Title: A vision on electronic cooperation in the Belgian health care sector, based on the experience in the
1A vision on electronic cooperation in the Belgian
health care sector, based on the experience in
the social sector, and the role of the Be-Health
platform
Frank Robben General manager Crossroads Bank for
Social Security CEO Smals Sint-Pieterssteenweg
375 B-1040 Brussels E-mail Frank.Robben_at_ksz.fgov.
be Website CBSS www.ksz.fgov.be Personal
website www.law.kuleuven.ac.be/icri/frobben
2Structure of the presentation
- existing electronic cooperation in the social
sector - the problem
- the solution
- basic principles
- advantages
- towards an electronic cooperation in the health
care sector, based on the experience of the
social sector - objectives
- useful building blocks
- Be-Health platform
3Actors in the Belgian social sector
- about 2,000 public and private institutions at
several levels (federal, regional, local) dealing
with - collection of social security contributions
- delivery of social security benefits
- child benefits
- unemployment benefits
- benefits in case of incapacity for work
- re-imbursement of health care costs
- holiday pay
- old age pensions
- guaranteed minimum income
- delivery of supplementary social benefits
- delivery of supplementary benefits based on the
social security status of a person
4The problem
- a lack of well coordinated service delivery
processes and of a lack of well coordinated
information management led to - a huge avoidable administrative burden and
related costs for - the companies
- the citizens
- the actors in the social sector
- service delivery that didnt meet the
expectations of the companies and the citizens - suboptimal effectiveness of the social protection
- higher possibilities of fraud
- suboptimal support of the social policy
5Expectations of citizens and companies
- integrated services
- attuned to their concrete situation, and
personalized when possible - delivered at the occasion of events that occur
during their life cycle (birth, going to school,
starting to work, move, illness, retirement,
decease, starting up a company, ) - across government levels, public services and
private bodies - attuned to their own processes
- with minimal costs and minimal administrative
burden - if possible, granted automatically
- well performing and user-friendly
- reliable, secure and permanently available
- accessible via a channel chosen by the user
(direct contact, phone, electronic devices, ) - sufficient privacy protection
6The solution
- a network between all 2,000 social sector actors
with a secure connection to the internet, the
federal MAN, regional extranets, extranets
between local authorities and the Belgian
interbanking network - a unique identification key
- for every citizen, electronically readable from
an electronic social security card and an
electronic identity card - for every company
- 190 electronic services for mutual information
exchange amongst actors in the social sector,
defined after process optimization - nearly all direct or indirect (via citizens or
companies) paper-based information exchange
between actors in the social sector has been
abolished - in 2006 511 million electronic messages were
exchanged amongst actors in the social sector,
which saved as many paper exchanges
7Social security card
name Christian name date of birth sex social
security number period of validity of the
card card number
sickness fund sickness fund registration
number insurance period insurance status social
exemption status
key 1
other data to be added in the future, if useful
8Electronic identity card
9Contribution certificate health care sector
present situation
Employees
Employer
Sickness funds
Control
RIZIV
RSZ
10Contribution certificate health care sector
present situation
11Derived rights in tax affairs
- a number of people are entitled to an increased
refund of the costs for medical care - moreover, a number of municipalities and
provinces grant these persons reductions or even
exemptions of the taxes
12Derived rights in tax affairs - past situation
Sickness fund
13Derived rights in tax affairs - present situation
CBSS
sickness funds network
14The solution
- 41 electronic services for employers, either
based on the electronic exchange of structured
messages or via an integrated portal site - 50 social security declaration forms for
employers have been abolished - in the remaining 30 (electronic) declaration
forms the number of headings has on average been
reduced to a third of the previous number - declarations are limited to 3 events
- immediate declaration of recruitment and
discharge (only electronically) - quarterly declaration of salary and working time
(only electronically) - occurence of a social risk (electronically or on
paper) - in 2006 17.9 million electronic declarations were
made by all 220,000 employers, 98 of which from
application to application - according to a study of the Belgian Planning
Bureau, rationalization of the information
exchange processes between the employers and the
social sector implies an annual saving of
administrative costs of more than 1 billion a
year for the companies
15Start/end of an employment relationship
Simplification
Employment contract
Work force register
Special work force register
Individual document
Students contract
NOSS
On line consultation
Inspection
Work force register
Data- base
16Quarterly declaration salary working time
Simplification
Employer
one electronic declaration
NOSS
INAMI
FAT
old age pension
ONP
ONEM
FMP
CBSS
holiday pay
ONVA
ONAFTS
17Declaration of social risks
- types of social risks
- child allowances
- incapacity for work ((labour) accident,
(occupational) disease, ) - unemployment
- old age pension
- 3 possible moments of declaration
- start of the social risk
- recurrence or continuation of the social risk
- end of the social risk
- structure of the declaration
- identification data
- if necessary, salary and working time data not
yet declared via a quarterly declaration
(mini-declaration) - specific data concerning the social risk
18The solution
- electronic services for citizens
