Proceeding with EHR and e-health Implementation. - Consultancy Report -

Transcription

1 Hospital Health Information System EU HIS Contract No. IPA/2012/ Consultancy Report - Author: Aleksandar Zavišić Final version 12 June 2015 Visibility: Public Target Audience: Policy Makers This document has been produced with the financial assistance of the European Union. The views expressed herein can in no way be taken to reflect the official opinion of the European Union. This project is funded by Republic of Serbia Implemented by the the European Union Ministry of Health WHO and UNOPS

2 Abbreviation List LHR Law on Health Records, adopted in November 2014 LPR LHC LPDP MoH EHR IHIS Law on Patients Rights Law on Health Care Law on Personal Data Protection Ministry of Health Electronic Health Record Integrated Health Information System EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

3 Table of Contents Introduction... 3 International aspect of EHR... 4 Environment Necessary for the Advancement of EHR and e-health... 6 Standardization and Interoperability... 6 Funding... 7 Privacy issues and confidentiality... 7 Ownership over health data Rights associated with EHR Secondary Use of EHR Data Linkage Establishment of EHR in the Serbian Health System Shared responsibility Enabling Environment V Proposed Legal Provisions EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

4 Introduction As everything in this world, health care is changing too. It is moving from being based in a long-term relationship between a patient and a small number of doctors to a series of shorter relationships with a much wider range of health-care professionals. 1 Technological (r)evolution at the same time has made a dramatic change of thinking, functioning, lifestyle and governance of all aspects of life. EHRs and related e-health tools will play a key role of providing health care to ageing populations in which social care and health care need to be much more closely connected and where capacity demands will require that care is delivered outside traditional settings such as hospitals. 2 As a consequence, more patient-centred care delivered outside the traditional hospital or general practitioner office environment will have to occur. In such a changing health care environment, EHR can help to deliver better quality of health care, reduce medical errors and streamline administration. 3 Experience has shown that harnessing ICT for health requires strategic and integrated action at the national level, to make the best use of existing capacity while providing a solid foundation for investment and innovation. Collaboration between the health and ICT sectors, both public and private, is central to this effort. 4 With adequate and proper management, primary and secondary EHR data use can have tremendous benefits for patients and the overall health care system. This requires a new governance structure for e-health, possibly inspired by the idea shown below. Legal, ethical, and human rights norms are an increasingly important but still-often-neglected component of the delivery of quality medical care.5 However, an excellent legal framework is not a guarantee that e-health solutions and EHR will mirror the enacted privacy protection solutions. As it is emphasized in the 2012 WHO report, neither the existence nor the absence of such legislation is a definitive answer to questions of respect for privacy in e-health. Even countries which have no generic privacy protection in law may nonetheless use legal mechanisms to protect the privacy of an individual s sensitive health related information; while others with well-established generic privacy legislation may have limited success in translating it into rules which specifically protect privacy of health related data. 6 The Fifty-eighth World Health Assembly of the WHO held in 2005 urged member states to consider drawing up a long-term strategic plan for developing and implementing e-health services in the various areas of the health sector, including health administration, which would include an appropriate legal framework and infrastructure and encourage public and private partnerships respect for the principles of confidentiality of information, privacy, equity and equality. 7 With such a powerful tool in hand, the role of health administration(s) in charge of EHR to feed up the health (and international) community with the relevant and timely information must be mirrored in its increased responsibility for this new function. 1 Legal Frameworks for ehealth, WHO, 2012, page 37 2 Legal Frameworks for ehealth, WHO, 2012, page 7 3 Strengthening Health Information Infrastructure for Health Care Quality Governance: Good Practices, New Opportunities and Data Privacy Protection Challenges, OECD Health Policy Studies, page 13, National ehealth Strategy Toolkit, WHO & ITU, Advancing Human Rights in Patient Care, Law in Seven Transition Countries, Open Society Foundation, Legal Frameworks for ehealth, WHO, 2012, page 10 7 The 2005 Resolution WHA on e-health EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

