Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Information management principles domain
Information may be represented in different forms and on different media including:
Electronic Health Records (EHR)
An electronic health record (EHR) refers to an individual patient’s health record in digital format. Electronic health record systems co-ordinate the storage and retrieval of individual records with the aid of computer systems. EHRs are usually accessed on a computer system, often over a network. It may be made up of electronic medical records (EMRs) from many locations and/or sources. A variety of types of health care-related information may be stored and accessed in this way. Electronic medical records may include:
An electronic health record (EHR) refers to an individual patient’s health record in digital format. Electronic health record systems co-ordinate the storage and retrieval of individual records with the aid of computer systems. EHRs are usually accessed on a computer system, often over a network. It may be made up of electronic medical records (EMRs) from many locations and/or sources. A variety of types of health care-related information may be stored and accessed in this way. Electronic medical records may include:
Patient demographics
Medical history, examination and progress reports of health and illnesses
Medicine allergy lists
Immunisation status
Laboratory tests
Medication information, including side effects and interactions
Recommendations for specific medical conditions
Identifiers/Credentials of the patient/citizen were specified in Tables 4 and 5 of deliverable D4.7 and include:
Patient name
Address
Date of birth
Next of kin
Family doctor
National Insurance Number or National Identity Number
Insurance scheme
Electronic systems should increase medical practitioners’ efficiency, reduce costs and promote standardisation of care. To support interoperability it is fundamental to have common data sets, formats, and semantics, specified within recognised standards, which are some of the aims of deliverable D16.1.
Electronic systems should increase medical practitioners’ efficiency, reduce costs and promote standardisation of care. To support interoperability it is fundamental to have common data sets, formats, and semantics, specified within recognised standards, which are some of the aims of deliverable D16.1.
Health Cards (Chip-cards)
Medical information must travel with the patient to ensure correct treatment in different countries and for good continuity of care when the patient returns home, so Health Cards have been introduced in several countries, including Belgium, Spain and Italy. Switzerland is introducing them in 2008.
All existing Health Cards, carried by citizens, contain information on the card but this information differs between the various cards in the different countries, so to provide interoperability they need to be standardised. Personal data is provided on all cards and includes:
Name
National Insurance Number or National Identity Number
Date of birth
Sex
Name and identifier of the insurance company
Identifier of the card
Expiry date of card
Blood type
Immunization data
Transplant data
Allergies
Diseases
Special entries
Medication
One or more contacts for any emergency
European Health Insurance Card
The European health insurance cards aim to enable mobility of insured people in Europe diminishing administrative efforts for people travelling in other European Member States and enhance the access to health care throughout Europe. The existing European Health Insurance Card contains no patient health data, and is not yet therefore a complete EU passport to health.
General considerations
Medical data is a special category of data is which is protected by Article 8 of Directive 46/95/EC
There is a need for well-structured information management, and efficient and economic administration
Hashing and encrypting data should be applied to prohibit the identification of patient data
All records should include the information which is important for patient’s rights, e.g. patient does not want to be vaccinated, does not want to have a blood transfusion or patient has seen the record and noticed there is a mistake and asks it to be corrected
Statement of who is responsible for the management of the record
There is no standard European medicine prescription and this can prevent patients from obtaining the right medicine
When a patient leaves hospital in one country there is no standard discharge letter to ensure good continuity of care back in the patient’s home country
Standards
It is important that dissemination of the research achieved in FIDIS continues with the standards bodies, including ISO/IEC JTC 1/SC 27/WG 5, especially with respect to Identity Management, Privacy and Biometrics. FIDIS has a liaison with ISO/IEC JTC 1/SC 27/WG 5 and with EG5. Of special interest are the Working Drafts; 24760 “A framework For Identity Management”; 29100 “Privacy Framework”; 29115 “Authentication Assurance” and to a lesser degree 24745 “Biometric template protection”. However, ongoing work in ISO/IEC JTC 1/SC 27/WG 5 might generate other Working Drafts of interest. This work is discussed in Chapter 3 of D4.7: “Review and classification for a FIDIS identity management model”.
Such an endeavour will contribute substantially to the dissemination of the FIDIS results beyond academia and directly to standardisation bodies, and through these to industry and to governmental bodies.
The following roles and responsibilities have been agreed by the Member states:
The data controller is responsible for all records, according to the directive 95/46/EC.
“The controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller of the specific criteria for his nomination may be designated by national or Community law; organizations”
All countries agree that access has to be authorized.
The secrecy of duty of the doctor and the protection of the doctor – patient relation is a central rationale
Ownership of the data varies within Member states
Member states should consider appointing a clearly defined contact point for patients who seek information about access to health care across borders.
The national or regional contact points could form a network in order to share experiences and information related to cross-border care. The contact details of the participants in the network could be made available through an EU Health portal and the commission could provide assistance to the network by raising awareness about the EU legislation.
Member states should take the necessary measures for the compilation and registration of data allowing at least a view on the medical, financial and administrative information related to cross border care.
Member states should ensure that identity management is incorporated into all e-Health systems
FIDIS Work Package 7 is researching and reporting on national and international sources of law (treaties, EU regulations, statutes and regulations, profiling and ambient law)
All Member states need to ensure that they:
All Member states need to ensure that they:
Identify, document and describe all processes and procedures related to e-Health
Monitor and control changes to standard procedures using the documented descriptions of its operations
Provide training to staff working in the various disciplines, when necessary, and at the appropriate level
All Member states need to cooperate with one another to install communication networks within and between other states. They should liaise with ICT organisations to develop appropriate computer systems for their e-Health operations. States should adopt the use of smart and medical insurance cards so that the medical information may travel with the patient to ensure correct treatment in different countries.
The work being developed within FIDIS in WP3 and WP11 should contribute to advances in enabling technologies:
The work being developed within FIDIS in WP3 and WP11 should contribute to advances in enabling technologies:
WP3
Mechanisms, methods and tools
Network protocols
Biometrics
Standards
Models for privacy
RFID
WP11
Mobile communication networks
Private and public access
Mobility and identity
Member states must ensure that they employ appropriate measures to monitor and document its e-Health operations and any deviations from its designated standards and methods of operation as established by EU directives and policies.
Member states must ensure that they employ appropriate measures to monitor and document its e-Health operations and any deviations from its designated standards and methods of operation as established by EU directives and policies.
7 / 14 |