e-health in Europe At Ingenico, we bring the security layer between the patient, the doctor, and the health management system. This way healthcare systems become safer, more efficient, and provide a better service to all citizens. Georges Liberman, Ingenico This White paper has been produced by Ingenico Corporate Communication and Thierry Spanjaard, Smart Insights June 2012
Executive Summary Both governments and private stakeholders are in search of a better global efficiency in the way public healthcare policies are administered. This search for efficiency is triggered by citizen/customer demand, by the increasing cost of medical treatments, and the availability of information technologies. e-health, the application of IT for healthcare management, has demonstrated it can bring huge benefits in terms of making healthcare available to all citizens at the best cost. Most European governments invest in e-health to deliver more and more complex services, and, at the same time, to meet increasing demand. The first focus, as has been set up in Germany and France, is often to manage the financial flow associated with healthcare systems, and to ensure all stakeholders receive the amount they deserve and expect, and insurances and patients disburse their due. As national healthcare systems are extremely complex, each government has found means, generally involving smart cards, dedicated secure terminals and software, secure networks and databases to complete these tasks. Leveraging the experience from national implementations in pioneering countries, a new generation of services is now coming in Europe. These services include interoperable or shared electronic health records (EHR), in order to ensure a seamless but secure access to medical data, and e- Prescriptions, to dematerialize the prescription (with associated security), thus generating productivity benefits. European investment levels in e-health represent only 1% to 1.5% of total healthcare expenditure 1. These investments trigger huge productivity gains and savings, and generate a fast return on investment. The latest information technology is ready to trigger radical improvements in the way healthcare systems are run. Secure transactions technologies are at the core of e-health needs, and guarantee security, confidentiality and efficiency. 2
Table of Contents Executive Summary 2 Table of Contents 3 Introduction 4 1. Needs for a secure e-health system 5 2. Needs of stakeholders in a e-health system 6 2.1. PATIENTS 6 2.2. HEALTHCARE PROFESSIONALS 7 2.3. HOSPITALS 7 2.4. PUBLIC INSURANCE SYSTEMS 8 2.5. PRIVATE INSURANCE COMPANIES 8 2.6. PUBLIC AUTHORITIES 8 2.7. SOCIETY NEEDS 8 3. e-health applications 9 3.1. MEDICAL RECORDS 9 3.2. e-prescription 10 3.3. e-medical CLAIM FORM 10 3.4. DRUGS MANAGEMENT 11 4. Solutions 12 Conclusion 13 Annex: Examples of European e-health systems 14 1. France 14 1.1. STAKEHOLDERS 14 1.2. FRENCH e-health SCHEME 15 1.3. TECHNOLOGY ASPECTS 17 2. German healthcare system 18 2.1. STAKEHOLDERS 18 2.2. TECHNOLOGY ASPECTS 19 3. Other European healthcare systems 20 3.1. GLOBAL APPROACH 20 3.2. EXAMPLES OF OTHER HEALTHCARE SYSTEMS IN EUROPE 20 Appendix A: Sources 21 Appendix B: Table of Acronyms 22 3
Introduction Governments, and societies at large, have always been in demand of better healthcare for the population. This has been achieved by the developments and improvements of medicine. But, at the same time, the challenge is to bring the progress in medical care to all citizens. To achieve this, not only medicine is involved, but also the way it is managed. Managing healthcare at a national level means making decisions on medical as well as on administrative topics. The organization of healthcare services is a core competence of the government, which goes through the combination of medical choices, with technology related decisions, involving information technologies. cost optimization, leading to a globally better governance of the healthcare system. Citizens demand, especially in a global economic crisis period, lead decision makers in healthcare to investigate more efficient solutions to deliver the best level of medicine to the largest population at the best available cost. Technology, especially the secure transactions technology involved in health cards, readers, terminals, and digital signature processes, brings solutions to these needs. Thanks to secure transactions technologies, healthcare systems can be run more smoothly, and provide better services at a lower cost. Most European governments have set up combined systems of healthcare insurance, in which public compulsory health insurance coexists with private companies (which are optional most of the time). Globally, the European population is ageing, which translates into an increasing demand for healthcare, and an increased cost of treatment. On a global basis, many governments in Europe are transferring expenses from public insurance to private ones. The ongoing economic crisis leads both governments and private bodies to be in demand for better IT applied to healthcare services, or in short, e-health, needs a strong authentication of every stakeholder in the system, essentially patients and healthcare professionals. The core functionality of e-health is to support the financial aspects of healthcare and ensure treatment providers are paid, and patients are only spending what they are due to spend according to their insurance. Additionally, electronic health Records, e-prescriptions, telemedicine, and other new applications, are under development in order to improve the quality of care while reducing the cost of delivering healthcare services. 4