- maximal automatic granting of services based on
electronic information exchange between actors in
the social sector - 4 electronic services via an integrated portal
- 2 services to apply for social benefits
- 2 services for consultation of social benefits
- about 30 new electronic services are foreseen
- an integrated portal site containing
- electronic transactions for citizens and
employers - information about the entire social security
system - harmonized instructions and information model
relating to all electronic transactions - a personal page for each citizen and each company
- an integrated multimodal contact centre supported
by a customer relationship management tool
19The solution
- coordination by the Crossroads Bank for Social
Security - board of directors consists of representatives of
the companies, the citizens and the actors in the
social sector - mission
- definition of the vision and the strategy on
E-government in the social sector and of the
common principles related to information
management - definition, implementation and management of an
interoperability framework - secure messaging of several types of information
(structured data, documents, images, metadata, )
with business logic and orchestration support - coordination of business process reengineering
- stimulation of service oriented applications
- management of a reference directory for
- preventive control on the legitimacy of the
information exchange - organisation of the routing of information
- automatic communication of changes of information
20The solution
- reference directory
- directory of available services/information
- which information/services are available at any
institution depending on the capacity in which a
person/company is registered at each institution - directory of authorized users and applications
- list of users and applications
- definition of authentication means and rules
- definition of authorization profiles which kind
of information/service can be accessed, in what
situation and for what period of time depending
on in which capacity the person/company is
registered with the actor that accesses the
information/service - directory of data subjects
- which persons/companies have personal files in
which institutions for which periods of time, and
in which capacity they are registered - subscription table
- which users/applications want to automatically
receive what services in which situations for
which persons/companies in which capacity
21Towards a network of service integrators
Service integrator (Corve, Easi-Wal, )
RPS
RPS
Services repository
Extranet region or commmunity
Service integrator (CBSS)
Services repository
ASS
Extranet social sector
ASS
Internet
Municipality
FPS
ASS
VPN, Publi-link, VERA,
FPS
FEDMAN
Services repository
Service integrator (FEDICT)
City
Province
FPS
Services repository
22Basic principles
- information modelling
- unique collection of re-use of information
- management of information
- electronic exchange of information
- protection of information
23Information modelling
- information is being modelled in such a way that
the model fits in as closely as possible with the
real world - information modelling takes as much account as
possible of anticipated use of information - the information model can be flexibly extended or
adapted when the real world or the use of the
information changes
24Unique collection and re-use of information
- information is only collected for well-defined
purposes and is targeted to meet the requirements
of these purposes - all information is collected once, from as near
to the authentic source as possible - information is collected according to the
information model and following uniform
guidelines - with the possibility of quality control by the
supplier before the transmission of the
information - the collected information is validated once
according to established task sharing criteria,
by the institution that is most entitled to it or
by the institution which has the greatest
interest in correctly validating it - it is then shared and re-used by authorized users
25Management of information
- a task sharing model is established indicating
which institution stores which information as an
authentic source, manages the information and
maintains it at the disposal of the authorized
users - information is stored according to the
information model - information can be flexibly assembled according
to ever changing legal concepts - every institution has to report probable errors
of information to the institution that is
designated to validate the information
26Management of information
- every institution that has to validate
information according to the agreed task sharing
model, has to examine the reported probable
errors, to correct them when necessary and to
communicate the correct information to every
known interested institution - information is only retained and managed as long
as there exists a business need, a legislative or
policy requirement, or, preferably anonimized or
encoded, when it has historical or archival
importance
27Electronic exchange of information
- once collected and validated, information is
stored, managed and exchanged electronically to
avoid transcribing and re-entering it manually - electronic information exchange can be initiated
by - the institution that disposes of information
- the institution that needs information
- the institution that manages the interoperability
framework (CBSS as service integrator) - electronic information exchanges take place on
the base of a functional and technical
interoperability framework that evolves
permanently but gradually according to open
market standards, and is independent from the
methods of information exchange
28Electronic exchange of information
- available information is used for
- the automatic granting of benefits
- prefilling when collecting information
- information delivery to the interested parties
29Protection of information
- security, integrity and confidentiality of
government information is ensured by integrating
ICT measures with structural, organizational,
