Foreword INFORMATION MANAGEMENT PRINCIPLES DOMAIN

Information management principles domain

1. 1. 1. Information

Information may be represented in different forms and on different media including: 

1. Electronic Health Records (EHR) 

1.  

   An electronic health record (EHR) refers to an individual patient’s health record in digital format. Electronic health record systems co-ordinate the storage and retrieval of individual records with the aid of computer systems. EHRs are usually accessed on a computer system, often over a network. It may be made up of electronic medical records (EMRs) from many locations and/or sources. A variety of types of health care-related information may be stored and accessed in this way. Electronic medical records may include: 

    

   An electronic health record (EHR) refers to an individual patient’s health record in digital format. Electronic health record systems co-ordinate the storage and retrieval of individual records with the aid of computer systems. EHRs are usually accessed on a computer system, often over a network. It may be made up of electronic medical records (EMRs) from many locations and/or sources. A variety of types of health care-related information may be stored and accessed in this way. Electronic medical records may include: 

1. Patient demographics 

2. Medical history, examination and progress reports of health and illnesses 

3. Medicine allergy lists 

4. Immunisation status 

5. Laboratory tests 

6. Medication information, including side effects and interactions 

7. Recommendations for specific medical conditions 

Identifiers/Credentials of the patient/citizen were specified in Tables 4 and 5 of deliverable D4.7 and include:

1. Patient name 

2. Address 

3. Date of birth 

4. Next of kin 

5. Family doctor 

6. National Insurance Number or National Identity Number 

7. Insurance scheme 

1. Electronic systems should increase medical practitioners’ efficiency, reduce costs and promote standardisation of care. To support interoperability it is fundamental to have common data sets, formats, and semantics, specified within recognised standards,    which are some of the aims of deliverable D16.1.

    

   Electronic systems should increase medical practitioners’ efficiency, reduce costs and promote standardisation of care. To support interoperability it is fundamental to have common data sets, formats, and semantics, specified within recognised standards,    which are some of the aims of deliverable D16.1.

    

1. Health Cards (Chip-cards) 

Medical information must travel with the patient to ensure correct treatment in different countries and for good continuity of care when the patient returns home, so Health Cards have been introduced in several countries, including Belgium, Spain and Italy. Switzerland is introducing them in 2008. 

All existing Health Cards, carried by citizens, contain information on the card but this information differs between the various cards in the different countries, so to provide interoperability they need to be standardised. Personal data is provided on all cards and includes:  

1. Name 

2. National Insurance Number or National Identity Number 

3. Date of birth 

4. Sex 

5. Name and identifier of the insurance company 

6. Identifier of the card 

7. Expiry date of card 

8. Blood type 

9. Immunization data 

10. Transplant data 

11. Allergies 

12. Diseases 

13. Special entries 

14. Medication 

15. One or more contacts for any emergency 

1. European Health Insurance Card 

The European health insurance cards aim to enable mobility of insured people in Europe diminishing administrative efforts for people travelling in other European Member States and enhance the access to health care throughout Europe. The existing European Health Insurance Card contains no patient health data, and is not yet therefore a complete EU passport to health.  

1. 1. General considerations  

1. 1. 1. Medical data is a special category of data is which is protected by Article 8 of Directive 46/95/EC

      2. There is a need for well-structured information management, and efficient and economic administration 

      3. Hashing and encrypting data should be applied to prohibit the identification of patient data 

      4. All records should include the information which is important for patient’s rights, e.g. patient does not want to be vaccinated, does not want to have a blood transfusion or patient has seen the record and noticed there is a mistake and asks it to be corrected 

      5. Statement of who is responsible for the management of the record 

      6. There is no standard European medicine prescription and this can prevent patients from obtaining the right medicine 

      7. When a patient leaves hospital in one country there is no standard discharge letter to ensure good continuity of care back in the patient’s home country 

1. 1. 1. 1. Standards 

It is important that dissemination of the research achieved in FIDIS continues with the standards bodies, including ISO/IEC JTC 1/SC 27/WG 5, especially with respect to Identity Management, Privacy and Biometrics. FIDIS has a liaison with ISO/IEC JTC 1/SC 27/WG 5 and with EG5. Of special interest are the Working Drafts; 24760 “A framework For Identity Management”; 29100 “Privacy Framework”; 29115 “Authentication Assurance” and to a lesser degree 24745 “Biometric template protection”. However, ongoing work in ISO/IEC JTC 1/SC 27/WG 5 might generate other Working Drafts of interest. This work is discussed in Chapter 3 of D4.7: “Review and classification for a FIDIS identity management model”.

Such an endeavour will contribute substantially to the dissemination of the FIDIS results beyond academia and directly to standardisation bodies, and through these to industry and to governmental bodies. 

1. 1. 1. Duty of care

The following roles and responsibilities have been agreed by the Member states: 

1. 1. The data controller is responsible for all records, according to the directive 95/46/EC. 

   2. “The controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller of the specific criteria for his nomination may be designated by national or Community law; organizations” 

   3. All countries agree that access has to be authorized. 

   4. The secrecy of duty of the doctor and the protection of the doctor – patient relation is a central rationale 

   5. Ownership of the data varies within Member states 

   6. Member states should consider appointing a clearly defined contact point for patients who seek information about access to health care across borders. 

   7. The national or regional contact points could form a network in order to share experiences and information related to cross-border care. The contact details of the participants in the network could be made available through an EU Health portal and the commission could provide assistance to the network by raising awareness about the EU legislation. 

   8. Member states should take the necessary measures for the compilation and registration of data allowing at least a view on the medical, financial and administrative information related to cross border care. 

   9. Member states should ensure that identity management is incorporated into all e-Health systems 

   10. FIDIS Work Package 7  is researching and reporting on national and international sources of law (treaties, EU regulations,  statutes and regulations, profiling and ambient law)

1. 1. 1. Processes and procedures

1. All Member states need to ensure that they: 

   All Member states need to ensure that they: 

1. Identify, document and describe all processes and procedures related to e-Health 

2. Monitor and control changes to standard procedures using the documented descriptions of its operations 

3. Provide training to staff working in the various disciplines, when necessary, and at  the appropriate level

1. 1. 1. Enabling technologies

All Member states need to cooperate with one another to install communication networks within and between other states. They should liaise with ICT organisations to develop appropriate computer systems for their e-Health operations. States should adopt the use of smart and medical insurance cards so that the medical information may travel with the patient to ensure correct treatment in different countries.  

1.  

   The work being developed within FIDIS in WP3 and WP11 should contribute to advances in enabling technologies:  

    

    

   The work being developed within FIDIS in WP3 and WP11 should contribute to advances in enabling technologies:  

    

1. WP3 

   1. Mechanisms, methods and tools 

   2. Network protocols 

   3. Biometrics 

   4. Standards 

   5. Models for privacy 

   6. RFID 

1. WP11 

1. Mobile communication networks 

2. Private and public access 

3. Mobility and identity 

1. 1. 1. Audit

1. Member states must ensure that they employ appropriate measures to monitor and document its e-Health operations and any deviations from its designated standards and methods of operation as established by EU directives and policies. 

   Member states must ensure that they employ appropriate measures to monitor and document its e-Health operations and any deviations from its designated standards and methods of operation as established by EU directives and policies.