1. Needs for a secure e-health system Healthcare systems are established on a global basis. Societies, or in other terms, populations at large, are in demand of ever better healthcare systems, and at the same time through governments and public or private insurance, citizens expect healthcare costs to be kept within limits, and cost control to be enforced. altered or modified either by their originator, or by anyone else. To fulfill this objective, prescriptions or other medical decisions are to be signed, in order to ensure their integrity and non-repudiation. Transactions Bringing information technologies to healthcare systems encompasses a variety of applications, in tune with citizens needs, both on an individual basis and on society level. Information technologies increase the efficiency of administrative processes and optimize costs by rendering all information flows that were previously based on paper documents electronic. Confidentiality Healthcare deals with personal medical information, such as e-health records, diagnosis, results of medical checkups, etc. Patients want to ensure their medical records are kept confidential. They want to make sure they will have access to their own health records, and that only authorized healthcare professionals will have access to them. To ensure this, e- Health systems must take into account confidentiality needs. Identification/Authentication In addition, e-health systems need to provide identification or authentication of the patient, and authentication of everyone who has access to personal medical records. To achieve this goal e-health systems enable the identification and authentication of all users. Healthcare services are dealing with humans most valuable asset. Healthcare professionals are responsible for their therapeutic acts, such as specific examination, prescription, surgery, or even a simple injection. For this reason, an e- Health system must ensure the person responsible for a therapeutic act is authenticated. Signature Moreover, there is a need to ensure therapeutic acts are part of healthcare records, and once decided, cannot be Most of the time, an e-health system includes transactions. e-health transactions are not always financial transactions (such as bank card payments). For example, updating a health card is a transaction which requires a certain level of security, to ensure both integrity and confidentiality. Delivering and signing e-prescriptions is also a transaction. These services require a security layer between the various parts of the system (patients, professionals, institutions), which is achieved with a health card system and associated security layer infrastructure solutions (widely deployed). This infrastructure is comparable to the bank card electronic payment acceptance infrastructure. But to be efficient it has to comply with healthcare professionals and institutions constraints and habits. This has been proven in existing large-scale deployments. Considering these requirements, and with dematerialization as an objective, an e-health system must bring convenience for all its stakeholders, but also include security features. For this reason, e-health systems include security procedures commonly found in payment systems, or in company security systems. All these systems ensure: n Confidentiality, n Identification, n Authentication, n Digital signatures, n Transaction management. To ensure these objectives are fulfilled, national e-health systems very often use smart cards carrying the patient or healthcare professional identity, and achieve the security needs of e-health applications thanks to a dedicated security layer infrastructure. 5
2. Needs of stakeholders in an e-health system 6 2.1. PATIENTS Typically patients demand the best healthcare service for a minimal cost (and a minimal involvement in administrative processes). For this reason, patients are happy to be given a health card that will guarantee them access to healthcare and manage administrative and payment/reimbursement aspects. Patients are generally happier to have their medical expenses paid directly by public and private insurances rather than to have to pay for medical expenses upfront, and later to be reimbursed. Various systems exist implementing both flows or a combination of them. If the patient has to pay upfront for medical acts to be reimbursed later, he needs to be given access to the current status of his reimbursement process, or more globally to his administrative records. As the card is used to carry patient rights, the healthcare IT infrastructure has to take into account card issuance along with options for the patient to read his card and to update it. The medical system has to include some medical data, and to ensure this access is kept confidential, i.e. reserved to the patient and authorized healthcare professionals. Patients must be given a means to access this medical data. To achieve this in a secure manner, the patient health card is used as an authentication means. The healthcare professional card is also used as an authentication means to give access to patient healthcare related data. In some cases, both the patient and the healthcare professional card could be combined to ensure only the healthcare professionals authorized by the patient have access to the data.
2.2. HEALTHCARE PROFESSIONALS 2.2.1. Who are the healthcare professionals? Healthcare professionals is a denomination including many professionals who have different relations with patients. For instance, healthcare professionals include: n General practitioners, or family doctors, n Specialists, psychotherapists, n Doctors working in public hospitals, n Doctors working in private hospitals, n Pharmacists, n Nurses, n Midwives, n Other therapists, such as physiotherapists 2.2.3. e-prescription In some cases, the GP s (General Practitioner) prescription can be dematerialized. In this case, the prescription given out by a GP is no longer on paper, but is either written on the patient card, or stored over a network (or in the cloud), and the patient card will be used as the secure key to gain access to it when the pharmacist delivers medicines. Making prescriptions electronic is a way to combat fraud; with an e-prescription, a patient cannot add a medicine to get it reimbursed! e-prescriptions also reduce errors with better information shared between professionals and can be combined with a server side process detecting interactions between several treatments delivered by various doctors. 2.2.2. Relation with administrative processes One way to view the healthcare professionals role is to say these professionals deliver care and treatments against payment. Depending on the system, either the healthcare professional is paid directly by the public or private insurance, or a combination of both, or the patient pays the healthcare professional directly, and later gets reimbursed by the public or private insurance, or a combination of both. Most healthcare professionals prefer to concentrate on delivering a treatment than on administrative chores and the administrative part of the system has to adapt to medical practice (and not the other way round). In other words, the technology has to interact seamlessly and effortlessly with medical practices. To perform these administrative tasks, healthcare professionals must get equipped with IT equipment (computers, healthcare card terminals, communication means, printers ), for which they often get subsidies from public institutions. 