Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Duane Steward, DVM, MSIE, PhDNemours, Chief Computer Scientist for Clinical InformaticsUniversity Central Florida, Assistant Professor
Agenda
Define Health Information ExchangeKey Issues Of Identification – Truth TableStandardsNational Efforts As ContextFHIN ArchitectureFlorida RHIOsMinimal Data SetFHIN White Paper Recommendations
Web-based PortalClinical Source Systems
Patient Portal
Physician Portal
Business Convener Bring together health care stakeholders. Manage Business Associate Agreements
Enable data-sharing among providers
Security Management Certify providers to access health care records
Authorize access to records Log record access activity
Identity Management
Identify patient records with MPI Match patient records with an RLS
Information Management
Gathers patient data into Minimal Clinical DatasetProvide data access through a Web-based portal
Provide access to the FHIN
RHIO Infrastructure
Physicians
Inpatient
Laboratory
Pharmacy
What is a Regional Health Information Organization?
RHIO Infrastructure
Slide courtesy of Christopher Sullivan, PhD ‐
AHCA
FQHC Databases
Lab Results
Medications
DoH Vital StatsDoH Clinics
DoH SHOTSIDN Databases
Health Statistics
Orlando, etc.
Florida Health Information NetworkStatewide Architecture
Jacksonville
Miami
RHIOsTampa Bay
Web Services (CCR)
Web Services (CCR)Web Services (CCR)
GovernmentDatabasesMedicaid Data Miscellaneous
Databases
PayorDatabasesClaims Data
Web Services (CCR)FHINServer
Identity: The Root Of Security Issues
Who do we need medical records for?Whose medical records are these?Do we have all the pieces?For a given request there are theoretically four results
True positive, true negativeFalse positive, false negative
What consequence for each case?
Pos Neg
True
False
Healthcare Data StandardsStandards for …test requested (e.g., LOINC)…order sets…guidelines, protocols & standards of care…for results (e.g., LOINC)…for terminology of signs & symptoms (e.g., Snomed)…for media carrying data (e.g., Dicom)…for continuity of care, transfer of custody (e.g., CCR, [EMS])…for set of data considered minimal elements necessary (e.g.,
FHIN Minimal Clinical Dataset)…for structuring the envelop that will carry the message
containing the data (e.g., SOAP, HL7)
Health Information Technology Standards Panel (HITSP) Function
Multi‐stakeholder coordinating body, partnership of the public and private sectors—operating with a neutral and inclusive governance model
Administered by the American National Standards Institute
Provide a process to identify, select, and harmonize standards
i.e., Specifications, Implementation Guides, Code Sets, Terminologies, and Integration Profiles
development of harmonized Interoperability Specifications and information policies, including Standards Development Organization (SDO) work products—essential for establishing privacy, security and interoperability among healthcare software applications
Goal to be “Use Case” driven, using information from stakeholders and basing decisions on industry needs
How Use Cases and HITSP Interoperability Specifications are Developed The American Health Information Community, as the representative
of public and
private health sector stakeholders, identified the three Use Cases (available at
hitsp.org) that drove the initial efforts of the HITSP. Nationwide public and private
health sector priorities continue to focus the efforts of the HITSP. The Use Case
driven HITSP harmonization process is implemented by formally chartered
Technical Committees. The volunteers that comprise a Technical Committee
followed an 8 step process, depicted below.
HITSP Harmonization Process Steps
From the Forward of the TP13 ‐
HITSP Manage Sharing of Documents Transaction Package (v 2.1)
Evaluation of Standards Harmonization Process for HIT
The Standards Harmonization initiative is just one element of interoperability
The Community serves as the hub for identifying breakthrough opportunities
CCHIT will focus on developing a mechanism for certification of health care IT products
HITSP will bring together all relevant stakeholders to identify appropriate IT standards
HISPC is a partnership focused on addressing variations in business policy and state law that affect privacy and security
NHIN is focused on interoperability pilots
Health Information Technology Standards Panel (HITSP)
National Health Information Network (NHIN) Architecture Projects
The Health Information Security and Privacy Collaboration (HISPC)
The Certification Commission for Health Information Technology (CCHIT) American
Health Information Community
FHIN State Level Server
Health Care
Data:
Florida Center
Medicaid
DOH SHOTS &
Vital Statistics
Physicians
Certified with
DOH Licensing
Database
Florida’s RHIOs
exchange records via the state
level server
Slide courtesy of Christopher Sullivan, PhD ‐
AHCA
RHIO Data Sharing Server:Staging Area,Handles Queries
RHIO Data Sharing Server:Staging Area,Handles Queries
RHIO Data Sharing Server:Staging Area,Handles Queries
RHIO Network
Diagram of FHIN and Regional Health InformationOrganization Network TopologyNetwork participants forward patient identification and encounter information to the RHIO Registry Server. Each participant has a small staging datasharing server that handles queries to support fetch and view behavior(required for performance requirements).
