Electronic Health Records ( #EHR ) implementation with #blockchain, #BPM, #ECM and #platform

This blogpost is an updated version of the chapter 3 from “Technology enabled healthcare transformation” ( see http://improving-bpm-systems.blogspot.ch/2014/07/technology-enabled-healthcare.html ).

The main concept is that a person (or his/her legal representative) is the only the owner of his/her personal EHR. Other participants in the healthcare may use some of the person’s records only within some explicitly-defined contexts.

The following technologies are employed:
Special thanks to Charles Webster MD @wareFLO https://twitter.com/wareflo for a review of this article.

1 General definition from www.healthit.gov

www.healthit.gov defines person’s Electronic Health Records (EHR) as, at their simplest, digital (computerized) versions of patient's paper charts. In other words, a person’s EHR is a set of all the health-related records of a particular person which are available in some digital formats. But a person’s EHR, when fully up and running, are so much more than that.

A person’s EHR is real-time, patient-centred records. They make information available instantly, at any time, in any place and from any device. And they bring together in one place everything about a patient's health. A person’s EHR can:
  • Contain information about a patient's medical history, diagnoses, medications, immunization dates, allergies, radiology images, and lab and test results.
  • Offer access to evidence-based tools that providers can use in making decisions about a patient's care.
  • Automate and streamline providers' workflow.
  • Increase organization and accuracy of patient information.
  • One of the key features of a person’s EHR is that it can be created, managed, and consulted by authorized providers and staff across more than one healthcare organization. A person’s EHR can bring together information from current and past doctors, emergency facilities, school and workplace clinics, pharmacies, laboratories, and medical imaging facilities.

2  EHR as a component of the healthcare platform

The EHR component is a tool which operated many person’s EHR.

Certainly, the EHR component is the core of component of the healthcare Common Unified Business Execution (CUBE) platform and an implementation of the EHR component is a must. Within the healthcare CUBE platform, the EHR component can be architected in accordance with this conceptual view.

3 A bit of cryptography

  • Hashing is a cryptographic procedure to map a digital object of arbitrary size to data of fixed size (called “hash”). Features: easy to compute, irreversible (not feasible to generate original digital object from its hash), commitment (any change in the digital object changes its hash) and collision free (not feasible to find two digital objects with the same hash). 
  • Public and private keys are a pair of keys of asymmetric cryptographic algorithm. A digital can be encrypted by one of those keys and decrypted by the other one.
  • A digital signature is a hash of a digital asset (e.g. a message, document, data) encrypted with the owner’s private key. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message (authentication and non-repudiation), and that the message was not altered in transit (integrity).

4 Records keeping

A person’s EHR are kept in a private storage which is accessible only by the owner (i.e. this person). Records are encrypted by person’s public key (thus only the owner can decrypt them with his/her private key). If the private key is compromised then the records must be re-encrypted with another private key.

The digital signature of a record is kept in a public storage which is based on the blockchain; thus, thanks to blockchain, no one (even the owner) can change this digital signature and thus everyone can check that the record has not been changed even by its owner.

Traditionally, personal healthcare records embed the name of a person (denominated record) thus creates a problem between the person’s privacy and the use of his/her EHR for medical research activities. A solution of this problem is to have anonymised version (anonymised record) of traditional personal healthcare records.
From the point of view of the enterprise content management, a denominated record is a composite (or compound) record which comprises anonymised record (some medical information) and some personal information. Some medical organisations already practice anonymisation of some records by replacing a patient’s name by some identifier. For example, a blood sample container has a barcode (or RFID) which is also attached to patient’s information page. Also, an identifier is used to hide a patient’s name in communication with external service providers such medical tests labs.

5 Records exchange

A typical practice of electronic document distribution is to add an annotation (e.g. as a watermark or running header or footer) to whom a particular copy of the electronic document has been sent. Finally, this personalised record is electronically signed by the distributor.

6 Context for records exchange

Ideally, all the records must be originated as anonymised version and be explicitly associated with the name of a patient when necessary (so called late-binding approach).

A person (or his/her legal representative) is the only the owner of his/her personal EHR. Other participants in the healthcare may use some of the person’s records only within some explicitly-defined contexts. Other participants in the healthcare must explicitly request some person’s records (e.g. lab tests, etc.) from the owner (i.e. the patient). Such a request must be executed only in the context of a well-defined process/workflow/case in which the patient and the requestor are involved (see 2.5.3 in the original article).

The exchange uses the concept of “deposit box” which is a short-life-time (temporary) private storage for the each act of exchange. A deposit box is accessible by the record’s owner and, then, the record’s recipient. Imagine that some paper documents were copied and put in an envelope. Some deposit boxes may be protected by a one-time password. Such a deposit box can be part of a particular process case.

7 Use case 1 – from a patient to a medical office (i.e. a doctor)

Below is an example of how the exchange between a patient and a medical office should be carried out (keep in mind 2.5.6 in the original article). The situation: the patient made an appointment to visit a doctor. The catalogue of the patient’s records (title, date and some other metadata only) is made available for the doctor. The doctor has indicated which patient’s records are necessary for this visit. The patient has to send some of his/her records before the visit. After the visit, the doctor sends to the patient some new records. See a process fragment below.

Records exchange is carried out in the following way (see the red markers in the illustration below):

1) As part of the “visit doctor” process, the patient got a task to send a list of his/her records to the doctor.

2) Anonymised versions (ideally) of requested records are annotated (by indicated to whom this copy is to be sent) and they are additionally protected by:
  • a. the doctor’s public key for this patient;
  • b. maybe, the process case private key which has a short life-time and, 
  • c. maybe, an one-time password.

3) The protected records are uploaded to a deposit box.

4) Hashes of all those records are sent in a public storage.

5) A link to this deposit box is communicated to the doctor (actually, to his/her) medical office.

6) The records from the deposit box are fetched, decrypted and validated (via hashes which are stored in the public storage) by a medial office employee to store them into a private storage of this medical office.

7) The deposit box is “destroyed”.

8 Use case 2 – from a medical office (i.e. a doctor) to a patient

The flow of data is indicated by blue markers in the illustration below.

9 Private storage, public storage and deposit box implementation

A private storage is a cloud-based protected and encrypted storage. For example, https://www.securesafe.com/en/

A public storage is a public blockchain. It is used to validate the integrity of records because a hash for each record is stored in the public storage. Metadata are very important.

A deposit box is a protected short-life storage which can change the owner only one time – think about an envelope. Each particular process case may have several deposit boxes. Each of them may be passed from one process participant to another.

Secure exchange may be built on the Open Whisper technologies - https://whispersystems.org/ 

10 From your current EHR to the common ideal EHR

It will be in one of next blogposts.

Post a Comment