2.3. HOSPITALS Hospitals deliver a large part of healthcare services, and generally more complex and expensive services than general practitioners. A patient is registered when he enters the hospital under the administrative system, whether he uses his patient card or not. From this point, the hospital administrative data is managed on databases and traditional IT systems. Access to this data is restricted to the administrative personnel, thanks to regular company security systems. Last but not least, e-prescriptions enable institutions to better know which medicines are prescribed, thus improving the global system management. 2.2.4. Patient data confidentiality Healthcare professionals are especially sensitive to privacy. They need to ensure medical records are kept confidential, owned by the healthcare professional and the patient, and are not unwillingly or unwittingly shared with the healthcare insurances or third parties. At the same time, healthcare professionals often have to share data with their peers. For instance a GP often needs to share patient-related data with a specialist. The e-health system has to provide healthcare professionals with a means to securely share information. In this context, securely sharing information means the sender and the recipient need to be authenticated, and may have to exchange data in an encrypted manner. Typically a system based on public key cryptography (PKI or Public Key Infrastructure) with digital signatures is the commonly accepted solution to this requirement. Medical records are managed separately from administrative data for privacy and security reasons. In most cases, in hospitals, medical records are managed on databases using traditional IT systems. As medical records are especially sensitive, security procedures are in place to restrict access to this data. A healthcare professional card is used as a means to access e-medical records. In order to ensure data confidentiality and security, data communication is kept under close control. Data is generally encrypted, and signed, using the healthcare professional card as a signature and cryptographic keys container. 7
2.4. PUBLIC INSURANCE SYSTEMS In most European countries, governments, or other public or para-public organizations have set up public insurance systems. The goal of a public insurance system is to execute government policies. In other words, the public insurance system is in charge of managing the financial and administrative aspects of the system, aiming to monitor the delivery of the best possible healthcare services, for a given cost. Public insurance systems are thus in search of means to increase the efficiency of their administrative processes in a search of increased costeffectiveness. Public insurance systems aim at ensuring a smooth and efficient data flow to complete payments to all stakeholders. Public insurance systems are in charge of managing the relation with insured people, or in other words, all (or most) citizens, which generally takes the form either of a health card, or of an e-health application on an existing national ID card. Public insurance bodies are answerable to governments and in a more general sense to the citizens. For this reason, they have to demonstrate that they manage the healthcare organization efficiently and run a transparent and auditable system. 2.5. PRIVATE INSURANCE COMPANIES In most European countries, the public insurance system is complemented by private insurances that provide additional payment for healthcare services not covered by the public healthcare insurance system. Private insurance companies, whether they are mutual insurance companies or commercial insurance companies, have a cost-efficiency objective. For this reason, they are often considered as more cost-conscious than public organizations. The objective of private insurance companies, in their relations with all stakeholders involved in the healthcare system is to ensure easy and efficient interaction with patients, who are actually their customers. Private insurance companies have a permanent relationship with healthcare professionals and thus have to ensure this relation is managed in an efficient manner. In many cases, private insurance companies establish an affiliation program with a selection of healthcare professionals, directing patients to them, as a compensation for a limiting their pricing policies. As the healthcare system often involves a combination of public and private payment, private insurance companies have an established relationship with the public healthcare bodies. 2.6. PUBLIC AUTHORITIES 8 Public authorities, typically governments, ministries, or healthcare authorities under government control. Missions include: n Healthcare system organization and administration, n Definition of operational rules, in terms of processing, financing and security, n Fixing pricing policies and splitting costs incurred by the public and private insurances and by the patients themselves. As a consequence Healthcare Authorities have set up and are now enforcing dematerialization policies, fostering the replacement of an initially paper-based management 2.7. SOCIETY NEEDS Society at large requires an efficient, fair, healthcare system, accessible to all and at minimal cost. The system has to guarantee all citizens or at least all the beneficiaries of the health insurance have access to treatments. It also has to ensure all healthcare professionals are paid for their services in a timely manner. Finally, as most systems system, to a computerized connected system that ensures more efficient data flows and relations between all stakeholders. Dematerialization demonstrates its efficiency in terms of time and cost. For instance, in France, a few years ago, medical expenses were typically reimbursed by the healthcare insurance within three weeks, whereas the average lead time is now 3 to 5 days. The Cour des Comptes (French Court of Auditors) has established that the unit processing cost of a paper claim is EUR 1.74 whereas the unit processing cost of an electronic claim is just EUR 0.27. include a public healthcare insurance, the system has to ensure funds are used in a fair, efficient and auditable manner. Society demands fairness in the use of the healthcare system. For instance in a family healthcare expenses must be reimbursed to the person who received a treatment and incurred the corresponding expenses.