5 The purpose of this report is to help MoH proceed with building the institutional and legal environment conducive to the sustainability of EHR and e-health solutions once the EU-IHIS project ends. Sustainability of EHR system depends on a number of factors. Hence, the focus of the MoH should be on human and technical aspects that fulfil the EHR mission a fundamental institutional building block(s) supported by MoH, standardization and interoperability, sustained financing, flexible and adaptive regulatory framework, and effective use of health data. It is necessary to (re)define the functional and technological requirements that health information systems should fulfil at the national level. Also, new certification and control mechanisms are required, which will ensure quality and interoperability of different IT systems in health care facilities. These standards should be adopted as a new rulebook on the basis of Article 42 of the LHR. The starting point is the existing rulebook on technological and functional requirements for the establishment of IHIS. International aspect of EHR The UN Universal Declaration of Human Rights 8, the European Convention on Human Rights and the EU Directive on Personal Data Protection are major international legal documents that (will) apply in Serbia. Article 8(1) of the European Convention on Human Rights stipulates that everyone has the right to respect for his private and family life, his home and his correspondence. In one of its judgments, the European Court of Human Rights reiterates that the protection of personal data, not least medical data, is of fundamental importance to a person s enjoyment of the right to respect for his or her private life. Respecting the confidentiality of health data is a vital principle in the legal systems of all the Contracting Parties to the Convention. It is crucial not only to respect the sense of privacy of a patient but also to preserve confidence in the medical profession and in the health services in general. 9 Although health care is not an area of deep integration, the EU membership imposes a number of obligations. When it comes to EHR, data exchange is of major concern based on the EU cross-border Directive 2011/24/EU (on patients summary). The EU Member States are obliged to develop common identification and authentication measures to facilitate transferability of data in crossborder healthcare. This requires attention of national health authorities from a macro-level perspective. The exchange of stored medical data is a driver for innovation and drug discovery. Realizing potential benefits, the European Commission in 2010 set out standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of 8 Article 12 reads as follows: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. 9 Case of L.H. v. Latvia, Application no /07, 56, Z v. Finland, cited above, 95, and Varapnickaitė-Mažylienė v. Lithuania, no /05, 44, 17 January 2012 available at: EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

6 data protection. For Serbia, this implies that the health legislation until the moment of EU accession should allow for cross-border sharing of data. Also, health care facilities provide medical care to patients from abroad. This in turn requires that IT systems of domestic facilities enable the monitoring of the provided medical care to foreign patients in accordance with their contractual obligations; more specifically, their (private) health insurance policies. EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

7 Environment Necessary for the Advancement of EHR and e-health In Serbia s context, data duplication due to overlapping recording systems (in paper and electronic form) represents a waste of resources, and health system is not exploited to its maximum potential. If efforts are diverted to (mainly) electronic recording, there will be more time and resources available for servicing patients. Standardization and Interoperability E-health goes beyond the mere adoption of technology. The primary goals of e-health standardization are to achieve interoperability between independent systems; to ensure comparability of data for comparative statistical purposes; and to reduce duplication of effort and redundancies. Inclusion of vocabulary and terminology standards, health information content standards, health information exchange standards, identifier standards, privacy and security standards, as well as functional and business standards, are all necessary for full interoperability of e-health systems and services. 10 Interoperability facilitates timely access to necessary information about a patient. Multiple systems are able to share information about a patient, thus reducing the need to recapture the same information in every system. Health care professionals that have been authorized to access patient information can make informed decisions and provide personalized care to patients. Interoperability can also lead to better care coordination, improvement in patient safety and reduction in overall costs of health care delivery. In the health care sector, standardization is key to enabling seamless exchange of healthcare information. Furthermore, standards reduce the complexity associated with information sharing among multiple systems. Other benefits include reduction in the risk of single vendor lock-in and the potential to drive the uptake of new technology innovations by providing common platforms for their dissemination. 11 Functional requirements for the introduction of IHIS with the accompanying software(s) are elaborated in the 2009 Rulebook on the Content of Technological and Functional Requirements for Establishing the Integrated Health Information System. The 2009 Rulebook on the Content of Technological and Functional Requirements for Establishing the IHIS should be reviewed to reflect the software and hardware requirements for EHR system, new standards and the most recent developments and needs in a rapidly changing environment. The EU-IHIS project legacy was also instrumental in this effort (i.e. the document from March 2015 elaborates on certification requirements and serves as guidance to help health institutions approach the EHR system). 10 WHO Forum on Health Data Standardization and Interoperability, Dec 2012, page 6 11 A Method for Selecting e-health Standards to Support Interoperability of HIS, International Information Management Corporation, 2014, page 3 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