Data sharing servers lie just outside local enterprise firewalls. User authentication and access audit functions are supplied by either RHIO RLS, a Network LDAP server or equivalent.
Note: EMR/EHR Systems are varied vender products.
Diagram of FHIN and Regional Health InformationDiagram of FHIN and Regional Health InformationOrganization Network TopologyOrganization Network TopologyNetwork participants forward patient identification and encounteNetwork participants forward patient identification and encounter r information to the RHIO Registry Server. Each participant has ainformation to the RHIO Registry Server. Each participant has a small staging datasmall staging datasharing server that handles queries to support fetch and view besharing server that handles queries to support fetch and view behaviorhavior(required for performance requirements). (required for performance requirements).
Data sharing servers lie just outside local enterprise firewallsData sharing servers lie just outside local enterprise firewalls. . User authentication and access audit functions are supplied by eUser authentication and access audit functions are supplied by either ither RHIO RLS, a Network LDAP server or equivalent.RHIO RLS, a Network LDAP server or equivalent.
Note: EMR/EHR Systems are varied vender products.Note: EMR/EHR Systems are varied vender products.
Providers
Regional DOHResearch andPolicy Data MonitoringFor PublicHealth andSyndromicSurveillance
Data
Prepared by Duane Steward, DVM, MSIE, PhD; College of Health and Public Affairs, UCFon behalf of the Technical Committee of the Central Florida Regional Health Information Organization
RHIO Registry Server:Maintains Minimal Clinical
Datasetand EMPI
RHIO SpecificRLS Server
DataData
Data
Central Florida RHIO
PhysicianAssociatesOf Florida
FloridaHospital
OrlandoRegional
Healthcare
CognoscentiHealth
Institute
RHIORegistry
All network participants forwardpatient identification and encounterinformation to the RHIO Registry –may include CCR data
ResearchDatabases(deidentified data)
HealthcareCenter for the
Homeless
Link to otherRHIOs via StateSwitch
May be withinor external toRHIO
JewettOrthopedic
Clinic
OrangeCountyPCAN
Central Florida RHIO Architecture – Phase I “Fetch & View”
Central Florida RHIO
PhysicianAssociatesOf Florida
FloridaHospital
OrlandoRegional
Healthcare
CognoscentiHealth
Institute
RHIORegistry
All network participants forwardpatient identification and encounterinformation to the RHIO index –may include CCR data
ResearchDatabases(deidentified data)
HealthcareCenter for the
Homeless
May be withinor external toRHIO
JewettOrthopedic
Clinic
OrangeCountyPCAN
AvailablePatientInformation
ED PatientInformationRequest
RequestPatientInformation
ReturnedPatientInformation
Central Florida RHIO Architecture – Phase I “Fetch & View”
Link to otherRHIOs via StateSwitch
HIE Architecture in Florida
HIE Architecture in Florida
21
NE Florida Health Information Consortium
Big Bend
R H I O
Big Bend RHIO Regional Health Information Network (RHIN) Architecture
VPN
Small organizations can
connect either directly to
the RHIN or through a VPN
gateway
Organizations can connect bi‐
directly to feed their data and
receive data directly into their
EMR
In the early Phases CHP, CRMC & TMH will provide a
one way feed of their data. They have the largest
repositories and the priority is to make their data
available ASAP
pMAN
Connectivity
–Dedicated fiber‐
based Private
Medical Area
Network & VPN
gateway
Data Exchange: Big Bend RHIO Applications
Clinical data display including: labs,
radiology reports, allergies, problems,
providers, and medication history
e‐Prescribing and
Medication History
25
Palm Beach County Community Health Alliance (PBCCHA)
PBC Community Health Alliance(An Alliance of Funders and Providers
Serving Health Care Consumers)
Care Expansion
LanguageAccess
CommonEligibility
Shared EHR
ProjectAccess
PrivateFunders
Hospitals
PublicFunders Health
Dept.