3. e-health applications Healthcare is a national and in some countries a regional responsibility. Nevertheless, there is a need for cooperation between the European Commission and the Member States as well as among Member States 2 themselves. For this reason, European programs focus on establishing interoperability between national frameworks rather than on establishing a single way of managing healthcare that would not be acceptable by national authorities. The EU, through its e-health European Interoperability Framework, is building common objectives, practices and rules across healthcare systems of different countries in the EU. The goal of the e-health European Interoperability Framework would be to define and agree on a common set of standards (and relevant standardization bodies), profiles, testing tools and procedures, quality management system, certification scheme, roles, responsibilities and processes. 3 The expected results of this program are as follows 4 : Beneficiaries Anticipated benefits Member states EC Healthcare providers Will be guided (and this is one of their main requests) and coordinated in their efforts to build national and international interoperable e-health infrastructures Will have the rational arguments to be able to build a plan to massively deploy cross border e-health services in a sustainable way Will be able to provide cross-border care in the safest way EU citizens/patients 3.1. MEDICAL RECORDS Electronic Health Records (EHR) are defined as digitally stored healthcare information about an individual's lifetime with the purpose of supporting continuity of care, education and research, and ensuring confidentiality at all times 5. In other terms, EHRs are repositories of electronically maintained information about individuals lifetime health They will be able to fully enjoy the possibility of having a right to Healthcare outside their country of origin status and healthcare, stored in such a way that they can serve the multiple legitimate users of the records. The EHR should include information such as observations, laboratory tests, diagnostic imaging reports, treatments, therapies, drugs administered, patient identifying information, legal permissions and allergies. 9
10 Demand is clear to make EHRs interoperable across the European Union. Making EHRs interoperable will contribute to more effective and efficient patient care by facilitating the retrieval and processing of clinical information about a patient from different sites. Direct objectives of interoperable EHRs include: n Direct patient care, n Patient care management, n Patient care support processes, n Financial and other administrative processes, n Patient self-management. 3.2. e-prescription The e-health Initiative (EHI) defined electronic prescribing as the use of computing devices to enter, modify, review, and output or communicate drug prescriptions. e-prescribing systems should provide: n Computerized entry and management of prescriptions, n Knowledge support, with immediate access to information on medicines, n Decision support, aiding the choice of medicines and other therapies, with alerts such as drug interactions, n Support during administration, n Computerized links between hospital wards/departments and pharmacies, However, EHR data is stored in multiple locations in various proprietary formats through a multitude of medical information systems available on the market. To ensure more interoperability, and a better management of EHRs or at least of PHRs, the e-health system must provide the capability of preserving medical records, organizing them in a standardized EHR database, and at the same time providing all guarantees in terms of information security, and personal data protection. This can be achieved based on an authentication through the healthcare professional card and infrastructure, and access to data has to be authorized by the patient himself, generally thanks to the cryptographic functions in the patient card. n Ultimately, links to other elements of patients' individual care records, n Improvements in existing work processes, n Robust audit trails for the entire medicines use process 6. e-prescriptions application needs authentication and security throughout the e-health system. An e-prescription can only be created with the consent of the patient, or in other terms with the use of the patient card along with his authorization, through biometry or a PIN code. An e-prescription is generated by a healthcare professional, and kept secure thanks to the signature and cryptography functions contained in his card. e-health terminals allow the simultaneous presence of the healthcare professional card and the patient card.
3.3. e-medical CLAIM FORM Several e-health systems were originally developed to computerize claim forms, paper documents sent by patients to public and private insurances to be reimbursed for their medical expenses, and claims made by healthcare professionals to receive payment for the treatments they delivered. Now, medical claims have been converted into data on IT systems taking care of all the financial flows associated with healthcare systems. 3.4. DRUGS MANAGEMENT The EU Falsified Medicines Directive requires that medicines are traced at pack level, and not at batch level as before. For this reason, pack markings are evolving from 1D barcodes to 2D barcodes. The objective, also supported by the European Federation of Pharmaceutical Industries and Associations (EFPIA), is to secure the supply chain against counterfeit medicines by enabling medicine packs to be verified at the point of dispensing. Thanks to this evolution, pharmacists are able to implement a better traceability, even knowing which pack of medicine has been delivered to which patient. In hospitals, medicines are prepared individually for each patient, and a traceability system is implemented to guarantee the right drug is delivered to each patient. Advanced solutions are implemented with barcodes associated to each patient and to each drug container. At the time of delivery, a nurse scans both barcodes to confirm a dedicated medicine is delivered to the right patient. 11
4. Solutions Thanks to its multi-faceted experience in healthcare and in payments, Ingenico has already been involved in many aspects of e-health management. Thanks to its longstanding experience, Ingenico provides the appropriate security layer to support e-health applications. The company delivers solutions to support all needs in the e-health area, including: n e-medical claims forms management, n e-medical records security, n e-prescriptions, n Health card management n Drugs management, n And more Ingenico has been actively involved in French and German e-health programs among others. This makes Ingenico one of the most knowledgeable companies for all needs relating to e-health management and the worldwide leader for e-health security layer infrastructure solutions. 12