8 Merely providing a list of e-health standards, with which the developers and vendors of health care systems must comply, will not guarantee the interoperability of such systems. It is essential to localize e-health standards, adopt them through a formal rulemaking procedure, keep up with their evolution, as well as to provide a set of guidelines that describes how the standards should be applied in a coordinated way to address the interoperability requirements of a specific healthcare domain. These guidelines, often referred to as profiles, form interoperability building blocks that specify how system actors will utilize standards as they interact with each other to meet a specific clinical requirement. 12 The choice of standards, profiling and their localization at the national level should be the responsibility of a newly created e-health Council (see page 12). Funding EU member states spend a considerable amount of money for ICT purposes under the budgetary line available for the overall health system (1.7% in Portugal, 2.5% in the UK and 2.6% in Finland). 13 As a caveat, this funding is mainly available for the maintenance of already highly developed ICT systems in their respective health sectors. Differences in IT infrastructure across Serbia hospital information systems and their interconnections also make it difficult to take a centralized approach in the provision of maintenance services. This should be a local priority. The EU-IHIS project recommends allocating a separate budget line for the operating expenses, maintenance and replacement of ICT equipment and software in health care facilities. Repairs, maintenance and replacement expenses of health care facilities should be based on depreciation rates and urgent needs presented annually to the MoH. Privacy issues and confidentiality Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others. 14 Confidentiality relates to information or data while privacy relates to the person. Confidentiality requires that patient information may be shared only with those involved in the care of the patient. 15 The ancient Hippocratic Oath contains the duty of a doctor to maintain the privacy of his/her patient: What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account must be spread abroad, I will keep to myself, holding such things shameful to be spoken about. In the early stages of using EHRs many countries simply squeeze the requirements of e-health into existing legal rules, rather than drafting e-health specific legislation. 16 They rely on the general legal 12 A Method for Selecting e-health Standards to Support Interoperability of HIS, 2014, page 4 13 Market Study of Electronic Medical Record Systems in Europe, available at: The quotation is from Alan Westin, Privacy and freedom Priorities in Critical Care Nursing, 7th edition, Linda D. Urden, Kathleen M. Stacy, Mary E. Lough, 2012, page Legal Framework for ehealth, WHO, page 45, 2012 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

9 framework laws on patient rights and data protection, and regulations on professional conduct in particular. The law on the protection of privacy, whether in health care or in any other aspect of human interaction, generally makes use of three devices: comprehensive laws, sectorial laws, and informal rules. 17 The EU Data Protection Working Party notes that since consent, vital interests, and medical care (Article 8(2)(a) and (3)), would probably not be sufficient to allow an EHR to be established, Member States should consider the possibility of adopting special regulations to safeguard privacy in EHR on the basis that an EHR is in itself a matter of substantial public interest. Thus, the relevant EU body emphasizes public interest as the justification for EHR. But, a specific opt-in would be necessary for processing especially sensitive information such as information about mental health or sexually transmitted infections. The Data Protection Working Party noted that if the safeguards for data privacy in an EHR are well drafted, it may be legitimate to offer an opt-out system. 18 The Working Party also suggested that rules should provide that a patient can prevent a particular category of medical professional seeing a particular category of his or her data. In addition, there may even exist a multi-layer cascade of information sorted out on the basis of confidentiality. On the other hand, the LHR does not differentiate between general health information and very sensitive 19 health information. The EU-IHIS project advised that the legal framework should spell out that a different set of rules is applied to the most sensitive, confidential data, such as for example, data on severe viral diseases, miscarriages and abortions, mental illnesses, etc. In contrast to the LHR which is silent on this matter, the WHO report emphasizes the recommendation of the EU Data Protection Working Party that a specific opt-in would be necessary for processing the most sensitive data. The use of the sealed envelope technique is best practice for such data but the question also arises if the existence of the sealed envelope should be visible on the face of the record to everyone who has access to EHR which itself can increase the risk of confidentiality violations, or only to the so called selected physician and/ or those who are approved by the patient. According to the consultancy report of EU-IHIS human rights experts 20, the right to seal and lock certain aspects for electronic health records should be enshrined in both the Serbian law on medical records and in the EHR system. This information is only given to the attending health professional, hence that outside of the context of proving health care related to such specific diagnosis and medical history, no one has access to the relevant data except for him/ her. Also, an attending health professional is the selected physician 21 who keeps the full medical histories for his/ her patient; the physician to whom the patient comes with a valid referral to obtain a diagnosis, (further) treatment, immunization, rehabilitation, etc.; then the health care professional 17 Legal Framework for ehealth, WHO, 2012, page Legal Framework for ehealth, WHO, 2012, page For the purposes of assigning different level of confidentiality to different health information, the term very sensitive information used here should not be confused with the similar term under the LPDP. Under that law, all the health data is very sensitive, that is particularly sensitive as formulated by the LPDP). 20 Data Protection and Human Rights Components of the Integrated Health Information System (EU-IHIS) Project, consultancy report prepared in June 2014 by Solvita Olsena and Sarah Emami 21 See articles 98 and 99 of the LHC EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