physical, personnel screening and other security
measures according to agreed policies - personal information is only used for purposes
compatible with the purposes of the collection of
the information - personal information is only accessible to
authorized institutions and users according to
business needs, legislative or policy
requirements - the access authorization to personal information
is granted by an independent institution,
designated by Parliament, after having checked
whether the access conditions are met - the access authorizations are public
30Protection of information
- every actual electronic exchange of personal
information is preventively checked on compliance
with the existing access authorizations by an
independent institution managing the
interoperability framework - every actual electronic exchange of personal
information is logged, to be able to trace
possible abuse afterwards - every time information is used to take a
decision, the information used is communicated to
the person concerned together with the decision - every person has right to access and correct
his/her own personal data
31Advantages
- gains in efficiency
- in terms of cost services are delivered at a
lower total cost due to - a unique information collection using a common
information model and administrative instructions - a lesser need to re-encoding of information by
stimulating electronic information exchange - a drastic reduction of the number of contacts
between actors in the social sector on the one
hand and companies or citizens on the other - functional task sharing concerning information
management, information validation and
application development - in terms of quantity more services are delivered
- services are available at any time, from anywhere
and from several devices - services are delivered in an integrated way
according to the logic of the customer - in terms of speed the services are delivered in
less time - benefits can be allocated quicker because
information is available faster - waiting and travel time is reduced
- companies and citizens can directly interact with
the competent actors in the social sector with
real time feedback
32Advantages
- gains in effectiveness better social protection
- in terms of quality same services at same total
cost in same time, but to a higher quality
standard - in terms of type of services new types of
services, e.g. - push system automated granting of benefits
- active search of non-take-up using
datawarehousing techniques - controlled management of own personal information
- personalized simulation environments
- better support of social policy
- more efficient combating of fraud
33Critical success factors
- common vision on electronic service delivery
amongst all actors - support of and access to policymakers at the
highest level - trust of all stakeholders
- electronic service delivery as a structural
reform process - process re-engineering within and across actors
- back-office integration for unique information
collection, re-use of information and automatic
granting of services - integrated and personalized front-office service
delivery - focus on more efficient and effective service
delivery, and on cost control
34Critical success factors
- appropriate balance between efficiency on the one
hand and privacy and security on the other - respect for legal allocation of competences
between actors - co-operation between all actors concerned based
on distribution of tasks rather than
centralization of tasks - quick wins combined with long term vision
- technical and semantic interoperability
- legal framework
- adaptability to an ever changing societal and
legal environment - creation of an institution that stimulates and
co-ordinates
35Critical success factors
- need for radical cultural change within
government, e.g. - from hierarchy to participation and team work
- meeting the needs of the customer, not the
government - empowering rather than serving
- rewarding entrepreneurship within government
- ex post evaluation on output, not ex ante control
of every input
36United Nations Public Service Award
37Structure of the presentation
- existing electronic cooperation in the social
sector - the problem
- the solution
- basic principles
- advantages
- towards an electronic cooperation in the health
care sector, based on the experience of the
social sector - objectives
- useful building blocks
- Be-Health platform
38Objectives
- to optimize the quality and the continuity of the
health care delivery system and the patients
safety - to avoid unnecessary bureaucracy for the health
care providers - quality support of the health care policy
- through a well organized electronic information
exchange between all parties associated with the
health care delivery system - with the necessary guarantees for the information
security and the protection of the privacy
39Useful building blocks
- general use of a patient identification number
- minimal content of health care files that can be
communicated electronically - permanent availability and accessibility of the
minimal electronically communicable content of
health care files - standardized content, format and methods for the
exchange of electronic care prescriptions - sectoral committee of the Commission for the
protection of privacy (CPP) - user and access management
40Useful building blocks
- secured platform for the electronic exchange of
information about patients, provided care and the
results of the provided care, and for the
exchange of electronic care prescriptions between
all parties associated with the health care
delivery system - network
- basic services
- exchange standards
- access channels for the users
- independent organization for the management of
the exchange platform - appropriate legal framework
41Patient identification number
- either social security identification number
(SSIN) - or identification number irreversibly derived
from the social security identification number by
means of an algorithm available with each health
care provider, that will be specified for
instance by the Security study group of the