CONCLUSION All European governments are now convinced of the need to invest in e-health to ensure the best possible delivery of healthcare services to citizens at the best cost. In addition, private stakeholders such as insurance companies and healthcare professionals are in search of productivity improvements. Healthcare systems are inherently complex, due to the multiplicity of situations and the high number of stakeholders. France and Germany were first to widely develop their systems on a large scale, based on secure transactions technologies, and primarily focusing on the management of the financial flows associated with healthcare through electronic claims. This need has led to issuing patient cards and healthcare professional cards, which in turn, led to the need for dedicated e-health terminals and solutions. The terminals industry is playing a central role in providing the security layer needed for e-health applications and in developing readers and terminals, especially dedicated to e-health applications, and best suited to all stakeholders needs. These e-health terminals comply with the specific requirements of each function and provide the needed security to ensure a seamless integration in the workflows while at the same time guaranteeing security and data confidentiality. The complexity of e-health solutions is increasing as new applications are developed: Electronic Health Records, e-prescriptions, drugs management and more. e-health solutions are now expanding all over Europe for the benefit of citizens and the European Union is playing its role in ensuring healthcare systems remain consistent with each other, and European citizens benefit from healthcare services wherever they are in the EU. 13
Annexe: Examples of European e-health systems 1. France France has been running its SESAM-Vitale program for years. It uses new technologies to simplify and accelerate exchanges, thereby doing away with any paperwork 7. Widely deployed as of 1998, SESAM-Vitale currently links more than 300,000 healthcare professionals and processes around 1 billion electronic claim forms for reimbursement per year. 1.1. STAKEHOLDERS 14 1.1.1. GIE SESAM-Vitale and ASIP-Santé The Groupement d Intérêt Economique SESAM-Vitale (Economic Interest Group) is a service provider whose missions are the technical expertise, the development and the promotion of the SESAM-Vitale program. The GIE SESAM-Vitale was created by the partners of the French Health Insurance to develop common solutions to meet the needs of all its members, whether they are part of the compulsory systems or the complementary insurance organizations. ASIP-Santé, (Agence des Systèmes d Information Partagés de la Santé Agency for Shared IT Systems), is in charge of the daily oversight and steering of e-health implementation activities. 1.1.2. Public health insurance In France, health insurance is a branch of the Social Security system. It is funded by workers salaries (60% of the fund), by indirect taxes on alcohol and tobacco and by direct contribution paid by all revenue proportional to income, including retirement pensions and capital revenues 8. The Caisse Nationale d Assurance Maladie- Travailleurs Salariés (CNAM-TS National Health Insurance) is in charge of the management of the general scheme of health insurance. Its action is based on three fundamental principles: solidarity, equality of access to treatments and quality of treatment. The global objective of the CNAM-TS is to balance its accounts, thus it engages in cost reduction actions. In order to achieve its objectives, the government and the CNAM-TS, impose healthcare professionals pricing policy, and trigger more efficient and secure processes thanks to information technology. Also, to contribute to the reduction of healthcare costs, public and private insurance inform patients about the actual cost of their treatments. 1.1.3. Mutual and private health insurances More than 80% of French people have supplemental insurance, often provided by their employers. The poorest have free universal healthcare, which is financed by taxes 9. There are over 600 mutual and private insurance companies involved in health insurance. Mutual and private insurance companies deliver to the patient a complementary payment for medical treatments, which comes in addition to the payment from the public health insurance. Insurance companies objectives is either to balance their accounts, or to generate profits. For this reason, they play a role in pushing for efficient, IT-based administrative processes. They also tend to have a balanced relationship with healthcare professionals, offering them an influx of patients against a limitation of their pricing policies.
1.1.4. Healthcare professionals Healthcare professionals are represented through Orders, such as the Ordre National des Médecins (National Order of Doctors), Ordre National des Pharmaciens (National Order of Pharmacists) and others. The Orders represent healthcare professionals in their negotiations with other stakeholders, and take responsibility in the implementation of some projects. 1.1.5. Patients Patients are free to choose which healthcare professional they want to deal with, they also choose their mutual or private insurance. Even in this complex environment, patients demand the best combination between quality of treatment and cost. Healthcare professionals benefit from subsidies to support their equipment cost for e-health terminals. 1.2. FRENCH e-health SCHEME Source: Information GIE SESAM-Vitale/infographie Ingenico 1.2.1. SESAM-Vitale Scheme Deployed as of 1998, SESAM-Vitale currently links more than 300,000 healthcare professionals with the Health Insurance System, for the benefit of millions of insured persons who have the Vitale card. The SESAM-Vitale system transmits around 100 million electronic claims per month. It has been assessed that the cost of an electronically transmitted claim is EUR 0.27, whereas the cost of processing a paper claim is EUR 1.74. 15
Source: Information GIE SESAM-Vitale/infographie Ingenico 16 1.2.2. Healthcare professional card The CPS (Carte de Professionnel de Santé Healthcare Professional Card) is a microprocessor card. The CPS functionalities include identification, authentication and electronic signature of healthcare professionals 10. The CPS contains information about the identity of the healthcare professional, his qualification, his various abilities and roles. Additionally, the CPS contains certificates, which constitute the healthcare professional s dematerialized identity proof and is certified by the ASIP Santé (Agence des Systèmes d Information Partagés de la Santé Agency for Shared IT Systems). These certificates are used as a confidence token, for applications that involve confidential medical data. Certificates allow: n Identification of the healthcare professional, i.e. unequivocally recognizing his person and qualifications, n Authentication, i.e. recognition of his identity, n Electronic signature of documents or medical acts, allowing the cardholder to commit on the content of a document, and to guarantee its integrity, n Encryption of exchanged data, so that only the recipient can read them. Information are exchanged in a way that prevents reading and interception by a third party. Encryption certificates are used as part of email security procedures. Tools to ensure confidentiality thanks to data ciphering. The CPS is currently evolving towards a new version called CPS V3. The new card will have all the functionalities of the current one and additionally: n Facilitate its deployment and integration in existing solutions thanks to support of new industrial standards (CPS V3 supports IAS standard), n Support contactless technology in order to allow development and deployment of adapted software. 1.2.3. Patient card The SESAM-Vitale system uses a microprocessor card (carte Vitale), which contains health insurance data for the insured person and their beneficiaries (e.g. children). The Vitale card is currently being replaced by a new one, the Vitale 2 card.