10 at the emergency ward who receives the patient for an urgent intervention, as well as the health care professional who performs a medical experiment under the LPR (see Article 25, paragraph 7). Legally and technically, the by-laws should foresee a locked set of data within the EHR, so called sealed envelopes for the most sensitive confidential data. Serbia has a legal basis for the introduction of EHR, which also provides a decent level of privacy protection. However, practice and implementation are often different and pose new privacy risks and question. For minor problems, a quick technical response rather than a late legal intervention can be appropriate. The adoption of detailed and overly prescriptive rules pertaining to EHR is not a common practice in today s world. Instead, adequate IT infrastructure and certification are the last resort (if not unique) for patients to avoid potential confidentiality issues caused by unauthorized access and misuse of the medical data. Authentication and authorization to permit access to EHR system will be required. An attending health professional will have to log in as an authorized user generating the audit log. These audit logs are created any time the EHR system is accessed. For audit logs that differ from previous access history enough, an alert will turn on and the audit log is flagged for administrators to review. It may sound unnecessary to say, but an attending health professional only has the right (not a duty) to access the EHR system. It is up to authorized health professionals to decide whether to collect new information. As a practical tool for the prevention of patients right to confidentiality from Article 21 of the LPR 22, the existing Regulation on the Content of Technological and Functional Requirements for Establishing the Integrated Health Information System should be changed to reflect the new mission of EHR. In other words, the audit trail function to track the time, place and identities of users who log in or make changes should be introduced. In part 2.3. General functional requirements of the Rulebook on the Content of Technological and Functional Requirements for Establishing the Integrated Health Information System, enter the requirement that is not listed: The system takes into account the time and place of access when authorizing access to medical data. To implement this requirement, a long enough period can be allocated if necessary. The consumer protection framework can also serve as an element of privacy protection, and this may appear particularly apparent in private practice where patients act more like consumers. In Brazil, for private health institutions, access to and rectification of personal data are assured by the Consumer Protection Code. 23 In the EU s institutional set up, health and consumer protection are closely linked with each other. Article 90 of the Serbian Constitution provides a constitutional guarantee for the protection of health, safety and privacy protection of consumers. 22 Article 21 read in conjunction with Article 47 of the LHR provides a legal guarantee for the confidentiality of the data stored in EHR. 23 Legal Framework for ehealth, WHO, 2012, page 31 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

11 Ownership over health data The law s uncertainty over ownership and control of medical information is widely regarded as a major barrier to effective networking of EMRs, and policy analysts consider the legal status of medical information to be a critical question at or near the top of issues needing resolution. 24 Consequently, patient ownership of records would improve privacy and at the same time improve access to data for researchers. As opposed, there are views that public rather than patient ownership of records would best support good health care service. To some extent this has understandable roots in history: in simpler times medical records were generated and kept by general practitioners who looked after the patient for almost all their health care needs. The records were made on paper owned by the health-care professional and were seen as part of his or her business. 25 Establishing the ownership of health care records will have little value in protecting the privacy of individuals whose information is contained in the record. Who owns the data held in electronic health information systems is a question of nominal importance that threatens to distract from more pressing work that needs to be done to protect privacy while realizing the public health benefits of interoperable health data networks. 26 The 2011 EU directive on patients rights in cross-border healthcare emphasizes the interests of patients in accessing their records and provides for the adoption of interoperability standards to allow the sharing of records, but does not mention the concept of ownership of the record. The key issue in terms of patients rights is access and control, not a property right of ownership. 27 Similarly, from the health sector perspective, communication and good information flow is a critical characteristic in fulfilling its function. Ownership over the health data is not a priority question at this stage of EHR development, especially in state-sponsored health care systems. This question is already addressed in Article 18 28, paragraph 1, bullet 10 of the LHC, which defines the general interest in collecting, processing and analyzing health related data and in the LHR which opt-out. 24 Property, Privacy, and the Pursuit of Interconnected Electronic Medical Records, Mark A. Hall, 95 Iowa Law Review 631, Legal Framework for ehealth, WHO, page 35, Ibidem 27 Legal Framework for ehealth, WHO, 2012, page Article 18 of the LHC stipulates that Serbia provides, as the general interest in health care, the following: 1) Monitoring and research of the life and work conditions and the health state of the population, and/or individual groups of the population, causes of onset, spreading, and methods of prevention and control of diseases and injuries of major social and medical importance the general interest in health care is monitoring and research of the life and work conditions and health;... 10) Establishment and development of an integrated health care information system by collection, processing, and analysis of health and statistical and other data and information on the state of health and health needs of the population, as well as monitoring of the data on the functioning of the health service with respect to the provided premises, staff, equipment, and drugs, as well as monitoring of the performance indicators; 11) Monitoring and continuous improvement of the quality of health care and implementation and control of the quality of health care; 12) Organization and implementation of quality assurance of professional work 13) Extraordinary control of the quality of drugs, as well as control of random samples of drugs that are used in humane medicine, according to the program of the MoH; EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