Commission for Telematics Standards in relation
to the Health Sector - either unique for each patient and used by all
health care providers and institutions - or unique for each patient and used by one health
care provider / institution with a possibility of
conversion between patient identification numbers
of the different health care providers /
institutions by the independent organization that
manages the exchange platform (see hereafter)
42Patient identification number
- encoding or anonymization of information when the
identification of the patient through the patient
identification number is no longer necessary - on the occasion of the Royal Decree on the Cancer
register, the CPP has already given a positive
advice with regard to the method for the
irreversible derivation of a patient
identification number from the social security
identification number
43Minimal communicable content health care file
- agreements on the minimal content of a health
care file that can be communicated electronically - information about the patient
- information on the provided care
- information on the results of the provided care
- no monopoly or recognition of software products
- but incentives for health care providers /
institutions to keep electronic health care files
with minimal communicable content and to make
them permanently electronically available for
authorized persons
44Accessibility health care file
- minimal communicable content of health care files
must be electronically available and accessible
at all times for the authorized persons - either with the health care provider himself
- or with a subcontractor chosen by the health care
provider - health care institution
- cooperation between health care providers
- independent institution that manages the exchange
platform -
- with the necessary back-up services
45Electronic care prescriptions
- standardized content and electronic format of the
different types of care prescriptions - methods for the creation of electronic care
prescriptions with a minimum of bureaucracy - methods for the electronic exchange of care
prescriptions - guaranteed free choice of the care provider by
the patient - incentives for care providers / institutions to
create and exchange electronic care prescriptions
46Sectoral committee
- composed of
- representatives of the CPP
- independent experts in social security and health
care appointed by the Chamber of Deputies - tasks
- to give authorizations for the (electronic)
exchange of personal social data and personal
health data in cases not regulated by the law - to determine the organization and policies with
regard to information security for the processing
of personal social data and personal health data - to give advices and recommendations with regard
to information security for the processing of
personal social data and personal health data - to investigate complaints on violation of the
information security during the processing of
personal social data and personal health data
47User and access management
- guarantee that only authorized health care
providers / institutions get access - to the personal information they are authorized
to according to the law or to the authorizations
granted by the Sectoral committee - concerning patients whose personal information
they need for the health care providing process
48User and access management
- authentication of the identity of the health care
provider, for instance through his electronic
identity card - on-line verification of the status of the health
care provider through an electronic consultation
of the authentic data base(s) of the health care
providers - on-line verification of the mandates of the user
to act on behalf of a health care provider /
institution through the electronic consultation
of the authentic data base(s) containing the
mandates
49User and access management
- authentication of the patients identity through
his electronic identity card or his SIS card,
except - if a fixed care relation between the health care
provider / institution and the patient has been
registered (see hereafter, reference directory) - in cases of emergency
- management of access authorizations with
following specifications - which health care provider / institution /
application - with which status
- can have access in which situation
- to which type of data
- concerning which patients
- and regarding which period
50Reference directory
- content
- mentions for each patient, identified through his
patient identification number, the places where a
specific type of electronic information is
available about the patient, the provided care
and the results of the provided care - on the one hand, table with fixed care relations
between health care providers and their patients,
the nature of the relation, the begin date and
end date of the relation - on the other hand, a table with the places where
without a fixed care relation there is electronic
information available about the different
patients, possibly through a stepped system
(general reference directory refers to specific
reference directories for each group of health
care providers or each health care institution) - no personal information !!!
51Reference directory
- functions
- preventive control on the legitimacy of the
access to the information regarding a patient - routing of information requests to the places
where the information about the patient is
available - possibility of an automatic communication of
information to certain care providers
52User and access management
- access authorizations are provided by the
Sectoral committee, unless they result from a law - conformity of a concrete access request with the
access authorizations is preventively validated
by the independent institution that manages the
exchange platform - all accesses are subject to an electronic logging
on the user level so that the legitimacy of the
access can be verified afterwards (only
who-what-when, no content) - access to the loggings is strictly protected
53Network and exchange standards
- use of the existing network infrastructure
(internet, social security extranet, FedMAN, ...)