1.2.4. Personal medical record The DMP (Dossier Medical Personnel personal medical record) is an electronic secure personal medical record. It is accessible over the internet. The DMP includes a set of services that allow the patient and authorized healthcare professionals to share, in an electronic manner, anywhere and at any time, medical data that can be used for the coordination of medical treatments. The DMP may contain information such as medical history, allergies, previous medicine prescriptions, hospital care reports and results of medical examinations. According to the law, each insured citizen may have a DMP. However, it is not mandatory, and having a DMP is the patient s decision. The patient keeps control over his DMP: he authorizes access to healthcare professionals to his DMP. The patient has the possibility to close, delete, some or all document included in the DMP, or to hide some medical record. The DMP is both personal and shared, which conforms with patients rights, which pose as principle information, approval and confidentiality. The DMP is strictly reserved to the patient and authorized healthcare professionals. DMP access is prohibited for occupational health doctors, employers, insurances, banks The DMP keeps records of all access to each file. For the time being, DMP access by the patient is secured by a unique health identifier (different from the usual identifier used for health related administrative purposes) along with a password. 1.2.5. e-prescription An eprescription service, under the aegis of the French Order of Pharmacists is already running across the country. The pharmaceutical care record contains all information related to the issuing and consumption of pharmaceuticals to a patient and will eventually feed its information into the medication section of the DMP. As of June 2010, 8.5 million pharmaceutical records have been created across 16 000 pharmacies in France 11. 1.3. TECHNOLOGY ASPECTS 1.3.1. Healthcare professional cards Every healthcare professional is issued a CPS card (Carte de Professionel de Santé Healthcare Professional Card). These cards support authentication, signature and cryptography functions. They are used in a dual-slot e-health terminal to sign e-medical claim form combined with the patient/ Vitale card. The card is involved in the process of creating the FSE (Feuille de Soins Electronique Electronic Claim) used to transmit claims to the public health insurance and of the DRE (Demandes de Remboursement Electroniques Electronic reimbursement demand) used to transmit claims to the mutual or private insurance companies. 1.3.3. Terminals 1.3.2. Patient cards The first version of Vitale was a smart card, based on a proprietary operating system, with an identification number, identity of the cardholder, the level of insurance and associated beneficiaries (children). Since 2007, cards in issue are called Vitale 2 with the following characteristics: n The card includes a new generation microprocessor enabling advanced cryptography, n The card is compliant with the IAS (Identification, Authentication and Signature) European standard, n The card is certified Common Criteria EAL4+, to guarantee its high level of security, n Identification number, name and a photo of the cardholder are printed on the card. Thanks to additional security elements in Vitale 2, compared with Vitale 1, a better patient identification and authentication can be performed. Countertop terminals are used by pharmacies, private healthcare professionals and hospitals. They are equipped with two or three card slots, and connect to a workstation via a USB port. Mobile terminals are used primarily by private nurses and doctors visiting patients at home. They have to be light and easy to use, with two or three card slots too. Portable terminals are powered by rechargeable batteries. There are also self service solutions (a kind of lightweight kiosk) used by patients to securely update their Vitale card. Self service solutions are autonomous terminals (with wired or wireless IP connection). They are equipped with a graphical display, for user convenience. In order to ensure a secure access to workstations and networks, hospitals need desktop readers: desktop readers are contact and/or contactless smart card readers, connected through USB to a workstation, enabling healthcare professionals to access to a workstation and to the hospital network relying on their card security. 17
2. German healthcare system Efforts at introducing an Electronic Health Record and other e-health services have a long history in Germany. The first version was the KVK (Krankenversichertenkarte health insurance card), launched in 1995. Due to the fact the KVK did not bear any picture of the cardholder, and its content was just plain memory without security, it had to be replaced by a more secure and efficient system. It is now replaced by a full ecosystem, centered around the egk (elektronische Gesundheitskarte Electronic Health Card), which brings security as well as additional functionalities. 2.1. STAKEHOLDERS 18 2.1.1. Federal government The German Federal Parliament, the Federal Government through the Ministry of Health (Bundesgesundheitsminis - terium), and more globally federal institutions, are in charge of the legislative framework for the healthcare system. Germany is a federal state with three major levels of government: the Federation (Bund), 16 States (La nder), and several hundreds of local governments (municipalities and counties). A fundamental characteristic of the German political system in general and the health care system in particular is the sharing of decision-making powers between the La nder and the federal government 12. The Federal Ministry of Health stated it position in a paper entitled The German e-health Strategy. The document describes the target of the strategy as follows: The healthcare system in Germany is a system with a pressing demand for intensive communication between the different actors with the aim of achieving better collaboration and thus numerous positive results for the health of the citizens, the healthcare system and the State s economic situation 13. 2.1.2. Health insurances There are around 140 health insurance companies, all of them are public organizations. Healthcare insurances are supported by the governmentmanaged Gesundheitsfond (Healthcare fund), which collects payments from employers and employees, in addition to a direct tax-financed subsidy from the federal government. Then the fund distributes its income to the various public health insurance companies according to the morbidity structure of their insured. All healthcare insurances deliver the same service to patients, in terms of bearing the cost of treatments. However, some of them differentiate by choosing to support alternative types of care, such as acupuncture. 2.1.3. gematik Established in 2005, gematik, originally Gesellschaft fu r Telematik (Company for telematics) is a common structure owned 50% by healthcare providers (doctors, pharmacists, hospitals ) and 50% by payers (Statutory Health Insurance Funds Association and the Association of Private Health Insurance). Gematik is under the legal supervision of the Federal Ministry of Health. gematik performs various tasks in the implementation of the health card and telematics infrastructure. gematik focuses on three core competencies: designing, permitting and operational responsibility. The focus of the work is always the interest of the patient in terms of data protection and informational self-determination of the insured. gematik role is to: n Establish the technical specification of the required data formats, services and components for the telematics infrastructure, n Organize testing and certification of services and components (provided or supplied via the industry), n Operate part of the telematics infrastructure. Tests are run according to gematik specifications by private laboratories under the supervision of the BSI (Bundesamt fur Sicherheit in der Informationstechnik Federal Office for Information Security).