12 Sharing of information between health professionals within an organization, across organizations, and across national borders is of great importance for delivering better quality of health care, reducing medical errors and streamlining administration, as quoted at the outset of this report. The 2012 survey conducted by WHO found that, globally, the trend in adoption of special legislation to provide a framework for sharing information between health-care professionals is still low, with only one in four respondents globally stating they had such legislation. Article 46, paragraph 2 of the LHR imposes obligation on all health care facilities, institutes and insurance institutions to share information for EHR purposes. Rights associated with EHR There are several rights associated with EHR. Starting from the absence of any right associated with EHR, different rights/ authorizations are given to patients such as the right to access, right to correct the stored data, right to delete them, the right to hide certain information and right to allow others to view it. Rights on correction are broadly in line with rights to access (legislations which allow the right to access EHR also allow the right to correct the data), but rights to deletion are very limited, with only very few countries allowing deletion with trace. Rights to control who may access a record by name or professional role are also limited. 29 If permitted, the fact that a deletion had occurred is usually visible on the face of the record. Each additional right increases the cost of both the EHR system and health services creating potential for abuses and privacy protection issues. This in turn increases complexity from regulatory and monitoring perspective. The approach for granting greater autonomy to the patient can, however, have two detrimental effects. First, the existence of a sealed record may inadvertently create privacy issues since the mere fact that the record flags that some information is not accessible indicates that highly sensitive information exists for that patient, which is a piece of personal data in itself. Second, it could compromise the health of the patient and also impact negatively on the health of others. Also, it creates a great deal of anxiety among health-care professionals to use EHR if they feel they do not represent a complete record of all the information they may need in order to best treat a patient. 30 Accordingly, to reduce the number of people who voluntarily opt out of the EHR system, Article 48 should have prescribed that a health professional is obliged to warn the patient of the potential severe consequences, especially in emergency cases and a vertically and horizontally diverse health care, and that delivery of high-quality care requires as much information as possible. However, the rulebook can provide the necessary guidance in this respect (oral warning). Insert a provision in the (by-)law which will oblige health care professionals to inform patients that the withdrawal from the EHR system can lead to severe consequences (information given in the form of oral notice). Subsequently, the patient may be asked to sign the notice. 29 Legal Framework for ehealth, WHO, 2012, page Legal Framework for ehealth, WHO, 2012, pages EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

13 The violation of the right to confidentiality of information is fairly stated in Article 21 of the Law on Patients Rights. What is missing is the right to be informed about the violation of confidentiality. This additional right/information would give a patient possibility to use legal mechanisms against those who infringe the law who breach his right to confidentiality and right to withdraw (see Article 21 of the LPR and Article 48, paragraph 2 of the LHR). Proclaiming rights without foreseeing a way of enforcing them is not a sufficient legal intervention. This is why best practice implies an active approach of the law s drafters to facilitate the exercise of newly proclaimed rights. Namely, MoH as an active and supreme protector of the rights enshrined in the health legislation can take the practice of disclosing on the ministry s web page the list of health institutions which to a large extent compromise patients rights (for instance, in the case of dozens of breaches of patients rights or sporadic but consistent breaches in the past of the right of confidentiality - Article 21 read in conjunction with Article 47 of the LHR). EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

14 Secondary Use of EHR The primary use of EHR is to support the delivery of personal health care. Instead, secondary use 31 is defined as non-direct care use of personal health information including but not limited to analysis, research, quality/safety measurement, public health, payment, provider certification or accreditation, and marketing and other business (including strictly commercial) activities. 32 The secondary use of EHR requires a higher-level understanding of the contribution EHR can make to wealth as well as to health. As said, major secondary uses of EHR are recognized as a (legal and legitimate) general interest in Article 18 of the LHC, which read in conjunction with Article 2 of the LHR provides an adequate legal basis for secondary use of the medical data. In addition, further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that appropriate safeguards are met, stipulates Article 6 of EU Directive on Personal Data Protection. Professional certification mechanisms are widely used for medical researchers to meet professional secrecy obligations. In the case the transferred data are de-identified or anonymized and cannot be re-identified, the certification mechanisms are not necessary. Data Linkage Secondary use of linked administrative data is often referred to as data linkage, record linkage, or linked data. This is typically population based longitudinal data 33 that has originally been collected for another purpose. Linkage may take place across data sets in a single domain (i.e. health) or across domains (i.e. health, education, environment, early childhood, etc.). Data linkage is an invaluable tool for population health research. It provides a completely unbiased picture of the entire population, is cost-effective relative to other data collection mechanisms, and enables studies to be done that could not otherwise be performed. 34 In Europe, there are agencies and users which link the data from different sources trying to infer valuable new knowledge. However, many OECD countries report legislative barriers to the use of personal health data, including enabling data linkages and developing databases from electronic health records. 35 EHR for wider uses include enhanced drug safety monitoring (pharmacovigilance), support to innovation capabilities in life science research, the improvement of the management of the health systems and enhancing the mobility of health services, health practitioners and patients. Privacy concerns are a primary consideration with linked data systems. Most data linkage studies are feasible using de-identified data. In this scenario, the body undertaking the linking procedures is divorced from the researchers, and provides them with the data without identifiers such as name, 31 However, secondary use is also predominantly limited to systemic purposes. 32 Toward a National Framework for the Secondary Use of Health Data: An American Medical Informatics Association White Paper, American Medical Informatics Association Longitudinal data consist of observations on characteristic(s) of the same observational unit through time Strengthening Health Information Infrastructure for Health Care Quality Governance - Good Practices, New Opportunities and Data Privacy Protection Challenges, 2013, page 14 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