with end-to-end encryption of the information
(concept of virtual private networks (VPN)) - exchange based as much as possible on structured
electronic messages from application to
application - exchange based as much as possible on open
standards or at least open specifications - orchestration of the data exchange by the
independent organization that manages the
exchange platform
54Access channels for the users
- several devices
- PC and laptop
- PDA
- cell phone
-
- maximal integrated access to the information
regardless of the information source - with at least one free and generally accessible
application for the integrated access to the
information
55Independent management organization
- preferably one management organization,
administered by - various types of health care providers /
institutions - health insurance funds as representatives of the
patients - public institutions responsible for the
organization of the health care (insurance) - tasks
- to develop and manage the secure exchange
platform choice of the infrastructure,
definition of standards and specifications, ... - to offer access channels for the users
- to organize an operational system of user and
access management - to manage the reference directory
56Independent management organization
- tasks
- to coordinate the development of processes for
the electronic data exchange between the users of
the exchange platform - to orchestrate the electronic information
exchange between the users of the exchange
platform - possibly, to convert the patient identification
numbers between health care providers /
institutions - proactive policy to avoid illegitimate access to
personal information, e.g. through - preventive control of the legitimacy of the
access to personal information - keeping and analyzing loggings of the exchange of
personal information (only who-what-when) - helpdesk
57Appropriate legal framework
- possibility or obligation to use patient
identification number - method for determining the minimal electronically
communicable content of health care files - incentives and gradual obligation of permanent
electronic availability of the minimal
electronically communicable content of the health
care file and the electronic exchange of care
prescriptions - obligation to update the reference directory
- probative value of electronic prescriptions and
electronic data exchanges
58Appropriate legal framework
- creation of the organization for the management
of the secure exchange platform and decision on
the composition and the missions of the
management organization - creation of Sectoral committee within the CPP and
decision on the composition and competences
59Critical success factors
- cooperation between all parties concerned by the
health care delivery system, based on a division
of tasks rather than a centralization of tasks - trust of all stakeholders in the preservation of
the necessary autonomy and the security of the
system - firstly the development of the exchange platform
and the creation of the necessary institutions
(management organization for exchange platform,
Sectoral committee, ...) and then further
elaboration of processes between these
institutions - quick wins in combination with a long term vision
- legal framework
60Be-Health platform
Patients and care providers
Portal SS
SVA
SVA
SVA
AVS
Portal RIZIV
PortalBeHealth
MyCareNet
SVA
SVA
SVA
AVS
SVA
SVA
SVA
AVS
Users
Platform with basic services
VAS
VAS
VAS
VAS
VAS
VAS
Suppliers
61Be-Health platform
- basic service
- a service that has been developed and made
available by Be-Health and that can be used by
the supplier of an added value service - added value service (AVS)
- a service put at the disposal of the patients
and/or the health care providers - the entity that develops and offers an added
value service can use the basic services offered
by Be-Health for this purpose - validated authentic source (VAS)
- a database containing information used by
Be-Health - the administrator of the database is responsible
for the availability and (the organization of)
the quality of the information made available
62Available basic services
- network, based on existing infrastructure
(internet, carenet, social security extranet,
FedMAN, ...) - portal environment (https//www.behealth.be),
including - a content management system
- a search engine
- personal electronic mailbox for each care
provider - integrated user and access management
- logging management
63Portal
64Portal
65User and access management
- authentication of the identity according to the
required security level - electronic identity card
- user number, password and citizen token
- user number and password
- verification of statuses and mandates access to
validated authentic sources - authorization to use an added value service
management by service supplier - elaborated on the basis of a generic policy
enforcement model
66Policy Enforcement Model
67Policy Enforcement Point (PEP)
- intercepts the request for authorization with all
available information about the user, the
requested action, the resources and the
environment - passes on the request for authorization to the
Policy Decision Point (PDP) and extracts a
decision regarding authorization - grants access to the application and provides
relevant credentials
Action
on
Action
application
Policy
on
DENIED
application
User
Enforcement
Application
PERMITTED
(
PEP
)
Action
on
application
Decision
Decision
request
reply
Policy
Decision
(
PDP
)
68Policy Decision Point (PDP)
- based on the request for authorization received,
retrieves the appropriate authorization policy
from the Policy Administration Point(s) (PAP) - evaluates the policy and, if necessary, retrieves
the relevant information from the Policy
Information Point(s) (PIP) - takes the authorization decision (permit/deny/not
applicable) and sends it to the PEP
Policy
Enforcement
(
PEP
)
Decision
Decision
request
reply
Information
Request
/
Policy
Policy
Reply
retrieval
Decision
(
PDP
)
Informatie
Vraag /
Antwoord
Policy Information
Policy Administration
Policy Information
(
PAP
)
(
PIP
)
(
PIP
)
69Policy Administration Point (PAP)
- environment to store and manage authorization
policies by authorised person(s) appointed by the
application managers - puts authorization policies at the disposal of
the PDP
Authorization
Policy
management
retrieval
PDP
PAP
Manager
Policy
repository
70Policy Information Point (PIP)
- puts information at the disposal of the PDP in
order to evaluate authorization policies
(authentic sources with characteristics,
mandates, etc.)