2.2. TECHNOLOGY ASPECTS The German government is introducing electronic Health Cards (electronische Gesundheits-karte or egk) for all insured citizens. The electronic chip in these smart cards contains personal data, insurance details and medical history records. German health insurance companies issue electronic Health Cards (egk) to patients insured by them. The card is used by the cardholders, when they use health care services, which are covered by the insurance. A picture of the patient is printed on the card in order to support identification 14. The ehc contains data for: n Cardholder identification, n Contractual and financial information to be exchanged between cardholder and healthcare provider and/or the health insurance company, n Medical data, including electronic prescriptions, if the application is available and if the cardholder requires so, n Optionally, an emergency data set that can be read offline. The chip, thanks to its cryptographic capabilities contains all these data in a secure manner. In addition, the chip store cryptographic keys that are used to ensure the authenticity of the card, and the readers it may meet. These keys are also used for data encryption. The back side of the egk features European Health Insurance Card (EHIC) data 15. 2.2.1. Terminal for health cards The specification of the egk drives the terminal functionalities 16 : n When a patient card is used by a healthcare professional, there must be a mutual authentication between the ehc and a Health Professional card (HPC) or a security module card (SMC), n When a patient card is used by the patient himself (e.g. for online update of contract data in the card), there must be a Mutual Authentication between the ehc and a security device, n Cardholder is to be identified by use of one of two PINs, called PIN.CH and PIN.home (which of these PINs is relevant depends on the service the cardholder wants to use). Healthcare dedicated terminals must have a physical security protection, and be protected against drilling. They enclose several security modules, used for the various secure functions of healthcare applications. Most terminals support TCP/IP, and are also able to switch to PSTN for data transmission, which is encrypted in SSL mode. Terminals are equipped with a Pinpad and a display, and generally do not include a printer. All terminals have to be approved by gematik. 19
3. Other European healthcare systems 3.1. GLOBAL APPROACH Under a global European approach, governments are inclined to use a smart card to allow patients to make use of their health insurance rights when visiting a healthcare professional. However, even if the German and French examples use a dedicated card, the current trend, in several countries, is to consider the healthcare project as an extension of a national electronic ID card. In some cases, the healthcare card has been used as the starting point for the definition of a national ID card, or an e-id card, used online to access government services. Besides being a credential for citizens to justify their rights and to obtain a treatment, several applications are added on e-health schemes: n e-prescriptions, n Secure messaging, allowing a secure data communication between healthcare professionals, n Telemedicine. 3.2. EXAMPLES OF OTHER HEALTHCARE SYSTEMS IN EUROPE 3.2.1. Austria 3.2.2. Belgium The Austrian healthcare system is characterized by the federalist structure of the country, the delegation of competencies to self-governing stakeholders in the social insurance system as well as by cross-stakeholder structures at federal and La nder level which possess competencies in cooperative planning, coordination and financing. According to the Federal Constitution, almost all areas of the healthcare system are primarily the regulatory responsibility of the federal government. The most important exception is the hospital sector: in this area, the federal government is only responsible for enacting basic law; legislation on implementation and enforcement is the responsibility of the nine La nder 17. At the national level, Austria is in the process of developing an electronic health record: ELGA (Elektronische Gesundheit - sakte). The electronic health card (e-card) is the central key to the benefits of the Austrian social health insurance system. More than 8.6 million ecards have been issued and about 12 000 contractual partners accept the card 18. Belgium has a healthcare system based on a compulsory social health insurance model. Healthcare is publicly funded and mainly privately provided. Patients have free choice of provider, hospital and sickness fund. The Federal Government regulates and supervises all sectors of the social security system, including health insurance. However, responsibility for almost all preventive care and health promotion has been transferred to the communities and regions 19. A fixed annual budget for compulsory health insurance and sectoral target budgets are set at federal and community level. The Belgian healthcare system provides comprehensive healthcare to almost all the population while maintaining a wide degree of choice for the insured and the providers. The health card has been in use since 1998. It will now be phased out, and social security and health insurance status verification will be offered through the e-health-platform as a value added web service, using the National eid card as access key providing identification and authentication. All functionalities related to the SIS card will become integrated into the eid. 20