15 address, and date of birth; this may also include the doctor or hospital identifier, depending on the research question and the level of ethical clearance. Using de-identified data usually removes the need for individual patient consent. 36 De-identification (procedure) can be achieved either by anonymization or pseudonymization. 37 The MoH rulebook should allow the use of de-identified data from EHR for scientific purposes. Based on technical reasons and capabilities, anonymization or pseudonymization should be designed to prevent re-identification. At the inception, the EHR system formation will practically turn into a detailed data linkage project. Over time, it will become a major source of health related data, which can be combined with other data bases such as those of academia, social care centres, the Statistical Office of Serbia, Biomedicine Administration, Medicines and Medical Devices Agency of Serbia, Public Health Institute of Serbia etc. According to its mandate, the last one should probably take the lead in identifying concrete applications, that is priority areas and research scope for the linked data. Under the existing legal and institutional framework, public health is the sole responsibility of health care providers. Public health (law) derives its scope and coverage from the Law on Health Care. Many health professionals believe that this situation should be vice versa that the Law on Health Care is subordinated to the Law on Public Health. The Law on Public Health did not provide an answer to the question of how the interplay between the (central and local) government, line ministries, MoH and public institutes should be successful and effective in meeting public health goals. Namely, what is the level of collaboration between agencies and inspectorates that have exclusive, or prevalent competences in highly interrelated areas, such as agriculture and the veterinary medicine, environment and radiation protection, consumer protection (namely food and product safety), disaster and emergency, tobacco control etc.? There were recent examples where the systemic lack of coordination and cooperation among ministries posed a serious threat to public health. To achieve a new vision of public health, a comprehensive law on public health should be adopted. This would in turn require changes to the LHC. Accordingly, other line ministries and sectors that have an impact on people s health should be integrated in a new public health governance structure. The MoH and the Serbian Public Health Institute should be strong proponents of this fundamental project which would shift public health from purely medical matters to a modern all-encompassing model. 36 Improving the evidence base for promoting quality and equity of surgical care using population-based linkage of administrative health records, International Journal for Quality in Health Care vol. 17 no. 5, 2005, available at: ty_and_equity_of_surgical_care_using_populationbased_linkage_of_administrative_health_records/links/0c d091f64e pdf 37 By anonymization we mean a process by which information directly or indirectly identifying an individual is removed from a collection of personal data. Pseudonymized data (coded data ) is information that relates to a specific individual, from which direct identifiers (usually name) have been removed, but to which a specific unique pseudonym or code has been attached. Source: Primary and secondary use of EHR systems: Enhancing clinical research for better health and high quality healthcare, Recommendations from STREAM C. Legal and regulatory challenges, Brussels, 11 and 12 October 2007 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

16 Establishment of EHR in the Serbian Health System Shared responsibility The establishment of EHR and IHIS in general are a collaborative effort that requires a strong and long-lasting commitment of all health stakeholders. The 2009 government s decree on IHIS opened the door for the MoH to form the Commission for the Establishment of IHIS. The status and legacy of this commission are unknown but its technical mandate was limited and very specific in scope. The decree s title somehow mixed the general concept of e-health and the operationalization of an ambitious project for Serbia at that time to connect all major health facilities into one information system. Six years after, Serbia should make a step forward toward the transformation of e-health into a mainstream activity of the entire national health system. With this in mind, the government should adopt a new decree and call for a renewed mandate of the body responsible for IHIS. In years to come, the name, scope and composition of the body in charge should be broadened and more inclusive. We believe it should be called the Council for e-health and include all relevant stakeholders. The 2012 Bulletin of the World Health Organization presented the conceptual framework of the International Society for Telemedicine and ehealth, which is particularly relevant to health systems that have strong central governing structures. A new institutional framework for e-health might have the following structure: National e-health Council E-health Think Tank E-health Steering Committee Center (Network) of Excellence for e-health Formed by the Serbian government, the e-health Council would include all major stakeholder groups and serve for giving policy advice to the Serbian government. A multistakeholder and multisectoral approach 38 is key to successfully address this multi-level challenge. More specifically, the council would include representatives from academia, government, industry and civil society (i.e. patients associations). The council would have a multisectoral focus that goes beyond the current authority of the MoH. In 2009, the Serbian National Parliament formed the Health Council with a five-year mandate, according to articles of the LHC. By its composition and responsibility, the Health Council 38 WHA66.24 Resolution on ehealth Standardization and Interoperability, adopted on 27 May 2013 by the World Health Assembly EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

