. RESULTS: Based on advanced architectural principles introduced in the paper, a new generation of HER systems has been designed and implemented for demonstrating the feasibility of the approach. This result is presented and evaluated regarding the achievements and problems using the component-based paradigm of model-driven health information system architectures. CONCLUSIONS: The future-proof EHR approach that has been established has been shortly evaluated. Advantages regarding flexibility, reliability, and portability of policy-driven, highly secure, role-dependent applications have to be considered in the light of performance as well as of the availability of network and application services.

Securing interoperability between chip card based medical information systems and health networks.

Health information systems supporting shared care are going to be distributed and interoperable. Dealing with sensitive personal medical information, such information systems have to provide appropriate security services, allowing only authorised users restricted access rights to the patients' data according to the 'need to know' principle. Especially in healthcare, chip card based information systems occur in the shape of patient data cards providing informational self determination and mobility of the users as well as quality, integrity, accountability, and availability of the data stored on the card, thus improving the shared care of patients. The DIABCARD project aims at the implementation and evaluation of a chip card based medical information system (CCMIS) for facilitating communication and co-operation between health professionals in different organisations or departments caring the same patient with diabetes as an example. In co-operation with the EC-funded TrustHealth(2) project, communication and application security services needed are provided like strong authentication as well as the derived services such as authorisation, access control, accountability, confidentiality, etc. The solution is based on Health Professional Cards and Trusted Third Party services. In addition to the secure handling of the patient's chip card and data in DIABCARD workstations, the secure communication between these workstations and related departmental systems has been implemented. Based on the results of this feasibility study, an enhanced security services specification for the DIABCARD example of a CCMIS is provided which will be implemented in the framework of a health network being established in the German federal state Bavaria. Beside the preferred solution of a combination of Patient Identification Card and Patient Data Card, lower level alternatives using card-verifiable certificates are explained in some details. Finally, a few legal issues, future trends like the XML standard set and their implications for the solution presented as well as for distributed health information systems in general are shortly discussed.

Enhanced security services for enabling pan-European healthcare networks.

Establishing the Shared Care environment, communication and co-operation between healthcare establishments involved must be provided in a trustworthy way. This challenge is even more important for health networks using the Internet. In that context, services assuring both communication security and application security must be provided. Especially in the e-health environment, additionally to identity-related services certifying data or properties of principals, trustworthiness or authorisation for objects, components and functions must be established by Trusted Third Parties (TTP). Within the European Commission's Information Society Technologies (IST) Programme, the HARP project provides the "HARP Cross-Security Platform (HCSP)" needed in the open Web environment of pan-European networks. The solutions are under implementation and evaluation in the German ONCONET enabling a trustworthy framework for both health professionals and patients as well as supporting clinical studies.

A systematic approach for analysis and design of secure health information systems.

A toolset using object-oriented techniques including the nowadays popular unified modelling language (UML) approach has been developed to facilitate the different users' views for security analysis and design of health care information systems. Paradigm and concepts used are based on the component architecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation activities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-related view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantly. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application.

Onconet: a secure infrastructure to improve cancer patients' care.

The shared care paradigm is the current response to the crisis of industrial countries' health systems. The underlying information systems have to meet the shared care paradigm of communication and co-operation between all the partners involved in. This communication and co-operation must be provided in a secure way. The paper presents the required security infrastructure which has been analysed, specified, and developed within the TrustHealth projects funded by the European Commission. Meeting the challenges of the TrustHealth-2 project for large scale implementations of secure real applications, the ONCONET has been established in the German federal state of Saxony-Anhalt facilitating the shared care of cancer patients. Both security infrastructure and application functionalities are demonstrated in some detail.

Advanced tool kits for EPR security.

Responding to the challenge for efficient and high quality health care, the shared care paradigm must be established in health. In that context, information systems such as electronic patient records (EPR) have to meet this paradigm supporting communication and interoperation between the health care establishments (HCE) and health professionals (HP) involved. Due to the sensitivity of personal medical information, this co-operation must be provided in a trustworthy way. To enable different views of HCE and HP ranging from management, doctors, nurses up to systems administrators and IT professionals, a set of models for analysis, design and implementation of secure distributed EPR has been developed and introduced. The approach is based on the popular UML methodology and the component paradigm for open, interoperable systems. Easy to use tool kits deal with both application security services and communication security services but also with the security infrastructure needed. Regarding the requirements for distributed multi-user EPRs, modelling and implementation of policy agreements, authorisation and access control are especially considered. Current developments for a security infrastructure in health care based on cryptographic algorithms as health professional cards (HPC), security services employing digital signatures, and health-related TTP services are discussed. CEN and ISO initiatives for health informatics standards in the context of secure and communicable EPR are especially mentioned.