3.2.3. Slovenia Slovenia maintains a Bismarck-type healthcare system, which was introduced for workers as an extension of a compulsory accident insurance system in 1888. The 1992 law laid the basis for a centralized compulsory health insurance system to be administered by the HIIS. By statute, the HIIS is the sole provider of compulsory insurance. The HIIS operates autonomously and is governed by elected representatives of employers and the insured 20. Appendix A: Sources 1. EHR Impact - http://www.ehr-impact.eu/downloads/documents/ehri_d1_2_conceptual_framework_v1_0.pdf 2. About ehealth ERA - http://www.ehealth-era.org/about/about.htm 3. Interoperability Solutions for European Public Administration ehealthe-health European Interoperability Framework. - http://ec.europa.eu/isa/actions/documents/isa_2.12_ehealthe-health1_workprogramme.pdf 4. Interoperability Solutions for European Public Administration ehealthe-health European Interoperability Framework. - http://ec.europa.eu/isa/actions/documents/isa_2.12_ehealthe-health1_workprogramme.pdf 5. Author: Ilias Iakovidis, Deputy Head of the ICT for Health Unit, European Commission 6. HER Impact - http://www.ehr-impact.eu/downloads/documents/ehri_d1_2_conceptual_framework_v1_0.pdf 7. SESAM Vitale - http://www.sesam-vitale.fr/programme/programme_eng.asp 8. About ehealth ERA - http://ehealth-strategies.eu/database/documents/france_countrybrief_ehstrategies.pdf 9. About ehealth ERA - http://ehealth-strategies.eu/database/documents/france_countrybrief_ehstrategies.pdf 10. About ehealth ERA - http://www.ehealth-era.org/database/documents/factsheets/france.pdf 11. About ehealth ERA - http://ehealth-strategies.eu/database/documents/france_countrybrief_ehstrategies.pdf 12. About ehealth ERA - http://ehealth-strategies.eu/database/documents/germany_countrybrief_ehs_12.pdf 13. About ehealth ERA - http://ehealth-strategies.eu/database/documents/germany_countrybrief_ehs_12.pdf 14. Common criteria portal - http://www.commoncriteriaportal.org/files/ppfiles/pp0020_v2_ma1b.pdf 15. gematik - http://www.worldcongress.com/events/nw615/presentations/harald%20flex%20- %20EHR%20and%20IT%20Innovation%20Summit.pdf 16. Common criteria portal - http://www.commoncriteriaportal.org/files/ppfiles/pp0020_v2_ma1b.pdf 17. About ehealth ERA - http://ehealth-strategies.eu/database/documents/austria_countrybrief_ehstrategies.pdf 18. About ehealth ERA - http://ehealth-strategies.eu/database/documents/austria_countrybrief_ehstrategies.pdf 19. About ehealth ERA - http://ehealth-strategies.eu/database/documents/belgium_countrybrief_ehstrategies.pdf 20. About ehealth ERA - http://ehealth-strategies.eu/database/documents/slovenia_countrybrief_ehstrategies.pdf 21
Appendix B: Table of Acronyms ASIP BSI CNAM-TS CPS CPS V3 DMP DRE EAL EC Agence des Systèmes d Information Partagés de la Santé French Agency for Shared IT Systems Bundesamt fur Sicherheit in der Informationstechnik German Federal Office for Information Security Caisse Nationale d Assurance Maladie Travailleurs Salariés French National Health Insurance Carte de Professionnel de Santé French Health Professional Card 3 rd version of CPS Dossier Medical Personnel French Personal Medical Record Demandes de Remboursement Electroniques French Electronic reimbursement demand Electronic claims used to send reimbursement request to French mutual insurance companies or commercial insurance companies. Evaluation Assurance Level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of an international standard Common Criteria security evaluation. European Commission egk EHIC ehc EHR ELGA ERA elektronische Gesundheitskarte German Electronic Health Card European Health Insurance Card Electronic Health Card Electronic Health Record Digitally stored healthcare information about an individual's lifetime Elektronische Gesundheitsakte Austrian Electronic Health Record European Research Area 22
EU FSE GIN GIP CPS GIP DMP GP HIIS HPC IAS-ECC European Union Feuille de Soins Electronique French Electronic Claim Gesundheitsinformationsnetz Austrian health information network Groupement d Intérêt Public pour le Dossier Médical Portable French Public Interest Group for Personal Medical Records Groupement d Intérêt Public pour la Carte Professionnel de Santé French Public Interest Group for Healthcare Professional Cards General Practitioner Health Insurance Institute of Slovenia Health Professional Card German Health Professional Card Identification Authentification Signature European Citizen Card International standard defined by Gixel (the French smart card industry association) allowing to implement Europe-wide mechanisms, as defined in the European Citizen Card specification. INSZ-NISS IP IT PHR PKI PSTN SMC SSL Identificatienummer Sociale Zekerheid Numero d Identification Securite Sociale Belgian National Social Security Number Internet Protocol Information Technology Personal Health Record Electronic Health Record (HER) kept under patient control Public Key Infrastructure Public Switched Telephone Network Security Module Card Secure Socket Layer 23
www.ingenico.com All right reserved. This document is not binding and the specifications above can be modified without prior consent. 28-32 boulevard de Grenelle 75015 Paris Tel. +33 (0)1 58 01 80 00 Fax +33 (0)1 58 01 91 35