17 does not seem to have any substantive involvement and practical impact on IHIS and e-health issues 39 although IHIS is highly placed on the value scale of the LHC. In the area of EHR and IHIS, the LHR gave significantly more power to the Public Health Institute of Serbia. Naturally, a higher level of responsibility is also expected from it than under the previous law. But, responsibility should also be imposed on the entity being in charge of running and maintaining the EHR system. Professional responsibility for the EHR system should be appropriately covered in internal bylaws and procedures of the involved institutions. Centrally positioned, an e-health steering committee would advise the MoH (and the government) on setting e-health policy and determining strategic direction. It should also oversee all e-health projects and programs and be responsible for their efficient coordination. The three year experience and methodology of the work of the EU-IHIS project steering committee might be valuable. An e-health think tank composed of e-health workers with a post-graduate university degree, practical experience and demonstration of competence in medical informatics and IT systems would provide technical expertise and facilitate the work of other health professionals, such as doctors, nurses and pharmacists. As an incentive to remain in the e-health sector, the members of the think tank should have career path open to the highest levels of MoH and key national health institutions. In line with the Fifty-eighth World Health Assembly, the national centre (network) of excellence for e-health should encourage best practice and provide policy coordination and technical support for health-care delivery, health service improvement and capacity building, and health education and surveillance. Such a centre (network) could also gather and analyse relevant information, both nationally and internationally, and then distribute the results to support e-health activities. The network of public health institutes are certainly the logical place to carry on this work. More and effective use of health data that has (already) been collected Much of the data generated by the IT systems in hospitals isn t stored and even less is analysed, leaving many health care providers incapable of extracting real value from the mountains of data they produce every day. Now these systems are generating enormous troves of data that could be analysed to optimize care delivery; but getting the data out of them to do analytics is easier said than done. 40 As noted in the recent OECD book, a widely reported barrier to the use of data from EHR systems is concerns with the quality of the data, including both a lack of coded data and poorly coded data. 41 The EHR system is not an end in itself. A string of numbers containing demographic, laboratory, and other patient information, no matter how systematically assembled or gathered, is not narrative. It does not tell a story. It contains just the facts Indirectly, the wording of Article 154, bullets 4 and 9 might serve as the basis for initiatives in matters related to IHIS and e-health. It reads as follows: The Health Council 4) proposes measures for functioning of the health care system based on the principles of sustainability and efficiency; 9) initiates and proposes measures to reform the areas of health care and health insurance Strengthening Health Information Infrastructure for Health Care Quality Governance - Good Practices, New Opportunities and Data Privacy Protection Challenges, 2013, page 14 EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

18 A new institutional structure in charge of EHR and IHIS should have a top priority to bring about a greater degree of reliability and usability of the collected data. Said differently, the cost of the EHR system and associated risk of confidentiality breach should be compensated with more knowledge and awareness being generated. Legally speaking, this would include defining a more precise role of the entity in charge of EHR data collection and its responsibility for data analysis. Enabling environment In early 2013, the EU-IHIS project 43 advise(d) that the government decree on EHR, instead of the minister s rulebook, should (have) determine(d) the EHR data set its detailed content and how to proceed with the creation of EHR the medical data transfer. In this way, credibility and public confidence of such a sensitive project would be considerably enhanced. According to Article 46 of the LHR, it is legally possible to adopt a MoH rulebook on the EHR content. 44 The question arises if this is a wise and correct approach from moral, social, and political perspectives. Having the government s decree determining what is the data set and how it is stored and maintained in the EHR system would give it a stronger legitimacy. From a practical perspective, the processing of the particularly sensitive data should be protected by security measures prescribed by the government according to Article 16 of the LPDP. Unfortunately, new safety measures are still pending, seven years after the adoption of the LPDP. All this is not an ideal starting point for launching the EHR system in Serbia. Article 45 of the LHR puts emphasis on infrastructure, processes and people who have the obligation to develop an in-house information system. More concretely, health care institutions are responsible for collecting, storing, processing, saving, transmission, display and use of data and information. Surprisingly, the Rulebook on Detailed Requirements for Health Care Delivery in Health Care Facilities and Other Forms of Health Service 45 does not recognize IT specialists as a necessary human resource in health institutions responsible for such a purely IT-related task. However, a different level of expertise is required for various types of IT related work so distinction should be made between them and be spelled out in work contracts with health care facilities Richard L. Reece, a retired pathologist and the author of The Health Reform Maze: A Blueprint for Physician Practices. He blogs about health reform, medical innovation, and physician practices. 43 The EU-IHIS project team recommended to go this way in the 2103 Legal Gap Analysis, presented to the MoH in February However, one can view it to contradict to the spirit (if not Article 16) of the LPDP. The LPDP establishes a general rule that particularly sensitive data can t be processed without an explicit consent of the data subject. At the same time, it establishes a very restrictive exception to that rule. Namely, it is possible to circumvent the consent of the data subject if a law permits so. The EHR as a concept is defined by the LHR, but its essence not (entirely). It follows that if the LPDP refers to a separate law to regulate a particularly sensitive data base, this does not mean that such a law can delegate authority to another person, be it even a minister, to elaborate on how the particularly sensitive data are used and what actually constitutes them. This is a fundamental flaw of the existing provision on EHR in the LHR. 45 ("Official gazette RS", n. 43/2006, 112/2009, 50/2010, 79/2011, 10/ other rulebook, 119/ other rulebook and 22/2013) 46 However, work in the public sector assumes a relative stability/ certainty. This positive side of full-time work arrangements should also be taken into account when assessing the (real) position of IT staff in health care facilities. EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