Information
Request /
Reply
PDP
Information
Request /
Reply
PIP
1
PIP
2
Authentic source
Authentic source
71Architecture
Non social FPS (Fedict)
Be-Health
Social sector (CBSS)
USER
USER
USER
APPLICATIONS
APPLICATIONS
APPLICATIONS
Authorisation
Authen
-
Authorisation
Authen
-
Authorisation
Authen
-
tication
tication
tication
PEP
PEP
PEP
WebApp
WebApp
Role
Role
Role
XYZ
XYZ
Mapper
Mapper
Mapper
Role
Role
Mapper
Mapper
DB
DB
PDP
Role
PAP
PDP
Role
PAP
PAP
Provider
Role
Provider
Role
Kephas
Kephas
Kephas
DB
Provider
DB
Provider
PIP
PIP
PIP
PIP
PIP
PIP
Attribute
Attribute
Attribute
Attribute
Attribute
Attribute
Provider
Provider
Provider
Provider
Provider
Provider
Provider
Management
DB
DB
Management
Gerechts- deurwaar- ders
DB
DB
DB
DB
UMAF
XYZ
XYZ
XYZ
VAS
Mandaten
Mandaten
VAS
72Validated authentic sources
- register of health care providers
- administrator FPS Public Health
- contains information about the diploma and the
specialization of a health care provider
identified through his social security
identification number (SSIN) - database with recognitions of the National
Institute for Sickness and Invalidity Insurance
(RIZIV) - administrator RIZIV
- contains information about the RIZIV recognition
of health care providers identified through their
SSIN - database with persons authorized to act on behalf
of a health care institution - administrator NOSS (division user management
for companies) - contains information about which persons,
identified through their SSIN, are authorized to
use which applications on behalf of a health care
institution
73Principle of circles of trust"
- aim
- to avoid unnecessary centralization
- to avoid unnecessary threats to the protection of
the privacy - to avoid multiple similar controls and
registration of loggings - method division of tasks between the entities
associated with the electronic service, including
clear agreements on - who is in charge of which authentications,
verifications and controls by which means and who
is responsible for this - how the results of the authentications,
verifications and controls can be safely
exchanged electronically between the entities
concerned - who keeps which loggings
- how to ensure that in case of an investigation,
on ones own initiative or in response to a
complaint, a complete tracing can be realized in
order to know which natural person has used which
service or transaction concerning which citizen
or company, when, through which channel and for
which purposes
74Examples of added value services
- third party billing
- Medic-e
- input in cancer register
- Medattest
- support of electronic care prescription in
hospitals - electronic registration of birth
75Third party billing
- supplier National College of Sickness Funds
- users nurses, their groupings and
representatives - functionality send the third party billings
electronically to the sickness funds - basic services used
- identification and authentication of the identity
of the user (eID or user number-password-citizen
token) - verification of the status of nurse with RIZIV
recognition - verification of the mandate
- electronic mailbox (publication of documents)
- logging
76Medic-e
- supplier FPS Social Security
- users medical doctors who evaluate medical
handicapped persons - functionality enter the evaluation of
handicapped persons electronically into the
information system of the FPS Social Security - basic services used
- identification and authentication of the identity
of the user (eID or user number-password-citizen
token) - verification of the status of medical doctor with
RIZIV recognition - electronic mailbox (publication of documents)
- logging
77Input in cancer register
- supplier Cancer Register
- users oncologists in health care institutions
and labs - functionality electronic input of information
into the cancer register and access to the
registered information - basic services used
- identification and authentication of the identity
of the user (eID) - verification of the status of medical doctor with
RIZIV recognition - electronic mailbox (publication of documents)
- logging
78Medattest
- supplier RIZIV
- users medical doctors, dentists,
kinesthesiologists, nurses, speech therapists,
orthopedists, health care institutions and their
mandataries - functionality on-line order of care prescription
formulars - basic services used
- identification and authentication of the identity
of the user (eID or user number-password-citizen
token) - verification of the status of users
- verification of the mandate
- logging
79Electronic care prescription in health care
institutions
- analysis of required functionalities
- functionalities before a prescription can be
processed - authentication of the identity of the person who
writes the prescription - verification of the status of the person who
writes the prescription - system to ensure that the prescription cannot be
modified unnoticeably after applying the methods