The European TrustHealth project experiences with implementing a security infrastructure.

Accepting the shared care paradigm, communication and co-operation required between health care establishments must be provided in a trustworthy way. The solution for establishing such trustworthy environment has to be based on a common policy framework, on services, and mechanisms, which have been standardised. In Europe, the legal framework, other policy issues, and the services and mechanisms needed have been developed within projects launched by the European Commission, by the European standards body CEN as well as by temporarily established groups. Within the European TrustHealth projects. a security infrastructure for trustworthy health telematics applications has been specified, implemented, and evaluated. It is based on Health Professional Cards and Trusted Third Party services. Experiences regarding organisational and technological implications of the specification, implementation, maintenance, and evaluation of such a security infrastructure are described on the basis of the ONOCONET example. For the complete software lifecycle, the UML methodology has been deployed.

Application of the component paradigm for analysis and design of advanced health system architectures.

Based on the component paradigm for software engineering as well as on a consideration of common middleware approaches for health information systems, a generic component model has been developed supporting analysis, design, implementation and harmonisation of such complex systems. Using methods like abstract automatons and the Unified Modelling Language (UML), it could be shown that such components enable the modelling of real-world systems at different levels of abstractions and granularity, so reflecting different views on the same system in a generic and consistent way. Therefore, not only programs and technologies could be modelled, but also business processes, organisational frameworks or security issues as done successfully within the framework of several European projects.

Secure interoperability of patient data cards in health networks.

In the healthcare area, chip card based information systems occur in the shape of patient data cards providing informational self determination and mobility of the users as well as quality, integrity, accountability, and availability of the data stored on the card, thus improving the shared care of patients. Dealing with sensitive personal medical information, shared care information systems have to provide appropriate security services, only authorized users allowing restricted rights to the patients' data according to the "need to know" principle. The DIABCARD project aims the implementation and evaluation of a chip card based medical information system (CCMIS) for facilitating communication and co-operation between health professionals in different organisations or departments caring the same patient with Diabetes as an example. In co-operation with the EC-funded TrustHealth project, the communication and application security services needed are provided as strong authentication and the derived services like authorization, access control, accountability, confidentiality etc. The solution is based on Health Professional Cards and Trusted Third Party services. Besides the secure handling of the patient's chip cart in DIABCARD workstations, also the secure communication between these workstations and related departmental systems has been implemented. Finally, a few legal issues, future trends like the XML standard set and their implications for the solution presented as well as for distributed health information systems in general are shortly discussed.

Transferring data from one EPR to another: content--syntax--semantic.

When data are transmitted between electronic patient record (EPR) systems, we can distinguish several tasks. One task is the definition of structure and semantic content of the data in a message structure. Another task is the mapping of the sending EPR's structure to this message structure. A third task is the mapping of the message structure to the receiving EPR's structure. We describe an approach, which distinguishes clearly between these different tasks and activities. Using this approach we have implemented a data transfer procedure between a cancer registry application and a middleware for healthcare information systems. Our experience showed that the proposed systematic approach helped identify problems for data transfer in an early design phase. It also allowed us to limit modifications of the data exchange procedure to certain tasks or activities when one of the EPR applications was updated. In the end, we could even exchange the underlying message format without having to reimplement the complete interface.

Communication security in open health care networks.

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Results of European projects enabling secure regional, national and international health care networks.

Based on the work of the ISHTAR, the TRUSTHEALTH1, the EUROMED-ETS and the MEDSEC project funded by the European Commission, the synergetic results of these different projects in providing a security infrastructure for the test environment of an oncological network will be demonstrated. The ISHTAR project investigated security issues in Health Care Establishments (HCE). It provides guidance for threat and risk analysis, and defines a schema for specification and implementation of appropriate security services and mechanisms to respond to the HCE security requirements of both communication and application security concepts. The TRUSTHEALTH1 project dealt with specification and test implementation of basic security services and mechanisms based on Health Professional Cards (HPC) and Trusted Third Party (TTP) services. Within the EUROMED-ETS project, the security solution has been extended to the Internet environment and WWW tools, successfully creating an Internet-based international TTP structure between the universities of Athens, Calabria, and Magdeburg. Finally, in the MEDSEC project the specification and implementation of a generic EDI security solution has been delivered to provide secure communication between applications and sites. In the ongoing TRUSTHEALTH2 project, the results of all these projects will be implemented in a real environment of cancer care.