19 Unfortunately, the Rulebook on Requirements and Manner of Internal Organization of Health Care facilities 47 does not fully consider IT function to be an integral part of health care facilities. The role of medical informatics is beyond doubt of great importance for fulfilling the IT-related mandate of health care facilities. Consequently, it is a great way forward that late in 2013, the MoH allowed a specialization of physicians, dentists and pharmacists in the area of medical statistics and informatics. This is a huge step for both the development of IHIS and health IT services. However, this possibility for IT specialists is of little relevance if they are not compensated adequately. Here are some suggestions how to motivate people who have the obligation to develop and maintain in-house information systems. The internal organization rulebook has to allow IT specialists with university degrees to work in units in charge of medical informatics and statistics. More fundamentally, health care facilities with an in-house information system should be obliged to employ at least one IT specialist. The best way to follow would be to stipulate that IT function is a separate and stand-alone unit/ person responsible for a variety of IT-related tasks within health care facilities. IT specialists should also be allowed to specialize in medical statistics and informatics as their medical colleagues. No need to emphasize it, only specialists holding a university degree should be given this opportunity. Such a change would be beneficial for both functions health care and IT, as it would further help integrate informatics and IHIS into the Serbian health care system. The Government Decree for Calculation and Remuneration of Employed in Public Services (Article 2, point 13) should specify that IT engineers responsible for the functioning of information systems in health care facilities shall have a payment coefficient of (equal to general practitioners). The program for IT staff training would not always necessarily be financed and managed by the MoH. Instead, it could be realized through the inclusion in the appropriate training programs of the e- government framework and the wise use of available funding (i.e. EU funded projects, regular and excess reserve funding of health care facilities, professional associations training programs etc.). The Decree on the Work Program, Development and Organization of IHIS e-health set a 2015 deadline to make a transition to smooth and efficient functioning of all health care constituencies with the support of IC technologies. Adopt a new document on e-health which would start from the current situation, plan for the next six years and serve as the basis for the further introduction of IHIS in the Serbian health care system. In response to the latest WHO recommendations 48, it would be best to develop and implement a national e-health strategy in Serbia. 47 Official gazette RS n. 43/06 and 126/ WHA66.24 Resolution on ehealth Standardization and Interoperability, adopted on 27 May 2013 by the World Health Assembly EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24

20 V Proposed Legal Provisions The Establishment of EHR Article 1 Central unit of electronic health record (hereinafter referred to as EHR) is established by the takeover of the data from the existing data bases of health institutions, other health services, social welfare institutions, institutions for the execution of criminal sanctions, health education faculties performing specific tasks within the health care activity (hereinafter referred to as a health care facility, private practice and other legal entities), as well as the data stored in the health and statistical system and information systems of health insurance organizations, the specific details of which are determined by this decree/rulebook. EHR Data Set Article 2 For the purpose of establishing the EHR the following information is to be stored: I ADMINISTRATIVE DATA: 1. Personal data: 1. Name and surname, 2. Name of a parent, 3. Sex, 4. Citizenship, 5. Place of birth, 6. Date and time of birth, 7. Date and time of death; 2. Identification data: 1. Personal ID number, 2. Other ID numbers 3. Type of ID document; 3. Contact person: 1. Name and surname, 2. Address and phone number of contact person; 4. Legal custodian (for minors and persons under custody): 1. Name and surname of legal custodian, 2. Address and phone number of legal custodian; 5. Information about delivery of healthcare: 1. Personal number of insured person LBO, 2. ID numbers of chosen doctors, 3. Type of chosen doctor, 4. Chosen doctors institution ID numbers; 6. Contact Information: EU-IHIS Šumatovačka 78-80, Beograd, Serbia /24