to guarantee the integrity and the electronic
time stamping - authentication of the identity, verification of
the status of the person who has written the
prescription, guaranteeing the integrity and
electronic date for each individual prescription - the time necessary for authenticating the
identity, verifying the status and guaranteeing
the integrity must not exceed ΒΌ of a second per
prescription - a person that writes prescriptions must be able
to switch between prescription places without
overhead - local validation that the prescription has not
been modified after applying the methods to
guarantee the integrity and the electronic time
stamping
80Electronic care prescription in health care
institutions
- analysis of required functionalities
- functionalities during the processing of the
prescription - the electronic time stamping must be requested
immediately after applying the method to
guarantee the integrity and must be placed within
30 seconds after the request - organizational requirements
- velocity of replacing an authentication tool when
useless - traceability of who has done which processing at
which moment for the creation of a prescription
(must be kept during a certain period) - traceability of the content and of the exact date
and time of each request and processing of a
request to revoke an authentication tool - point of special interest
- avoid that care institutions have to work with
different systems for the authentication of the
identity, the verification of the status, the
guarantee of the integrity of documents,
electronic time stamping, for different types
of processes
81Electronic care prescription in health care
institutions
- possible solution
- the authentication of the identity and the
verification of the status are performed on the
local level using at least a user-id, a password
and something one possesses, on condition that
each person that writes prescriptions signs a
document that stipulates that he is responsible
for everything that is authenticated in terms of
identity and status through his user id, his
password and the possessed element - the prescriptions are hashed
- the hashing results (not the content of the
prescription itself !) receive an electronic time
stamp from Be-Health - clear organizational rules concerning the
management of user-ids, passwords and the
possessed elements, based on the results of
Elodis, are incorporated in an royal decree in
implementation of article 21 of the royal decree
n 78 - a regulation is being elaborated that indicates
under which conditions postscriptions are possible
82Legal framework for the creation of Be-Health
- article 4 of the Law of 27 December 2006
including several provisions - Within the Federal Public Service Public
Health, Food Safety and Environment, a public
service in charge of the management of the
electronic service platform for the exchange of
health care data is created, named Be-Health,
with a separate management as referred to in
article 140 of the Government Account Acts,
coordinated on 17 July 1991. - The King determines, after a decree deliberated
in the Council of Ministers, the missions and
further rules for the management and the working
of this public service with a separate
management.
83Proposition of mission
- the elaboration of and the supervision of the
compliance with a vision and a strategy for the
supply of electronic services in the health care
sector, in close consultation with the various
public and private actors of this sector - the elaboration of and the supervision of the
compliance with the necessary norms, standards
and basic architecture for an efficient use of
ICT to support this strategy - the elaboration, as part as a common strategy, of
basic services for the potential support of the
actors in the public health sector, e.g. - an interoperability framework for secure
electronic data exchange - the necessary basic services to support this
electronic data exchange, like a system of user
and access management, a system for the
organization and logging of electronic data
exchanges or a system for the electronic access
to data - the management of the cooperation with other
public entities in charge of the coordination of
electronic services
84Composition of the Management Committee
- representatives of health care providers and
health care institutions - representatives of sickness funds
- representatives of the public institutions
concerned - National Institute for Health and Invalidity
Insurance - FPS Public Health, Food Safety and Environment
- Federal Knowledge Centre for Public Health and
the Federal Agency for Medicine - Crossroads Bank for Social Security and FPS ICT
85More information
- website Crossroads Bank for Social Security
- http//www.ksz.fgov.be
- portal Be-Health
- https//www.behealth.be
- personal website Frank Robben
- http//www.law.kuleuven.ac.be/icri/frobben
86Th_at_nk you !Any questions ?