FreeClinics
SocialServices
Tampa Bay RHIO
EscambiaHealthInformation Network
Community Health Informatics Organization
South Florida Health Information Initiative
DOHCloverleafIntegration
Broker
Rabies Results
HIV-AIDS Results
HIV-AIDSSurveillance
Integration Broker - High Level View (ELR)
Integration Broker Role: Receive Data, Translate Format, Transmit Data to Stakeholders
LabCorp
Quest Diagnostics
Private Physicians (via a common
portal)
IRL
CDCOther Outside
Agencies
InternetExternal Partners (via the Internet)
(Sends Electronic Orders, Receives Result Reports)
MUMPS
BOLIMS
(Receives Orders,Sends Result Rpts)
STDDatabase
ReportableDisease Results
Hepatitis Results
MERLIN
(Sends Orders,Rcvs Result Rpts)
STD Results
HIV-AIDSCTRS II
Environmental Health Bureau of
TB
HIV-AIDS Results
RHIO Switch
BOLIMS Billing Data
DOH Health Maintenance System
FHIN
Connection
Integration Broker – High Level View (ELR)
Slide courtesy of Christopher Sullivan, PhD; AHCA
FHIN White Paper FHIN White Paper -- RecommendationsRecommendationsAuthentication of UsersAuthentication of UsersEndEnd--user authentication and authorization user authentication and authorization should be handled at a regional or RHIO level, should be handled at a regional or RHIO level, with a trust relationship set up between RHIOs with a trust relationship set up between RHIOs and the state server. The state server shall act and the state server. The state server shall act as a broker of all transactions among individual as a broker of all transactions among individual entities such as RHIOS, state agency entities such as RHIOS, state agency databases or other sources of health care databases or other sources of health care information. This would ensure that the information. This would ensure that the authentication of clinicians and other end users authentication of clinicians and other end users does not need to occur at every single step of does not need to occur at every single step of the data request and process. the data request and process.
FHIN White Paper FHIN White Paper -- RecommendationsRecommendations
Detailed logging of all requests to the Detailed logging of all requests to the FHIN server, or between RHIOs and FHIN server, or between RHIOs and other entities must be kept at all times, other entities must be kept at all times, preferably both by the requesting entity preferably both by the requesting entity and by the requested entity. and by the requested entity.
FHIN White Paper FHIN White Paper -- RecommendationsRecommendationsPatient Consent Patient Consent The technical design of the FHIN and RHIOs The technical design of the FHIN and RHIOs needs to be defined in such a way that patients needs to be defined in such a way that patients have control over the medical information have control over the medical information stored within their medical record.stored within their medical record.Patients should have the right to determine who Patients should have the right to determine who is able to view their shared information, revoke is able to view their shared information, revoke the right if they choose to do so, request an the right if they choose to do so, request an audit of who has been viewing their information, audit of who has been viewing their information, and be notified of any event that breaks these and be notified of any event that breaks these rights. rights.
FHIN White Paper FHIN White Paper -- RecommendationsRecommendations
The authors of this paper recommend The authors of this paper recommend that consideration be given to alternative that consideration be given to alternative systems to ensure patient rights, such as systems to ensure patient rights, such as the adoption of a personal identification the adoption of a personal identification number (PIN) model external to both the number (PIN) model external to both the source systems and the RHIO. source systems and the RHIO.
www.fhin.netwww.HITSP.wikispaces.comwww.ansi.org/hitsp/
Special thanks to:Christopher Sullivan, PhD and colleagues at AHCAMembers of [Florida] Governor’s Health Information Infrastructure Advisory BoardContributing members of American Health Information Community